5 Legal Risks Your Practice Must Avoid in 2026
The healthcare compliance landscape is constantly shifting. For podiatry practices, 2026 represents a critical compliance checkpoint — one that goes beyond clean claim submissions to navigating federal fraud statutes, data protection mandates, and waste-prevention regulations.
JARALL Medical Management focuses on building defensible revenue through access to healthcare attorneys and compliance experts who understand the specific risks facing podiatry.
Risk 1: Failure to Implement New HIPAA Security and Privacy Overhauls
The pitfall is treating HIPAA as solely an IT issue. Upcoming 2026 regulations are expected to require significant changes across your practice.
Mandatory Multi-Factor Authentication (MFA) — for all systems accessing electronic protected health information (ePHI)
Stricter encryption standards — covering ePHI both at rest and in transit
Updated Notices of Privacy Practices (NPPs) — with a deadline expected in February 2026, covering sensitive data categories like reproductive and behavioral health
JARALL's approach includes risk assessments that identify vulnerabilities before breaches occur, along with attorney-drafted NPPs and Business Associate Agreements (BAAs).
Risk 2: Incorrectly Documenting Routine Foot Care
The pitfall is missing or unsupported Q modifiers. Medicare excludes routine services such as nail trimming and callus removal unless a qualifying systemic condition — such as severe diabetes or peripheral vascular disease — establishes medical necessity.
Failing to link services to underlying conditions via Q modifiers (Q7, Q8, Q9) and proper chart documentation creates False Claims Act exposure. Required documentation includes findings such as:
Loss of protective sensation — documented through monofilament or similar testing
Infection history — prior episodes that elevate risk
Pulse assessments — vascular status supporting medical necessity
JARALL deploys certified podiatry coders who use region-specific Local Coverage Determinations (LCDs) and clinical protocol templates to ensure every claim is properly supported.
Risk 3: Ignoring Stark Law's Strict Liability in Financial Relationships
The pitfall is flawed leases or Management Service Agreements (MSAs). Stark Law is a strict liability statute — violations can occur without any intent to defraud.
The law prohibits physician referrals for Designated Health Services (DHS) to entities where the physician holds a financial interest, unless a specific exception applies. Common pitfalls include:
Office leases with rent above Fair Market Value (FMV) — or rent tied to referral volume
Management contracts with above-FMV compensation — or contracts lacking written documentation
For podiatrists, referring patients for X-rays or lab work to partially-owned facilities requires fitting a precise Stark Law exception. JARALL's affiliated attorneys structure compensation, lease, and management agreements to meet safe harbors and ensure FMV compliance.
Risk 4: Unknowingly Committing Fraud Under the False Claims Act
The pitfall is recurrent upcoding or unbundling of CPT codes. Systemic billing errors can be interpreted as demonstrating reckless disregard for accuracy — which is sufficient to trigger False Claims Act liability. In podiatry, this includes:
Billing higher-level E/M codes than documentation supports — upcoding that inflates reimbursement
Unbundling procedures — billing separately for services that should use a single CPT code
Billing non-covered Medicare services without an Advance Beneficiary Notice (ABN) — failing to inform patients of their financial responsibility
FCA penalties include fines up to three times the fraudulent amount, plus per-claim penalties. JARALL's approach involves continuous internal auditing — chart samples reviewed against submitted claims, with training corrections that demonstrate a genuine compliance commitment.
Risk 5: Failing to Update Business Associate Agreements
The pitfall is using outdated or generic BAAs. Business associates — including billing companies — are directly subject to HIPAA. An inadequate BAA can shift liability to your practice in the event of a vendor-caused breach.
New security rule updates are expected to impose 24-hour breach reporting obligations for business associates, making poorly defined BAAs a serious compliance timeline risk. JARALL maintains a vetted vendor network with current HIPAA compliance, protective BAAs, and rapid incident response protocols aligned with accelerated federal reporting requirements.
Building a Defensible Revenue Cycle
The compliance complexities of 2026 — from Stark Law's strict liability to evolving HIPAA demands — are too significant for any practice to manage alone. JARALL Medical Management provides comprehensive support spanning billing, coding, legal, HR, and compliance to help practices build a defensible revenue cycle that withstands scrutiny.