Opening a med spa is exciting, but the regulatory side can quickly feel overwhelming. Whether you’re a physician or a non-physician owner using an MSO model, you need more than just great services to succeed. You need airtight compliance from day one.
Here’s a structured compliance checklist designed specifically for new med spa clinic owners.
What Does “Med Spa Compliance” Actually Mean?
Compliance refers to your clinic’s ability to meet federal, state, and professional regulations for legal operation. This covers medical oversight, licensing, scope of practice, privacy laws, and how you market or deliver treatments.
Med spas operate in a medical gray zone between healthcare and beauty,and that’s why compliance is not optional. It protects your license, your business, and your patients.
The Med Spa Compliance Checklist
1. Define Your Legal Structure and Ownership Model
Determine whether your med spa will be:
- Physician-owned, or
- MSO (Management Services Organization) model if you’re a non-physician
Note: In states like California, Texas, and Illinois, non-physician ownership is only allowed through an MSO that contracts with a licensed physician or collaborating provider. We can help you set that up.
2. Secure Your Medical Oversight
This is the backbone of your clinic’s medical legitimacy, especially if you’re offering injectables, laser treatments, or IV therapy. You must partner with a licensed Medical Director or Collaborating Physician who provides:
- Protocol review and approval
- Standing orders
- Oversight of delegated procedures
- Emergency protocols
3. Delegate Procedures Legally
Treatments like neurotoxins or fillers can’t legally be administered by unlicensed staff. Each treatment must be delegated according to:
- Scope of practice rules
- Supervision requirements for NPs, RNs, estheticians, etc.
- Your Medical Director’s oversight agreement
4. Create Written Protocols and Standing Orders
Every treatment should be backed by:
- Medical protocols
- Signed standing orders
- Adverse event management plans
- Emergency protocols (especially for injectables and IV)
These must be written, updated, and signed by your Medical Director. It’s not just a best practice, it’s required in many states.
5. Implement Consent and Documentation Systems
Electronic records are recommended to support audit-readiness and HIPAA compliance. Use customized consent forms and SOAP note templates that reflect:
- The nature of medical procedures
- Disclosure of risks
- Documentation of supervision
6. Get Proper Licensing and Registration
Depending on your state, you may need:
- Facility license (especially in FL, CA, NY)
- Medical business registration
- CLIA waiver (for labs)
- Pharmacy licenses (for injectables or compounded meds)
Operating without these could mean forced closure or legal fines.
7. Verify Staff Credentials and Supervision
Keep up-to-date copies of licenses and CE certifications on file. Confirm:
- All medical staff are licensed in your state
- Estheticians don’t perform medical procedures
- Scope of practice is respected for every role
8. Follow HIPAA and Data Privacy Protocols
HIPAA fines can reach six figures, even for non-insured wellness clinics. Even if you don’t bill insurance, you must protect patient data:
- Use HIPAA-compliant EMRs
- Secure encrypted storage and backups
- Train staff on patient confidentiality
9. Establish Marketing and Advertising Compliance
Everything you post must be approved under your medical director’s license and oversight. Avoid making medical claims in your ads or Instagram captions. This includes:
- “Guaranteed results”
- “Safe and risk-free”
- Before/after images without disclaimers
10. Prepare for an Inspection or Audit
Having your compliance binder ready shows you’re not cutting corners. Make sure your clinic is always ready with:
- Employee training documentation
- Protocol binders
- Signed MD contracts
- Sample treatment records
- Sterilization logs
Why Your Medical Director is the Foundation of Compliance
Too many clinics treat medical directors as a checkbox. But your MD is:
- Your compliance partner
- Your protocol author
- Your supervision provider
- Your legal shield
At Wellness MD Group, we go beyond paper compliance, our physicians actively help you stay protected and grow.
FAQs
What licenses do I need to open a med spa?
Licensing varies by state, but you may need a business license, facility license, pharmacy registration, and a CLIA waiver. Requirements depend on your services, location, and whether you’re offering medical procedures like injectables, IV therapy, or laser treatments.
Can a nurse practitioner open a med spa?
Yes, in some states nurse practitioners can open med spas, but most still require a collaborating physician agreement. Scope of practice rules, supervision laws, and local corporate practice of medicine restrictions must always be followed to ensure legal operation.
Do I need a medical director if I only offer facials and basic skincare?
If your treatments are non-medical, such as facials, peels, or massages, you may not need a medical director. However, any procedure involving needles, lasers, or prescriptions legally qualifies as medical and requires licensed oversight by a physician.
How often should I update protocols and standing orders?
Review and update protocols at least once a year or whenever you introduce new services, hire new staff, or your state regulations change. Your medical director must review and sign off to maintain compliance with evolving standards of care.
What’s the risk of operating without proper compliance?
Operating without compliance can lead to license suspension, fines, lawsuits, or even criminal charges. Non-compliance jeopardizes your business, your medical team, and patient safety. It’s not just risky, it’s one of the top reasons new clinics fail.
