Best business practices for medical spas

Medical spas and aesthetic clinics offer a variety of services. Although some differences exist (e.g., aesthetic clinics generally provide more advanced treatments), this article will refer to both as medical spas.


The number of medical spas is growing. A 2024 report from the American Med Spa Association noted an increase in locations from 8,899 in 2022 to 10,488 in 2023. Most medical spas (81%) operate in a single location. The same report found that 67% of single-owner practices are owned by nonphysicians. Nurse practitioners (NPs) are nearly even with physicians and surgeons as the group with the highest percentage of medical spa ownership.

Although medical spas can provide valuable services to their clients, failure to follow relevant laws and regulations can lead to penalties, license suspension, and even cease-and-desist orders. Fortunately, best practices can help business owners avoid these problems while still reaping financial benefits.
 

Ownership structure

Avoiding liability starts with meeting ownership requirements, which vary by state. For example, Holt notes that California and New Jersey require physician ownership; Illinois, Kentucky, and Maryland permit physician or NP ownership, and anyone can own in Hawaii, Michigan, and Florida.

Reyes notes that in some states, non-physician-owned medical spas have to operate under a physician’s supervision. In states with full practice authority for NPs, physician supervision may not be required; however, it is essential to verify individual state laws.

Owners should also check for any required state and local licenses. However, no accreditation from an organization such as the Accreditation Association for Ambulatory Health Care may be beneficial from a marketing perspective.

Here are other areas to consider to avoid liability.
 

Personnel

Owners must understand the scope of practice for each employee as it is defined under state law. Resources for this include https://americanmedspa.org/legal-updates and https://healthindustrytrends.com/understanding-med-spa-regulations-state-by-state-guide/. Owners also must know what procedures are permitted to be offered under state law and who can provide them.

If delegation is permitted, be sure staff are trained for their activities and that appropriate supervision is provided. Remember that only licensed professionals should perform medical treatments.

It is also essential to accurately represent professional titles of staff to patients. According to the American Society of Dermatology Surgery Association, a study found that many patients didn’t know that non-physicians were performing their procedure. Have staff wear badges that clearly display their credentials.

Finally, be sure to hire only those who have the required expertise and qualifications. For example, an aesthetician needs to be licensed.
 

General operations

Standard operating procedures (SOPs) should be in place for key areas, such as informed consent (obtained before each procedure) and infection prevention (for example, sterilizing equipment according to standards). SOPs should include emergency response plans and outline the frequency of checking emergency equipment for availability and functionality.

SOPs should also address client privacy to ensure adherence to requirements in the Health Insurance Portability and Accountability Act (HIPAA), as well as adherence to regulations that fall under the Occupational Safety and Health Administration (OSHA). Relevant OSHA requirements include those related to bloodborne pathogens, hazard identification, and laser safety. It is also important to dispose of medical waste properly.

Protocols for treatments offered by the medical spa should be in place and include who can administer the treatment. Employees should follow best practices and document their actions. 

Staff should receive training related to SOPs, including how to respond to an emergency, and training should be documented in the employee’s record.
 

Additional laws and regulations

Laws and regulations related to referrals and commissions exist. Thiersch notes that fee-splitting (paying employees or others a commission for referrals) is illegal in many states. The federal Stark Law states that physicians cannot make referrals to entities where they have a financial relationship. Stark applies to Medicare patients, but some states have similar laws that include Medicaid patients.

The federal Anti-Kickback Statute prohibits individuals from soliciting, receiving, offering, or paying any remuneration for referrals for services covered by a federal healthcare program, such as Medicare and Medicaid. (This includes referrals from patients.) Some states have their own laws or regulations prohibiting payments for referrals.

In addition, Fisher notes that these types of payments may be considered unethical, so medical and nursing boards may have restrictions.

Because of the many restrictions, it is best to avoid solicitation of and compensation for referrals or at least consult a healthcare attorney for advice. An alternative might be to offer employees performance bonuses based on business goals.

Owners also need to adhere to state and federal medical advertising standards. Advertising should be truthful and avoid claims that guarantee results. A resource is the advertising guidance from the Federal Trade Commission (FTC) at https://www.ftc.gov/news-events/topics/truth-advertising/health-claims.

Owners should use testimonials and social media promotions with caution, as they can easily violate the truth in advertising (for example, by not reflecting typical outcomes and using misleading before-and-after photos).
 

Insurance

Sufficient insurance coverage is crucial in the event that the business faces legal action. The following types are recommended:

Professional liability: Provides protection in case of malpractice or claims related to scope of practice. Practitioners should also have coverage either through the medical spa or individually.

General liability: Protects against various events, such as a client slipping and falling.

Property: Covers the medical spa’s physical space, equipment, and supplies in case of events such as theft or a fire.

Workers’ compensation: For when workers get ill or injured on the job.
 

Ensuring success

Medical spas are increasingly common and can be rewarding for owners both professionally and financially. However, owners of medical spas and nurses working in them must follow best practices, laws, and regulations to avoid penalties and litigation (sidebar). Doing so will help maximize the success of the business.
 

Cynthia Saver, MS, RN, is a medical writer in Columbia, Md.

This article does not constitute legal advice.

 

Sidebar

Best practices

Here are the best practices for nurses who work in medical spas.

  • Wear a badge with your credentials and verbally identify yourself as a nurse to patients.
  • Keep within your scope of practice. Follow state law as to what services you provide.
  • Conduct a patient assessment before the procedure; ask about allergies, medical history, and medications.
  • Ensure the informed consent process has been followed and the patient has signed the consent form.
  • Confirm the treatment with the patient before it starts.
  • Know how to manage potential adverse events such as anaphylaxis, syncope, and laser burns. Check emergency equipment regularly.
  • Follow guidelines related to infection prevention and safety (e.g., sharps disposal, keeping the environment free of clutter).
  • Review post-procedure instructions with the patient. Provide written or digital instructions in the patient’s preferred language.
  • Maintain the privacy of patient confidential information.
  • Stay up-to-date on the latest developments in the field.
  • Document thoroughly, including patient assessments, patient education, and the lot numbers of products used.
  • Follow guidelines for accessing and storing medical records. For example, adhere to the policy for changing passwords to protect against cyber breaches. In addition, know the requirements for how long records need to be kept after the last contact with the patient. 
  • Do not take any remuneration for referring patients.

Nurses may want to consider obtaining certification in this area. According to Gaines, applicable ones include certified aesthetic nurse specialist, certified plastic surgery nurse, dermatology nurse certified, and dermatology certified nurse practitioner.

 

References

American Med Spa Association. 2024 medical spa state of the industry executive report recap. 2024. https://americanmedspa.org/blog/2024-medical-spa-state-of-the-industry-executive-report-recap

American Society for Dermatologic Surgery. Safety concerns in med spas with little or no physician involvement. 2023. https://www.asds.net/skin-experts/news-room/press-releases/safety-concerns-in-med-spas-with-little-to-no-physician-involvement

Cohen Law Group. Medical spas and aesthetic clinics: key legal insights for safe and compliant operations. 2024. https://cohenhealthcarelaw.com/medical-spas-and-aesthetic-clinics-key-legal-insights-for-safe-and-compliant-operations/

Fisher RJ. Can I reward my medical spa patients for referring a friend? American Med Spa Association. 2019. https://americanmedspa.org/blog/can-i-reward-my-medical-spa-patients-for-referring-a-friend

Gaines K. The ultimate list of aesthetic nurse certifications. Nurse.org. 2025. https://nurse.org/education/aesthetic-cosmetic-nurse-certifications/

Harper K. OSHA: what you don’t know can hurt you. American Med Spa Association. 2018. https://americanmedspa.org/blog/osha-what-you-dont-know-can-hurt-you

Holt D. A state-by-state guide for medspa regulations. Holt Law. 2025. https://djholtlaw.com/a-state-by-state-guide-for-medspa-regulations/

Moeller M. Update: nurse practitioners have full practice authority in these states. American Med Spa Association. 2023. https://americanmedspa.org/blog/update-nurse-practitioners-have-full-practice-authority-in-these-states

Occupational Safety and Health Administration. https://www.osha.gov/

Reyero J. Spotting the red flags in today’s health care regulatory environment. American Med Spa Association. 2020. https://americanmedspa.org/blog/spotting-the-red-flags-in-todays-health-care-regulatory-environment

Reyes P. Medspa compliance: master the requirements for 2025. 2024. https://www.medicalsparx.com/medspa-compliance/

Thiersch AR. Fee-splitting: pitfalls of med spa compensation. American Med Spa Association. 2018. https://americanmedspa.org/blog/fee-splitting-pitfalls-of-med-spa-compensation

U.S. Department of Health and Human Services. Summary of the HIPAA Privacy Rule. n.d. https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html#intro

Topics:

#Business Practice #Healthcare


Share this article:

   

Frequently Asked Questions

You have questions. We have answers. (It's why we're here.)



What kinds of activities might trigger a disciplinary action by a licensing board or regulatory agency? 


The fact is anyone can file a complaint against you with the state board for any reason—even your own employer—and it doesn’t have to be solely connected to your professional duties. All complaints need to be taken seriously, no matter how trivial or unfounded they may appear. 


How does a shared limit policy work?


A shared limit policy is issued in the name of your professional business or company. The policy provides professional liability insurance coverage for the business entity named on the certificate of insurance and any of the employees of the business entity, provided they are a ratable profession within our program. Coverage is also provided for locum tenens professionals with whom the business entity has contracted for services the locum tenens performs for the business entity.

The business, and all eligible employees and sub-contractors you regularly employ, will be considered when determining your practice’s premium calculation and share the same coverage limits you select for the business.


We have a shared limit policy. Are employees covered if they practice outside our office?


The policy covers your employees outside the office as long as they are performing covered professional services on behalf of your business.

If your employees are moonlighting, either for pay or as a volunteer, they should carry an individual professional liability insurance policy to cover those services. Otherwise, they might not be covered for claims that arise out of these activities.



There are plenty more where those came from.


See more FAQs

More learning right here

Check out these related articles.



NEW! Nurse Malpractice Claim Report - 5th Edition

This report highlights the top professional exposures facing nurses, including professional liability claims and license protection matters...

Best business practices for medical spas

Medical spas and aesthetic clinics offer a variety of services. Although some differences exist (e.g., aesthetic clinics generally provide more advanced treatments), this article will refer to both as medical spas.

Age-Friendly Health System initiative meets needs of older adults

The population of the United States is aging --and  aging fast. According to the U.S. Census Bureau, from 2010 to 2020, the population aged 65 or older experienced its largest-ever 10-year numeric gain, increasing by 15.5 million people. By 2020, this demographic accounted for 16.8% of the total population. A report from the U.S. Department of Health and Human Services’ Administration on Aging put this percentage at 17.3% in 2022 (57.8 million people) and projects the percentage will rise to 22% by 2040 (see sidebar #1).

ICE officers in the healthcare setting: What nurses need to know

As of January 20, 2025, U.S. Immigration and Customs Enforcement (ICE) agents can now enter hospitals (as well as schools and churches) for enforcement actions. In the case of ICE agents in healthcare settings, nurses must follow the law while also ensuring patient safety and privacy. This can prove difficult as nurses are caught between their ethical duty to protect patients (and to provide optimal care to all patients, regardless of immigration status) and their responsibility to comply with the law.