10 Legal and Compliance Issues that Should be Top of Mind for Aesthetic Practices

The medical aesthetics industry continues to experience rapid growth as consumer demand for aesthetic services expands, whether services are offered within a physician practice or a medspa. This growth brings significant regulatory complexity. As a result, aesthetic practices should be aware of and operate in compliance with state and federal laws governing medical practice, professional licensing, privacy, employment, and marketing.

Whether a medical aesthetic practice is newly launching, has been operating for years, or is preparing for a sale or other transaction, owners must pay attention to these compliance areas to avoid penalties, liabilities, and potential devaluation in connection with a future sale.

1. Corporate Structure 

Maintain compliance with the corporate practice of medicine doctrine, which varies by state, regarding ownership of an aesthetic practice or medspa. Depending on the services offered, some states require physician ownership through a professional corporation or a management services organization-professional corporation (MSO-PC) model to separate management and clinical control. In addition, states differ regarding who can own a medspa (eg, physician, nurse practitioner, or physician assistant).

2. Clinical Supervision Requirements  

Confirm that all licensed and unlicensed personnel are appropriately trained and supervised based on applicable state laws and regulatory requirements. For instance, regulations may require physician oversight of neurotoxin injections, laser procedures, or intravenous (IV) therapy, along with documented chart reviews. 

3. Professional Scope of Practice

Verify that all personnel, such as physician assistants (PAs), registered nurses (RNs), aestheticians, and laser technicians, are operating within their scope of practice. These requirements vary by state and are based on the type of provider and the specific service involved. While not all states require a formal medical director, states differ with regard to what type of provider can delegate and/or supervise certain medspa services, such as laser treatments, as well as whether such provider must be on-site or available during specific times.

4. Ongoing Personnel License Verification 

Confirm regularly that each clinician and licensed staff member is in good standing with applicable licensing boards. For example, perform automated regular checks of state licensing boards, certification/registration agencies, and exclusion lists. 

5. Licenses and Registrations 

Confirm that the practice or medspa has obtained any required state licenses and registrations for services provided (eg, laser hair removal, IV infusions, etc). This varies by state and may include facility registrations for certain lasers, physician dispensing permits, and local health department approvals for IV infusion. Some states specifically require medspas to be registered.

6. State Referral Restrictions

Comply with state laws and regulations prohibiting payment for referrals, if applicable. This may include avoiding percentage-based commissions tied to the volume or value of referrals to the practice. 

7. Privacy Rules

Follow applicable state laws and regulations governing patient privacy, and train employees upon hire and annually thereafter on these requirements. Practices should also perform risk assessments periodically, and adopt standard cybersecurity measures, including secure email/texting, password-protected devices, and encrypted data transfers. Aesthetic practices should ensure that business associate agreements, if applicable, are in place with their vendors (eg, electronic medical record, texting platforms), post a Notice of Privacy Practices, and maintain an incident response plan in the event of a data breach. 

8. Marketing Restrictions and Patient Consents 

Adhere to state marketing regulations and rules prohibiting the use or sale of patient information without consent. Practices should obtain written authorizations for testimonials and before-and-after photos and confirm that such materials do not include misleading claims. Include appropriate disclaimers, such as “results may vary” or “certain procedures may require medical clearance and may not be medically appropriate for every patient.” 

9. Key Employment and Benefits Policies 

Adopt policies that comply with legal requirements for employee overtime, leave, disability accommodations, and anti-harassment training, and confirm benefit plans are compliant. In addition, aesthetic practices should verify proper worker classification (W-2 employee vs. 1099 independent contractor) and maintain current Form I-9 documentation and employee handbooks. 

10. Credit Balances

Identify and refund credit balances to patients in accordance with state laws requiring such refunds and periodic reporting. 

CONCLUSION

Operating a medical aesthetic practice requires ongoing compliance across multiple regulatory areas. As requirements vary significantly by state and continue to evolve, owners should conduct periodic compliance audits, engage qualified legal and regulatory counsel, and implement robust policies and training programs. Doing so will help avoid substantial liabilities and financial exposure and will maximize a practice’s valuation in the event of a future sale.