Medspa Compliance: Master the Requirements for 2025

Running a medspa is challenging when it comes to compliance. With endless legal, operational, and industry-specific regulations, it’s easy to feel overwhelmed and unsure of where to start.

But don’t worry. This guide will break down the important medspa compliance requirements for 2025, helping your practice avoid costly legal penalties. 

From licensing to HIPAA compliance, ethical marketing, and insurance considerations, we’ve compiled all important regulations to help you stay compliant, protect your clients, and run your medspa with confidence. 

Key Takeaways

1. Ensure your medspa has a licensed medical director, certified staff, and a state-issued facility license.
2. Follow OSHA safety standards and maintain HIPAA compliance to protect your staff and patients’ sensitive information.
3. Properly dispose of medical waste in accordance with environmental and health regulations.
4. When advertising your services, adhere to FTC, FDA, and state guidelines by making truthful and scientifically backed claims, using accurate before-and-after photos, and securing proper patient consent.
5. To ensure financial protection, obtain professional liability, workers’ compensation, cyber liability, and commercial property insurance.
6. While not legally required, consider obtaining accreditation to improve your medspa’s reputation and credibility within the industry.

Who Can Open a Medical Spa in the United States?

A medical spa is not merely a traditional spa with extra services. It is a regulated healthcare facility, offering complex treatments like injectables and laser procedures that must be carried out by a licensed medical professional. 

For this reason, it is prohibited to open and operate a medical spa in many states unless you are a licensed physician. Non-licensed physicians are also not allowed to open a medspa and hire licensed doctors to act on their behalf. 

However, some states have more flexible ownership regulations. In Alaska and Florida, for example, non-physicians are permitted to open a medical spa as long as it operates under the supervision of a licensed physician. New York and Minnesota also allow nurse practitioners to own medical spas under the same conditions. ^[1]

Note that if you’re a non-physician, you can manage only the business side of a medical spa (without direct ownership) through the Management Services Organization (MSO) model. ^[2]

This structure allows non-physicians to control business operations while ensuring the medical aspects remain under the authority of licensed physicians, ensuring compliance with medical spa regulations. 

Some states also permit partnerships between physicians and other licensed professionals (like nurse practitioners, physician assistants, or registered nurses). For example, California allows these licensed professionals to co-own a medical spa, as long as a licensed physician has majority ownership (51% of the business).

Medical Spa Compliance Checklist 

Obtaining the necessary licenses and certifications is the first step to medical spa compliance.

However, each state (and sometimes municipality) may have unique requirements that medspas must follow. These can include specific rules about advertising services, equipment used, and facility layout. 

Below, we’ve compiled general licensing and regulation requirements that apply in most states. We highly recommend checking with your state’s local health department and legal experts to ensure your business complies with local laws.

Licenses and Certification 

Medspa licensing requirements depend on the type of services you offer. Generally, they encompass the following: 

1. Medical Director Supervision 

Most states require medical spas to have a licensed physician, such as an M.D. (Doctor of Medicine) or D.O. (Doctor of Osteopathic Medicine), as the medical director. 

This professional must be licensed and is responsible for overseeing all medical treatments, ensuring they are performed in accordance with healthcare laws and safety standards. Failure to meet this requirement risks patient harm as well as non-compliance.

2. Staff Certifications 

All professionals at your medspa, including aestheticians, nurses, and other specialists, must hold the appropriate licenses and certifications for the services they provide. 

For instance, nurses will require a state license after passing the National Council Licensure Examination for Registered Nurses, while aestheticians will require certifications from accredited bodies like the National Coalition of Estheticians, Manufacturers/ Distributors & Associations (NCEA).^[3]

3. Facility License 

Your medspa requires a state-issued facility license from your State’s Health Department or Board of Medicine. 

This license acts as a seal of approval, confirming that your spa aligns with standards such as:

• Rigorous cleaning protocols meeting hygiene and sanitation requirements
• High-quality equipment and procedural technology meeting regulatory standards
• Emergency preparedness requirements, including emergency protocols, accessible medical supplies, and trained staff

4. Accreditation 

While this is not a legal requirement, you should consider applying for accreditation from a trusted body such as the Accreditation Association for Ambulatory Health Care or The Joint Commission. 

Accreditation involves an in-depth evaluation of your facility’s processes, patient care, and safety measures. It enhances the credibility of your medspa and sets your practice apart as a trusted healthcare provider. 

Medical Spa Regulations Related to Safety

Medspas must adhere to certain regulations pertaining to patient and environmental safety. ^[4] Here are three important ones you should know about: 

1. Occupational Safety and Health Administration (OSHA) Compliance 

The OSHA sets certain workplace safety standards that all medical spas must follow. Examples include using personal protective equipment (PPE), managing bloodborne pathogens, and ensuring hazard communication protocols are in place.

Meeting OSHA requirements helps protect your staff and patients from unnecessary safety risks. 

2. Health Insurance Portability and Accountability Act (HIPAA) Compliance 

The HIPAA is one of the most important medical spa regulations. This law governs the privacy of patients’ Protected Health Information (PHI). ^[5]

Violating medspa HIPAA compliance can result in fines of up to $2.1 million annually, so you want to have a detailed HIPAA protocol for your practice. ^[6]

This includes practices like implementing secure data systems, training staff in privacy protocols, and preparing for breach notifications.

3. Medical Waste Disposal 

Medical spas must comply with regulations for the disposal of medical waste under laws like the OSHA and the Resource Conservation and Recovery Act by the US Environmental Protection Agency. ^[7]

These laws detail procedures like safe disposal, identification, and storage of sharps and hazardous pharmaceutical waste. For medspas, this may include waste like human tissues, syringes, blood or bodily fluids, needles or sharp instruments, and injectables like Botox and Dysport.

We recommend contacting your state’s environmental protection agency or health agency for more information on safe medical waste disposal. 

Ethical Marketing and Advertising Regulations for Medspas

Marketing and advertising for medspas are regulated by strict local, federal, and state laws to prevent deceptive and misleading practices. These rules are typically enforced by three bodies:

1. The Federal Trade Commission (FTC)—Under the FTC’s rules, all marketing materials for your medspa must be truthful and supported by scientific evidence. For instance, if a treatment is advertised as reducing wrinkles, you must have scientific proof to support this claim. ^[8] In addition, your before-and-after pictures should not be misleading, and any material relationships (such as paid influencers or testimonials) must be clearly disclosed. 
2. The Food and Drug Administration (FDA)—Your medspa must comply with the FDA’s guidelines when promoting treatments that involve medical devices or products, such as lasers or injectables. You must provide accurate risk information and should not promote devices or products that are not FDA-approved. 
3. State medical boards—State medical boards also regulate advertising by medical professionals, prohibiting false or misleading claims. While specific regulations vary by state, most prohibit false, misleading, or deceptive advertising. ^[9] Some states also require particular disclaimers or disclosures when advertising medical services.

Medspa Regulations for Insurance and Liability

Operating a medspa comes with multiple risks, from property damage to malpractice risks or workplace injuries. To protect your medspa from financial losses arising from such risks, it’s essential to have proper insurance coverage. ^[10]

Here are the main types of insurance your medspa should consider:

• Professional liability insurance—Also known as malpractice insurance, this covers claims of negligence or harm from medical treatments. In some states, physicians and nurse practitioners are required to carry a minimum amount of coverage. ^[11]
• Workers’ compensation insurance—This is required in most states and provides medical benefits or wage replacement for employees who get ill or injured on the job. ^[12]
• Cyber liability insurance—This insurance protects against data breaches or cyberattacks. It helps cover costs associated with credit monitoring services, legal fees, notification expenses, and potential regulatory fines in case of a cyberattack. 
• Commercial property insurance—This covers damage to your building, equipment, and inventory from risks like fire, vandalism, theft, or natural disasters. 

Liability for a medical service is tricky. We highly recommend working with an insurance provider in the healthcare industry to ensure you have the right coverage for your spa.

Frequently Asked Questions 

Which States Allow Non-licensed Individuals to Own Medspas?

States that allow non-physicians to own medspas include Arizona, Alaska, Delaware, Florida, Iowa, Louisiana, Maine, Michigan, Mississippi, New Hampshire, New Mexico, Oklahoma, South Carolina, Utah, Vermont, and Virginia. ^[13]

Can Medical Spas Be LLCs in the United States?

Yes, a medspa can operate as a limited liability company (LLC) in most states. An LLC offers personal liability protection for the owners, separating their personal assets from the business’s debts and legal obligations.

Do Medspas Have to Be HIPAA-Compliant?

Yes, HIPAA compliance is essential for all medical spas that handle electronic or physical patient healthcare information. 

Need help or additional information?

Our sales representatives are here for you!

SCHEDULE A MEETING

References 

1. Moeller, M. (2024, January 9). Who Can Own a Medical Spa: Unpacking MSOs. American MedSpa Association. https://americanmedspa.org/blog/who-can-own-a-medical-spa-unpacking-msos
2. (2022, August 29). MSO Field Guide: Part 1 (What is an MSO?). ByrdaDatto Law Firm. https://byrdadatto.com/banter/mso-field-guide-part-1-what-is-an-mso/
3. Karafiloska, I. (2024, December 7). The ultimate medical spa compliance checklist. Pabau. https://pabau.com/blog/medspa-compliance/
4. (2024, November 7). Understanding the Crucial Medical Spa Requirements for Your Practice. Yocale. https://business.yocale.com/blog/med-spa-laws-by-us-states/
5. (2024, September 10). Health Insurance Portability and Accountability Act of 1996 (HIPAA). CDC Public Health Law. https://www.cdc.gov/phlp/php/resources/health-insurance-portability-and-accountability-act-of-1996-hipaa.html
6. (n.d.). What are the Penalties for HIPAA Violations? The HIPAA Journal. https://www.hipaajournal.com/what-are-the-penalties-for-hipaa-violations-7096/
7. (2024, May 17). Resource Conservation and Recovery Act (RCRA) Laws and Regulations: Medical Waste. United States Environmental Protection Agency. https://www.epa.gov/rcra/medical-waste
8. (n.d.). Advertising and Marketing Basics. Federal Trade Commission. https://www.ftc.gov/business-guidance/advertising-marketing
9. Meyer, M. (2019, April 9). Understanding the Legal Issues in Med Spa Advertising. American Med Spa Association. https://americanmedspa.org/blog/understanding-the-legal-issues-in-med-spa-advertising
10. Meyer, M. (2024, April 21). Do You Have the Right Coverage for Your Med Spa? American Med Spa Association. https://americanmedspa.org/blog/do-you-have-the-right-coverage-for-your-med-spa
11. 2024, January 8). A guide to medical professional liability insurance. Marsh McLennan Agency. https://www.marshmma.com/us/insights/details/a-guide-to-medical-professional-liability-insurance.html
12. (2024, September 16). The Ultimate Guide to Workers Compensation Insurance Requirements by State. Embroker. https://www.embroker.com/blog/workers-compensation-insurance-requirements-by-state/
13. (2024, July 2). Med Spa Laws by State. Nextech. https://www.nextech.com/blog/med-spa-laws-by-state