How to Start a MedSpa
A MedSpa blends esthetic services with medical procedures like Botox and laser. The legal structure matters more than the building — here is how to do it right.
A MedSpa offers cosmetic medical procedures (Botox, dermal fillers, laser hair removal, IV therapy) alongside traditional spa services. Because medical procedures are involved, MedSpas are regulated by state medical boards — not just cosmetology boards. The single biggest mistake new owners make is operating without proper physician oversight, which is the corporate practice of medicine (CPOM) violation that triggers fines and clinic closure.
Key terms
- Corporate Practice of Medicine (CPOM)
- Doctrine in many states prohibiting non-physicians from owning entities that practice medicine.
- MSO/PC Structure
- Management Services Organization (non-physician owned) provides services to a Professional Corporation (physician owned).
- Medical Director
- Licensed physician responsible for medical protocols, standing orders, and supervision.
- Good Faith Exam
- Required initial medical evaluation before any medical procedure is performed.
Step-by-step
- 1
Decide on entity structure
In CPOM states (CA, NY, NJ, TX, FL for some procedures) use the MSO/PC model. The PC is owned by a licensed physician; the MSO handles all non-clinical operations.
- 2
Recruit a Medical Director
Required in every state for medical procedures. Director signs standing orders, reviews protocols, and is available for consultation.
- 3
Confirm scope of practice for every provider
Who can inject Botox? Operate a laser? Perform IV therapy? Rules vary by state and by provider type (RN, NP, PA, esthetician).
- 4
Build clinical protocols and standing orders
Required documentation for every procedure offered, signed by the Medical Director.
- 5
Obtain facility licenses and permits
Business license, sales tax, occupational license, and any state-specific health department permits.
- 6
Buy malpractice and general liability insurance
Medical malpractice coverage for the Medical Director, all clinical staff, and the entity itself.
- 7
HIPAA compliance program
Privacy policies, business associate agreements, electronic medical record system, breach notification procedures.
Checklist
- Entity structure decision (MSO/PC vs single entity)
- Articles filed for PC (if applicable) — physician-owned
- Articles filed for MSO — non-physician owned
- Management Services Agreement between MSO and PC
- Medical Director Agreement signed
- Standing orders for every procedure
- Good Faith Exam protocol
- Provider credentialing files (license, DEA if applicable, malpractice)
- Laser device registration (state-specific)
- Medical waste contract
- OSHA bloodborne pathogens training
- HIPAA policies and BAAs with all vendors
- Malpractice insurance ($1M/$3M minimum)
- Premise liability insurance
- EMR / charting system
- Patient consent forms for every procedure
- Marketing review for medical claims compliance
Frequently Asked Questions
How PF Consulting Firm can help
More in Healthcare
How to Start an Adult Day Care Center
Opening an Adult Day Care Center requires state licensing, a compliant facility, qualified staff, and (usually) Medicaid enrollment. Here is the complete roadmap.
What Is CAQH Credentialing and Why Does It Matter?
CAQH is the universal credentialing database almost every commercial payer uses. A stale profile blocks enrollment.
How to Open a MedSpa in Florida (Step-by-Step)
Florida MedSpas must operate under a licensed Florida physician medical director. Skipping that step shuts you down.
Ready to get started?
Talk with our team — we'll prepare every form, file with the right agency, and walk you through the process.