Checklist for North Carolina Facility Licensing

Q: What makes a service “medical” vs “cosmetic” in North Carolina?

In North Carolina, medical services cover treatments such as injections or laser procedures. These are classified as medical treatments and must be carried out or overseen by a licensed healthcare professional. In contrast, cosmetic services include non-invasive options like facials, waxing, or general skincare treatments, which don't require medical licensing.

Starting a medical or aesthetic practice in North Carolina involves navigating strict licensing rules. Here's what you need to know:

Ownership Rules: Medical spas must be owned by licensed physicians or specific physician partnerships under the Corporate Practice of Medicine (CPOM) doctrine. Non-physicians can only offer administrative support through Management Services Organizations (MSOs), but clinical control must remain with physicians.
Regulatory Oversight: The North Carolina Medical Board, Board of Nursing, and Board of Cosmetic Art Examiners oversee compliance, inspecting facilities and handling complaints.
Facility Registration: Medical spas require a two-step registration process - approval from the North Carolina Medical Board (NCMB) and filing with the Secretary of State.
Staff Credentialing: All staff must have valid licenses and operate within their approved scope of practice. Monthly credential checks and clear delegation protocols are mandatory.
Safety Standards: Facilities must comply with OSHA, bloodborne pathogen standards, and maintain a written Exposure Control Plan (ECP). HIPAA compliance is also required to protect patient data.

Failure to comply can result in fines, license suspensions, or reputational harm. Following this checklist ensures your practice meets state requirements while protecting both patients and your business.

North Carolina Licensing Regulations

Medical Spa vs Day Spa Licensing Requirements in North Carolina

Grasping the role of regulatory boards is key to understanding facility licensing in North Carolina. The state's framework for aesthetic practices involves three main boards, each with specific responsibilities. The North Carolina Medical Board oversees medical procedures like neurotoxin injections, dermal fillers, and laser treatments. The North Carolina Board of Nursing defines the scope of practice for Nurse Practitioners (NPs) and Registered Nurses (RNs) involved in aesthetic treatments. Lastly, the North Carolina Board of Cosmetic Art Examiners licenses day spas and individual professionals, including estheticians, cosmetologists, and manicurists. Here's a closer look at each board's role in regulating aesthetic practices.

State Boards and Their Roles

Each board has specific enforcement powers and responsibilities:

The Medical Board enforces the Corporate Practice of Medicine doctrine, ensuring compliance at facilities offering medical aesthetic services.
The Board of Nursing sets delegation rules for NPs and RNs, clarifying which procedures they can perform under the supervision of a physician.
The Board of Cosmetic Art Examiners inspects cosmetic art shops when necessary and establishes rules for sanitary practices and facility standards.

Medical vs. Non-Medical Facilities

The type of services a facility offers determines its regulatory oversight. For example:

Medical spas providing treatments like injectables, laser therapies, or IV hydration fall under the jurisdiction of the Medical Board. Some facilities also offer telehealth consultations for initial patient assessments. These facilities must adhere to physician ownership requirements.
Day spas offering services such as facials, waxing, makeup application, and manicures are regulated by the Board of Cosmetic Art Examiners. Unlike medical spas, day spas do not require physician ownership.

Here’s a quick comparison of the two types of facilities:

Feature	Medical Spa	Day Spa
Primary Regulator	NC Medical Board	NC Board of Cosmetic Art Examiners
Ownership Requirement	Licensed physician only	No physician requirement
Required Oversight	Medical Director (Physician)	Licensed Cosmetologist/Esthetician
Typical Services	Botox, fillers, laser treatments, IV therapy	Facials, waxing, manicures, hair styling

For individual practitioners, estheticians must complete at least 600 hours of training at an approved cosmetic art school. Cosmetologists, on the other hand, need 1,500 hours or 1,200 hours combined with a six-month apprenticeship. Cosmetic art shops can begin operating for up to 30 days while awaiting Board inspection to confirm compliance.

Business Ownership and Facility Registration

Navigating North Carolina's strict ownership rules involves a two-step registration process to ensure compliance with state regulations.

Corporate Practice of Medicine (CPOM) Doctrine

The North Carolina Medical Board mandates that "Businesses practicing medicine in North Carolina must be owned in their entirety by persons holding active North Carolina licenses". This means your aesthetic practice must be structured as a Professional Corporation (PC), Professional Association (PA), or Professional Limited Liability Company (PLLC).

Ownership rules are specific: physicians can own practices outright or partner with other physicians. Physicians and Physician Assistants (PAs) may co-own a practice, while PAs can fully own a practice but are not allowed to hire physicians to practice medicine under their entity. Importantly, PAs and Nurse Practitioners (NPs) are barred from jointly owning a professional entity in the state.

The Medical Board actively investigates violations, especially "straw ownership" schemes where a physician is the listed owner, but a non-physician controls operations. Non-physicians can contribute administrative support through a Management Services Organization (MSO), but physicians must retain full clinical control, and management fees cannot be tied to revenue or profits.

When naming your business, it must end with "P.C.", "P.A.", or "P.L.L.C." - terms like "Inc.", "Corp.", or "Co." are not allowed. Additionally, "d.b.a." (doing business as) names are prohibited by the NCMB [[8]](http://ncrules.state.nc.us/ncac/title 21 - occupational licensing boards and commissions/chapter 32 - north carolina medical board/subchapter c/subchapter c rules.html). Stock certificates must include a legend noting that transfers are subject to the Professional Corporations Act and NCMB regulations [[8]](http://ncrules.state.nc.us/ncac/title 21 - occupational licensing boards and commissions/chapter 32 - north carolina medical board/subchapter c/subchapter c rules.html).

Once ownership compliance is established, you can move forward with registering your facility.

Facility Registration Process

After confirming compliant ownership, the facility registration process involves two key steps:

Step 1: NCMB Approval
Submit your Articles of Incorporation along with a $50.00 non-refundable fee through the NCMB Licensee or Non-licensee Portal. Then, email scanned documents to [email protected]. Your submission must include Form PC-01 (Certificate of Incorporators), which is a notarized form verifying shareholder licensure. To streamline this and other administrative requirements, many practices implement digital intake solutions to manage patient and provider documentation securely.

Step 2: Secretary of State Filing
Once the NCMB approves your application and issues a Certificate of Registration (NCMB PC-02), you must file it with the North Carolina Secretary of State within four months. Failure to file within this timeframe will require reapplication, as stated by the Board: "Unfiled Certificates expire after four months. If certification expires, reapplication will be required before filing with the SOS".

To complete this step, submit the NCMB-stamped Articles and PC-02 certificate, along with a $125.00 filing fee, either by mail or through the NC SOS website. The entire process typically takes 4 to 6 months.

Fees and Renewals

Here’s a breakdown of associated costs and renewal requirements:

NCMB application fee: $50.00
Secretary of State filing fee: $125.00
Annual NCMB renewal fee: $25.00 (with an additional $10.00 late fee if missed)

If the Secretary of State rejects your business name for implying medical services, you can request a Letter of Non-Objection from the NCMB Legal Department by emailing [email protected].

Staff Credentialing and Scope of Practice

In North Carolina, all staff must maintain up-to-date credentials and operate within their legally defined scope of practice. Credential verification is overseen by specific boards: the North Carolina Board of Cosmetic Art Examiners for estheticians, the North Carolina Board of Nursing for RNs and NPs, and the North Carolina Medical Board for PAs and physicians.

Licensure Verification

Facilities are required to keep on-site records of staff credentials, professional licenses, and written job descriptions. To streamline operations, many facilities use online scheduling to manage staff shifts and patient appointments. Nursing licenses must be verified monthly on the NC Board of Nursing website to avoid lapses. For estheticians, licenses expire annually on October 1, with a renewal fee of $20.00 ($10.00 license fee and $10.00 processing fee).

A licensed physician, NP, or PA must conduct a good faith exam before any treatment. Additionally, RNs and NPs must have formal collaborative practice or supervisory agreements with the medical director. Estheticians are required to complete 8 hours of Board-approved continuing education annually.

"Verification of current credentials and job descriptions are on file in the facility." - NC Department of Adult Correction

Clear delegation and supervision protocols are essential to ensure compliance during procedures.

Delegation and Supervision Guidelines

Clearly defined roles and supervision standards help prevent violations. RNs may administer Botox and dermal fillers under orders from a prescribing provider (MD, NP, or PA), and the prescribing provider does not need to be on-site during these procedures. However, LPNs performing the same tasks require direct, on-site supervision by an RN, physician, or another qualified provider.

Estheticians operate under stricter rules. They are limited to non-invasive procedures that do not penetrate beyond the epidermis, except for microneedling up to 1mm depth, which was approved in a July 2022 Board ruling. They are prohibited from using FDA Class 3 or 4 devices and cannot use titles like "Medical" or "Master" esthetician, as these are considered deceptive under North Carolina regulations.

Facilities must maintain written Standard Operating Procedures (SOPs) for all services, which must be reviewed and approved annually by the medical director. Detailed training records, including documented knowledge and demonstrated competency, are required for nurses performing specific techniques. Attorney Karen McKeithen Schaede emphasizes:

"It is within the scope of both RNs and LPNs to perform a range of cosmetic procedures... so long as the procedures are ordered or prescribed by a licensed healthcare provider with prescriptive authority"

Provider Type	Supervision Required	Requires Prescriptive Authority?	Key Limitations
RN	Order required; on-site supervision NOT required	Yes	Must have documented competency
LPN	Direct, on-site supervision required	Yes	Cannot own professional nursing entities
Esthetician	N/A (Non-medical scope)	No	Epidermis only; no FDA Class 3/4 devices
Unlicensed Staff	Direct physician supervision	N/A	Limited to tasks "established by custom"

To avoid compliance issues, start re-credentialing at least 60 days before expiration, as some boards require documents to remain valid for at least 30 days beyond the start date. Conduct monthly audits of personnel files to identify and address expired credentials before they become a problem.

Make sure these protocols are part of your compliance checklist to meet state regulations consistently.

Facility Safety and Compliance Standards

Meeting North Carolina licensing requirements and ensuring operational efficiency hinge on maintaining safety and compliance within aesthetic facilities. Proper documentation and adherence to federal and state standards are essential to safeguard both staff and patients.

OSHA and Bloodborne Pathogen Standards

A written Exposure Control Plan (ECP) is a cornerstone of compliance and must be reviewed annually, with signatures to document the review process. As Biosafe Waste Services emphasizes:

"The ECP is the backbone of compliance."

Facilities must treat all human blood and certain body fluids as potentially infectious. Providing personal protective equipment (PPE) - like gloves, gowns, masks, and eye protection - at no cost to employees is mandatory. Ensure that employees remove PPE correctly before leaving work areas.

Proper sharps management is another critical area. Use containers that are puncture-resistant, leak-proof, and clearly labeled for contaminated needles. Avoid bending, recapping, or manipulating used sharps unnecessarily. In the event of a puncture injury, follow these steps:

Wash the affected area immediately.
Control bleeding and apply antibiotic ointment with a sterile bandage.
Disinfect any exposed items and dispose of contaminated materials properly [[19]](http://reports.oah.state.nc.us/ncac/title 21 - occupational licensing boards and commissions/chapter 14 - cosmetic art examiners/subchapter h/subchapter h rules.html).

Facilities must also provide the Hepatitis B vaccine series free of charge to all at-risk employees within 10 working days of assignment. Non-compliance can lead to fines exceeding $15,000 per violation.

To maintain compliance, appoint a compliance officer to update the ECP annually and oversee staff training. Ensure disinfectants used are EPA-registered and effective against pathogens like S. aureus, MRSA, HIV, HBV, HCV, and human coronavirus. Keep manufacturer labels and Safety Data Sheets (SDS) accessible on-site. Stock a first aid kit with essentials such as antibiotic ointment, gloves, and sterile bandages for managing blood exposure incidents [[19]](http://reports.oah.state.nc.us/ncac/title 21 - occupational licensing boards and commissions/chapter 14 - cosmetic art examiners/subchapter h/subchapter h rules.html).

While OSHA standards focus on physical safety, protecting patient data under HIPAA regulations is equally important.

HIPAA Compliance

Protecting Protected Health Information (PHI) is a regulatory necessity. Facilities must implement administrative, physical, and technical safeguards to ensure data security. Assign a HIPAA Compliance Officer to oversee policy development, staff training, and regular risk assessments. Conduct thorough risk analyses for all areas where PHI is stored, including electronic health records, cloud services, and mobile devices, and address vulnerabilities.

Key technical measures include:

Encryption
Multi-factor authentication
Unique user IDs for access control

Additionally, enable immutable audit logs to track access and modifications to patient data. The financial impact of a healthcare data breach in the U.S. averages over $10.93 million per incident, with nearly 90% of healthcare organizations experiencing breaches between 2022 and 2024.

Physical safeguards are equally vital. These include secure workstations with automatic logoffs, locked server rooms, and certified degaussing or shredding of electronic media before disposal. Limit PHI access to the minimum necessary for each employee's role. Third-party vendors handling patient data must sign a Business Associate Agreement (BAA) before gaining access. HIPAA violations carry fines ranging from $137 to $2 million per violation per year.

As Sattrix Information Security highlights:

"Treat HIPAA as a core priority, revisit it regularly, and adapt to changes because protecting patient data means protecting patient care."

Annual HIPAA security awareness training and phishing simulations can help assess staff readiness. Maintain documentation of risk analyses, policies, and training logs for at least six years. For practices that use patient photos or data for analytics, establish clear de-identification procedures to reduce exposure risks.

Managing Compliance with Prospyr

Prospyr

Keeping up with compliance requirements can feel like a full-time job, especially when it comes to North Carolina's facility licensing standards. From tracking staff credentials to maintaining documentation and meeting deadlines, it’s a lot to juggle. That’s where Prospyr steps in, offering a centralized system to simplify these tasks and lighten the administrative load.

Prospyr’s integrated task management system is designed to keep compliance activities organized and on track. It can automate alerts for license expirations and registration renewals, store certifications and OSHA training records in one place, and ensure everything is ready for an audit at a moment’s notice. This unified platform combines EMR and CRM functionalities, making it a one-stop solution for compliance management.

The benefits are clear. After switching from four separate software systems to Prospyr in 2024, New Life Cosmetic Surgery saw remarkable results. The practice experienced a 50% increase in revenue and a 40% rise in appointments. Dr. Daniel Lee shared his perspective:

"We've seen a 50% increase in revenue and a 40% increase in appointments booked since switching away from using several different point solutions to running our practice on Prospyr."

Prospyr also addresses security and privacy concerns with its HIPAA-compliant, cloud-based infrastructure. Features like digital intake forms ensure secure patient consents and histories, while a secure media archive protects photos and documentation. These safeguards not only help prevent breaches but also shield practices from potential malpractice claims. Plus, with updates to meet HIPAA privacy requirements by February 16, 2026, Prospyr ensures your practice stays ahead of the curve.

Real-time analytics add another layer of support by providing transparency for financial audits and regulatory compliance. By consolidating tools into a single platform, Prospyr eliminates data gaps and simplifies documentation for renewals. This integrated approach highlights just how essential a robust practice management system is for meeting North Carolina’s licensing standards and maintaining seamless operations.

Conclusion

Following the checklist provided ensures that every important aspect - from legal ownership to safety protocols - is properly addressed. North Carolina's facility licensing requirements demand attention to multiple areas, including establishing legal ownership under the Corporate Practice of Medicine doctrine, keeping staff credentials up to date, and adhering to OSHA and HIPAA standards. Each of these components is essential for keeping your aesthetic practice compliant and running smoothly.

Staying organized and staying ahead of potential issues is key. Conducting regular audits of your practice against current North Carolina Medical Board regulations can help catch problems early, reducing the risk of penalties or even license revocation. Additionally, maintaining thorough documentation - such as patient consent forms and equipment calibration records - creates an audit-ready paper trail that reflects your commitment to compliance. These habits, when aligned with state laws, form the backbone of a well-managed and compliant practice.

Technology can play a big role in simplifying compliance. For instance, SOM Aesthetics generated $40,000 in revenue just two days after its launch. Dr. Saami Khalifian, Founder and CEO of SOM Aesthetics, shared:

"Prospyr has helped us launch SOM Aesthetics like a rocketship. Their powerful platform and helpful support have enabled us to exceed our financial targets while delivering an unmatched experience for our patients."

By using integrated systems, you can streamline compliance processes, avoid missed deadlines for renewals, and ensure safety protocols are consistently followed. These tools free up time and resources, allowing you to focus on delivering excellent patient care.

Maintaining high standards in North Carolina's aesthetic industry requires a mix of thoughtful planning, effective systems, and ongoing oversight. By implementing these practices, your aesthetic practice can remain compliant, improve its efficiency, and continue to grow successfully.

FAQs

What makes a service “medical” vs “cosmetic” in North Carolina?

In North Carolina, medical services cover treatments such as injections or laser procedures. These are classified as medical treatments and must be carried out or overseen by a licensed healthcare professional. In contrast, cosmetic services include non-invasive options like facials, waxing, or general skincare treatments, which don't require medical licensing.

How can a non-physician participate legally in a medical spa?

Non-physicians can legally be involved in a medical spa by taking on roles like employee or medical director. However, owning or sharing in the profits is generally prohibited unless state laws permit it. For example, in some cases, this can be done through a management services organization (MSO) with the right agreements in place. It's critical to adhere to North Carolina's rules on ownership and scope of practice to operate within the law.

What records should I keep to be audit-ready?

To ensure you're always prepared for an audit, keep thorough records that prove compliance with North Carolina's licensing, sanitation, and safety requirements. Here's what you'll need:

Licenses and IDs: Ensure you have current staff licenses and government-issued photo identification on file.
Sanitation and Safety Records: Maintain cleaning logs, safety protocols, and inspection reports to show adherence to hygiene and safety standards.
HIPAA-Compliant Patient Files: Securely store treatment histories, signed consent forms, and any relevant photos in line with HIPAA regulations.
Staff Credentials: Keep documentation of staff qualifications, including verification and recredentialing records.
Equipment Logs: Document maintenance schedules, inspection results, and repair history for all equipment.

Staying organized with these records not only keeps you compliant but also helps you respond quickly and confidently during audits.