Running a med spa across multiple states? Here’s the deal: CPOM (Corporate Practice of Medicine) laws vary widely by state and dictate how medical services, like Botox or laser treatments, can be offered. These laws aim to keep medical decisions in the hands of licensed physicians, not business owners. Non-compliance can result in fines, license revocations, or even criminal charges.
To stay compliant, follow these key steps:
- Understand state-specific rules: States like California and New York enforce strict CPOM laws, while others like Florida and Arizona are more lenient.
- Use the MSO model: A physician owns the clinical entity, while a Management Services Organization (MSO) handles administrative tasks.
- Avoid fee-splitting: Use fixed or cost-plus management fees; steer clear of percentage-based fees.
- Keep clinical autonomy intact: Physicians must control all medical decisions, from protocols to staffing.
The MSO model is a proven way to expand across states while meeting CPOM requirements. However, each state’s laws demand careful attention to detail. Below, you’ll find a breakdown of CPOM principles, compliance tips, and strategies to protect your business.
What Is the Corporate Practice of Medicine Doctrine?
The Corporate Practice of Medicine (CPOM) doctrine refers to state laws, regulations, and court rulings that prevent non-physicians and corporations from owning or controlling medical practices. Its primary goal is to safeguard the physician–patient relationship from outside interference. For instance, California Business and Professions Code § 2400 clearly states:
"Corporations and other artificial entities shall have no professional rights, privileges, or powers." [California Business and Professions Code]
Similarly, the Colorado Supreme Court highlighted this concept in Pediatric Neurosurgery, P.C. v. Russell:
"It is impossible for a fictional entity, a corporation, to perform medical actions or be licensed to practice medicine." [Colorado Supreme Court]
This doctrine lays the foundation for key principles that directly impact how medical practices, including med spas, operate.
Core Principles of CPOM
Three main restrictions define CPOM and influence how medical practices are structured:
- Ownership: Medical service entities can only be owned by licensed physicians or physician-owned professional corporations. Some states allow limited involvement by other licensed healthcare professionals. For example, in California, physicians must own at least 51% of a medical professional corporation. In Arizona, non-licensed individuals can hold up to 49% ownership, but at least 50% of the directors and the corporation’s president must be licensed physicians.
- Clinical Autonomy: All medical decisions - like diagnoses and treatment plans - must be controlled by licensed physicians. In California, this includes a rule that limits a physician to supervising no more than four mid-level providers (such as PAs or NPs) at one time.
- Fee-Splitting Prohibition: Most states prohibit sharing medical fees or profits with non-physicians. This restriction aims to prevent unethical referral kickbacks and maintain professional integrity. Violating fee-splitting rules can lead to serious legal consequences.
These principles are particularly relevant for med spas, where treatments like Botox or dermal fillers are classified as medical procedures and therefore subject to these regulations.
How CPOM Affects Med Spas
Med spas face unique challenges under CPOM because many of their services - such as Botox injections, dermal fillers, and laser hair removal - are considered part of the "practice of medicine" in numerous states. This classification means med spas must follow the same ownership and oversight rules as traditional medical practices. For example, non-physician entrepreneurs cannot simply hire a physician to oversee treatments without risking a CPOM violation.
A 2023 California Court of Appeal case, People ex rel. Allstate Insurance Co. v. Discovery Radiology Physicians, P.C., reinforced this point. The court ruled that non-physician control over clinical operations could constitute the unlicensed practice of medicine. As noted by Sheppard, Mullin, Richter & Hampton LLP:
"Ownership and – critically – control of clinical decision-making must remain with appropriately licensed professionals where CPOM applies." [Sheppard, Mullin, Richter & Hampton LLP]
To navigate these restrictions, many med spa owners adopt the "Friendly PC" model. In this setup, a licensed physician owns the clinical entity, while the non-physician entrepreneur operates a Management Services Organization (MSO). The MSO handles administrative tasks such as billing and payments, marketing, and facility management, leaving clinical control with the physician. This arrangement ensures compliance with CPOM while allowing non-physicians to participate in the business side of med spas.
The next sections will explore how to structure MSO models effectively and provide compliance checklists to help med spas operate within these legal boundaries.
sbb-itb-02f5876
How CPOM Rules Differ by State
CPOM Compliance Requirements: Strict vs Permissive States for Med Spas
CPOM enforcement isn't uniform across the United States, which creates a challenging compliance landscape for med spa operators working in multiple states. While some states strictly prohibit corporate ownership of medical practices, others have little to no CPOM restrictions. Knowing these variations is crucial if you're planning to expand your med spa operations beyond a single state.
A med spa that complies with the rules in one state could easily violate the laws of another - this is true even for telehealth services. As a result, operators must develop legal and operational structures tailored to each state's regulations.
States with Strict CPOM Rules
States like California, New York, Texas, Illinois, and New Jersey have some of the strictest CPOM laws in the country. In these states, medical practices - including med spas offering treatments like injectables or lasers - must be owned entirely by licensed physicians or physician-owned professional corporations.
Take California, for example. Starting January 1, 2026, SB 351 will expand the Medical Board's authority to audit management agreements and operating documents. This law specifically bans MSOs from influencing physician hiring, firing, or clinical protocols. Violations can lead to license revocation, hefty fines, or the termination of management contracts.
Texas and New York also actively enforce their CPOM rules. In these states, courts often nullify management agreements if MSOs are found to exercise control over medical decisions, even if the agreements claim physician independence.
States with Permissive or No CPOM Rules
On the other end of the spectrum, states like Florida, Arizona, Alabama, and Delaware take a more relaxed approach. Some of these states lack traditional CPOM doctrines, while others permit non-physician ownership under specific licensing conditions.
In Arizona, for instance, non-licensed individuals can own up to 49% of a professional corporation offering medical services, as long as licensed physicians hold the majority ownership and the role of president. Florida, which doesn't have a classic CPOM doctrine, requires a Health Care Clinic License for practices not fully owned by licensed practitioners.
Here’s a quick comparison of how strict and permissive states handle CPOM:
| Feature | Strict States (CA, NY, TX, IL, NJ) | Permissive States (FL, AZ, AL, DE) |
|---|---|---|
| Ownership | Limited to licensed physicians or physician-owned PCs | Non-physician ownership often allowed |
| Corporate Employment | Corporations generally cannot employ physicians | Corporations can employ physicians if autonomy is maintained |
| Standard Model | Friendly PC + MSO structure required | Direct ownership or MSO support models common |
| Enforcement | High; frequent audits and specific legislation | Low to moderate; focus on licensing and fee-splitting |
These variations highlight the importance of flexible business models, a topic explored further in the next section on the MSO model.
Using the MSO Model for Multi-State Med Spa Ownership
Navigating state-specific CPOM compliance can be tricky, but the MSO model offers a practical way to expand med spas across state lines while staying within the law. The Management Services Organization (MSO) model separates clinical and non-clinical operations, making it easier to comply with Corporate Practice of Medicine (CPOM) laws. Here’s how it works: a licensed physician owns the Professional Corporation (PC) or Professional Limited Liability Company (PLLC) that handles all clinical services, while the MSO takes care of non-clinical business operations.
This separation not only meets CPOM requirements in states with strict regulations but also allows non-physician owners to maintain control over their brand, systems, and growth strategies. A single MSO can manage multiple physician-owned PCs across various states, creating a scalable structure that aligns with state-specific rules. By clearly dividing clinical and business responsibilities, this model directly addresses the CPOM issues previously discussed.
The foundation of this setup is the Management Services Agreement (MSA), a legal document that outlines the roles of both the MSO and the PC. Under the MSA, the PC retains exclusive control over clinical decisions - such as treatment protocols, staffing, and patient care - while the MSO handles non-clinical tasks like rent, IT systems, equipment leasing, and payroll.
One critical compliance rule is that all patient revenue must first go into the physician-owned PC’s bank account. The PC then pays the MSO its management fee. Depositing patient revenue directly into the MSO’s account would violate compliance standards.
How to Set Up an MSO Structure
Setting up an MSO structure generally takes two to four weeks, depending on the state. The process begins by creating two separate legal entities: one physician-owned PC (or PLLC) for clinical operations and one MSO for business activities. Each entity must have its own federal tax ID, state registration, and bank accounts to maintain clear financial boundaries.
The MSA acts as the operational link between the PC and the MSO. It should detail the administrative services the MSO provides - such as billing, marketing, HR, and facility management - while making it clear that the PC retains full control over medical decisions, clinical protocols, and hiring clinical staff (like nurse practitioners or physician assistants).
"A well-drafted MSA serves as a compliance safeguard - evidencing that each party operates within its proper legal boundaries." - McDermott Will & Emery
To avoid potential pitfalls, ensure the non-physician owns 100% of the MSO, while the physician owns 100% of the PC. This setup protects brand ownership and simplifies transitions if you need to replace the collaborating physician.
For multi-state operations, you’ll need to establish a separate physician-owned PC in each state where you operate. Each PC should have its own MSA with the central MSO. This approach ensures compliance with each state’s CPOM laws. Services like GuardianMD can help match med spa owners with a medical director or collaborating physician in as little as seven days, speeding up the process.
Maintaining Fair Market Value Compensation
Once the MSO structure is in place, it’s essential to ensure the compensation model is compliant. Fair Market Value (FMV) is a cornerstone of a legally sound MSO arrangement. Management fees must reflect what an independent third party would reasonably pay for the same services - not serve as a disguised profit-sharing arrangement or referral kickback.
The safest approach is a fixed monthly fee. For instance, the PC might pay the MSO $12,000 per month for clearly defined administrative services. Alternatively, a cost-plus model - where the MSO charges operating costs plus a reasonable profit margin - can work, but it requires annual FMV documentation.
Avoid percentage-based fees. Charging the MSO a percentage of the PC’s medical revenue (e.g., 6%) is generally viewed as illegal fee-splitting. This practice allows the MSO to profit directly from medical services, which violates the principle that only licensed physicians should benefit from the practice of medicine.
To stay compliant, keep detailed records of your FMV analysis each year using independent valuation reports or industry benchmarks. Maintain clear documentation of financial transactions, including patient payments deposited into the PC account and subsequent management fee payments to the MSO. This creates an audit-ready paper trail, ensuring compliance and peace of mind as your med spa grows across state lines. By carefully structuring your business and compensation model, you can expand confidently while staying within CPOM regulations.
CPOM Compliance Checklists for Multi-State Med Spas
After setting up your MSO structure and compensation model, the next step is ensuring your operations stay compliant day-to-day. These checklists outline the key legal and operational requirements you need to monitor across all locations. Think of them as your guide to staying on the right side of compliance - from your MSO agreement to routine tasks.
MSO Agreement Checklist
Your Management Services Agreement (MSA) is critical for keeping MSO functions distinct from the responsibilities of the physician-owned Professional Corporation (PC). Clinical responsibilities - like diagnosis, treatment plans, supervision of clinical staff, and decisions about hiring or firing nurse practitioners or physician assistants - must remain solely with the PC. On the other hand, the MSO handles administrative tasks, such as marketing, billing, human resources, technology systems, and facility management.
The agreement must also define a proper funds flow protocol. All patient revenue should go directly into the physician-owned PC's account before the MSO receives its fixed or cost-plus fee. Depositing funds directly into the MSO account is a compliance red flag. For compensation, stick to a fixed-fee model (e.g., $12,000 monthly) or a cost-plus model backed by documented Fair Market Value analysis. Avoid percentage-based fees altogether - New York outright bans them, and other states classify them as illegal fee-splitting.
Once your MSA is in place, the focus shifts to maintaining compliance in daily operations by clearly separating clinical and administrative roles.
Daily Operations Compliance Checklist
Your daily practices should reinforce the distinction between clinical and business functions. Start by verifying the licenses of clinicians and supervising physicians annually in every state where you operate. Create a system to track license expiration dates and renewal requirements, as these vary by state.
Keep entity separation intact in all aspects of your operations. This includes having distinct branding, signage, and online presence for the PC and MSO, where state law requires it. Additionally, maintain separate bank accounts, tax IDs, and financial records for each entity. Establish a clinical compliance system with regular physician chart reviews, quality assurance audits, and peer reviews scheduled consistently.
Pay close attention to supervision ratios. For example, in California, a single physician typically cannot oversee more than four nurse practitioners or physician assistants simultaneously. Ensure all clinical protocols, including e-prescribing for treatments like Botox, laser procedures, and IV therapy, are documented and approved by a physician. Lastly, audit financial flows regularly to confirm all patient payments are deposited into the PC account only.
For multi-state operations, maintain a separate physician-owned PC for each state to ensure compliance with state-specific laws.
Non-Compliance Risks and How to Avoid Them
CPOM violations can have far-reaching consequences, including voiding business contracts - even retroactively - and imposing hefty financial and legal penalties. Physicians tied to non-compliant corporate structures risk losing their medical licenses. Additionally, state regulatory boards and Attorneys General may take enforcement actions against organizations where non-physicians influence clinical decisions or compensation. Non-compliance could also lead to clawbacks on investor profits or capital and, in extreme cases, result in accusations of unlicensed medical practice.
Penalties for CPOM Non-Compliance
The fallout from CPOM violations goes well beyond fines. Non-compliant ownership or operational arrangements can nullify critical business contracts, putting your entire operation at risk. States like California and New Jersey are particularly vigilant, with regulatory bodies closely scrutinizing any structure that allows non-physicians to exert indirect control over clinical decisions. Violations in these states can lead to criminal charges for unlicensed medical practice, causing not only legal troubles but also long-term reputational harm that can disrupt your business permanently.
How to Reduce CPOM Compliance Risks
To minimize CPOM-related risks, it's essential to align your business structure with the specific laws of each state. Enforcement intensity varies widely - California and New Jersey demand much stricter compliance than states like Arizona or Florida. Here are some key practices to follow:
- Preserve clinical autonomy: Ensure that all clinical decisions, including hiring and oversight of clinicians, are made exclusively by licensed physicians. This includes maintaining compliance when using telehealth services for remote consultations. This avoids indirect control by non-physicians.
- Avoid fee-splitting violations: Carefully structure MSO fees and physician compensation, as fee-splitting is a frequent area of concern, especially in states like Georgia and New Jersey.
- Conduct regular legal audits: Work with healthcare attorneys familiar with state-specific regulations to review Management Services Agreements. This ensures MSOs are not inadvertently given control over clinical protocols or staffing.
Using Prospyr for Compliance and Operations Management
Prospyr is designed to simplify CPOM (Corporate Practice of Medicine) compliance, especially for multi-state med spas operating under the MSO (Management Services Organization) model. By centralizing key functions like marketing, HR, and accounting while preserving clinical independence, the platform ensures compliance across state lines. Prospyr integrates seamlessly with the MSO structure, making it easier to maintain CPOM compliance in a streamlined manner.
Prospyr Features That Support Compliance
Prospyr offers several tools to help med spas stay compliant while managing day-to-day operations:
- HIPAA-Compliant CRM/EMR Integration: Protects patient data within each clinical entity and ensures the necessary separation between clinical and non-clinical functions.
- Task Management Tools: Assign and track responsibilities to keep administrative tasks distinct from clinical decision-making.
- Payment Tools: Direct revenue to the appropriate PC (Professional Corporation) account before transferring management fees, preventing fee-splitting issues.
- Digital Intake Forms and Automated Communication: Simplify administrative workflows while maintaining clear boundaries between clinical and operational roles.
Managing Multi-State Operations with Prospyr
Operating med spas across states with varying CPOM regulations requires consistent oversight, and Prospyr is built with this complexity in mind. Its centralized scheduling and analytics tools provide a unified view of operations across all locations, ensuring compliance while respecting each PC's clinical independence.
Additionally, Prospyr's marketing automation and social media management features enhance non-clinical operations. These tools enable consistent branding and patient acquisition strategies nationwide, while individual PCs retain control over clinical protocols. This clear separation between clinical and non-clinical functions is critical for CPOM compliance, and Prospyr's design helps med spas maintain these boundaries without disrupting daily operations.
Conclusion
Running a multi-state med spa isn't just about clinical expertise - it requires a solid compliance framework to navigate strict regulations. With 33 states enforcing Corporate Practice of Medicine (CPOM) laws, and particularly stringent oversight in places like California, New York, and Texas, staying compliant is non-negotiable.
The MSO-PC model has become the go-to approach for the industry because it clearly separates business operations from clinical decision-making. This structure not only safeguards physician autonomy but also protects investor interests. As enforcement tightens - such as with California's SB 351, which takes effect on January 1, 2026, and expands the California Medical Board's audit authority - having a compliant setup is critical for growth and attracting investment.
To tackle these challenges, solutions that seamlessly integrate compliance into daily operations are essential. Prospyr offers tools that centralize administrative tasks while respecting clinical independence. Its payment processing system ensures funds flow properly to the Professional Corporation (PC) account, task management features maintain clear role distinctions, and analytics provide visibility across locations without undermining the autonomy of individual PCs.
Building a compliant multi-state med spa requires thoughtful planning, a well-structured MSO-PC model, and technology designed to uphold CPOM rules. This combination makes it possible to scale confidently while protecting both the business and its patients.
FAQs
Do I need a separate physician-owned PC in every state I operate in?
In many situations, you'll need a separate physician-owned professional corporation (PC) for each state where your med spa operates and offers services that require a medical license. Since Corporate Practice of Medicine (CPOM) laws differ from state to state, they often mandate physician ownership for providing medical services. It's crucial to carefully review the specific regulations in each state to stay compliant.
How can I structure MSO fees without triggering illegal fee-splitting?
To comply with regulations and avoid illegal fee-splitting, it's important to structure MSO fees using fixed-fee or cost-plus arrangements. These arrangements should be backed by fair market value (FMV) assessments. Ensuring the fee structure is based on documented FMV not only aligns with legal standards but also supports proper financial practices under CPOM regulations.
What MSO controls most often violate CPOM (even if the contract says the doctor is independent)?
MSO activities that often conflict with CPOM regulations - even when contracts assert physician independence - include: influencing clinical decisions, determining pricing structures, and enforcing office policies that compromise a physician’s professional judgment. Such practices can erode a physician's autonomy and lead to non-compliance with CPOM rules.
