Starting a med spa in Pennsylvania involves navigating strict state regulations. Here's what you need to know:
- Physician Ownership: Med spas must be owned by licensed physicians or physician groups, as per Pennsylvania's Corporate Practice of Medicine (CPOM) doctrine.
- Management Services Organizations (MSOs): Non-physicians can manage administrative tasks through an MSO, but clinical decisions remain with the physician.
- Licensing & Compliance: Facilities need to register with the Department of Health if using medical devices and ensure all staff have active Pennsylvania licenses.
- Staffing Rules: Only physicians can serve as medical directors. Nurse practitioners and physician assistants can perform treatments under supervision, while aestheticians cannot perform medical procedures.
- Good Faith Exam: Required before any cosmetic medical procedure, conducted by licensed professionals with prescribing authority.
- Facility Inspections: Annual inspections are mandatory, and compliance with state regulations is closely monitored.
- Record-Keeping: Use HIPAA-compliant systems for patient records, consent forms, and treatment documentation.
- Background Checks: Starting July 7, 2025, new healthcare license applicants must complete FBI fingerprint-based checks.
Non-compliance can result in fines up to $10,000 per violation, license revocation, or business closure. Staying informed and leveraging tools like Prospyr can help med spa operators meet these requirements effectively.
Ownership and Corporate Practice of Medicine (CPOM) in Pennsylvania
Physician Ownership Requirements
Pennsylvania's Corporate Practice of Medicine (CPOM) doctrine, rooted in the 1938 Neill v. Gimbel Brothers, Inc. case, requires that medical practices be entirely controlled by licensed physicians. This means that med spas operating in the state must be 100% physician-owned.
Permit Health highlights this principle:
corporations, by their nature, lack the personal qualities and qualifications required for professional practice
Pennsylvania is one of 33 states that enforce this restriction. Violations can result in steep penalties, including fines of up to $10,000 per offense, license revocation, and mandatory repayment of revenue.
Management Services Organizations (MSOs)
For non-physician entrepreneurs, the Management Services Organization (MSO) model offers a way to engage in the med spa industry without violating CPOM rules. Under this setup, the MSO takes on administrative responsibilities, such as marketing, billing, payroll, equipment procurement, and lease management. Meanwhile, a separate, physician-owned entity retains full authority over clinical decisions.
To ensure compliance, the MSO operates under a formal Management Services Agreement (MSA), which explicitly limits its role to administrative functions. The agreement must also ensure that compensation aligns with fair market value to avoid fee-splitting issues. Lengea Law emphasizes:
the law wants to make sure that medical decisions are made by licensed providers - not influenced by business owners, investors, or corporations
Professional Corporation and PLLC Formation
To legally structure a med spa in Pennsylvania, the medical side must be organized as a Professional Corporation (PC), Limited Liability Partnership (LLP), or a Pennsylvania Restricted Professional Company. All owners of these entities are required to hold an active, unrestricted Pennsylvania medical license. In this setup, the physician-owned entity employs clinical staff and provides all medical services, while an MSO (if involved) operates separately, focusing solely on administrative tasks.
Although Pennsylvania does not have general state laws prohibiting fee-splitting in medical practices, it’s essential to consult a healthcare attorney. A legal review ensures your structure aligns with CPOM standards, keeping your operation compliant. This dual-entity model not only adheres to the law but also allows non-physicians to contribute to the business side of the med spa industry.
These ownership and structural considerations lay the groundwork for addressing staffing and professional credentialing, which will be covered in the next section.
Staffing and Professional Credentialing Requirements
Pennsylvania Med Spa Staff Roles and Permitted Procedures
Medical Director Responsibilities
In Pennsylvania, every med spa must have a licensed physician (MD or DO) as its medical director. This role cannot be filled by physician assistants or nurse practitioners. The medical director is ultimately accountable for all patient care provided at the facility, regardless of who performs the treatments. The American Med Spa Association emphasizes this responsibility:
"The supervising physician is responsible for every patient seen by the medical spa, and it is that physician's license on the line in any issues of legality or negative patient outcomes."
To meet state requirements, the medical director must have documented training and expertise in every medical treatment offered at the spa. For example, if your facility provides services like laser treatments, injectables, or IV hydration, your medical director must have verifiable training in each area.
Permitted Procedures by Professional Role
Pennsylvania law clearly outlines what procedures each type of staff member is allowed to perform. Physicians hold the broadest scope of practice, which includes conducting all medical procedures and performing Good Faith Exams. Nurse practitioners and physician assistants can handle most medical aesthetic treatments, such as injectables and laser procedures. However, nurse practitioners must operate under a collaborative agreement with a physician, as Pennsylvania does not grant them full practice authority.
Registered nurses are permitted to perform certain cosmetic medical procedures like injections and laser treatments, but only under appropriate supervision. They cannot, however, perform Good Faith Exams or diagnose patients. The American Med Spa Association explains:
"The examination of patients and diagnosis of treatment constitutes the practice of medicine, and so is outside of the scope of practice of registered nurses."
Aestheticians and unlicensed staff are prohibited from performing cosmetic medical procedures such as neurotoxins, fillers, lasers, dermaplaning, or deep chemical peels. These are classified as medical procedures in Pennsylvania. Additionally, the State Board of Cosmetology has determined that microblading is not within the scope of cosmetology.
| Professional Role | Can Perform Good Faith Exam? | Can Perform Injections/Lasers? | Can Serve as Medical Director? |
|---|---|---|---|
| Physician (MD/DO) | Yes | Yes | Yes |
| NP / APRN | Yes (with collaborative agreement) | Yes | No |
| Physician Assistant | Yes (under supervision) | Yes | No |
| Registered Nurse | No | Yes | No |
| Aesthetician | No | No (for medical-grade procedures) | No |
Training and Documentation Requirements
Every staff member must have documented training and certifications for the procedures they perform. It’s critical to maintain detailed records of completed training, especially for operating medical devices like lasers. Additionally, all professional licenses should be verified through Pennsylvania's PALS database to ensure they are active and to check for any disciplinary history.
Starting July 7, 2025, new applicants for healthcare practitioner licenses in Pennsylvania will need to complete a fingerprint-based FBI background check through IdentoGO. Physician assistants and nurse practitioners must also have written collaborative or supervisory agreements with a physician on file. For registered nurses, clear delegation protocols should be documented, specifying which tasks have been authorized by the supervising physician to ensure compliance with their legal scope of practice.
Licensing fees for registered nurses in Pennsylvania include $95 for licensure by examination, $120 for endorsement, and $122 for biennial renewal. Additionally, the medical director must keep current CME records, including documentation of required opioid education.
These credentialing practices are vital for meeting the licensing and operational standards required for med spa facilities in Pennsylvania.
Facility Licensing and Operational Compliance
State Licensing and Professional Registration
In Pennsylvania, medical professionals working in med spas must hold an active license issued by the Pennsylvania State Board of Medicine. New applicants are required to complete an FBI fingerprint background check through IdentoGO, as mandated by state regulations.
For facilities offering esthetic or cosmetology services, a salon license from the State Board of Cosmetology is essential. These facilities must also pass inspections conducted by the Bureau before they can begin operations. If your business uses medical devices like lasers or medicated cosmetics, it must be registered with the Department of Health's Drug, Device, and Cosmetic (DDC) Program. Most professional and facility licenses are handled through the Pennsylvania Licensing System (PALS), which can be accessed at www.pals.pa.gov.
Once all necessary licenses are secured, the next step is ensuring compliance with the regulations governing the use of lasers and medical devices.
Compliance for Laser and Medical Devices
Pennsylvania has specific regulations for Class II medical devices, which are used to treat deeper layers of skin. This includes devices like Intense Pulsed Light (IPL) systems and various types of lasers. Only licensed medical professionals with proper training are permitted to operate these devices. Additionally, all medical devices and medicated cosmetics used in your facility must be registered through the Department of Health's DDC program portal. To maintain compliance and ensure patient safety, it’s crucial to service these devices regularly and keep detailed maintenance records.
Beyond device compliance, facilities must also meet stringent standards during state inspections.
Facility Standards and Inspections
State law in Pennsylvania requires facilities with licensure to undergo annual on-site inspections by authorized agents. For businesses offering salon services, inspectors will assess compliance with floor space requirements outlined in 49 Pa. Code § 7.76. They will also verify that the licensed space is being used exclusively for its intended purpose. The Pennsylvania State Board of Cosmetology emphasizes:
"Bureau inspectors will continue to inspect the entirety of your salon for compliance with 49 Pa. Code § 7.77 and all other relevant regulations and provisions of the Cosmetology Act."
During these inspections, agents have unrestricted access to the facility and may interview staff and clients to ensure all regulations are being followed. If the facility relocates or changes ownership, a new application and inspection must be completed before reopening. In cases of noncompliance, the facility must submit a corrective plan outlining the steps and timeline for resolving the issues.
sbb-itb-02f5876
Patient Assessments and Record-Keeping Requirements
In addition to strict rules on ownership, staffing, and facility operations, Pennsylvania med spas need to pay close attention to patient assessments and meticulous record-keeping.
Good Faith Exam Requirements
Under Pennsylvania law, cosmetic medical procedures like injections, laser treatments, and chemical peels are classified as the practice of medicine. Before performing any of these procedures, a Good Faith Exam (GFE) is required to establish a physician-patient relationship.
This exam can only be conducted by licensed healthcare professionals with prescribing authority. That includes Physicians, Physician Assistants (PAs), and Advanced Practice Registered Nurses (APRNs).
A proper GFE involves a physical examination, a thorough review of the patient’s medical history, and an evaluation to ensure the patient is a suitable candidate for the specific procedure. If a patient requests a new treatment or experiences major health changes, a new GFE is necessary. For ongoing treatments, it’s recommended to perform annual re-evaluations to stay compliant.
These assessments form the foundation for proper and compliant record-keeping practices.
Documentation and Consent Forms
It’s essential to secure informed consent from patients and record all treatment details, including potential risks, benefits, and alternatives, using a HIPAA-compliant Electronic Medical Records (EMR) system.
EMR systems are now the norm in Pennsylvania med spas. These systems should include features like before-and-after photo tracking, e-consent forms with digital signatures, and detailed audit trails for every patient interaction. Patient records in Pennsylvania are protected under strict confidentiality laws and cannot be subpoenaed without the patient’s consent or a court order proving the records are essential for an investigation.
If your facility handles controlled substances or prescription-grade treatments, maintaining accurate inventory records is a must to remain compliant. Additionally, Pennsylvania requires licensees to notify their licensing board in writing within 30 days if they face disciplinary actions in another jurisdiction or are found guilty of any felony or misdemeanor offenses.
Strong documentation practices are key to meeting HIPAA and state data security requirements.
HIPAA Compliance and Data Security
Pennsylvania med spas must adhere to federal HIPAA guidelines as well as the state’s Breach of Personal Information Notification Act (BPINA), which will see updates effective September 26, 2024. Protected information includes a patient’s name paired with medical details, health insurance information, Social Security numbers, driver’s license numbers, or financial account details.
In cases where breaches affect more than 500 residents - or involve sensitive identifiers - you must notify the Pennsylvania Attorney General and offer affected individuals 12 months of credit monitoring. Public entities are required to act within seven business days.
To stay compliant, use HIPAA-compliant software with encrypted data storage and built-in audit logs. Solutions like Prospyr offer integrated EMR systems with secure data management, e-consent functionality, and real-time analytics tailored to Pennsylvania’s privacy standards. Limit access to patient data to authorized personnel and maintain detailed logs of who accesses records and when.
Maintaining Compliance and Best Practices
Staying compliant with Pennsylvania med spa regulations requires constant attention, regular internal reviews, and ensuring your staff's credentials are always up to date.
Regular Compliance Audits
To stay ahead of potential issues, conduct regular internal audits. Start by verifying staff licenses through the PALS database. Pay special attention to scope of practice rules. For instance, the State Board of Cosmetology has determined that microblading is not within the scope of cosmetology and is therefore prohibited in cosmetology salons.
Make sure to register any medical devices or medicated cosmetics with the Department of Health. According to the Department:
Any business in the Commonwealth of Pennsylvania who is manufacturing, distributing or retailing drugs, medical devices, and/or medicated cosmetics must register with the Department of Health unless otherwise noted as a designated exemption
Prepare your facility for inspections by the Bureau of Professional and Occupational Affairs. These inspections ensure compliance with 49 Pa. Code § 7.77 and other provisions outlined in the Cosmetology Act.
Regular audits naturally tie into the importance of keeping staff credentials current and well-documented.
Staff Training and Credential Tracking
Keeping staff credentials current is non-negotiable. Starting July 7, 2025, all new health care practitioner license applicants in Pennsylvania will need to complete a fingerprint-based FBI background check. Beyond this, track all Continuing Medical Education (CME) requirements for medical professionals. Use official forms, like the CME Category 2 Reporting Form for Physicians, to document ongoing training.
Stay informed by monitoring communications from the State Board for updates on regulatory changes and exposure drafts. The State Board of Medicine emphasizes:
All Pennsylvania licensees are reminded to review the requirements of professional licensure as set forth in the Practice Act and Board Regulations to aid in their exercise of good faith professional judgment
When hiring, use the PALS "Public Look Up" feature to confirm that candidates hold active licenses with no suspensions. Additionally, maintain role-specific CME records and regularly review Practice Acts to ensure your staff's activities align with current legal standards.
Using Technology for Compliance
Technology can make compliance much easier. Implement HIPAA-compliant software with encrypted storage and built-in audit logs to protect patient data. Such systems also simplify OSHA documentation, including exposure control plans for bloodborne pathogens and laser safety records.
Platforms like Prospyr are designed for aesthetics and wellness clinics, offering integrated EMR systems that help you securely manage patient records, track staff credentials, automate scheduling, and generate real-time analytics. These tools ensure compliance with Pennsylvania’s privacy standards while reducing the risk of oversight. Automating compliance tasks not only saves time but also minimizes the chances of costly errors. Additionally, third-party compliance software can perform digital audits to catch issues before they lead to board investigations or fines.
Conclusion
Running a med spa in Pennsylvania comes with a unique set of legal and operational challenges. The state's Corporate Practice of Medicine (CPOM) rules require that physicians own the clinical side of the business. Non-physician entrepreneurs, however, can still play a significant role by setting up a Management Services Organization (MSO) to handle non-clinical tasks like marketing, payroll, and billing.
A critical requirement for all treatments is the Good Faith Exam, conducted by a qualified provider. Skipping this step can lead to serious legal consequences, making it a cornerstone of compliance. Beyond this, med spa owners must also register medical devices and medicated cosmetics with the Pennsylvania Department of Health and ensure that all staff operate strictly within their licensed scope. A supervising physician, fully trained in all offered treatments, is also mandatory.
Documentation plays a huge role in maintaining compliance. This includes not only patient charts but also device maintenance logs, OSHA compliance records, and digital consent forms that meet HIPAA standards. Regular audits and credential checks are vital to avoid violations, especially with the med spa market expected to grow by $31.5 billion by 2025. Staying informed through state board updates can also help prevent unexpected business interruptions.
Technology can make meeting these requirements much easier. Tools like Prospyr's integrated EMR system are designed to streamline compliance. From tracking staff credentials and scheduling Good Faith Exams to maintaining encrypted patient records and generating compliance reports, Prospyr simplifies the process. Its HIPAA-compliant infrastructure and real-time analytics allow med spa operators to focus on patient care without worrying about falling short of regulatory standards. By combining diligent compliance efforts with advanced technology, Pennsylvania med spas can provide top-tier care while staying firmly within the law.
FAQs
What are the consequences of not following Pennsylvania med spa regulations?
Non-compliance with Pennsylvania's med spa regulations can carry serious consequences, including steep financial penalties. Civil fines for violations - such as operating without the necessary licenses or failing to meet required standards - can range anywhere from $1,000 to $50,000. These penalties are in place to ensure adherence to the rules and to prioritize patient safety.
Beyond monetary fines, med spas risk license suspension or even revocation, which could lead to shutting down the business entirely. To avoid these outcomes, it's essential to ensure your med spa complies with all state licensing, certification, and operational requirements, safeguarding both your practice and your patients.
Can someone who isn’t a physician own or run a med spa in Pennsylvania?
In Pennsylvania, the Corporate Practice of Medicine doctrine generally prohibits non-physicians from owning or operating a medical spa. This regulation ensures that licensed physicians are the ones making medical decisions and managing medical practices.
That said, non-physicians can collaborate with licensed physicians through certain business arrangements, as long as the physician retains control over all medical aspects. To navigate these rules properly, it's crucial to work with legal and compliance professionals to ensure your med spa aligns with state laws.
What training is required for med spa staff in Pennsylvania?
In Pennsylvania, the training requirements for med spa staff vary based on the services they offer and their professional licenses. For estheticians, the state mandates at least 300 hours of training at a licensed cosmetology school. They must also pass both a theory and practical exam and hold a high school diploma or equivalent. There are exceptions to the diploma requirement for veterans and individuals over 35. This rigorous preparation equips estheticians to deliver skin care services effectively.
When it comes to medical procedures like cosmetic injections or laser treatments, these are classified as medical services. Only licensed medical professionals or those operating under proper medical supervision are permitted to perform them. Similarly, procedures like microblading require specialized training and credentials consistent with the practitioner’s license.
Adhering to these requirements is crucial to ensure legal compliance and maintain safety standards in Pennsylvania.
