Skip to content

What You Need to Know About Medical Spa Risks and Regulations

The med spa industry is fast growing, attracting consumers, investors, and entrepreneurs alike. However, as regulations remain in constant flux and legislators place the industry under increasing scrutiny, it is essential to understand how to operate your business compliantly. Read more on how LegitScript’s Healthcare Merchant Certification program helps qualified companies demonstrate their compliance — and whether your business is eligible for certification.

What’s the Deal with Med Spas?

If you’ve noticed an increasing number of advertisements from companies offering cosmetic medical services in recent years, you are not alone. Medical spas are one of the fastest-growing sectors within the healthcare industry.

A 2023 report indicated the industry has more than tripled in size since 2012 with a reported worth of $17.5 billion at the end of 2022. And it’s only expected to continue to grow.

Medical spas, also referred to as med spas, function as a hybrid between a day spa and a medical clinic. They offer a variety of medical cosmetic and aesthetic services such as botox injections, dermaplaning, and IV infusion therapies.

Unlike traditional day spas, medical spas are typically staffed by licensed medical providers. Many med spas have also begun to offer telemedicine services and conduct online visits with patients, expanding their market reach as well as their client base.

What Are the Risks of Med Spas?

Medical spas may have ballooned in popularity during the pandemic, but are largely regulated at the state level. This has led to significant confusion for medical spas wanting to operate in multiple jurisdictions as regulations can vary widely state-to-state.

While investors, entrepreneurs, and consumers alike may be drawn to this lucrative and quickly growing industry, there are several issues to consider prior to opening or doing business with a medical spa.

Most important, businesses must be cognizant of the regulatory pitfalls in three key areas:

  1. Products and services
  2. Staffing
  3. Licensing

Trendy Services May Be More Dangerous Than You Think

To remain competitive in a fast-growing market, med spas often follow and implement trendier services, such as those touted on social media by influencers and celebrities. While popular, this can open the business up to several risks, as oftentimes these services or products have not been reviewed for safety and/or efficacy by relevant regulators. This potentially creates a safety risk for patients and opens the business up to liability.

Recently, medical spas have been the subject of numerous news stories after an investigation by the CDC highlighted the safety and oversight risks associated with the industry, including cases in which patients were infected with HIV following cosmetic injections known as “vampire facials.”

The Washington Post reported some procedures are administered by unlicensed staff members. Additionally, some medical professionals are working outside their scope of practice, and failing to ensure the safety of products resulting in serious infections, burns, and in some cases — the death of the patient.

In particular, IV infusion therapies, which are popular med spa services, have increasingly come under fire. IV infusion therapies have exploded in popularity over recent years, and are touted by celebrities such as Chrissy Teigen, Gwyneth Paltrow, and the Kardashians.

Also referred to as intravenous micronutrient therapy, IV infusion therapies involve administering high doses of vitamins and minerals directly into a patient’s bloodstream. While offering infusions of common vitamins may seem innocuous given their prevalence in the medical spa industry, they often come with additional compliance requirements that business owners may not be aware of.

Where Are the Regulators?

In 2021, the FDA published concerns over the rising popularity of “compounding [drug] products by medical offices and clinics under insanitary conditions.” They cautioned consumers against intravenous (IV) hydration clinics, medical spas, and mobile IV infusion services for “numerous deficiencies” including medical professionals in street clothes and without gloves or failing to change gloves after they come in contact with non-sterile items.

This guidance, issued in response to situations where it was discovered that non-medical staff such as cosmetologists or estheticians were performing medical procedures, highlights concerns about the level of license held by the practitioner prescribing and administering the therapies. Practitioners who provide services like IV infusions must be a licensed medical practitioner. Tennessee now requires medical spa-specific licenses with other states advancing legislation to follow suit, as medical services are largely regulated at the state level.

Ensuring Compliance, Safety, and Transparency

Whether you are a prospective med spa patient, a payment service provider processing transactions for med spas, or an advertising platform accepting ads for med spas — it’s essential to be aware of both the risks associated with the industry and the best practices that ensure compliance.

Look at the services that are being offered and who is responsible for administering the treatments. Check the business against any state licensing or operating requirements. Examine how the services are advertised and how transparent the business is about the safety and efficacy of their offerings and avoid treatments that are marketed as “cure-alls” or “solutions” to serious diseases.

Qualified Med Spas Can Demonstrate Compliance with LegitScript

Are you a medical spa offering telemedicine services? LegitScript’s Healthcare Certification provides a recognized stamp of approval for businesses that provide telemedicine services. Google, Facebook, Microsoft, TikTok, Netflix, Visa, and Mastercard all recognize LegitScript certification to show the world their providers operate legally. Certification is a powerful way to gain patient trust and ensure that your business is operating in compliance with applicable laws and regulations. Apply now for certification.

Note: At this time, Healthcare Certification is not open to brick-and-mortar clinics and medical spas that do not offer telemedicine services. Read more about who qualifies in our fact sheet.

Recent Blog Articles

ai abuse

AI Abuse Among the Top Payments Risks for 2025

The risk and compliance space for payment processing and e-commerce is dynamic. LegitScript uses its monitoring data and regulatory expertise to track trends across the commercial internet, and we compile and share our findings in our biennial high-risk trends guide. Learn more about AI abuse, one o...
counterfeit goods

Understanding the Coded Terminology of Counterfeit Goods in E-commerce

Illicit counterfeit sales are a multi-trillion-dollar scourge on the global marketplace - and hiding in plain sight. While getting duped by fake products is an increasingly frustrating reality for nearly 70% of online shoppers, a recent study found that over half of consumers knowingly bought counte...
What You Need to Know About The Australian Government’s Scams Prevention Framework.

What You Need to Know About The Australian Government’s Scams Prevention Framework

In 2023, bad actors stole 2.7 billion from consumers - and the Australian government acted quickly to propose protections. "The Scams Prevention Framework [...] is an economy-wide reform to protect the Australian community from scams. It recognises that a whole-of-ecosystem approach is required to r...
merchant risk solution

How a Third-party Merchant Risk Monitoring Solution Can Help

According to LegitScript's latest Benchmarking Report, 81% of survey participants use a merchant monitoring service provider (MMSP) to mitigate risk. And that number is growing year over year. Third-party merchant risk monitoring solutions vary but LegitScript Merchant Risk Solutions leverage regula...