Disclaimer: This content is for educational and informational purposes only. It is not legal or medical advice. Rules and interpretations change. Always verify requirements with the Medical Board of California (MBC), California Board of Registered Nursing (BRN), Physician Assistant Board (PAB), and the California State Board of Pharmacy, and seek qualified legal counsel before making compliance decisions.
Executive Summary
- In California, only a licensed physician (MD/DO) may direct or delegate medical services such as injectables, lasers, radiofrequency, or other energy-based procedures. These activities fall squarely under the practice of medicine and must occur within a physician-owned professional corporation (PC) or professional limited liability company (PLLC).
- California enforces a strict Corporate Practice of Medicine (CPOM) doctrine: non-physician entities (MSOs) may manage business functions—like staffing, marketing, or billing—but may not influence clinical decisions, provider supervision, or patient care records.
- Nurse Practitioners (NPs) must practice under Standardized Procedures jointly developed with a physician, unless authorized for limited independence under AB 890. In aesthetic settings, collaborative Standardized Procedures remain the practical standard.
- Physician Assistants (PAs) work under a Practice Agreement with physician supervision. Following SB 697, California removed fixed supervision ratios, allowing each practice to define appropriate oversight and chart-review protocols internally.
- Registered Nurses (RNs) may perform medical procedures such as injections or device-assisted treatments only under orders from an MD/DO, NP, or PA. Estheticians and cosmetologists may not perform or assist with medical procedures involving tissue alteration or device use.
- All laser, IPL, and RF devices are regulated as medical equipment and may only be operated by appropriately licensed medical personnel under physician oversight.
- Telehealth is permitted when the provider holds a valid California license, obtains informed consent, maintains the same standard of care as in-person visits, complies with e-prescribing requirements, and performs CURES database checks before prescribing Schedule II–IV controlled substances.
- Together, these rules define the core responsibilities of California medical directors: to maintain clear physician control, lawful delegation, documented supervision, compliant marketing, and continuous quality oversight in every aspect of medspa operations.
The California Quick Compliance Checklist
Entity & Ownership Structure
Clinical services must be delivered only through a physician-owned professional corporation (PC) or professional limited liability company (PLLC).
Non-physicians may own or manage Management Services Organizations (MSOs) that handle nonclinical operations such as staffing, space, payroll, marketing, or billing.
However, the MSO cannot control, direct, or interfere with medical judgment, provider selection, or access to patient records—these remain under physician authority.
The management agreement should clearly define clinical independence and include annual physician review.References:
California Legislative Information, (Business & Professions Code §2400 – Corporate Practice of Medicine)
Medical Director Credentials
The medical director must be a California-licensed MD or DO with an active, unencumbered license. This physician is legally responsible for all clinical oversight, ensuring appropriate delegation, supervision, and quality assurance (QA). If overseeing aesthetics or weight loss, they should maintain training and experience relevant to those areas. The director must be readily available for chart review, consultation, and escalation, and should document coverage arrangements for absences.
References:
California Legislative Information, (Business & Professions Code §2052 – Practice of Medicine Definition)
Delegation & Prescriptive Authority
Nurse Practitioners (NPs):
- NPs must practice under Standardized Procedures that meet Board of Registered Nursing (BRN) requirements unless they qualify for independent authority under AB 890. These written procedures, signed by both NP and supervising physician, define authorized acts, communication methods, and QA cadence. Even under independent authority, NPs must maintain compliance with all BRN practice standards and patient safety rules.
Physician Assistants (PAs):
- PAs operate under a written practice agreement with a supervising physician, which must outline delegated tasks, prescribing authority, and consultation methods. Following SB 697 (2019), the law removed fixed supervision ratios; practices must define appropriate oversight internally and document physician availability for review and escalation.
Registered Nurses (RNs):
- RNs may perform medical procedures only under orders from a licensed prescriber (MD/DO/NP/PA) and within the nursing scope of practice. They may not independently diagnose, prescribe, or initiate procedures such as injectables or laser treatments without a patient-specific order. Read California Business and Professions Code §2725 – Nursing Scope of Practice.
Scope of Practice, Protocols & Supervision
Scope of Practice Mapping (Best Practice)
Maintain a written matrix or log listing each service performed (e.g., injectables, lasers/IPL/RF, microneedling, IV therapy).
For each service, specify:
- Which license types may perform it
- Training prerequisites and certifications
- Required level of supervision (direct, indirect, general)
- Renewal and revalidation schedule
This document should be reviewed annually by the medical director and updated whenever new services, devices, or staff are introduced. Keeping this “Scope of Practice Map” current is one of the clearest indicators of compliance during audits.
Informed Consent & Protocols
Every service offered must have a procedure protocol packet with defined:
- Indications and contraindications
- Step-by-step guidance for patient assessment and documentation
- Emergency and complication algorithms (e.g., hyaluronidase for filler occlusion, anaphylaxis treatment, vasovagal syncope management)
- Pre- and post-care instructions
- Signature lines for provider and patient consent
Keep protocols for each major category: injectables (Botox®, fillers, threads), microneedling, IV therapy, lasers/IPL/RF, etc. All staff should know the location of these packets and demonstrate familiarity during audits or incident reviews. See California Legislative Information, (Business & Professions Code §2260 – Medical Records and Documentation).
Laser / Energy-Device Compliance
Under California law, lasers, intense pulsed light (IPL), and radiofrequency (RF) systems used for cosmetic or aesthetic purposes are classified as medical devices because they alter living tissue.
Accordingly, these devices may only be operated by licensed clinicians — a physician (MD/DO), nurse practitioner (NP), physician assistant (PA), or registered nurse (RN) — acting under appropriate supervision and within their scope of practice. See also Medical Board of California – Medical Spas Guidance).
Marketing & Representation
California law prohibits false, misleading, or deceptive advertising in medical practice under Business and Professions Code §651, and it prohibits unlicensed medical practice under BPC §2052.
Clinics and medical directors must ensure all marketing, branding, and public representations accurately reflect the licensure, scope, and credentials of the providers involved.
Advertising & Representation Requirements
- Truthful Identification:
All marketing materials, websites, and signage must accurately represent the clinic’s licensed status and provider credentials. Titles such as “doctor,” “nurse,” “medical spa,” or “clinic” may only be used in compliance with California law and professional licensing rules. - Use of “Board-Certified” Claims:
The term “board-certified” may be used only if the certifying board is recognized by the American Board of Medical Specialties (ABMS), the American Osteopathic Association (AOA), or another MBC-approved board. - Ownership & Representation:
Non-physician management entities (MSOs) and lay owners may not represent themselves as medical providers or imply clinical authority. All patient care decisions must remain under the direction of licensed physicians, consistent with California’s Corporate Practice of Medicine (CPOM) doctrine. - Testimonials, Before/After Photos, and Claims:
Any testimonials or before/after photographs must be truthful, not misleading, and supported by documented patient consent forms. All promotional claims (e.g., “permanent results,” “FDA-approved,” “guaranteed outcomes”) must be verifiable and evidence-based, following FTC Truth-in-Advertising Standards.
Quality Assurance (QA)
A robust QA system demonstrates active medical oversight.
- Conduct regular chart reviews, documenting findings, remediation, and follow-up.
- Maintain incident and complication logs, including patient outcomes and corrective actions.
- Verify staff competencies annually and after any adverse event.
- Perform device safety checks (maintenance, calibration, and operator retraining).
- Keep QA meeting minutes with attendance, agenda, and sign-offs from the medical director.
These records form the backbone of your defensible audit trail and should be retained for at least seven years. You can also read California Hospital Association – Record Retention Requirements (PDF).
The Legal Frame: CPOM + Who Can Be a “Medical Director”?
Who can be a Medical Director in California?
CPOM in California.
Supervision & Delegation in California Medspas
Nurse Practitioners (NPs)
NPs practice under Standardized Procedures developed jointly with physicians that define permitted assessments, treatments, and device use. Under AB 890, qualifying NPs may obtain limited independent practice authority, but must verify eligibility and maintain documentation.
🔗 BRN – AB 890 Implementation
Physician Assistants (PAs)
PAs work under a written practice agreement that outlines supervision, delegation, and review. SB 697 (2019) removed the former 4:1 supervision ratio, allowing flexibility so long as the agreement and Physician Assistant Board regulations are followed.
🔗 PAB – SB 697 FAQ (PDF)
Registered Nurses (RNs)
RNs perform ordered medical treatments within the RN scope of practice and under physician, NP, or PA direction. They may not diagnose, prescribe, or initiate medical procedures independently without a patient-specific order.
🔗 BRN – Standardized Procedures & Scope of Practice
Practical Tips for California Compliance
Keep standardized procedures and PA practice agreements current and signed (track annual reviews); maintain competency files for injectors/device operators; never delegate lasers/IPL to estheticians; keep QA minutes and chart-review logs; use conservative marketing consistent with BPC §§651, 2052.
Injectables and Device Procedures: What “Legal” Looks Like in Practice
Injectables (e.g., Botox®, Fillers, Biostimulators)
Practical Compliance Tips:
Before Treatment:
- Examine patient yourself (for RN delegation) or ensure NP performs exam under standardized procedures
- Create injectable-specific protocols for each product type
- Verify staff has injectable certification/training
Documentation Must Include:
- Product lot numbers, expiration dates, manufacturer
- Dosage, injection sites, technique
- Informed consent covering vascular occlusion, bruising, allergic reactions
- Your examination notes and treatment approval
Emergency Preparedness:
- Stock hyaluronidase (for filler complications)
- Post vascular occlusion protocol in treatment rooms
- Train staff to recognize early warning signs immediately
Delegate only to: Licensed MD/DO/NP/PA/RN (never medical assistants or estheticians)
Resources: Medical Board of California | BPC §2052
Lasers, IPL, RF, and Other Energy Devices
Practical Compliance Tips:
Immediate Availability Requirement:
- Be contactable by phone/electronic means without delay, interruptible, and able to provide assistance throughout the procedure
- Stay within geographical distance to respond to emergencies
- Cannot supervise procedures at facilities you don’t control (no salon/spa locations)
Training & Protocols:
- Document device-specific training for each operator
- Create protocols for each device including safety parameters and contraindications
- Verify you are trained in procedures you supervise (cannot supervise what you can’t perform)
- Conduct competency assessments initially and ongoing
Absolutely Prohibited:
- Estheticians, cosmetologists, medical assistants operating lasers/IPL
- Delegation without standardized procedures
- Operating outside organized healthcare system under physician control
IV Therapy & Wellness
Practical Compliance Tips:
Protocols Required:
- Written physician-approved protocols for each IV formulation
- Patient selection criteria and contraindications
- Monitoring requirements during infusion
Emergency Kit Must Include:
- Epinephrine (anaphylaxis)
- Diphenhydramine and corticosteroids
- IV fluids and emergency equipment
- Conduct quarterly emergency drills
Documentation:
- Staff competencies and IV certification
- Medication logs (DEA compliance for controlled substances)
- Baseline labs when appropriate (renal function, etc.)
- Informed consent specific to IV therapy risks
Telehealth (Virtual Aesthetics Triage, Primary Care, Psych, Weight Management)
Consent & Standard of Care
Providers must inform and document patient consent before delivering telehealth services and maintain the same standard of care as in-person visits. All confidentiality and recordkeeping laws still apply.
E-Prescribing Requirements
Prescribers and pharmacies must have the capability to issue and receive electronic prescriptions, except in limited cases such as technological failure, terminal illness, or hospital exemptions. Controlled substances must follow DEA e-Rx rules.
🔗 BPC § 688 | CA Board of Pharmacy FAQ | Medical Board Guidance
CURES (Prescription Drug Monitoring Program)
Before prescribing any Schedule II–IV controlled substance, prescribers must check the CURES database. If the medication remains part of ongoing therapy, CURES must be rechecked at least every four months.
Paperwork California Regulators Expect
California regulators — including the Medical Board of California (MBC), Board of Registered Nursing (BRN), and Physician Assistant Board (PAB) — expect physician-led clinics and MSO-supported medspas to maintain thorough documentation that proves compliance with state law and professional standards.
Here’s a categorized checklist with verified references:
I. Legally Required Documents
Physician Entity + MSO Contract
California prohibits the corporate practice of medicine, meaning only licensed physicians may own or control medical decision-making. A compliant Management Services Agreement (MSA) must separate business functions (billing, marketing, space, HR) from clinical authority.
NP Standardized Procedures
Nurse Practitioners must work under Standardized Procedures (protocol agreements) unless they meet independent practice requirements under AB 890. These written documents define the NP’s scope, supervision, and delegation.
PA Practice Agreements
Physician Assistants must operate under a Practice Agreement that defines supervision, chart review, and delegated tasks. Since SB 697 (2020), this replaces the older “Delegation of Services” agreement.
Licenses, DEA, and Controlled Substance Registrations
Maintain current state licenses, DEA registration, and any furnishing numbers (for NPs/PAs). Regulators routinely request copies during complaints or audits.
Informed Consent Packets
Written consent forms are required for medical, surgical, and elective aesthetic procedures. Forms must outline risks, benefits, alternatives, and who performs the procedure.
Marketing & Advertising Compliance File
All promotional materials must comply with state advertising laws. Maintain copies of approved ads, disclaimers, and “before-and-after” consent forms. Read BPC § 651 – Advertising Rules for Healing Arts Practitioners, Advertising Regulations
II. Best Practice / Inspection-Expected Documents
Device Safety Training & Maintenance Logs
While not codified for every clinic type, inspectors expect records showing device training, calibration, and service logs — especially for lasers, injectables, and aesthetic equipment. Visit CDPH – Medical Device Safety Program, Medical Device Reporting for User Facilities
Quality Assurance (QA) Minutes & Chart Review Logs
Routine QA meetings and chart reviews demonstrate ongoing supervision, risk management, and compliance with standard-of-care duties. These are often reviewed during complaint investigations or site inspections. Also read Medical Board – Complaint & QA Expectations, Association for Healthcare Documentation Integrity – QA Best Practices.
Common Mistakes in California Medspas
Allowing Estheticians to Inject or Use Lasers
Only physicians, NPs, PAs, and RNs working under medical supervision may perform injections or use lasers/IPL. Estheticians may not penetrate skin or use medical devices.
Missing or Outdated NP/PA Agreements
NPs must have signed Standardized Procedures (or meet AB 890 independence criteria). PAs must have current Practice Agreements defining supervision and scope.
Improper or Misleading Marketing
Ads implying that RNs or NPs operate independently can violate BPC §651 (false advertising) or BPC §2052 (unlicensed practice). Always identify physician oversight.
No Documented QA or Chart Review
Regulators expect records of quality assurance meetings, chart reviews, and peer oversight to confirm safe delegation and standard of care.
MSO Overreach into Clinical Control
The Corporate Practice of Medicine (CPOM) rule bars management companies from influencing medical decisions. The physician must retain full control of clinical operations.
30 / 60 / 90-Day Implementation Plan
Days 1–30: Foundation & Paperwork
- Confirm PC + MSO separation of business vs. medical control.
- Draft or update NP Standardized Procedures and PA Practice Agreements.
- Verify all licenses, DEA, and furnishing numbers.
Days 31–60: QA in Action
- Begin chart reviews and QA meetings.
- Run a mock inspection using MBC guidelines.
- Audit marketing for BPC §651 compliance.
Days 61–90: Harden & Scale
- Complete direct-observation sign-offs for injectors/device operators.
- Use competency checklists and refresher training.
- Update procedures before adding new modalities.
FAQs
Can a non-physician own a medspa in California?
A lay entity can run an MSO, but clinical care must be delivered by a physician-owned professional corporation; the MSO cannot control medical judgment.
Can estheticians inject Botox® or use lasers?
No—those are medical procedures limited to MD/DO/NP/PA/RN within protocols and supervision.
What do NPs and PAs need on paper?
NPs: Standardized Procedures (and AB 890 pathway compliance if applicable). PAs: written practice agreement and documented supervision.
Is telehealth allowed?
Yes—with CA licensure, informed consent, proper documentation, e-prescribing capability, and CURES checks for controlled substances.
How Medical Director Co. Supports California Medspas
California-licensed physicians experienced in medspa compliance provide direct clinical oversight and ensure adherence to state laws. Services include:
- Standardized Procedures & Agreements: Turnkey NP standardized procedures and PA practice agreements aligned with California scope-of-practice rules.
- Quality Oversight: QA frameworks with agendas, chart-review templates, and audit-ready logs to document supervision and compliance.
- Device & Injectable Oversight: Training validation, competency sign-offs, and safe-use protocols for lasers, fillers, and energy devices.
- MSO Review: Evaluation of management agreements to maintain separation of business and clinical control under CPOM.
- Regulatory Monitoring: Ongoing tracking of law and rule changes with proactive compliance updates for medical directors and clinic staff.
Find a California Medical Director with Medical Director Co.
Florida Resources You Should Bookmark
- Medical Board of California
https://www.mbc.ca.gov/ - Board of Registered Nursing (BRN)
https://www.rn.ca.gov/ - BRN – AB 890 (NP Independent Practice Pathways)
https://www.rn.ca.gov/practice/ab890.shtml - Physician Assistant Board – SB 697 FAQ
https://pab.ca.gov/forms_pubs/sb697faqs.pdf - Business & Professions Code §2290.5 – Telehealth Consent
https://california.public.law/codes/business_and_professions_code_section_2290.5 - Business & Professions Code §688 – E-Prescribing Requirements
https://codes.findlaw.com/ca/business-and-professions-code/bpc-sect-688/ - Health & Safety Code §11165.4 – CURES (Prescription Drug Monitoring)
https://california.public.law/codes/health_and_safety_code_section_11165.4 - Business & Professions Code §651 – Advertising & Representation Rules
https://california.public.law/codes/business_and_professions_code_section_651 - Business & Professions Code §2052 – Definition of Medical Practice / Unlicensed Practice Prohibition
https://california.public.law/codes/business_and_professions_code_section_2052
Bolton M. Harris, J.D., is a seasoned attorney with a formidable background in criminal law and a focus on healthcare law and compliance. As the in-house legal counsel at Medical Director Co., Harris brings a unique blend of prosecutorial experience and regulatory expertise to support healthcare professionals across Texas. Her career spans roles as a prosecutor in multiple counties and now as a trusted advisor on the legal intricacies of medical practice operations.
Education & Early Career
Bolton Harris completed her undergraduate studies at Southern Methodist University (SMU) in 2013. During her time at SMU, she was not only a dedicated student but also a competitive athlete on the university’s women’s swimming team. She went on to earn her Juris Doctor from Texas A&M University School of Law in 2016 and became a member of the Texas Bar that same year. Armed with a strong academic foundation and discipline honed as a student-athlete, Harris embarked on a career in criminal law immediately after law school.
Prosecutorial Experience in Texas
Bolton Harris began her legal career in public service as a criminal prosecutor. She served as an Assistant District Attorney in multiple jurisdictions, where she quickly rose through the ranks and handled a broad spectrum of cases. Some highlights of her prosecutorial career include:
- Assistant District Attorney, Dallas County, Texas: Prosecuted a high volume of criminal cases in one of the state’s busiest DA offices, gaining extensive trial experience in both misdemeanor and felony courts.
- Assistant District Attorney, Ellis County, Texas: Continued to hone her courtroom advocacy skills, known for meticulous case preparation and a tenacious pursuit of justice on behalf of the community.
- Assistant District Attorney, Navarro County, Texas: Broadened her legal expertise by handling diverse criminal matters in a smaller county, working closely with law enforcement and community leaders to uphold the law.
Through these roles, Harris built a reputation for being a tough but fair advocate. She brought numerous cases to trial and developed an in-depth understanding of the criminal justice system. This distinguished prosecutorial background laid a strong foundation for the next phase of her career in the private sector.
Healthcare Law & Compliance at Medical Director Co.
After her tenure as a prosecutor, Harris shifted her focus to healthcare law, applying her legal acumen to the medical field. She recognized that the same attention to detail and tenacity that served her in criminal law could benefit healthcare providers navigating complex regulations. Embracing this new direction, Harris became well-versed in the intricate laws governing medical practices – from licensing requirements to patient safety and privacy standards – and is passionate about helping practitioners stay compliant.
In her current role as the in-house attorney for Medical Director Co., Bolton Harris oversees all legal and compliance matters for the organization and its clients. Medical Director Co. is a nurse-owned firm that connects nurse practitioners (NPs), physician assistants (PAs), and registered nurses with qualified medical directors and collaborating physicians, offering fast placements and comprehensive compliance support for healthcare practices. Harris ensures that each of these partnerships and clinical ventures adheres to all applicable state and federal laws. She is responsible for drafting and reviewing collaborative practice agreements, advising on regulatory requirements, and providing ongoing legal counsel as clients establish and grow their clinics. Drawing on her prosecutorial eye for risk management, Harris proactively identifies potential legal issues and addresses them before they escalate, giving healthcare professionals peace of mind.
Bolton M. Harris’s multifaceted expertise – spanning high-stakes courtroom litigation to detailed healthcare compliance – makes her a formidable legal ally. Whether advocating in front of a jury or guiding a medical practice through regulatory hurdles, she remains committed to the highest standards of the legal profession. Her blend of courtroom-tested skill and healthcare law knowledge ensures that clients of Medical Director Co. receive elite-level counsel and steadfast protection in an ever-evolving legal landscape.
