Opening a med spa or wellness clinic comes with a lot of decisions. One of the most important ones is how you set up your business’s legal structure.
Corporate practice of medicine (CPOM) laws decide who can own and control medical services. If you don’t follow these rules, you can face fines, lose contracts, or even be forced to close. These rules vary by state, and it’s not always clear who should make medical decisions and who should run the business side.
Here, we’ll explain CPOM compliance in clear terms and how it applies to med spas and wellness clinics so you can set up your business the right way from the start.
What Is CPOM Compliance? A Clear Explanation for Med Spa Owners
CPOM compliance (corporate practice of medicine laws) defines who can own, operate, and control medical services. In most states, only licensed physicians or physician-owned entities can own the clinical side of a business and make medical decisions.
These laws exist to protect patient safety. They prevent non-physicians from influencing how medical treatments are performed or prioritized for profit.
For med spa owners, this applies to services like Botox, IV therapy, and medical weight loss. Even if these treatments are elective, they are still considered medical. That means a licensed physician must oversee or own the clinical side, depending on state law.
For example, a non-physician can open a Botox clinic and manage branding, marketing, and daily operations. But they cannot control how injections are done or direct clinical staff. A physician must handle those decisions.
CPOM compliance also varies by state. Some states enforce these rules more strictly and review ownership structures, contracts, and medical oversight. Others may seem more flexible, but the same core restrictions still apply.
For your business, this affects how you set up ownership, assign responsibilities, and separate medical care from business operations.
Why CPOM Compliance Is Critical for Med Spa Growth and Risk Management
CPOM compliance protects your med spa from legal risk and creates a structure you can safely grow. Without it, your business can face serious financial, legal, and operational issues.
Here’s why CPOM compliance matters:
- Prevents Legal and Financial Penalties: CPOM violations can lead to fines, forced closure, and lawsuits. In some cases, contracts tied to a non-compliant structure may be invalid.
- Protects Your Reputation and Insurance Coverage: If your business does not follow the corporate practice of medicine laws, insurers may deny coverage for claims. This can leave you personally responsible for damages and harm your brand.
- Ensures Proper Medical Oversight: A medical director must actively supervise treatments. If the role exists only on paper, it can be treated as an unlicensed practice of medicine.
- Supports Investor and Lender Confidence: Investors and lenders review your legal structure before funding. A non-compliant setup can stop deals or delay growth.
- Allows Safe Expansion: Scaling a med spa across locations or states requires a compliant structure, often through an MSO-PC model. Without this, growth increases risk instead of stability.
CPOM compliance gives your business a clear and defensible structure. It reduces risk, supports med spa growth, and makes your operations easier to manage over the long term.
The MSO-PC Model Explained: The Gold Standard for CPOM Compliance
What Is a Professional Corporation (PC)?
A Professional Corporation (PC) is the medical entity. It must be owned by a licensed physician in most states.
The PC:
- Provides medical services (Botox, IV therapy, weight loss treatments)
- Makes all clinical decisions
- Oversees patient care and treatment protocols
The physician owner is responsible for medical judgment and compliance with healthcare laws.
What Is a Management Services Organization (MSO)?
A Management Services Organization (MSO) handles the business side of the med spa. This entity can be owned by a non-physician.
The MSO:
- Manages marketing, branding, and sales
- Handles staffing, scheduling, and payroll
- Provides equipment, office space, and administrative support
The MSO does not control medical decisions.
How the MSO-PC Model Works
The MSO and PC operate as two separate entities with defined roles:
- The PC controls clinical care
- The MSO runs business operations
This separation allows the business to function as one brand while staying compliant with corporate practice of medicine laws.
A simple way to think about it: two separate engines running one business, one for medical care, one for operations.
What Is a Management Services Agreement (MSA)?
The MSO and PC are connected through a Management Services Agreement (MSA).
The MSA:
- Defines the services the MSO provides to the PC
- Sets payment terms between both entities
- Keeps responsibilities clearly separated
This agreement is critical for CPOM compliance because it documents how the business operates.
Why the MSO-PC Model Supports Growth
The MSO-PC model is widely used in healthcare because it creates a structure that can scale.
- It allows non-physicians to operate and grow the business legally.
- It provides a clear framework for expansion into multiple locations.
- It gives investors confidence because ownership and control are properly structured.
For med spas, this model supports growth while keeping clinical authority where it legally belongs.
How the MSO-PC Model Works in Real Med Spa Operations
The MSO-PC model defines who controls each part of the business. It separates clinical authority from business operations while allowing both sides to work together.
Who Controls What in a Med Spa?
- The PC (physician-owned entity):
- Hires and supervises medical providers
- Sets treatment protocols and clinical guidelines
- Oversees patient care and medical decisions
- The MSO (business entity):
- Handles marketing, branding, and promotions
- Manages front desk staff and scheduling
- Oversees payroll, billing support, and daily operations
This structure keeps medical decisions under physician control while the business side runs operations.
How Revenue Flows in a Compliant Structure
Revenue flow is a key part of CPOM compliance.
- Patients pay for medical services provided by the PC
- The PC collects revenue for those services
- The MSO receives payment from the PC through a management fee, as defined in the Management Services Agreement (MSA)
This setup ensures that the MSO does not directly profit from medical decision-making.
Day-to-Day Operations: How It Works
Here is a simple example of how a typical day runs under the MSO-PC model:
- The MSO runs ads and books appointments
- Front desk staff (managed by the MSO) check in patients
- A licensed provider, under the PC, performs the treatment
- The PC handles clinical documentation and oversight
- The MSO supports follow-ups, scheduling, and customer experience
Each side stays within its role, which keeps the business compliant.
Compliant vs. Non-Compliant Example
Here’s a simple example to help you see the difference between a compliant setup and one that can lead to CPOM violations.
Compliant setup:
- A physician sets Botox protocols and supervises providers
- The MSO manages marketing and client bookings
- Revenue flows through the PC, then to the MSO as a service fee
Non-compliant setup:
- A non-physician owner tells providers how to perform treatments
- The business collects all revenue directly under one entity
- The medical director has little or no involvement
This type of setup can be flagged as a CPOM violation.
The Role of a Medical Director in CPOM Compliance (Critical but Overlooked)
What a Medical Director Is Responsible For
The medical director is a licensed physician who oversees all medical services. Their key responsibilities include:
- Approving treatment protocols (Botox, IV therapy, weight loss programs)
- Supervising medical providers and ensuring proper training
- Reviewing patient care and maintaining clinical standards
- Ensuring treatments follow state regulations and the scope of practice
A medical director is required to keep medical decisions under physician control.
Telemedicine and State Limitations
Medical directors must follow state-specific rules, especially when working remotely. Some states allow telemedicine supervision, but only under certain conditions. Others require the physician to be physically present for specific procedures.
The medical director must also hold a valid license in the state where patients are treated. If these requirements are not met, the setup can be considered non-compliant.
Liability and Legal Risk
The medical director is responsible for overseeing patient care. If supervision is weak or inconsistent, it can lead to malpractice claims or regulatory issues. A physician who is not actively involved may be seen as allowing unlicensed practice of medicine.
In some cases, insurance providers may deny coverage if proper oversight is not in place. This increases both legal and financial risk for the business.
Strong vs. Weak Medical Director Setup
Not all setups meet CPOM standards. Regulators look at how involved the physician actually is. Here’s how a compliant setup compares to one that can raise concerns:
Strong setup:
- The physician actively reviews and updates protocols
- Regular communication with providers
- Clear documentation of supervision and decisions
- Ongoing involvement in clinical operations
Weak setup:
- The physician is listed but rarely involved
- No clear oversight of treatments or staff
- Limited or no documentation of supervision
- Decisions are driven by non-physician owners
A weak setup can be flagged during audits or investigations.
Why Proper Medical Director Support Matters
A compliant structure depends on having the right physician in place. Many med spa owners underestimate how much involvement is required until issues come up.
Working with a provider that understands medical director requirements for med spas can help you avoid gaps in oversight and stay aligned with CPOM compliance as your business grows. Medical Director Co. connects you with experienced physicians who provide active supervision, meet state requirements, and support long-term compliance.
This helps ensure your business operates legally while maintaining consistent clinical standards.
Common CPOM Compliance Mistakes That Put Your Business at Risk
- aying providers based on a percentage of treatment revenue can be seen as influencing medical decisions. Compensation must follow state guidelines.
- Co-Mingling of Funds: Mixing revenue between the MSO and PC removes the separation required for CPOM compliance. This is a common audit trigger.
- Improper Provider Incentives: Bonuses tied to the number of treatments or sales can raise compliance issues and affect clinical judgment.
- Lack of Documented Protocols: Missing or outdated treatment protocols can indicate weak physician oversight and increase liability.
Regulators review how your business operates in practice, not just your documents. Common audit triggers include:
- A medical director with little or no involvement
- Non-physicians making clinical decisions
- Contracts that do not clearly define MSO and PC roles
- Revenue structures that suggest control over medical services
These issues can lead to CPOM violations and regulatory action.
How to Structure Your Med Spa for Multi-State Expansion (Without Violations)
Expanding a med spa into multiple states requires a compliant structure in each location. CPOM laws are enforced at the state level, so your setup must adjust to each state’s rules.
Here’s what you need to address before expanding:
- State-By-State Differences: CPOM laws are not the same everywhere. Some states strictly limit physician ownership and control, while others apply fewer restrictions. You cannot reuse the same structure across all states without reviewing local rules.
- Physician Ownership Requirements: Many states require a licensed physician to own the Professional Corporation (PC). In some cases, the physician must also be licensed in that specific state.
- Licensing Challenges: Providers must hold valid licenses in the state where patients are treated. This includes physicians, nurses, and other clinical staff. Hiring across states without proper licensing can create compliance issues.
- Telehealth Considerations: Telemedicine rules vary by state. Some allow remote supervision, while others require in-person oversight for certain treatments. The medical director must follow state-specific requirements.
Before expanding, you need to confirm that your structure meets each state’s rules. Use this checklist to review your setup before entering a new market.
Multi-State Expansion Checklist
- Confirm CPOM laws and ownership requirements
- Set up a compliant PC with a licensed physician
- Ensure all providers hold valid state licenses
- Review telehealth and supervision rules
- Establish a clear MSO-PC structure with proper agreements
Strategic Considerations for Growth
Each new location must follow that state’s CPOM rules. Your structure needs to adjust, not just repeat what worked before.
To plan your expansion properly, focus on these areas:
- Work with physicians who are licensed in multiple states or can support your expansion plans
- Keep a consistent MSO structure while setting up a separate, compliant PC in each state
- Build partnerships that support compliance and ongoing oversight
A clear and compliant setup makes it easier to expand without creating new risks.
CPOM Laws by State: What You Need to Know Before You Launch
CPOM laws vary by state, and these differences affect how you structure and operate your med spa. Before launching or expanding, you need to understand how your state applies the corporate practice of medicine rules.
Here’s how CPOM laws apply in four high-regulation states:
Florida
Texas
California
New York
New York has some of the strictest CPOM enforcement. A physician must own the medical entity, and oversight requirements are actively reviewed. Regulators often examine medical director involvement and supervision practices.
Before entering any state, review ownership rules, supervision requirements, and licensing laws. A structure that works in one state may not meet compliance standards in another.
CPOM Compliance Checklist: Step-by-Step Setup Guide
Use this checklist to set up your med spa to meet CPOM compliance requirements.
- Form the Correct Business Entities: Set up a physician-owned Professional Corporation (PC) for medical services and a separate Management Services Organization (MSO) for operations.
- Create a Management Services Agreement (MSA):Define the relationship between the PC and MSO. Outline services, responsibilities, and payment structure.
- Onboard a Qualified Medical Director: Work with a licensed physician who will actively oversee clinical services, approve protocols, and supervise providers.
- Separate Financial Operations: Ensure the PC collects revenue from medical services. The MSO should receive payment through agreed service fees, not direct medical revenue.
- Set Up Clinical Protocols and Documentation: Establish clear treatment protocols approved by the medical director. Maintain records of supervision, decisions, and patient care.
- Confirm Provider Licensing and Roles: Verify that all medical staff are properly licensed in the state where services are provided. Define roles clearly.
- Review State-Specific CPOM Rules: Check ownership, supervision, and telehealth requirements for your state before launching or expanding.
Following this checklist helps create a clear, compliant structure. It also makes it easier to manage operations and prepare for growth.
Compliance Audits: How Often You Should Review Your Structure
CPOM compliance is not a one-time setup. Your business structure, agreements, and clinical oversight need regular review to stay aligned with current regulations.
Here’s how to approach compliance audits:
- Schedule Regular Reviews: Review your structure at least once a year, or sooner if you expand, change services, or update your team.
- Check Physician Involvement: Confirm that your medical director remains actively engaged in supervision, protocol approval, and clinical decisions.
- Review Agreements and Contracts: Make sure your Management Services Agreement (MSA) and physician contracts reflect your current operations and follow state requirements.
- Verify Licensing and Roles: Ensure all providers hold valid licenses and are working within their approved scope of practice.
- Update Protocols and Documentation: Keep treatment protocols, supervision records, and patient care documentation current and properly maintained.
Regular audits help you catch issues early and maintain a compliant structure as your business grows.
The Cost of Non-Compliance vs. Investing in Proper Structure
CPOM compliance requires upfront investment, but fixing a non-compliant setup often costs more and creates operational risk.
Here’s how they compare:
- Legal Costs vs. Prevention: Correcting a CPOM violation can involve legal review, restructuring, and contract updates. These costs can reach thousands to tens of thousands of dollars. Setting up a compliant structure early is usually more controlled and predictable.
- Business Interruption Costs: If a med spa is flagged for CPOM violations, operations may be paused during investigations. Lost appointments, staff downtime, and delayed services can reduce revenue quickly.
- Insurance and Liability Risks: Non-compliant structures can affect malpractice coverage. If proper medical oversight is not in place, insurance providers may deny claims, leaving the business responsible for damages.
- Investor Readiness: Investors and lenders review compliance during due diligence. A weak structure can delay funding or stop deals entirely.
- Long-term Value: A compliant business is easier to scale, franchise, or sell. Clear ownership and documented oversight increase stability and buyer confidence.
A cheap setup may save money upfront, but it often comes with higher legal risk and limited room to grow. A compliant setup requires more investment at the start, but it reduces risk and gives your business a stronger foundation for expansion.
How Medical Director Co. Helps You Stay CPOM Compliant and Scale Safely
CPOM compliance depends on having the right structure and physician oversight in place. Many med spa owners understand the rules but need support applying them as they build or expand.
At Medical Director Co., we help simplify that process by connecting you with qualified physicians and guiding you through compliance requirements.
- Medical director placement: We match you with licensed, board-certified physicians who provide clinical oversight, approve protocols, and meet state requirements.
- Compliance guidance: We help you align your structure, agreements, and documentation with CPOM rules so your business stays on track.
- Multi-state support: We work with physicians across multiple states, making it easier for you to expand while staying compliant with local regulations.
- Ongoing oversight: We support long-term compliance through active physician involvement, including supervision, protocol updates, and clinical guidance.
We work with med spas, IV clinics, weight loss centers, and other healthcare businesses. Our goal is to help you stay compliant while building a structure that supports growth.
FAQs
What does CPOM mean in healthcare?
CPOM (corporate practice of medicine) refers to laws that restrict who can own and control medical services. These laws protect independent medical judgment and prevent non-physicians from controlling medical practices. In most states, only licensed physicians can own the clinical side of a healthcare organization and make medical decisions.
Can a non-physician own a medical spa?
Yes, but only the business side. A non-physician can manage marketing, staffing, and medical spa operations. A licensed physician must own or control the medical side, where medical procedures are performed by licensed healthcare providers, depending on state law.
What is the MSO-PC model?
The MSO-PC model separates a med spa into two entities. The Professional Corporation (PC), owned by a physician, handles medical services. The Management Services Organization (MSO), owned by a non-physician, manages business operations. This structure supports CPOM compliance.
Do all states enforce CPOM laws?
Yes, but enforcement varies. Some states apply strict rules and actively review compliance. Others may appear more flexible, but still require separation between business operations and the ability to practice medicine.
What does a medical director do in a med spa offering medical services?
A medical director is a licensed physician who oversees clinical services. This includes approving treatment protocols, supervising providers such as physician assistants, and ensuring patient care meets state regulations. The medical director is the responsible medical professional for clinical oversight.
Can I operate in multiple states under one structure?
No. Each state has its own CPOM rules, licensing requirements, and ownership restrictions. You must ensure that all providers hold valid medical licenses and establish a compliant structure in each state where you operate.
What happens if I violate the Corporate Practice of Medicine laws?
Violations can lead to fines, legal action, contract issues, or forced closure. In some cases, insurance coverage may be affected, and your ability to deliver professional services may be restricted.
Ready to structure your medical spas the right way?
At Medical Director Co., we help med spa owners, IV clinics, and wellness brands stay compliant with CPOM laws while building a setup that supports growth.
Whether you’re opening your first location or expanding into new states, we connect you with experienced medical directors and guide you through the process.
