Before opening a Botox practice, most California medspa owners focus on hiring injectors, leasing space, and building a marketing plan. The compliance issues often surface later after a complaint, an audit notice, or a cease-and-desist letter. That is exactly why this California Botox medspa compliance checklist exists.
California is one of the most heavily regulated states for aesthetic medicine, and the margin for error before your first patient is extremely small. Every item on this medspa compliance checklist California 2026 operators should follow must be completed before Botox is administered. This guide covers 12 requirements across clinical oversight, legal structure and licensing, clinical documentation, and operational compliance.
Compiled from Medical Board of California guidance, the Nursing Practice Act, HIPAA requirements, OSHA standards, and other applicable regulations, this checklist focuses on the California medspa requirements that matter most before opening. Miss even one item, and your practice may face unnecessary compliance exposure. For a broader overview, see our guide to California medical director requirements for medspas.
Category 1: Clinical Oversight
Clinical oversight requirements are the foundation of every compliant California Botox practice. Without these three items in place, no Botox practice can legally operate in California, regardless of how well the business, marketing, or facility side is structured.
Item 1: Licensed Medical Director or Qualifying 104 NP in Place
Every California medspa offering Botox must have a licensed medical director before seeing its first patient. That medical director may be an MD, DO, or a qualifying 104 NP under AB-890, effective January 1, 2026. This is not a post-launch administrative task. It is the legal prerequisite for providing medical services and satisfying the medical director requirement California Botox practices must follow.
If you are still evaluating oversight requirements, see our guide on do you need a medical director to offer Botox in California.
What You Need:
Signed Medical Director Agreement between the practice and physician
Current California physician license on file
Physician’s NPI linked to product ordering accounts
Medical director assigned before patient care begins
Medical Director Co. completes this process within 24 hours.
Item 2: Compliant Business Structure — Professional Corporation and MSO (If Applicable)
California’s Corporate Practice of Medicine (CPOM) rules, including Business and Professions Code §2052, require medical practices to operate through a professional corporation California medspa structure rather than a standard LLC. For non-physician owners, including RNs, investors, and NPs who do not qualify as 104 NPs, a Management Services Organization (MSO) is typically required to separate clinical and business functions. For a deeper explanation, see can an RN open a Botox business in California.
What You Need:
Articles of Incorporation for the Professional Corporation filed with the California Secretary of State
MSO agreement (if a non-physician operates the business side)
Documentation confirming physician ownership of at least 51% of the Professional Corporation
Item 3: California Medical Board Registration and Local Business Licenses
Opening a medspa requires more than forming a corporation. California medspas performing medical procedures must complete California Medical Board registration medspa requirements and secure all applicable city or county business licenses before opening. If the practice operates under a trade name, Business and Professions Code §2415 requires a fictitious name permit California medspa operators must obtain before publicly using that name.
This is one of the most commonly overlooked California medspa requirements before opening. Many owners assume their Professional Corporation filing completes the process when separate Medical Board requirements still remain.
What You Need:
Completed Medical Board of California registration
Local city or county business license
Fictitious Name Permit (FNP-001) if operating under a trade name
Employer Identification Number (EIN) from the IRS
Category 2: Clinical Documentation
Clinical documentation is where many Medical Board of California (MBC) and Board of Registered Nursing (BRN) investigations uncover compliance gaps. These documents must be signed, current, and readily available on the day your practice opens—not created after patients have already received treatment.
Item 4: Signed Delegation Orders or Standardized Procedures
Before an RN can legally inject Botox, the medical director must sign delegation orders that define which procedures the RN may perform, the clinical parameters for treatment, and physician availability requirements. In NP-led practices, standardized procedures must comply with Business and Professions Code §2725 and Title 16 CCR §1474 and be signed before injections begin. These documents establish the legal authority for non-physician providers to perform aesthetic procedures.
If you need additional guidance, see our article on California standardized procedures for Botox.
What You Need:
Signed and dated delegation orders for every RN injector
Signed and dated standardized procedure agreement for each NP injector, where required
Confirmation that all 11 required elements under 16 CCR §1474 are included
Current versions maintained and accessible for compliance review
Medical Director Co. provides delegation orders and standardized procedure templates at no additional cost.
Item 5: Written Clinical Protocols for Botox
Every treatment offered by the practice must have a written clinical protocol approved and signed by the medical director. Botox is the minimum requirement, but separate protocols should also exist for dermal fillers, laser procedures, and any other aesthetic treatments performed within the practice.
A compliant protocol outlines patient selection criteria, dosing parameters, contraindications, documentation requirements, and complication management procedures. It should also address how providers respond to adverse events such as ptosis, bruising, dysphagia, allergic reactions, or anaphylaxis. The Medical Board has repeatedly emphasized that performing procedures without approved protocols may constitute inadequate physician oversight.
What You Need:
Signed and dated Botox clinical protocol approved by the medical director
Separate protocols for each additional treatment modality
Written complication management and escalation procedures
Documentation standards for treatment records
Item 6: Good Faith Exam Workflow and Template
Every new Botox patient must receive a Good Faith Exam (GFE) before treatment begins. The exam must be performed by a physician, nurse practitioner, or physician assistant and cannot be delegated to an RN. The GFE establishes the provider-patient relationship, documents medical history, includes a focused examination, and results in the treatment plan and prescription authorizing the injectable procedure.
As California continues moving away from broad standing orders and toward individualized patient-specific treatment authorization, complete GFE documentation has become even more important for compliance.
What You Need:
Documented Good Faith Exam workflow for all new patients
Standardized GFE template
Medical history and focused examination documentation requirements
Treatment plan and prescription process
Designated provider responsible for performing the GFE (MD, NP, or PA)
Item 7: Informed Consent Forms
California requires a signed, procedure-specific informed consent form before any Botox injection is performed. The form must explain the treatment, identify material risks and potential complications, include applicable FDA Boxed Warning language for botulinum toxin products, identify who will perform the procedure, and be signed before treatment begins, not as part of a generic intake packet.
Proper record retention is equally important. California generally requires medical records, including informed consent documentation, to be retained for at least seven years. Practices should also remember that marketing authorization is separate from treatment consent. Before-and-after photographs require their own written authorization because combining marketing permission with treatment consent creates HIPAA compliance concerns.
What You Need:
Botox-specific informed consent form approved by the medical director
FDA Boxed Warning language included where appropriate
Procedure-specific risk disclosure documentation
Separate written authorization for before-and-after photo use
Record retention process for consent forms and supporting documentation
Medical Director Co. includes Botox consent form templates as part of every placement service.
Category 3: Operational Compliance
Operational compliance covers the regulatory infrastructure that supports day-to-day medspa operations. These requirements extend beyond clinical care and apply whether or not a Botox procedure is actively being performed. Failure to address them can expose a practice to privacy violations, safety citations, and regulatory enforcement actions.
Item 8: Botox Product Account with Authorized Distributor
Before ordering Botox, the practice must establish a product account with an authorized manufacturer or distributor. The medical director’s NPI should be on file as the prescribing provider of record, and all required standing orders must be completed before product purchases are made. Purchasing Botox from gray-market suppliers, overseas vendors, or unauthorized online sellers can create both federal and state compliance issues and may expose patients to counterfeit or improperly stored products.
If you are setting up product purchasing for the first time, see our guide on how to order Botox legally in California.
What You Need:
Authorized manufacturer or distributor account opened in the medical director’s name
Medical director’s NPI linked to the account
Signed standing orders from the medical director
Cold-chain-compliant storage and handling procedures at the practice
Item 9: HIPAA-Compliant Patient Record System
Every California medspa is subject to the HIPAA Privacy Rule (45 CFR Part 164), regardless of whether insurance is accepted. The moment a patient completes an intake form, medical history questionnaire, treatment record, or photo documentation, the practice begins handling Protected Health Information (PHI). Maintaining HIPAA compliance medspa California requirements is therefore a day-one obligation, not something that can be addressed after opening.
A common mistake involves patient photos. Before-and-after images used for marketing require a separate written authorization. That permission cannot be bundled into a treatment consent form because marketing use falls outside the treatment relationship.
What You Need:
HIPAA-compliant EHR or practice management platform
Signed Business Associate Agreements (BAAs) with all vendors handling PHI
Written HIPAA privacy and security policies
Staff HIPAA training documentation
Breach notification and incident response procedures
Separate patient authorization for marketing use of photographs
Item 10: OSHA Compliance — Sharps Disposal, Bloodborne Pathogens, Infection Control
California medspas are subject to OSHA workplace safety requirements, including the OSHA Bloodborne Pathogens Standard (29 CFR 1910.1030). Among the most common OSHA medspa California requirements cited during inspections are improper sharps disposal, incomplete bloodborne pathogen training records, and inadequate infection-control procedures.
Compliance requires more than having supplies on hand. The practice must maintain documented training, written safety procedures, and visible workplace notices. Even something as simple as failing to display a required OSHA poster can result in a citation.
What You Need:
OSHA-compliant sharps disposal containers in every treatment room
Documented bloodborne pathogen training for all staff (initial and annual refresher)
Written exposure control plan
Surface disinfection and sterilization procedures for injectable equipment
OSHA workplace safety poster displayed in employee areas
Documentation demonstrating ongoing infection-control compliance
Category 4: Insurance and Ongoing Compliance
Insurance and ongoing compliance are often treated as items that can be addressed later. In practice, they are among the most important pre-launch requirements because they determine how well the business is protected when something goes wrong. Both should be fully in place before the first patient receives treatment.
Item 11: Medical Malpractice and General Liability Insurance
Every provider performing medical procedures should have active professional liability coverage before administering Botox. A common mistake is assuming a general malpractice policy automatically covers aesthetic treatments. In many cases, Botox and injectable procedures require specific coverage language or a separate rider. The medical director should also maintain their own malpractice insurance that covers physician oversight and supervision responsibilities.
Proper insurance coverage protects both the provider and the practice when adverse events, patient complaints, or legal claims arise. It also demonstrates a commitment to responsible risk management from the start.
What You Need:
Active medical malpractice policy for each injecting provider (RN, NP, or PA)
Confirmation that the policy covers aesthetic injectable procedures
Medical director professional liability policy covering supervision and oversight activities
General liability policy for the facility (including slip-and-fall and property damage claims)
Coverage limits appropriate for patient volume and procedure mix
Item 12: Advertising Compliance Review Under BPC §651
Before launching a website, social media campaign, Google Ads account, Yelp profile, or exterior signage, the practice should review all marketing materials for compliance with California Business and Professions Code §651. The statute prohibits false, misleading, or deceptive advertising by healing arts practitioners and applies regardless of whether the marketing is online or offline.
Marketing materials should accurately represent provider credentials, avoid unsupported claims about results, and clearly identify the appropriate supervising physician or approved fictitious business name where required. Practices should also avoid implying physician treatment when an RN will actually perform the injection. California SB 351, effective January 2026, has increased scrutiny of advertising and ownership-related compliance issues within CPOM-governed healthcare businesses.
What You Need:
Legal or compliance review of all planned marketing materials
Verification that provider credentials are represented accurately
Confirmation that no marketing implies physician treatment when another provider performs the procedure
Compliance with Fictitious Name Permit requirements where applicable
Separate written authorization for before-and-after photo use in marketing
Process for ongoing advertising review as campaigns and content change
The 12-Item Checklist at a Glance
Use this summary table as a quick-reference tool while preparing your California Botox practice for launch. Many operators print this checklist and review each item before opening day to verify that no compliance requirement has been overlooked.
All 12 items must be in place before your first Botox patient. Medical Director Co. handles Items 1, 4, 5, 7, and 8 as part of every placement — at no setup fee.
Medical Director Co. Handles Items 1, 4, 5, 7, and 8 for You — Matched and Ready in 24 Hours.
Getting a California Botox practice compliant before the first patient requires 12 things. Medical Director Co. takes care of five of them: medical director placement, delegation orders, clinical protocols, consent form templates, and product ordering structure — all included at no setup fee.
FAQs
What do I need before opening a Botox medspa in California?
California requires 12 items before a Botox medspa can legally see its first patient. These include a licensed medical director or qualifying 104 NP, a compliant Professional Corporation structure, Medical Board registration, delegation orders or standardized procedures, clinical protocols, a Good Faith Exam workflow, informed consent forms, a legal Botox product account, HIPAA compliance systems, OSHA documentation, malpractice insurance, and advertising compliance review.
Does a California Botox medspa need to register with the Medical Board?
Yes. California medspas performing medical procedures must register with the Medical Board of California separately from their state business registration. If the practice operates under a trade name, a Fictitious Name Permit must also be filed under Business and Professions Code §2415 before that name can be used publicly. Failure to complete registration can expose the practice to enforcement action.
Do California medspa informed consent forms need to include the FDA Boxed Warning for Botox?
Yes. Botox (onabotulinumtoxinA) carries an FDA Boxed Warning regarding the potential spread of toxin effects beyond the injection site. California informed consent forms should include this warning, along with a description of the procedure, material risks, provider information, and the patient’s signature. Generic consent forms that omit this information may not satisfy informed consent requirements.
Is a California Botox medspa subject to HIPAA even if it doesn’t accept insurance?
Yes. HIPAA applies whenever a healthcare practice handles Protected Health Information (PHI), including intake forms, treatment records, medical histories, and patient photographs. Insurance participation is not required for HIPAA obligations to apply. California medspas should maintain a HIPAA-compliant record system, signed vendor agreements, privacy policies, and documented staff training.
What OSHA requirements apply to a California Botox medspa?
California Botox medspas are subject to OSHA workplace safety requirements. Common obligations include sharps disposal containers in treatment rooms, documented bloodborne pathogen training, a written exposure control plan, infection-control procedures, and required workplace safety postings. OSHA citations in aesthetic practices frequently involve inadequate sharps disposal practices and missing training documentation.
Can a California Botox medspa use before-and-after photos in marketing?
Yes, but only with a separate written authorization specifically allowing marketing use. HIPAA does not permit practices to use patient photographs for advertising without explicit consent that explains how and where the images may be used. This authorization should be separate from the treatment consent form because marketing activities fall outside the normal treatment relationship.
What advertising rules apply to a California Botox medspa?
California Business and Professions Code §651 prohibits false, misleading, or deceptive advertising by healthcare providers. Marketing materials should accurately represent provider credentials, avoid unsupported claims regarding results, and comply with naming and disclosure requirements. California SB 351 has increased regulatory scrutiny of marketing practices in CPOM-governed healthcare businesses beginning in 2026.
Does the medical director need to be listed on the California medspa’s website?
In many situations, yes. If the practice operates under a fictitious business name rather than the physician’s own name, California requirements may require disclosure of the supervising physician and appropriate permit information. Marketing should never create the impression that physician services are being provided when treatment is actually being performed by another licensed provider.
How long must a California Botox medspa keep patient records?
California generally requires patient records, including treatment documentation, informed consent forms, and Good Faith Exam records, to be retained for at least seven years from the date of service. Records for minors may require longer retention periods. All records should be stored securely and disposed of through HIPAA-compliant destruction procedures when retention obligations have been satisfied.
How does Medical Director Co. help with California Botox medspa compliance?
Medical Director Co. handles five of the 12 checklist items most frequently responsible for launch delays: medical director placement, delegation orders and standardized procedure templates, clinical protocol templates, Botox consent form templates, and product ordering structure. Placements are typically completed within 24 hours, with no setup fees and no long-term contracts.
12 Items. 5 of Them Handled for You. California Botox Compliance in 24 Hours.
Most California Botox compliance failures happen not because operators ignored the rules, but because they didn’t know the full list until it was too late. Medical Director Co. takes the five most documentation-heavy items off your plate: medical director placement, delegation orders, clinical protocols, consent forms, and product ordering structure.
Every placement includes these compliance essentials at no setup fee, helping you move from planning to patient-ready faster.

Bolton M. Harris, J.D., is a seasoned attorney with a formidable background in criminal law and a focus on healthcare law and compliance. As the in-house legal counsel at Medical Director Co., Harris brings a unique blend of prosecutorial experience and regulatory expertise to support healthcare professionals across Texas. Her career spans roles as a prosecutor in multiple counties and now as a trusted advisor on the legal intricacies of medical practice operations.
Education & Early Career
Bolton Harris completed her undergraduate studies at Southern Methodist University (SMU) in 2013. During her time at SMU, she was not only a dedicated student but also a competitive athlete on the university’s women’s swimming team. She went on to earn her Juris Doctor from Texas A&M University School of Law in 2016 and became a member of the Texas Bar that same year. Armed with a strong academic foundation and discipline honed as a student-athlete, Harris embarked on a career in criminal law immediately after law school.
Prosecutorial Experience in Texas
Bolton Harris began her legal career in public service as a criminal prosecutor. She served as an Assistant District Attorney in multiple jurisdictions, where she quickly rose through the ranks and handled a broad spectrum of cases. Some highlights of her prosecutorial career include:
- Assistant District Attorney, Dallas County, Texas: Prosecuted a high volume of criminal cases in one of the state’s busiest DA offices, gaining extensive trial experience in both misdemeanor and felony courts.
- Assistant District Attorney, Ellis County, Texas: Continued to hone her courtroom advocacy skills, known for meticulous case preparation and a tenacious pursuit of justice on behalf of the community.
- Assistant District Attorney, Navarro County, Texas: Broadened her legal expertise by handling diverse criminal matters in a smaller county, working closely with law enforcement and community leaders to uphold the law.
Through these roles, Harris built a reputation for being a tough but fair advocate. She brought numerous cases to trial and developed an in-depth understanding of the criminal justice system. This distinguished prosecutorial background laid a strong foundation for the next phase of her career in the private sector.
Healthcare Law & Compliance at Medical Director Co.
After her tenure as a prosecutor, Harris shifted her focus to healthcare law, applying her legal acumen to the medical field. She recognized that the same attention to detail and tenacity that served her in criminal law could benefit healthcare providers navigating complex regulations. Embracing this new direction, Harris became well-versed in the intricate laws governing medical practices – from licensing requirements to patient safety and privacy standards – and is passionate about helping practitioners stay compliant.
In her current role as the in-house attorney for Medical Director Co., Bolton Harris oversees all legal and compliance matters for the organization and its clients. Medical Director Co. is a nurse-owned firm that connects nurse practitioners (NPs), physician assistants (PAs), and registered nurses with qualified medical directors and collaborating physicians, offering fast placements and comprehensive compliance support for healthcare practices. Harris ensures that each of these partnerships and clinical ventures adheres to all applicable state and federal laws. She is responsible for drafting and reviewing collaborative practice agreements, advising on regulatory requirements, and providing ongoing legal counsel as clients establish and grow their clinics. Drawing on her prosecutorial eye for risk management, Harris proactively identifies potential legal issues and addresses them before they escalate, giving healthcare professionals peace of mind.
Bolton M. Harris’s multifaceted expertise – spanning high-stakes courtroom litigation to detailed healthcare compliance – makes her a formidable legal ally. Whether advocating in front of a jury or guiding a medical practice through regulatory hurdles, she remains committed to the highest standards of the legal profession. Her blend of courtroom-tested skill and healthcare law knowledge ensures that clients of Medical Director Co. receive elite-level counsel and steadfast protection in an ever-evolving legal landscape.