Can a nurse practitioner run a weight loss clinic in Pennsylvania?

Yes. A Certified Registered Nurse Practitioner (CRNP) may own a business entity and provide clinical services within their scope of practice. However, prescribing medications requires a filed Collaborative Agreement with a physician, and the CRNP must follow Pennsylvania Board supervision, quality assurance, and documentation standards.

Can GLP-1 medications be prescribed via telehealth in Pennsylvania?

Yes. GLP-1 medications may be prescribed via telehealth if the encounter meets the standard of care, establishes a valid practitioner–patient relationship, and complies with Pennsylvania Board of Medicine and Nursing telemedicine documentation expectations.

Is phentermine prescribing allowed via telemedicine?

Yes, but prescribing phentermine through telemedicine requires DEA registration, PDMP checks, documentation of medical necessity, appropriate follow-up, and a clinically sufficient evaluation—preferably conducted through video to meet standard-of-care expectations.

Do CRNP/PA agreements need to list specific drugs?

No. Collaborative or supervision agreements do not need to list specific drug names. Instead, they must describe authorized categories or classes of medications (such as controlled substances or GLP-1s) and outline the conditions under which prescribing is permitted.

Can RNs or health coaches prescribe or adjust medications?

No. Prescriptive authority in Pennsylvania is limited to licensed MDs, DOs, CRNPs with an active collaborative agreement, and Physician Assistants under physician supervision. Registered Nurses and health coaches may not prescribe or adjust medications.

Good Faith Exam Documentation Guide for Med Spas

Good Faith Exams are a foundational requirement for med spa compliance, and documentation is what makes them defensible.

Medical boards and state regulators consistently flag poor documentation as one of the most frequent compliance violations in aesthetic medicine. For clinic owners, that’s a serious liability. Incomplete or inaccurate Good Faith Exam records can expose your practice to audits, disciplinary action, and legal disputes, even when the clinical care itself was appropriate.

Proper med spa documentation creates a verifiable paper trail that protects your patients, your supervising physician, and your business. Whether your GFEs are conducted in-person or via telehealth, the standard for accurate, thorough charting remains the same.

This guide covers everything you need to know about Good Faith Exam documentation for med spas and how the right medical director oversight keeps your compliance on solid ground.

What Is Good Faith Exam Documentation?

Good Faith Exam documentation is the formal record created during or following a patient evaluation that establishes clinical and legal justification for a proposed med spa treatment. It captures the provider’s assessment, the patient’s health history, and the basis for determining that a procedure is appropriate and safe for that individual.

For med spas, this documentation serves as the primary evidence of physician oversight and regulatory compliance. It demonstrates that a qualified provider reviewed the patient before treatment was administered, which is a requirement in most states for aesthetic services performed by non-physician providers.

Why Documentation Matters

Good Faith Exam records function as both a clinical and legal safeguard. From a clinical standpoint, thorough charting supports continuity of care and reduces the risk of adverse outcomes by ensuring all relevant patient information is reviewed before treatment begins.

From a legal and compliance standpoint, these records are what regulators, medical boards, and attorneys will examine if a complaint or audit arises. Documented informed consent, treatment eligibility decisions, and evidence of physician oversight all live in the GFE record. Without them, a med spa has very little protection.

For medical directors and collaborating physicians, complete documentation also confirms that their supervisory role is being fulfilled in accordance with state delegation agreements and practice standards.

Procedures That Typically Require Documentation

Most injectable, energy-based, and systemic treatments performed at med spas require a documented Good Faith Exam prior to service. Common procedures include:

Botox and neurotoxin injections
Dermal fillers
IV therapy and nutrient infusions
Laser and light-based treatments
Hormone replacement therapy
PRP (platelet-rich plasma) therapy
Medical weight loss services and GLP-1 prescriptions

Requirements vary by state and by the specific scope of services offered. Clinic owners should confirm documentation obligations with their medical director or a healthcare compliance attorney familiar with their state’s regulations.

What Should Be Included in a Good Faith Exam Record?

A compliant Good Faith Exam record is a structured clinical document that captures the full scope of a provider’s patient evaluation. The following components should be present in every GFE record.

Patient Medical History

The record should include a thorough account of the patient’s relevant medical background. This covers prior and current medical conditions, known allergies, current medications and supplements, previous surgeries or procedures, and any contraindications to the planned treatment. An incomplete health history is one of the most common documentation gaps found during compliance reviews, and it is also one of the most consequential. A missed contraindication documented nowhere in the record creates both a patient safety risk and a significant liability exposure.

Chief Complaint and Treatment Goals

The record should clearly state why the patient is presenting for treatment and what outcome they are seeking. This section grounds the clinical decision-making that follows and supports the provider’s rationale for recommending or declining a specific service. It also helps establish that treatment was patient-initiated and goal-aligned rather than arbitrarily administered.

Physical Assessment Findings

Providers should document all relevant clinical observations made during the evaluation. This includes skin condition, facial anatomy where applicable, vascular considerations for injectable treatments, and any physical findings that informed the treatment plan. Vague or absent assessment notes weaken the defensibility of the record and suggest the evaluation was cursory rather than thorough.

Provider Evaluation and Clinical Decision-Making

This is where the provider documents their professional judgment. The record should reflect whether the patient was deemed an appropriate candidate for the requested treatment, what factors supported that determination, and whether any concerns were identified that required further review or a modified approach. This section is particularly important for demonstrating physician oversight, as it shows that a qualified provider applied clinical reasoning rather than simply approving a service request.

Treatment Recommendations and Plan

The record should outline the recommended treatment, including the proposed service, dosage or parameters where applicable, potential risks and side effects discussed with the patient, alternatives that were presented, and post-treatment instructions. Documented informed consent should be linked to or included within this section. This creates a complete picture of what was communicated to the patient before treatment began.

Provider Credentials and Signatures

Every Good Faith Exam record must include the full name and credentials of the evaluating provider, the date of the evaluation, and a physical or electronic signature. For telehealth GFEs, documentation should also note the platform used and confirm that the evaluation met applicable state telehealth standards. Missing or unsigned records are a frequent compliance finding and can invalidate an otherwise thorough evaluation.

Documentation Requirements for Telehealth Good Faith Exams

Telehealth Good Faith Exams follow the same clinical standards as in-person evaluations, but they carry additional documentation requirements that reflect the nature of virtual care. Providers conducting GFEs remotely need to capture details that go beyond standard clinical notes, both to satisfy state telehealth regulations and to demonstrate that the evaluation met the required standard of care.

Verifying Patient Identity

In a telehealth setting, providers cannot rely on physical presence to confirm who they are evaluating. The record should document how patient identity was verified during the appointment, including the method used and confirmation that the identity matched the information on file. This is particularly important in states where telehealth GFE regulations specify identity verification as a prerequisite for prescribing or treatment authorization. Without this documentation, the legitimacy of the evaluation can be challenged.

Recording Telemedicine Consent

Patients must provide informed consent for virtual care separately from their general treatment consent. The GFE record should confirm that the patient was informed they were participating in a telehealth encounter, understood the limitations of a virtual evaluation, and agreed to receive care through that format. This consent should be documented with a date and signature, stored alongside the GFE record, and reviewed any time a patient’s telehealth care arrangement changes.

Technology and HIPAA Compliance

The documentation record for a telehealth GFE should note the platform used to conduct the evaluation and confirm that it meets HIPAA security requirements. Providers should not conduct telehealth appointments over unsecured video platforms or standard messaging applications, and the record should reflect that a compliant solution was used.

Patient records created or stored as part of a telehealth encounter are subject to the same HIPAA protections as in-person records, including encryption, access controls, and breach notification obligations. Clinics that use third-party telehealth platforms should ensure their business associate agreements are current and that the platform’s compliance credentials are documented.

Common Good Faith Exam Documentation Mistakes

Documentation errors are among the most cited compliance issues in med spa audits and medical board reviews. Many of these mistakes are avoidable with the right systems and provider training in place. These are the patterns that appear most frequently.

Incomplete Patient Histories

Skipping or partially completing the patient health history section is a common shortcut that carries significant risk. A missing allergy, an undocumented medication, or an unrecorded prior condition can result in an adverse event that the provider had no clinical basis for anticipating, because the information was never captured. Regulators and plaintiffs’ attorneys will look at the health history section first. Gaps there signal that the evaluation was not thorough, regardless of how well the rest of the record was completed.

Copy-and-Paste Charting

Duplicating notes from a previous visit or using a generic template without customizing it to the individual patient creates records that are difficult to defend. Copy-and-paste charting suggests that no meaningful evaluation took place, and in some cases, it introduces factual errors when details from a prior visit are inaccurate for the current one. Each GFE record should reflect the specific encounter it documents, with findings and clinical decisions that are clearly tied to that patient on that date.

Missing Provider Signatures or Credentials

An unsigned record is an incomplete record. Medical boards and auditors treat missing signatures as evidence that proper oversight did not occur, even if the clinical content of the record is otherwise thorough. Every GFE document should include the evaluating provider’s full name, professional credentials, and dated signature. For telehealth evaluations, this is especially important given that the virtual nature of the encounter already requires additional scrutiny.

Poor Telehealth Documentation

Virtual GFEs that lack encounter-specific details create compliance gaps that in-person records would not typically face. Providers who fail to document platform information, identity verification, or telemedicine consent are leaving the record incomplete in ways that are specific to the telehealth context. State regulators are increasingly attentive to telehealth compliance in aesthetic medicine, and records that omit these details stand out during reviews.

Failing to Update Records Over Time

A Good Faith Exam record reflects the patient’s status at the time of evaluation. For patients receiving ongoing or repeat treatments, records that are never updated may no longer accurately represent the patient’s current health status, medications, or treatment history. Med spas should establish a clear policy for how frequently patient evaluations are reviewed and updated, and that policy should be documented and consistently applied across the practice.

How Long Should Med Spas Keep Good Faith Exam Records?

Record retention requirements for medical practices vary by state, but most require patient records to be kept for a minimum of five to ten years from the date of the last visit. Some states apply different standards for minor patients, extending retention until the patient reaches adulthood, plus an additional period. Med spa owners should treat these requirements as a baseline, not a ceiling.

State-Specific Retention Requirements

Requirements are set at the state level through medical board rules, healthcare recordkeeping statutes, and, in some cases, professional licensing board regulations. Clinic owners should verify their specific obligations with a healthcare compliance attorney or by consulting their state medical board directly. Relying on general guidelines without confirming state-specific rules is a compliance risk in itself.

Why Proper Record Storage Matters

Beyond regulatory compliance, well-maintained records are a practical asset. They support legal defense if a patient complaint or malpractice claim arises, provide documentation for insurance purposes, and ensure continuity of care for returning patients. Records that are incomplete, inaccessible, or lost present problems that extend well beyond a routine audit.

Best Practices for Med Spa Documentation Compliance

Strong documentation does not happen by accident. It requires intentional systems, consistent training, and regular oversight. These practices form the foundation of a defensible compliance program.

Use Standardized Documentation Templates

Templates create consistency across providers and reduce the likelihood of key fields being skipped. A well-designed GFE template should prompt providers to capture every required component while still allowing space for individualized clinical notes. Standardization supports compliance without replacing clinical judgment.

Implement Electronic Medical Records

EMR systems improve documentation accuracy, reduce paperwork errors, and make records easier to retrieve during audits or legal reviews. Many platforms also include built-in compliance features such as required field prompts, signature tracking, and access logs. For medical spas handling telehealth GFEs, an EMR with integrated telehealth capabilities simplifies record management considerably.

Train Staff on Documentation Standards

Documentation quality depends on the people completing the records. Providers and clinical staff should receive clear guidance on charting expectations, and that training should be repeated regularly rather than delivered only at onboarding. As regulations evolve, training materials should be updated to reflect current requirements.

Conduct Internal Chart Audits

Routine internal audits allow clinic owners and medical directors to identify documentation gaps before regulators do. Audits do not need to be exhaustive to be effective. Reviewing a sample of records on a monthly or quarterly basis creates accountability and surfaces recurring issues that can be addressed through targeted training or template revisions.

The Role of Medical Directors in Documentation Oversight

A medical director or licensed physician does more than sign off on medical treatments. In a compliant med spa, they play an active role in shaping documentation standards and ensuring those standards are consistently met.

Establishing Documentation Protocols

Medical directors help translate regulatory requirements into practical workflows. This includes defining what a complete GFE record looks like for the specific medical services offered, setting expectations for charting turnaround times, and reviewing templates to confirm they capture everything required under state law and delegation agreements.

Reviewing Patient Charts and Procedures

Regular chart reviews are a core component of physician oversight. By periodically reviewing patient records, medical directors can verify that evaluations are thorough, identify charting patterns that need correction, and confirm that clinical decision-making is appropriately documented. This supports both quality assurance and regulatory compliance.

Staying Updated on Regulatory Changes and Legal Requirements

Med spa compliance requirements, particularly around telehealth and GFE standards, continue to shift at the state level. An experienced medical director monitors these changes and helps clinic owners adapt their documentation practices accordingly. This is especially valuable for practices operating across multiple states or adding new service lines that carry their own documentation obligations.

Key Takeaways

Proper Good Faith Exam documentation is essential for med spa compliance and patient safety, and it serves as the primary evidence of physician oversight during audits and regulatory reviews.
Every GFE record should include complete patient histories, physical assessment findings, clinical decision-making notes, treatment recommendations, and a dated provider signature.
Telehealth Good Faith Exams carry additional documentation requirements, including patient identity verification, telemedicine consent, and confirmation of HIPAA-compliant platform use.
Poor documentation increases exposure to malpractice claims, medical board investigations, failed audits, and insurance disputes, even when the clinical care itself was appropriate.
Medical directors play a central role in establishing documentation protocols, conducting chart reviews, and keeping practices aligned with current state regulations.

Frequently Asked Questions (FAQ)

What is included in Good Faith Exam documentation?

A complete GFE record includes the patient’s medical history, known allergies and medications, physical assessment findings, the provider’s clinical decision-making rationale, treatment recommendations, informed consent, and the evaluating provider’s credentials and signature. Telehealth evaluations should also include identity verification and telemedicine consent documentation.

Are med spas legally required to keep Good Faith Exam records?

Yes. Most states require healthcare-related practices, including med spas, to retain patient medical records for a defined period following the last date of service. Because GFE records document clinical evaluations and physician oversight, they are subject to the same retention obligations as other medical records. Requirements vary by state, so clinic owners should confirm the applicable rules with a healthcare compliance attorney or their state medical board.

Can Good Faith Exam documentation be completed electronically?

Yes. Electronic medical records and electronic signatures are widely accepted for GFE documentation, provided they meet applicable compliance standards. This includes HIPAA-compliant storage, appropriate access controls, and audit trail functionality. Most purpose-built EMR platforms for medical practices meet these requirements by default.

How long should med spas keep patient records?

Retention timelines vary by state but generally range from five to ten years from the date of the last patient visit. Some states require longer retention periods for minor patients, typically until the patient reaches adulthood, plus an additional defined period. Clinic owners should verify their state-specific obligations rather than relying on general estimates.

What are the risks of poor documentation?

Inadequate GFE documentation exposes med spas to a range of serious risks, including malpractice liability, medical board investigations, failed compliance audits, insurance claim disputes, and patient safety concerns. In situations where documentation is missing or incomplete, providers have limited ability to demonstrate that proper evaluations and oversight took place, regardless of what actually occurred clinically.

Do telehealth Good Faith Exams require different documentation?

Telehealth GFEs follow the same clinical documentation standards as in-person evaluations but require additional elements. Providers should document the method used to verify patient identity, obtain and record separate consent for telehealth care, and confirm that the platform used for the evaluation meets HIPAA security requirements. Some states have specific telehealth documentation rules that go beyond these baseline expectations.

Who is responsible for reviewing med spa documentation compliance?

Responsibility is shared across the practice. Providers are responsible for completing accurate and thorough records. Clinic owners are responsible for maintaining compliant systems, retention policies, and staff training. Medical directors have oversight responsibilities, including reviewing charts, establishing documentation standards, and ensuring the practice’s recordkeeping meets state regulatory requirements. When documentation compliance breaks down, all three levels of responsibility are typically examined.

Strengthen Your Med Spa Compliance With Proper Documentation

Accurate Good Faith Exam documentation is one of the most important safeguards for protecting your med spa, your patients, and the providers working under your practice. As medical board scrutiny increases and telehealth regulations continue to shift at the state level, organized and compliant recordkeeping is not optional. It is a core operational requirement.

Medical Director Co. connects med spas with experienced medical directors who understand documentation standards, state-specific compliance requirements, and the oversight responsibilities that come with aesthetic medicine practice.

Whether you are building your compliance program from the ground up or strengthening an existing one, the right medical director makes a measurable difference.

Speak with a compliance expert today to get started.