Health care providers seeking to grow their practice must tread carefully when it comes to marketing arrangements. While increasing patient volume is a common business goal, not all marketing tactics are legally permissible—especially when they involve payment structures tied to patient referrals. Even seemingly harmless agreements, such as paying a company based on the number of patients it delivers, can trigger serious legal and regulatory consequences.
The health care marketing industry often promotes services promising fast and measurable patient growth. These offers can be enticing, especially in competitive markets. However, providers must scrutinize these deals, as some cross legal boundaries. In Texas, the Patient Solicitation Act makes it illegal to offer or receive anything of value in exchange for referring patients. That means performance-based marketing arrangements could be interpreted as unlawful inducements.
Federal law also casts a wide net. The Anti-Kickback Statute prohibits remuneration for referrals involving federally funded programs like Medicare and Medicaid. Violations can lead to significant civil and criminal penalties, including fines, exclusion from federal health care programs, and even imprisonment. Additionally, such conduct may run afoul of the False Claims Act, especially if it results in improperly billed federal claims.
Texas law adds another layer of complexity with its barratry statute, which bans the improper solicitation of professional services—including by health care providers. This statute is often enforced in the context of personal injury and legal services, but its reach can extend to medical marketing tactics that resemble client chasing.
Penalties for violating these laws can be severe. In addition to civil and criminal liability, providers risk disciplinary action from their licensing boards, which may include suspension or revocation of their professional licenses.
To avoid these pitfalls, health care providers should never enter into marketing or referral agreements without first consulting qualified legal counsel. A proactive legal review can help ensure that promotional strategies comply with both state and federal laws, protecting the provider’s reputation, finances, and professional standing. When it comes to patient marketing, compliance must always come before convenience.
It’s natural to want to defend your practice—especially when a negative online review feels unfair, misleading, or outright false. But for healthcare providers, responding to a bad review isn’t just a public relations concern—it’s a legal one. You could be walking straight into a HIPAA violation.
Under HIPAA—and many state privacy laws—healthcare providers are prohibited from disclosing patient health information to unauthorized individuals. This includes not only obvious disclosures, such as a diagnosis or treatment details, but also something as seemingly harmless as confirming that someone is a patient. Even a simple statement like, “I’m sorry you felt that way about your visit,” could be interpreted as a disclosure of protected health information (PHI).
So what should you do when confronted with a negative review?
First, decide if it’s worth responding at all. Not every negative review needs a response. Sometimes, the most strategic move is to let it go. However, if the review contains false or defamatory statements, you may want to contact the review platform and request that it be removed in accordance with their content policies.
If you do choose to respond, you can still do so in a way that protects patient privacy. A compliant response should acknowledge that your practice takes concerns seriously, reaffirm your general commitment to quality care, and invite the individual to contact your office directly to discuss the matter further. This approach demonstrates professionalism without crossing any legal boundaries.
What you should never do is reference the reviewer’s condition, visit, or any personal detail—no matter how vague it seems. Likewise, avoid blaming the patient, even if you feel their account is inaccurate or incomplete. Comments like, “You missed several appointments” or “You didn’t follow the treatment plan,” are not only unprofessional—they may constitute a HIPAA violation.
Also, don’t get pulled into an online back-and-forth. Responding more than once can escalate tensions, increase the risk of disclosing sensitive information, and reflect poorly on your practice. One thoughtful, respectful response is enough.
Finally, remember that your response is not just for the reviewer—it’s for everyone else reading it. Potential patients will form impressions about your professionalism, judgment, and values based on how you handle criticism. Always be polite, measured, and HIPAA-compliant. A negative review can be frustrating—but turning it into a HIPAA violation is far worse. Stay calm, stay professional, and when in doubt, don’t respond publicly at all.
In the world of pharmaceuticals, compounding pharmacies play a crucial role in customizing medications to meet the unique needs of individual patients. However, the practice of compounding is tightly regulated to ensure patient safety and maintain the integrity of the drug approval process.
One contentious issue is whether compounding pharmacies can continue to compound name brand drugs by simply adding an ingredient like Vitamin B12 to the formulation. This blog post will delve into the regulations and guidelines provided by the FDA under Sections 503A and 503B of the Federal Food, Drug, and Cosmetic Act (FD&C Act) to analyze the validity of this practice.
Understanding FDA Regulations on Compounded Drugs
The FDA has established specific conditions under Sections 503A and 503B of the FD&C Act that must be met for compounded drugs to qualify for exemptions from certain regulatory requirements. These exemptions include current good manufacturing practice (CGMP) requirements, labeling with adequate directions for use, and new drug approval requirements. One critical condition is that the compounded drug must not be “essentially a copy of a commercially available drug product” unless there is a change made for an identified individual patient that produces a significant difference for that patient, as determined by the prescribing practitioner.
What Constitutes “Essentially a Copy”?
The FDA defines “essentially a copy” of a commercially available drug product as a compounded drug that:
Has the same active pharmaceutical ingredient(s) (API) as the commercially available drug product.
The API(s) have the same, similar, or an easily substitutable dosage strength.
The commercially available drug product can be used by the same route of administration as prescribed for the compounded drug.
The Requirement for Significant Difference
For a compounded drug to be exempt from being considered “essentially a copy,” there must be a documented determination by the prescribing practitioner that the change in the formulation produces a significant difference for the patient. This determination must be specific and documented on the prescription. Examples of significant differences include:
Removing an allergenic dye for a patient with allergies.
Changing the dosage form for a patient who cannot swallow tablets.
Adjusting the dosage strength for a patient who requires a different dose.
The Role of Adding B12 to the Formulation
Can adding Vitamin B12 to a name brand drug formulation exempt the compounded drug from being considered “essentially a copy”? The answer is not straightforward. The addition of B12 must produce a significant difference for the patient, as determined by the prescribing practitioner. This significant difference must be documented on the prescription, specifying the change and the benefit it provides to the patient.
FDA’s Position on Minor Changes
The FDA’s guidance explicitly states that minor changes in strength or formulation that do not produce a significant difference for the patient do not exempt the compounded drug from being considered “essentially a copy.” For example, changing the strength from 0.08% to 0.09% is not considered significant unless it is specifically determined to be so for an individual patient.
Minor changes that do not produce a significant difference for the patient do not qualify the compounded drug for exemptions. This is to ensure that compounders do not evade the limits set by the FDA by making relatively small changes to a compounded drug product and then offering it to the general public without regard to whether a prescribing practitioner has determined that the change produces a significant difference.
Conclusion
The position that compounding pharmacies can continue to compound name brand drugs by simply adding B12 to the formulation is not valid unless the addition of B12 produces a significant difference for the patient, as determined and documented by the prescribing practitioner.
The compounded drug must meet all other conditions under Section 503A or 503B of the FD&C Act to qualify for exemptions. Without a documented significant difference, the compounded drug would still be considered “essentially a copy” of the commercially available drug product, and compounding it would not be permissible under FDA regulations.
Adding an ingredient like B12 to a name brand drug does not automatically make it permissible to compound unless it meets the specific criteria set forth by the FDA.
In a previous video, we talked about what a Privacy Program is. In this video, we look at six reasons why your organization needs a privacy program.
Reason No. 1 – To Comply With the Law
A privacy program may be essential for your organization to comply with federal and state law.
Medical records
Education records
Disability information
Employer background checks
Financial records
No matter what business you are in, you likely collect, use, store, disclose and share a lot of personally identifiable information that is protected by law.
To comply with the law, you may need a designated privacy officer and policies in place to protect the privacy and security of that data.
Reason No. 2 – To Meet Industry Standards
Your organization may have agreed to abide by industry standards.
Take credit cards, for example. The credit card industry requires everyone who accepts credit cards to comply with the Payment Card Industry Data Security Standard (PCI DSS).
You’re required to protect your network, protect stored credit card information, apply strong access controls measures, regularly monitor and test your network, and create security policies for employees and contractors.
Are your policies compliant? Don’t assume so.
A privacy program will ensure that all standards applicable to your organization are properly addressed.
Reason No. 3 – It’s a Business Differentiator.
The news is replete with examples of companies that squandered consumer trust.
In the first three months of 2024, there have been over 700 million records breached in 658 publicly disclosed incidents.
And that’s just the breaches we know about.
A well-run privacy program keeps you out of the news for data breaches and reinforces positive customer relationships.
Reason No. 4 – It Protects Your Business Data Too.
Good security practices not only protect consumer data, they protect your business data too.
Lax privacy and security controls can lead to loss of proprietary business data.
The same techniques employed by threat actors to steal consumer data, can compromise your business plans.
Improving security controls not only protects customers’ privacy, but also your organization’s secrets.
Reason No. 5 – It Enables You to Scale and Grow.
A good privacy program creates a foundation for your organization to grow.
Every state has it’s own privacy laws, and every country has it’s own regulatory scheme.
With a privacy program in place, you may already satisfy the laws in those other jurisdictions. But if not, you are not starting from scratch.
With concepts like privacy by design integrated throughout your organization, you can more easily adapt to the laws in new markets, even if those markets are on the other side of the globe.
Reason No. 6 – It’s the Right Thing to Do.
Respecting privacy is a fundamental aspect of maintaining trust with your customers and employees.
Data breaches can harm customers financially, reputationally, and emotionally. It leads to identity theft and the feeling of being violated.
A robust privacy program helps ensure that personal data is handled responsibly and ethically, further strengthening the bond between your organization and its stakeholders.
Semaglutide weight loss drugs are quite literally saving people’s lives. There are so many health benefits to losing weight that demand for the drugs is off the charts. Demand is so high that the manufacturer can’t keep up and the drugs are in short supply.
Where there is money to be made, there will be people willing to step in. Enter compounding pharmacies, who are catering to the demand by creating supposed duplicates of the drug.
But not all semaglutide is created equally, and concerns are rising that some pharmacies are creating inferior versions of the drug that are, at best, less effective or, at worst, dangerous.
How does semaglutide work?
Ozempic was approved by the U.S. Food and Drug Administration (FDA) in 2017 for use in adults with type 2 diabetes. After patients reported significant weight loss, Novo Nordisk rebranded the drug as Wegovy and received FDA approval in 2021 for use in chronic weight management in adults.
Semaglutide, the active ingredient for both drugs, mimics the function of a hormone that is naturally produced in the body. This hormone, released into the blood after you eat, helps lower blood sugar by stimulating insulin production, decreasing the amount of glycogen created in the liver, and ultimately making you feel fuller longer.
In short supply
These drugs work really, really well. So well, in fact, physicians prescribe Ozempic, the diabetes drug, “off-label” for weight loss. The manufacturer cannot make them fast enough due to a shortage of semaglutide. Both Ozempic and Wegovy have been on the FDA shortage list since March 2022.
This creates an attractive opportunity for compounding pharmacies. As long as the drugs stay on the official shortage list, they can be copied by compounders without fear of patent infringement.
And copy them they do. But how well?
Base or salt?
Ozempic and Wegovy use the base form of semaglutide. The base form has been approved by the FDA for the treatment of diabetes and obesity. But some compounding pharmacies are using different forms of semaglutide, known as semaglutide “salts,” that are chemically different from the base version.
Semaglutide salts have not been approved by the FDA, leading some authorities to caution patients about the efficacy or safety of the variant.
The FDA has received adverse reports from some patients after using the compounded semaglutide, which prompted them to send a public letter to the National Association of Boards of Pharmacy expressing agency concerns with the use of the salt forms of the compounded products. Some state pharmacy boards have also voiced concern.
The manufacturer of the brand-named drugs is making waves, too, and in some cases, threatening and filing lawsuits against pharmacies compounding the drugs and the health care providers administering them.
Best practices
Although the manufacturer is trying to step up production, the demand for semaglutide products will likely continue to outstrip the supply for the foreseeable future. Undoubtedly, many patients and their providers will turn to compounded variants to meet demand.
A physician’s responsibility goes beyond just prescribing the drug. They should understand how the drug is compounded and investigate the efficacy and safety of the salt forms of the product. Then decide if the salt form is appropriate for their patients.
If it is, providers should inform their patients. The Texas Medical Board considers the administration of non-FDA-approved drugs to be a form of alternative medicine. Medical board rules require that patients be informed that the drug is not FDA-approved and be told of the risks associated with the drug.
Pharmacies, too, play a key role as the backbone of our medication dispensing infrastructure. They should stay abreast of the regulations governing the compounding of semaglutide and the ethical considerations of preparing a medication for an individual patient.
They should follow the United States Pharmacopeia (USP) standards. Maintain a clean and safe environment, train personnel, appropriately label the medications, accurately identify the active ingredients, and provide accurate use instructions.
Patients have a responsibility, too. Talk to your doctor and discuss the risks and benefits of the compounded drug. If you and your doctor decide the drug is right for you, keep the lines of communication open with your physician and disclose any adverse reactions as soon as possible.
The future
The demand for these weight loss drugs will remain high for the foreseeable future. Until supply catches up with demand, growing pains will be felt in all corners of our healthcare delivery system.
From the companies that manufacture and compound the drugs to the physicians who prescribe them, the patients who take them, to the insurers who will be asked to pay for them – everyone has a responsible role to play.
I’m going to let you in on a little secret. Most med spas in Texas are not compliant with Texas law.
Either they are formed as the wrong legal entity type, they lack proper ownership or oversight, they are not following the standard of care, or all of the above.
The consequences can be significant for everyone involved.
For med spa owners, the Texas Medical Board can shut down your business. In extreme cases, you could be charged with practicing medicine without a license. If a patient gets injured, you could face civil liability. If your MedSpa is not formed or owned in compliance with Texas law, the insurance company could deny coverage, leaving you you holding the bag.
Physicians associated with non-compliant med spas can be disciplined by the Texas Medical Board. Those physicians are literally putting their medical licenses at risk.
Med Spas Provide Medical Services
I’m using the term med spa to describe several types of businesses—traditional med spas, IV hydration or IV therapy businesses, medical weight loss clinics, those types of retail medical services.
It should come as no surprise that the “med” in med spa stands for medical. We call them med spas because many of the services they provide are considered medical services. Botox injections, microneedling, dermaplaning and dermablading, cool sculpting, medium and deep chemical peels, are all considered non-surgical medical cosmetic procedures by the Texas Medical Board.
IV hydration and therapy, medical weight loss injections, and hormone therapy are also considered medical services. If a procedure involves injecting a patient or removing living tissue, it is probably a medical procedure.
Med Spas Must Be Formed Correctly
Because med spas provide medical services to the public, they must comply with Texas law just like any other medical practice, and that means they must be formed as an appropriate legal entity.
In Texas, medical practices can only be formed as professional associations, professional limited liability companies or PLLCs, or partnerships with other licensed physicians.
Many med spas in Texas today are incorrectly formed as corporations or regular LLCs. This is not allowed. Corporations and LLCs cannot be medical entities. The other requirement is proper ownership.
Med Spas Must Be Owned by Physicians
Medical entities, like med spas, cannot be owned by non-physicians. They must be owned by persons licensed to practice medicine in Texas.
Let me say that again.
Med spas cannot be owned by non-physicians. They must be owned by persons licensed to practice medicine.
A physician is a person licensed by the Texas Medical Board as a medical doctor, an MD, or a doctor of osteopathy, a DO.
But all is not lost. There is a way to structure a med spa correctly, even if you are not a physician.
Management Model
Through the magic of the management model, non-physicians can run a med spa and share in the profits.
Here’s how it works.
We still create a medical practice, like a PLLC, that will be owned by a physician, but we also create a management company owned by you that will run and manage the medical practice. You will be responsible for running the practice, but you do it through your your management company.
When patients pay for MedSpa services, that money is deposited into the Medical Practices Bank account. You, as the manager, have access to the Practices Bank account and you will pay all the business expenses from that account—rent, supplies, payroll, utilities, insurance, for example. What’s left over is paid to your management company as a management fee for your work in running and managing the practice.
So, in the management model, a physician still owns the medical practice, but you own the management company that runs the medical practice, and you take the profits as a management fee.
Special Arrangements
Let me pause here and say that if you happen to be a physician, things are more streamlined. We don’t have to use a separate management company. Physicians, of course, can own the medical practice.
If you are a podiatrist, chiropractor, or optometrist, there still must be a physician owner, but we don’t have to use a separate management company. You can jointly co-own the medical practice with the physician.
If you are a physician assistant, Texas does allow you to co-own the medical practice with a physician. However, you can only be a minority owner and the physician must be the majority owner.
Nurse practitioners unfortunately do not have the same opportunity as physicians. physician assistants. Nurse practitioners cannot co-own any part of a medical practice with a physician. The same is true for registered nurses.
So, if you’re a business person, a nurse practitioner, or a registered nurse, you must use the management model to operate a med spa.
Good Faith Exams
We have talked about the correct legal entity type and the correct ownership. Now let’s talk about an operational issue, the good faith exam.
A good faith exam is a medical examination conducted by a physician or a mid-level provider, like a physician assistant or a nurse practitioner, to assess a patient’s current condition and develop a plan of treatment. If you’ve ever been to a doctor, you have received a good faith exam.
Some med spas hire mid-levels on a part-time or as-needed basis to come into the med spa to perform these good faith exams. Other med spas use telehealth exams. Patients will schedule a telehealth exam prior to a med spa visit. The mid-level will perform a good faith exam and rule out contraindications and then write an order for a med spa treatment like IV infusion or a Botox injection.
Common Questions
That covers some of the requirements for Texas med spas. Now let me answer some common questions I get from clients.
Question 1. No one else I know is doing it this way. Are you sure this is right?
Yes, I’m sure. It’s unfortunate that many med spas are not formed or operating correctly. If you have researched med spas, you know how difficult it can be to get straight answers.
The problem is there is a lot of misinformation on the internet. Much of it is incomplete or just plain wrong. Some of it might be right for other reasons. states, but not in Texas.
It’s important to understand that each state has its own laws that apply to med spas. It’s no wonder there is so much confusion. The information I’m giving you is correct for Texas, but it won’t apply to other states.
Question 2. I don’t want the physician to have access to the business. How can I protect my business?
Well, I don’t blame you, and because of that, we build in certain protections into the documents.
We specify that the physician cannot sell or transfer their interest to any other person without your permission.
We give you access and control to the bank accounts for the medical practice. In that way, you control the money. We create a process to change physicians if that ever becomes necessary. If the physician some day decides they want to move on, we don’t have to create a brand-new medical practice.
We just transfer ownership of the existing medical practice to a substitute physician.
Finally, the management company that you own will own your med spa’s brand and name. The management company will license that name to the medical practice. The medical practice can’t use it without your permission. In that way, you always maintain control of your brand.
Question 3. How does the physician get paid?
The physician gets paid a flat fee every month for supervising the mid-level provider.
In Texas, mid-level providers must be supervised by a physician. The Texas Medical Board has established rules for this supervision. Physicians who don’t properly supervise the mid-level provider can be disciplined by the medical board.
The physician usually doesn’t see the patient. They supervise the mid-level provider who does see patients and for that they get paid a monthly flat fee somewhere in the range of $1,000 to $3,000 per month.
Question 4. What kind of insurance do I need?
You need a general liability policy for slip and falls and you need a professional liability policy for hypothetical malpractice claims.
Physicians and mid-level providers probably already have a malpractice policy. Sometimes you can add the MedSpaw as an additional insured to those policies.
My preference is that you get the med spa its own malpractice policy that covers every practitioner who works works for the med spa. That way, you don’t have to depend on others to have the right amount of insurance for your business.
Question 5. Are there any legal risks for the physician?
There is always some level of risk. A patient who has a bad experience can file a complaint with the Texas Nursing Board or the Texas Medical Board. If that happens, the provider will have to justify the services they provided to that patient.
For the physician, it’s important that they take seriously their responsibilities to supervise the mid-level provider. There must be a supervising agreement between the physician and the mid-level. The physician needs to review a sample of patient charts every 30 days and address any concerns with the mid-level, and the physician needs to be available to answer the mid-level’s questions as they come up.
For the mid-level provider, it’s important that they are thorough when performing the good faith exams and that they keep good medical records. What are the next steps?
Conclusion
I’ve covered a a lot of information. I would encourage you to watch this video more than once. You will probably key in on new information each time.
Well, that’s it. Best of luck to you. You’re on an exciting journey. I look forward to the opportunity to help you along the way.
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) updated its guidance to regulated entities when using online tracking technologies. These technologies, used to collect and analyze user interaction with websites or mobile applications, must comply with HIPAA rules if the information gathered includes protected health information (PHI). Unauthorized disclosures of PHI to tracking technology vendors, such as for marketing purposes without compliant authorizations, are deemed impermissible.
The update emphasizes that regulated entities should ensure they disclose PHI only as expressly permitted or required by the HIPAA Privacy Rule. It provides guidance on the application of HIPAA rules to the use of tracking technologies on user-authenticated webpages, unauthenticated webpages, and within mobile apps. For instance, tracking technologies on user-authenticated webpages generally have access to PHI, and tracking technology vendors are considered business associates if they handle PHI.
Unauthenticated webpages, which do not require user login, usually do not have tracking technologies that access PHI. However, in cases where PHI is accessible, HIPAA rules apply. For mobile apps offered by regulated entities, information collected is generally considered PHI, and the entity must comply with HIPAA rules for any PHI the app uses or discloses. However, HIPAA does not protect information users voluntarily enter into non-regulated mobile apps.
Disclosures of PHI to tracking technology vendors must be specifically permitted by the Privacy Rule. If the vendor is a business associate, a business associate agreement (BAA) must be established. The use of tracking technologies should be addressed in the entity’s Risk Analysis and Risk Management processes. If there’s an impermissible disclosure of PHI, breach notification to affected individuals and the Secretary is required. OCR is prioritizing compliance with the HIPAA Security Rule in investigations into the use of online tracking technologies.
Look better. Feel better. Fountain of youth promises are making med spas one of the fastest-growing segments in healthcare. Botox injections, laser hair removal, IV hydration and therapy, medical weight loss, and hormone therapy seem to be available on every corner.
But most med spas are not compliant with Texas law. Either they are formed as the wrong entity type, they lack proper oversight and ownership, or all the above.
The consequences can be significant for everyone involved.
Med spa owners face potential civil and criminal liability for the unauthorized practice of medicine. Physicians associated with those med spas could find themselves subject to disciplinary action from the Texas Medical Board. And patients are caught in the middle.
The “med” in med spa stands for medical because many of the services they provide are medical in nature. Botox, Disport, Juvederm, and Kybella injections, microneedling, chemical peels, laser hair removal, dermaplaning, and CoolSculpting are considered “nonsurgical medical cosmetic procedures” by the Texas Medical Board.
IV hydration and therapy, platelet-rich plasma injections, medical weight loss injections, and hormone therapy are also medical services. If a procedure involves injecting a patient intravenously or subcutaneously, it is probably a medical procedure.
Before any medical procedure, a physician or midlevel provider (like a physician assistant or nurse practitioner) must perform a good faith exam, establish a medically appropriate treatment plan, and document everything in a medical record.
Midlevel providers must be supervised by a physician under a Prescriptive Authority Agreement. The physician must review a sample of the charts regularly and generally be available to the midlevel if they have questions.
This does not happen in many med spas.
Then there’s the business side. The practice of medicine in Texas is regulated by the Texas Medical Practice Act, the Texas Medical Board, and administrative rules. Because med spas provide medical services to the public, they must comply with all these rules just like any other medical practice.
Med spas must be formed as an acceptable legal entity type. In Texas, medical practices are limited to professional associations (PAs), professional limited liability companies (PLLCs), and general partnerships with other licensed physicians. Many med spas are incorrectly formed as corporations or regular LLCs.
This is not just a technical problem. It leads to improper ownership. Medical entities, like med spas, cannot be owned by non-physicians. They must be owned by persons licensed to practice medicine in Texas.
There is a lot of information on the Internet, much of which is incomplete or wrong.
Texas is a “Corporate Practice of Medicine” state, which means that physicians cannot be employed to provide medical services by companies not owned by licensed physicians. In practical terms, a non-physician cannot start a company and then hire a physician to provide medical services to patients of that company. With very few exceptions, medical services can only be provided through professional entities owned by physicians.
These same prohibitions apply to midlevel providers like Physician Assistants and Nurse Practitioners. Physician Assistants can co-own a medical practice with a physician only if the physician controls a majority interest in the practice. Nurse Practitioners cannot own any percentage of a medical practice.
These are just a few of the compliance issues for Texas med spas. There are also in-office and website disclosure requirements, registration requirements, reporting requirements, and restrictions on the type of marketing or advertising the practice can engage in.
Patients are caught in the middle. Those injured at a non-compliant med spa may not know where to turn.
These types of complaints to the Texas Medical Board are growing at an alarming rate. If the non-compliant med spa has a Medical Director, the Board can discipline the physician for inappropriate supervision or unprofessional conduct. Physicians associated with non-compliant med spas are putting their medical licenses at risk.
For the unlicensed med spa owner, the Medical Board can shut down their business. In extreme cases, the unlicensed med spa owner could be charged with practicing medicine without a license. If the patient suffers a physical or psychological injury, the owner could be charged with a third-degree felony which carries jail time of two to ten years and a fine of $10,000.
If the patient hires an attorney to sue for malpractice, the med spa’s insurance company may deny coverage if the med spa was not formed or owned in compliance with Texas law.
Med spas are big business and growing rapidly. But with great reward comes great responsibility. Entrepreneurs owe it to themselves and patients to set up the med spa the right way, with the right supervision, and the right ownership.
The American Med Spa Association defines a medical spa as a hybrid between an aesthetic medical center and a day spa” with four core elements: (1) the provision of non-invasive (i.e. non-surgical) aesthetic medical services; (2) under the general supervision of a licensed physician; (3) performed by trained, experienced and qualified practitioners; (4) with onsite supervision by a licensed healthcare professional. AmSpa – Med Spa FAQ
While that definition is technically accurate, it obscures the point that because med spas offer medical services, they are considered medical practices in Texas and must comply with the rules and regulations that apply to traditional doctor’s offices.
What kinds of services do med spas offer?
In addition to providing aesthetic cosmetic treatments common in many spa settings, med spas provide services that cross the line into the practice of medicine. A small sample of these services include:
Laser Hair Removal
Botox injections and other dermal fillers
IV infusions
Platelet-Rich Plasma injections
Hormone therapy
Cosmetic surgeries
The Texas Medical Board refers to these types of services as Nonsurgical Medical Cosmetic Procedures and requires that an appropriately trained physician, or properly supervised midlevel practitioner, perform an appropriate patient assessment and issue an order for the medical cosmetic procedure. Title 22, Texas Administrative Code, Section 193.17, Nonsurgical Medical Cosmetic Procedures
What legal structure must med spas have?
Because med spas are medical practices, they must follow the requirements of Texas law regarding professional entities. Medical practices can only be structured as professional limited liability companies (PLLC) or professional associations (PA). Texas Business Organizations Code, Section 301.003(3)
They may not be formed as corporations or regular limited liability companies (LLC).
That means that nurse practitioners or unlicensed persons cannot form a “partnership” with physicians to own a med spa. Said another way, unless you are a physician, chiropractor, optometrist podiatrist, or physician assistant (in limited situations), you cannot own a med spa. This too is a violation of the Corporate Practice of Medicine.
Can a non-physician co-own a med spa with the physician?
In certain circumstances, non-physicians can co-own a medical practice with the physician. The only allowances are for podiatrists, chiropractors, optometrists, and sometimes physician assistants. Texas Business Organizations Code, Sec. 301.012 That means that nurse practitioners, registered nurses, estheticians, or unlicensed persons cannot form a “partnership” with physicians to own a med spa. Said another way, unless you are a physician, chiropractor, optometrist podiatrist, or physician assistant (in limited situations), you cannot own a med spa. This too is a violation of the Corporate Practice of Medicine.
Can a dentist be the “medical director” of a med spa?
I’ve seen mention that the Texas State Board of Dental Examiners allows dentists to use Botox for dental esthetic and dental therapeutic purposes. I cannot confirm that policy, but it would not be surprising as there are several therapeutic dental uses for Botox: high lip lines, Temporomandibular Joint Disorder, Bruxism, and dentures no longer fitting due to shifting jaw muscles. However, Botox for facial cosmetic purposes would not be in a dentist’s scope of practice.
In my view, dentists can only prescribe Botox and fillers for dental purposes. I do not think dentists can provide Botox for purely cosmetic purposes. The other issue is that since cosmetic Botox is a medical service, and dentists are not medical doctors, they cannot own or co-own a medical practice. Neither are dentists qualified to serve as “Medical Director” since they are not licensed to practice medicine in Texas.
What are some of the risks of a non-compliant med spa?
It is a violation of Texas’s Corporate Practice of Medicine doctrine for corporations or standard LLCs to provide medical services. Doing so could bring civil and criminal penalties. Texas Occupations Code, (Medical Practice Act), including sections 155.001, .003, 157.001, 164.052(a)(8),(13), and 165.001, .051, .101, .151, .156
Is the physician required to be on-site or at mid-level required to be on-site?
Either the midlevel or the physician can do the good-faith exam via telehealth or in person. They must be the ones to write the order for the medical procedure.
How often should a med spa perform good faith exams on patients?
At a minimum, a Good Faith Exam (GFE) should be performed annually, but may be required more often depending on the circumstances.
The good faith exam should be performed on any patient receiving treatment for the first time. From this GFE, the provider develops a treatment plan which will often include multiple treatments over several sessions. A GFE does not need to be performed for each session included in that treatment plan.
With that said, a new GFE should be performed:
If a patient seeks additional services not anticipated during the initial GFE, or not included in the initial treatment plan;
The patient discontinues the treatment plan, but then desires to resume treatment after a substantial delay; or
A patient’s health changes materially, either during the course of a treatment plan or thereafter.
There is no hard and fast rule. It is a question of the applicable medical standard of care. When in doubt, a physician or midlevel should decide if a GFE is required.
This is a four-part series on Handling Licensing Board Investigations from Complaint to SOAH Hearing. In preparation for this series, I talked to several of the staff attorneys and investigators for the Texas Medical Board, the Board of Nursing, and the Board of Chiropractic Examiners. I asked them what advice they would give lawyers practicing before their boards. Some of the suggestions throughout this series come from the staff attorneys and others come from trial and error on my part through years of representing clients before these boards.
The series will present issues associated with the phases of the investigation and resolution:
Part III – The Informal Settlement Conference (ISC)
Part IV – The SOAH Hearing
The purpose of this series is to give licensees and their attorneys a greater understanding of the complaint and investigation process. Of course, each board is different and each investigation is driven by the issues and personalities involved. Licensees and their attorneys are encouraged to understand the rules and processes applicable to the relevant board. Further materials about the complaint, investigation, and hearing process are available on board websites.
Part II of this series explores the investigation and the discovery issues involved.
The Big Picture
The investigation process starts with a complaint. The complaint goes through a preliminary evaluation process and may be dismissed. If it passes this preliminary evaluation, the board will open a formal investigation during which a board investigator will gather information about the case, including medical records and witness statements.
When the investigation is complete, the information will be presented to a review committee. The committee will either refer the matter to litigation or be dismissed. The terminology of “referral to litigation” is most often used by the Texas Medical Board and simply means that the matter is assigned to one of their staff attorney for further handling, with the assistance of the investigator.
At this point, the matter could still be dismissed, but most likely will proceed to some type of Informal Settlement Conference (ISC) or proposed Agreed order. If it’s not resolved at this more informal stage, the matter goes to the State Office of Administrative Hearings (SOAH) for a more formal proceeding.
There is a big difference in terms of tone and focus from the complaint and the informal settlement conference, and the SOAH hearing. The first part of the investigation is more of an informal process. A SOAH proceeding has a much different tone, similar to a lawsuit. A judge will preside, without a jury, listen to testimony, and rule on evidence. After the SOAH proceeding, the judge will issue a ruling with findings of facts and conclusions of law. The licensing board will consider the ruling and take appropriate action.
The Complaint
Having explained the process in general, let’s get into the details of each step.
Complaints can be initiated in several ways. There is an online form or a written complaint form that can be downloaded. There is a complaint hotline that patients can call. Most complaints come from patients, but they can be initiated by the licensee’s fellow practitioners. Practitioners are required to report their peers if they feel like their conduct is a threat to public safety. Finally, complaints can be initiated by the board itself. This most often occurs if the licensee gets arrested or charged for a crime – e.g. driving while intoxicated.
Once a complaint has been initiated with the Texas Medical Board, there are no takebacks. The patient cannot withdraw it if they change their mind. That is not the case with the chiropractic board or the board of nursing, where they can be withdrawn. At some point, the ability to withdraw a complaint becomes moot because the complaint has progressed into the formal investigation phase where the investigator has likely have found other issues and does not the complaint to continue the process.
The complainant’s identity is confidential, with certain rare exceptions. But complaints cannot be anonymous. Anonymous complaints are dismissed without further action. See 22 Tex. Admin. § 178.4.
The Preliminary Evaluation
Once the complaint is filed, an investigator will be assigned to the file and they will communicate with the complainant as part of their preliminary evaluation.
The preliminary evaluation is not a detailed review of all the allegations and supporting facts. It is a narrow evaluation to determine if the licensing board has jurisdiction over the complaint.
The preliminary evaluation must be conducted within 45 days. Within 45 days, the board will know whether they have jurisdiction over the matter. It has been my experience that if the board determines they have jurisdiction, the matter will most likely be referred to a staff attorney to direct the handling in conjunction with an investigator to gather facts.
At the beginning of the preliminary evaluation, the licensee is notified and allowed to respond.
It is difficult for the licensee to adequately respond. While the licensee is told generally about the nature of the complaint, it is typically vague.
This is a letter from one of my cases before the Texas Medical Board. You will note that the letter includes general statutory allegations such as unlawful advertising, practice, inconsistent with health and health and welfare, and unprofessional conduct, which you will see in every case involving non-therapeutic prescribing or treatment.
That gives us the gist of the complaint, but it does not tell us much about the context. At least we know it has something to do with advertising. So in this case that’s all the information we received when they invited the practitioner to respond.
In hindsight, the complaint involved advertising IV infusions that could allegedly prevent COVID. This was long before the vaccinations existed. The licensee was trying to imply that her vitamin-enriched solutions would make you more healthy which would make you less susceptible to contracting COVID. The medical board was not pleased.
The challenge is how do you respond to such vague allegations?
This is where licensees typically make a series of mistakes. They fail to get a lawyer involved and casually send responses to the board, usually by email, and often with a tone of informality.
It is important to understand that the scope of the investigation is not limited by the complaint. If the board finds other potential violations, they can and will broaden their investigation. Neither the practitioner nor the investigator knows what information is going to be relevant.
In my view, the best course of action is to respond very narrowly and succinctly. You will have plenty of time as you go through this process to respond further.
If you are counsel representing a practitioner, it is also a good idea to call the investigator to try to get more information about the allegations. The chiropractic board, for example, has a policy of trying to give as much information to the licensee as possible while respecting the bounds of confidentiality. Not all boards may be quite as forthcoming. It depends on the board and the investigator, but it does not hurt to ask. Some boards want to facilitate this communication. They want to get as substantive of response as they can, so they can make that preliminary evaluation.
Is the Complaint Jurisdictional?
The key question in the preliminary evaluation is whether the complaint is jurisdictional. What does that mean?
The issue is whether this particular licensing board has the authority to handle the complaint and impose a penalty on the practitioner if warranted. The first question then is whether the complaint is about one of the board’s licensees.
This is not always a simple issue. Patients do not always know who the provider is. In some practices, the patient may never see the doctor. Perhaps the patient is treated by a nurse practitioner or physician assistant. The physician may not be on-site. Supervision is accomplished by reviewing samples of charts sometime after the care is provided. Not understanding the relationship, the patient may complain to the medical board about the nurse practitioner, or they may complain to the nursing board about the physician. In the case of a med spa, where a physician acts as the medical director, the patient may complain to the nursing board because they talked to a nurse practitioner.
Providers should be careful about blurring the lines about who is responsible for the care. If your client is in one of these multidisciplinary practices, make sure the website is clear about who is providing what care.
The next question is whether the complaint if taken as true states a violation of the board statute or board rule. Complaints can be dismissed because the subject of the complaint is not a violation. With that said, almost any complaint can constitute “unprofessional conduct” depending on the context. Many of the board rules are written to include a broad range of conduct.
If there is no jurisdiction, the board will dismiss the complaint. Depending on the allegations, the board may also refer the matter to the appropriate licensing board or state agency.
One exception is the Texas Medical Board. If they do not have jurisdiction over the practitioner, but feel like the practitioner is practicing medicine without a license, they will issue Cease and Desist letter.
Here’s an example of one such letter. This was sent to a nurse practitioner. The medical board felt like she was practicing beyond the scope of her delegation.
The letter is a notice of a hearing inviting the nurse to explain why a Cease and Desist Order should not be issued. The burden is on the practitioner, and in most cases, the Cease and Desist Order is issued.
Following an investigation, the complaint will be dismissed because the practitioner is not licensed by the Texas Medical Board. The board cannot issue penalties against a non-licensee, but it can issue a Cease & Desist Order because the board does regulate the practice of medicine. The board can also refer the matter to the Travis County District Attorneys’ office for possible criminal charges for the unauthorized practice of medicine.
Formal Investigation
If the board determines it has jurisdiction, the complaint is officially filed and a formal investigation is opened. The same investigator who conducted the preliminary evaluation will also handle the investigation. The transition from evaluation to investigation is just a continuation of the process. They just keep going with their investigation.
The licensee is now called the Respondent. Both the Respondent and the complainant are notified within this 45-day window of the result of the preliminary evaluation.
This is a notice letter from the Texas Medical Board that a formal investigation has been opened.
This is another example of a notice layer, but this one is a formal investigation for a cease and desist hearing.
Discovery Tools
Once a formal investigation is opened, the board will use various discovery tools to investigate the matter. They will interview witnesses, request documents through subpoena power, and refer the matter for expert review, if necessary.
This is an example of the Texas Medical Board using its subpoena power.
The investigation remains confidential. See 22 Tex. Admin. § 178.4. The respondent will not see the transcripts of interviews with the complainant or witnesses unless it reaches a SOAH hearing. These investigations can last some time.
The board is required to give you notice every 90 days that the investigation is ongoing. Understand that many of these cases are complex and take time. You may get several of these letters, especially from the medical board, especially if standard of care issues are involved and the board engages an expert to review the records.
Initial Requests
When the board opens a formal investigation, they will send the Respondent a request for a narrative and one or more requests for documents. In the example above, the medical board requires the respondent to explain in detail how supervision of the mid-level practitioner by the physician is accomplished at this clinic (Item #2). The board wants copies of supervision agreements (Item #3, with reference to a forthcoming 14-day subpoena) and a narrative about the services provided at the clinic (Item #4).
The board can require the practitioner to provide a narrative and provide documents. One of the obligations of licensure is that the licensee agrees to cooperate in formal investigations. Failure to respond is itself a violation that will result in a penalty. It is customary for the Board of Nursing to file “Formal Charges” with SOAH if the licensee does not respond.
Subpoenas
When asking for documents, the board will provide a standard form subpoena and a standard business records affidavit they require the provider to sign, notarize, and return. The subpoena will require a response by a certain date. In my experience, however, the investigators are willing to grant additional time to respond.
When responding to the subpoenas, have your clients produce the records directly to you. Then have a frank conversation with them to make sure you have been provided all the responsive documents. It will be easy for them to produce electronic records. However, there may be other hard-copy records in storage. You must produce those documents too.
Review the documents for obvious errors, altered records, or recent additions. I’ve had clients change dates or create records after the fact, including very descriptive exam notes or supervision logs. Board investigators review a lot of records and will notice alterations. The cover-up is always worse than the initial mistake.
Narrative Responses
If the licensee has hired an attorney, the attorney should draft the narrative response with factual assistance from the practitioner. Attorneys should be advocates for their clients, but recognize their audience is the investigator, the investigation committee, and ultimately the ISC panel members. You are not advocating to an unbiased jury. Most of the ISC panel members are providers too. They will see right through your spin. Put them in your client’s position. Let them see the situation through your client’s eyes.
As with the documents your client provides to you, take what your client says with a grain of salt. On rare occasions, clients will flat-out lie to you. Sometimes they will spin the facts or convince themselves of a fact that is not entirely accurate. Most of the time, they think they did not do anything wrong and so they want to put themselves in the best light possible. Be very cautious about the statements you make back to the licensing board. Make sure you have a very upfront and blunt conversation with your client.
You should also limit your narrative as narrowly as possible. The scope of the investigation is not limited by the complaint. Answer what you have to, but do not go beyond the issue. You could be inadvertently opening additional lines of investigation. This is not your only chance to speak. You can always submit a supplemental narrative response later in the process, such as before the ISC or a SOAH hearing.
Expert Review
If there is a standard of care issue, the board will send the matter out to up to three experts for review. They will send the results of the investigation out to two experts. If both experts come back with the same opinion, it stops there. If they have different opinions, one finding a fault and another not, then they’ll send it to a third expert.
That’s not the case with all boards. The nursing board and the chiropractic board, only send materials out to one expert. I’m told by the medical board staff attorneys that the vast majority of these types of reviews come back with no finding of a violation of the standard of care. I think that is probably true, but it doesn’t mean that that stops the investigation. Just because the licensee’s conduct did not violate the standard of care does not mean the practitioner did not violate a board rule or that there was no unprofessional conduct.
If the expert reports indicate there is a violation of the standard of care, you should review consider obtaining your own expert review and report in opposition. It might be persuasive to the ISC panel members and can be used in a SOAH trial if that is in your future.
Up Next: The Informal Settlement Conference
In Part III: The Informal Settlement Conference, I’ll review the informal settlement process employed by the board and how Agreed Orders are negotiated.