Categories
Article

How to Start a Med Spa in Texas

I’m going to let you in on a little secret. Most med spas in Texas are not compliant with Texas law.

Either they are formed as the wrong legal entity type, they lack proper ownership or oversight, they are not following the standard of care, or all of the above.

The consequences can be significant for everyone involved.

For med spa  owners, the Texas Medical Board can shut down your business. In extreme cases, you could be charged with practicing medicine without a license. If a patient gets injured, you could face civil liability. If your MedSpa is not formed or owned in compliance with Texas law, the insurance company could deny coverage, leaving you you holding the bag.

Physicians associated with non-compliant med spas can be disciplined by the Texas Medical Board. Those physicians are literally putting their medical licenses at risk.

Med Spas Provide Medical Services

I’m using the term med spa to describe several types of businesses—traditional med spas, IV hydration or IV therapy businesses, medical weight loss clinics, those types of retail medical services.

It should come as no surprise that the “med” in med spa stands for medical. We call them med spas because many of the services they provide are considered medical services. Botox injections, microneedling, dermaplaning and dermablading, cool sculpting, medium and deep chemical peels, are all considered non-surgical medical cosmetic procedures by the Texas Medical Board.

IV hydration and therapy, medical weight loss injections, and hormone therapy are also considered medical services. If a procedure involves injecting a patient or removing living tissue, it is probably a medical procedure.

Med Spas Must Be Formed Correctly

Because med spas provide medical services to the public, they must comply with Texas law just like any other medical practice, and that means they must be formed as an appropriate legal entity.

In Texas, medical practices can only be formed as professional associations, professional limited liability companies or PLLCs, or partnerships with other licensed physicians.

Many med spas in Texas today are incorrectly formed as corporations or regular LLCs. This is not allowed. Corporations and LLCs cannot be medical entities. The other requirement is proper ownership.

Med Spas Must Be Owned by Physicians

Medical entities, like med spas, cannot be owned by non-physicians. They must be owned by persons licensed to practice medicine in Texas.

Let me say that again.

Med spas cannot be owned by non-physicians. They must be owned by persons licensed to practice medicine.

A physician is a person licensed by the Texas Medical Board as a medical doctor, an MD, or a doctor of osteopathy, a DO.

But all is not lost. There is a way to structure a med spa correctly, even if you are not a physician.

Management Model

Through the magic of the management model, non-physicians can run a med spa and share in the profits.

Here’s how it works.

We still create a medical practice, like a PLLC, that will be owned by a physician, but we also create a management company owned by you that will run and manage the medical practice. You will be responsible for running the practice, but you do it through your your management company.

When patients pay for MedSpa services, that money is deposited into the Medical Practices Bank account. You, as the manager, have access to the Practices Bank account and you will pay all the business expenses from that account—rent, supplies, payroll, utilities, insurance, for example. What’s left over is paid to your management company as a management fee for your work in running and managing the practice.

So, in the management model, a physician still owns the medical practice, but you own the management company that runs the medical practice, and you take the profits as a management fee.

Special Arrangements

Let me pause here and say that if you happen to be a physician, things are more streamlined. We don’t have to use a separate management company. Physicians, of course, can own the medical practice.

If you are a podiatrist, chiropractor, or optometrist, there still must be a physician owner, but we don’t have to use a separate management company. You can jointly co-own the medical practice with the physician.

If you are a physician assistant, Texas does allow you to co-own the medical practice with a physician. However, you can only be a minority owner and the physician must be the majority owner.

Nurse practitioners unfortunately do not have the same opportunity as physicians. physician assistants. Nurse practitioners cannot co-own any part of a medical practice with a physician. The same is true for registered nurses.

So, if you’re a business person, a nurse practitioner, or a registered nurse, you must use the management model to operate a med spa.

Good Faith Exams

We have talked about the correct legal entity type and the correct ownership. Now let’s talk about an operational issue, the good faith exam.

A good faith exam is a medical examination conducted by a physician or a mid-level provider, like a physician assistant or a nurse practitioner, to assess a patient’s current condition and develop a plan of treatment. If you’ve ever been to a doctor, you have received a good faith exam.

Some med spas hire mid-levels on a part-time or as-needed basis to come into the med spa to perform these good faith exams. Other med spas use telehealth exams. Patients will schedule a telehealth exam prior to a med spa visit. The mid-level will perform a good faith exam and rule out contraindications and then write an order for a med spa treatment like IV infusion or a Botox injection.

Common Questions

That covers some of the requirements for Texas med spas. Now let me answer some common questions I get from clients.

Question 1. No one else I know is doing it this way. Are you sure this is right?

Yes, I’m sure. It’s unfortunate that many med spas are not formed or operating correctly. If you have researched med spas, you know how difficult it can be to get straight answers.

The problem is there is a lot of misinformation on the internet. Much of it is incomplete or just plain wrong. Some of it might be right for other reasons. states, but not in Texas.

It’s important to understand that each state has its own laws that apply to med spas. It’s no wonder there is so much confusion. The information I’m giving you is correct for Texas, but it won’t apply to other states.

Question 2. I don’t want the physician to have access to the business. How can I protect my business?

Well, I don’t blame you, and because of that, we build in certain protections into the documents.

We specify that the physician cannot sell or transfer their interest to any other person without your permission.

We give you access and control to the bank accounts for the medical practice. In that way, you control the money. We create a process to change physicians if that ever becomes necessary. If the physician some day decides they want to move on, we don’t have to create a brand-new medical practice.

We just transfer ownership of the existing medical practice to a substitute physician.

Finally, the management company that you own will own your med spa’s brand and name. The management company will license that name to the medical practice. The medical practice can’t use it without your permission. In that way, you always maintain control of your brand.

Question 3. How does the physician get paid?

The physician gets paid a flat fee every month for supervising the mid-level provider.

In Texas, mid-level providers must be supervised by a physician. The Texas Medical Board has established rules for this supervision. Physicians who don’t properly supervise the mid-level provider can be disciplined by the medical board.

The physician usually doesn’t see the patient. They supervise the mid-level provider who does see patients and for that they get paid a monthly flat fee somewhere in the range of $1,000 to $3,000 per month.

Question 4. What kind of insurance do I need?

You need a general liability policy for slip and falls and you need a professional liability policy for hypothetical malpractice claims.

Physicians and mid-level providers probably already have a malpractice policy. Sometimes you can add the MedSpaw as an additional insured to those policies.

My preference is that you get the med spa its own malpractice policy that covers every practitioner who works works for the med spa. That way, you don’t have to depend on others to have the right amount of insurance for your business.

Question 5. Are there any legal risks for the physician?

There is always some level of risk. A patient who has a bad experience can file a complaint with the Texas Nursing Board or the Texas Medical Board. If that happens, the provider will have to justify the services they provided to that patient.

For the physician, it’s important that they take seriously their responsibilities to supervise the mid-level provider. There must be a supervising agreement between the physician and the mid-level. The physician needs to review a sample of patient charts every 30 days and address any concerns with the mid-level, and the physician needs to be available to answer the mid-level’s questions as they come up.

For the mid-level provider, it’s important that they are thorough when performing the good faith exams and that they keep good medical records. What are the next steps?

Conclusion

I’ve covered a a lot of information. I would encourage you to watch this video more than once. You will probably key in on new information each time.

Well, that’s it. Best of luck to you. You’re on an exciting journey. I look forward to the opportunity to help you along the way.

Categories
Alert

Texas Medical Board Notice of Proposed Rule Amendments and Statement Regarding Abortion Ban Exceptions

The Texas Medical Board (TMB) is proposing new rules to clarify how the state’s abortion ban exceptions apply to its enforcement process. This marks the beginning of a rulemaking process that will invite public participation and written comment.

The proposed rules, according to the TMB, are designed within the limits of existing laws to clarify the criteria the Board will consider if it receives a related complaint. The Board emphasizes that it does not have the authority to change or create new definitions in existing laws, nor does it have the power to regulate or prohibit abortion.

The Board is cautious about specifying particular conditions or scenarios that would qualify as exceptions. It recognizes the individuality of each patient and the complexity of medical practice, asserting that it is impractical and impossible to create a comprehensive list of situations that may arise in any given patient scenario.

The Board stresses the importance of “reasonable medical judgment,” which depends entirely on the patient’s unique circumstances and the expertise of the treating physician. Even if there were a list of conditions, it would not be enforceable without going through the standard process, given the varying impact of the same condition on different patients.

Categories
Health Law Highlights

Behavioral Health Industry Reshaping As a Result of AI

From The National Law Review, Jean Marie R. Pechette, Neal D. Shah, Joelle M. Wilson, Catherine Kozlowski, Matthew T. Lin:

Artificial Intelligence (AI) is significantly influencing the field of behavioral health, offering potential advancements in diagnostics, treatment, and patient outcomes. The application of AI technologies ranges from virtual mental health assistants and predictive analytics to AI-enabled chatbots for therapy and AI-integrated Electronic Health Records (EHR) for diagnosis and treatment. These technologies are expected to expand further as trust in AI systems grows.

Despite the transformative potential of AI in behavioral health, the legal and regulatory implications are uncertain. The US lacks a comprehensive federal law that regulates AI development and use. However, efforts are underway to address potential risks, including promoting transparency, ensuring fairness, and protecting privacy and security of health information.

Key legal risks associated with the use of AI in behavioral health treatment include data privacy, algorithm bias, and professional liability. Data privacy risks involve ensuring compliance with HIPAA, 42 CFR Part 2, and state privacy laws.

Providers can mitigate these risks to some extent by obtaining informed consent from patients before using AI tools, vetting third-party vendors offering AI solutions for adherence to data privacy and security rules, seeking transparency from developers and vendors about the data on which AI tools were trained, and reviewing the scope of professional liability coverage before adopting AI-enabled tools.

While AI holds significant promise for transforming behavioral health care, it’s crucial to anticipate and address the evolving regulatory frameworks and legal risks associated with AI applications. AI regulation is a moving target, and anticipating and mitigating legal risks will be key to fostering a trustworthy and secure environment for both practitioners and patients.

Categories
Health Law Highlights

Health Care Groups Resist Cybersecurity Rules in Wake of Landmark Breach

From CyberScoop, by AJ Vicens and Elias Groll:

A devestating cyberattack on payment processor Change Healthcare has spurred discussions in Washington about urgent cybersecurity regulations for the healthcare sector. Health and Human Services (HHS) is working on developing mandatory rules, including updating the Health Insurance Portability and Accountability Act with cybersecurity requirements.

These updates are meeting resistance from the healthcare industry, which argues that hospitals should not be punished for the success of hackers. President Biden’s budget proposal includes funding for hospitals’ cybersecurity efforts and penalties for non-compliance. Despite this, the complexity of implementing such standards, especially for smaller health entities, and the current political climate suggest no significant changes will occur soon.

Categories
Article

Updated: Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates

From U.S. Department of Health and Human Services:

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) updated its guidance to regulated entities when using online tracking technologies. These technologies, used to collect and analyze user interaction with websites or mobile applications, must comply with HIPAA rules if the information gathered includes protected health information (PHI). Unauthorized disclosures of PHI to tracking technology vendors, such as for marketing purposes without compliant authorizations, are deemed impermissible.

The update emphasizes that regulated entities should ensure they disclose PHI only as expressly permitted or required by the HIPAA Privacy Rule. It provides guidance on the application of HIPAA rules to the use of tracking technologies on user-authenticated webpages, unauthenticated webpages, and within mobile apps. For instance, tracking technologies on user-authenticated webpages generally have access to PHI, and tracking technology vendors are considered business associates if they handle PHI.

Unauthenticated webpages, which do not require user login, usually do not have tracking technologies that access PHI. However, in cases where PHI is accessible, HIPAA rules apply. For mobile apps offered by regulated entities, information collected is generally considered PHI, and the entity must comply with HIPAA rules for any PHI the app uses or discloses. However, HIPAA does not protect information users voluntarily enter into non-regulated mobile apps.

Disclosures of PHI to tracking technology vendors must be specifically permitted by the Privacy Rule. If the vendor is a business associate, a business associate agreement (BAA) must be established. The use of tracking technologies should be addressed in the entity’s Risk Analysis and Risk Management processes. If there’s an impermissible disclosure of PHI, breach notification to affected individuals and the Secretary is required. OCR is prioritizing compliance with the HIPAA Security Rule in investigations into the use of online tracking technologies.

Categories
Around the Web

Patient Inducements: Law and Limits

From Holland & Hart, by Kim Stanger:

Although often well-intentioned, offering free or discounted items or services to patients (e.g., gifts, rewards, writing off copays, free screening exams, free supplies, etc.) may violate federal and state laws governing improper inducements, especially if the patient is a federal program beneficiary. The government is concerned that offering or rewarding such inducements to patients may result in overutilization, biased decisions concerning care, and increased costs to the Medicare, Medicaid, or other government programs. Penalties for illegal inducements may include administrative, civil, and criminal penalties; repayment to government programs; and exclusion from federal programs. Increasingly, private payors are also challenging such inducements. It is imperative that healthcare providers and their staff understand the applicable laws and limits.

Categories
Health Law Highlights

Inside the Healthcare Industry: The Growing Importance of Intellectual Property Valuations

From J.S. Held, by Magi Curtis, Noor Al-Banna, Greg Campanella:

Healthcare and life sciences companies are increasingly recognizing the importance of Intellectual Property (IP) in their strategic growth initiatives, investments, and licensing of data. A study by Ocean Tomo found that approximately 90% of the value of companies in the S&P 500 comes from intangible assets, such as brands, technology, patents, data, and software. This has led to two major trends in the healthcare industry.

Healthcare organizations are also becoming more thoughtful in managing their IP. They are using IP analysis not just for accessing capital, but also to provide a baseline for management to understand the incremental value generated by different strategic approaches. The rise of AI platform development technology in healthcare, life sciences, and medical device industries is another trend that is accelerating. However, healthcare organizations need to be cautious about regulatory issues around AI use and the data it’s trained on.

Data is a significant IP asset that healthcare organizations can leverage. Anonymized information and technical data related to processes, procedures, and methodologies can be licensed or sold to healthcare technology, life science, and medical device companies. This data can also be used to train AI platforms, adding further value. However, healthcare organizations need to be aware of the potential costs and dangers related to the use of this data.

Healthcare organizations need to recognize the value of their brands and negotiate license fees for their use in joint ventures and partnerships. This can be achieved by establishing a rate card, a price list for the use of an organization’s name for a specific type of service. The earnings from these license fees can be reinvested into the system, research, and more.

Categories
Alert

Justice Department, Federal Trade Commission and Department of Health and Human Services Issue Request for Public Input as Part of Inquiry into Impacts of Corporate Ownership Trend in Health Care

From DOJ Office of Public Affairs:

The Justice Department’s Antitrust Division, Federal Trade Commission (FTC), and Department of Health and Human Services (HHS) have launched a joint public inquiry into the increasing control of private-equity and corporate entities over healthcare. This inquiry aims to understand how certain healthcare market transactions may lead to increased consolidation, generate profits for firms, and potentially threaten patient health, worker safety, and the affordability and quality of care.

The agencies are seeking public comment on deals conducted by health systems, private payers, private equity funds, and other alternative asset managers that involve healthcare providers, facilities, or ancillary products or services. This includes transactions that would not be reported to the Justice Department or FTC for antitrust review under the Hart-Scott-Rodino Antitrust Improvements Act.

Research indicates that competition in healthcare provider and payer markets promotes higher quality, lower-cost healthcare, greater access to care, increased innovation, higher wages, and better benefits for healthcare workers. The responses to the RFI will inform the agencies’ enforcement priorities and future actions, including potential regulations aimed at promoting and protecting competition in healthcare markets and ensuring appropriate access to quality, affordable healthcare items and services.

The public, including patients, consumer advocates, doctors, nurses, healthcare providers and administrators, employers, insurers, and more, are invited to share their comments in response to the RFI within 60 days. The agencies are particularly interested in comments on a variety of transactions, including those involving dialysis clinics, nursing homes, hospice providers, primary care providers, hospitals, home health agencies, home- and community-based services providers, behavioral health providers, as well as billing and collections services.

Categories
Health Law Highlights

Healthcare Hit Hardest by Ransomware Last Year, FBI IC3 Report Shows

From Health IT Security, by Jill McKeon:

The Federal Bureau of Investigation’s 2023 Internet Crime Report reveals that the healthcare sector experienced the highest number of ransomware attacks among all critical infrastructure sectors last year.

The FBI’s Internet Crime Complaint Center (IC3) recorded an unprecedented 880,418 complaints, marking a 10% increase from the previous year and financial losses exceeding $12.5 billion, a 22% increase. Of the total complaints, 1,193 were from critical infrastructure organizations, with 249 from healthcare and 218 from critical manufacturing.

The report suggests that the high figures from the healthcare sector could be due to its readiness to report such incidents. The FBI has historically struggled to determine the actual number of ransomware victims, as many cases go unreported. The two most prevalent ransomware variants, LockBit and ALPHV/BlackCat, known for targeting healthcare, were responsible for 175 and 100 attacks respectively.

Ransomware was a significant concern across IC3’s complaint database, with over 2,800 complaints related to ransomware, an 18% increase from 2022. Financial losses from these attacks rose by 74% from $34.3 million to $59.6 million. The FBI noted emerging trends, including deploying multiple ransomware variants against the same victim and using data-destruction tactics to increase pressure on victims to negotiate.

Categories
Health Law Highlights

Six AI Applications to Transform Your Clinical Operations

From D Magazine, by Dr. Harvey Castro:

Artificial Intelligence (AI) and Machine Learning (ML) are set to revolutionize the healthcare industry by enhancing clinical outcomes, improving access to care, and elevating the patient experience. The integration of sophisticated AI applications is expected to increase healthcare efficiency, accuracy, and personalization globally. AI can automate routine tasks, allowing human expertise to focus on direct patient care. The potential benefits include earlier disease detection, reduced error rates, optimized resource allocation, and cost-effective solutions.

Challenges exist around transparency, data access, and over-reliance on technology. However, steady progress in AI validation is laying the foundation for new standards of evidence-based medicine. The future of healthcare will likely be defined by the fusion of clinical wisdom and machine insights, paving the way for innovative solutions to improve lives.

AI has the potential to transform clinical operations in several ways:

  • Rewriting Medical Language: Large language models can tailor medical vocabulary to fit the patient’s understanding. For example, they can convert discharge instructions into a coloring book for a young patient or translate complex medical and legal language related to lawsuits.
  • Virtual Nursing Assistants: AI-powered virtual assistants can optimize nursing workflows by performing basic triage, reviewing patient records, answering common questions, and scheduling appointments. This allows healthcare professionals to focus on more complex care needs. 
  • Medical Imaging Analysis: AI has shown proficiency in analyzing complex medical images and detecting anomalies, rare diseases, and cancers. This technology can free up radiologists’ time for more challenging cases while providing faster second opinions.
  • Virtual Clinical Assistants: AI assistants can augment clinicians during patient visits by providing real-time diagnostic and treatment suggestions. They can also summarize records and prompt providers to address preventative care gaps.
  • Predictive Analytics and Outreach: Machine learning can analyze vast amounts of data to identify individuals at high risk for emergent or costly conditions early on, enabling proactive healthcare delivery. This can improve patient outcomes and reduce healthcare costs.
  • Personalized Treatment Matching: AI can leverage real-world outcomes data to recommend treatments and care pathways most likely to benefit each unique individual. This personalized approach can enhance treatment effectiveness for complex conditions.