Health Law Advisor

In April, we shared with you our thoughts on what to consider before opening in or investing in a medical spa, thinking about corporate structure, scope of practice, licenses and registrations, referral restrictions, HIPAA and data privacy, and more. This month, we’re focusing on how states are beginning to regulate in this area, so owners and operators can hit the ground running in terms of compliance—or relax and breathe deep, knowing they are ahead of the plan. 

In March 2024, the state of Rhode Island introduced S 2870, the Medical Spas Safety Act, providing (within the definition of “cosmetic medical procedure”) that:

• The performance of cosmetic medical services is the practice of medicine and surgery; and
• A cosmetic medical service shall be performed by a qualified licensed or certified non-physician only if the services have been delegated by a medical director, supervising physician, supervising physician’s assistant (PA) or supervising advanced practice registered nurse (APRN) who is responsible for onsite supervision of services performed.

Aesthetic services and the medical spa industry have continued to grow over the past few years as clients continue to demand the availability of such cosmetic services. In response, many providers and investors in the health care industry are seeing opportunities to open or invest in a medical spa.

Before opening or investing in a medical spa there are several key elements to be considered:

Corporate Structure

One of the first elements to consider when opening a medical spa is the corporate structure and ownership of the medical spa. Many jurisdictions have “Corporate Practice of ...

About two weeks ago, the Governor of Nevada signed into law new legislation that removes a number of barriers to the practice of telehealth within the state of Nevada.  Among the most significant changes, the Nevada legislation allows physicians to establish a physician-patient relationship (which is a precondition for prescribing drugs, rendering diagnoses, and performing other medical services) through a telehealth encounter.  In doing so, Nevada joins only a small number of states that have taken this step.  However the Nevada law is significant not only because it allows a ...

Telehealth is expanding rapidly outside of the U.S. in both developed and developing countries.  Not surprisingly, the expanded use of telehealth presents many of the same regulatory and reimbursement challenges abroad that it does here in the U.S.  One region in particular that has taken steps to expand telehealth across borders is Europe, where in an effort to confront the legal issues raised by telehealth, the E.U. has removed and revisited existing regulations.  The E.U. has also issued guidance through the European Commission (an institution that is responsible for ensuring ...

When evaluating the various legal and regulatory hurdles associated with telehealth—such as licensure, reimbursement, and privacy—one hurdle that often goes overlooked is the corporate practice of medicine.  Many states have enacted laws which directly or indirectly are viewed as prohibiting the “corporate practice” of medicine.  While variations exist among states, the doctrine generally forbids a person or entity, such as a general business corporation, other than a licensed physician, professional corporation (“PC”) or a professional limited liability ...

The rapid development and utilization of remote patient monitoring tools in health care exposes the limitations of state licensure laws that generally require physicians to be licensed in states where their patients are located.  These laws are predicated on the physician and patient being in the same jurisdiction.  However, when using mobile-devices to actively monitor patients (such as a device sensor with 4G chipset that can directly connect to cellular networks), there is no single geographic anchor or fixed moment in time from which to define the encounter, episode or point of ...

While tech companies looking to provide health solutions must figure out early on whether they are HIPAA-regulated, HIPAA is not the be-all and end-all of privacy law. Even entities not regulated under HIPAA must abide by other privacy rules, including a wide array of state privacy laws. On December 6, 2012, in the state’s first legal action under its online privacy law, California Attorney General Kamala Harris filed a lawsuit against a major airline for not including a privacy policy in its smartphone app. The complaint alleges violation of California’s Online Privacy ...

While tremendous strides continue to be made in the growth and adoption of telehealth services, significant legal obstacles remain.  Among these obstacles are state drug prescribing laws.  In many states, physicians cannot lawfully prescribe drugs during a telehealth encounter, except in very limited circumstances.  For example, California requires that physicians perform a “physical exam” before prescribing drugs, and explicitly outlaws prescribing on “the internet” without a prior examination.  These restrictions vary from state to state, but many share certain ...