Texas Med Spa
Compliance Manual

Regulatory Overview & Agency Guide

Medical spas in Texas operate at the intersection of healthcare and cosmetic services, which places them under the jurisdiction of multiple regulatory agencies simultaneously. Unlike traditional day spas, any facility offering procedures classified as the practice of medicine — including injectables, laser treatments, chemical peels, and IV therapy — is legally considered a medical practice and must comply with the full scope of Texas healthcare regulations.

Understanding which agencies govern your operations, and what each one requires, is the foundation of a compliant med spa. This chapter provides an overview of the primary regulatory bodies and their areas of authority.

1.1  The Three Regulatory Agencies

Texas med spa operations are overseen by three primary state agencies, each with distinct areas of authority. Your facility must maintain compliance with all three simultaneously.

Agency	Jurisdiction	Key Areas
Texas Medical Board (TMB)	Medical procedures, physician oversight, delegation	Medical director requirements, scope of practice, treatment protocols, Good Faith Exams
TDLR	Non-medical services, facility licensing, cosmetology	Esthetician scope of practice, establishment licensing, laser hair removal permits
DSHS	Health & safety standards, laser device registration	Laser/IPL device registration, facility inspections, radiation safety, health permits

1.2  Texas Medical Board (TMB)

The Texas Medical Board is the primary regulatory body overseeing medical procedures performed at your med spa. Under the Texas Medical Practice Act (Title 3, Texas Occupations Code), the TMB has authority over any service that constitutes the "practice of medicine," including diagnostic evaluations, prescribing treatments, and performing procedures that penetrate the skin beyond the superficial epidermis.

Medical Director Requirement

Every Texas med spa that provides medical treatments must have a licensed physician (MD or DO) serving as its Medical Director. This is not a nominal role — the Medical Director bears personal legal responsibility for all clinical operations and must remain actively involved in oversight and decision-making.

The Medical Director's responsibilities include, but are not limited to:

• Approving and regularly updating all treatment protocols
• Supervising and delegating tasks to qualified medical professionals (NPs, PAs, RNs)
• Reviewing patient charts and treatment records to ensure proper documentation
• Ensuring all staff have received appropriate training for their procedures
• Being on-site or immediately available for emergencies during delegated procedures
• Conducting or ordering a Good Faith Exam (GFE) before any treatment plan is initiated

Corporate Practice of Medicine Doctrine

Texas follows the Corporate Practice of Medicine (CPOM) doctrine, which means that only licensed physicians can own and make medical decisions within a medical practice. This has significant implications for med spa ownership structures.

Clinical services must operate through a Professional Limited Liability Company (PLLC) or Professional Association (PA) — entities that can only be owned by licensed medical professionals. Non-physicians who wish to participate in the business side of a med spa must do so through a Management Services Organization (MSO), which handles non-clinical operations such as marketing, HR, leasing, and administration.

1.3  Texas Department of Licensing & Regulation (TDLR)

The TDLR regulates non-medical services offered at your med spa, including all cosmetology and esthetics services. If your facility employs or leases space to licensed cosmetologists or estheticians, it must hold an appropriate TDLR establishment license and comply with facility and equipment requirements under Chapter 1603 of the Texas Occupations Code.

Esthetician Scope of Practice

Understanding the TDLR-defined scope of practice for estheticians is critical to avoiding unauthorized practice violations. Licensed estheticians may perform services focused on cleansing and beautifying the skin, limited strictly to the non-living cells of the epidermis.

Estheticians MAY:

• Administer facial treatments, including cleansing, exfoliation, and masks
• Apply cosmetic preparations, lotions, and makeup
• Perform temporary hair removal via depilatories, tweezing, and waxing
• Massage the face, neck, shoulders, and arms by hand or with a device

Estheticians MAY NOT:

• Administer injectables of any kind (Botox, dermal fillers) — explicitly excluded
• Perform laser treatments, IPL, or laser hair removal
• Perform microneedling or dermaplaning beyond the epidermis
• Diagnose skin conditions or provide medical advice
• Administer medical-grade chemical peels beyond their licensure scope

1.4  Department of State Health Services (DSHS)

The DSHS oversees health and safety standards for medical facilities in Texas, including laser and energy-based device registration, radiation safety compliance, and facility health permits. If your med spa uses lasers, intense pulsed light (IPL) devices, or radiofrequency equipment, the DSHS is a critical compliance consideration.

Laser & Energy Device Registration

Texas law classifies lasers, IPL, and other energy-based devices as prescription medical devices. All such devices used in your facility must be registered with the DSHS Radiation Control Program.

• Complete DSHS Form RC 226-1 for each device upon acquisition
• Maintain a current device inventory with serial numbers and calibration records
• Ensure all laser operators have completed required safety training
• Post appropriate laser safety signage per ANSI Z136.3 standards
• Maintain laser safety eyewear appropriate to each device's wavelength

1.5  Federal OSHA Standards

While OSHA is a federal agency, its standards directly govern workplace safety at your med spa. Medical spas must comply with several OSHA standards due to procedures involving needles, blood exposure, and chemical products.

Key OSHA Standards for Med Spas

• Bloodborne Pathogens Standard (29 CFR 1910.1030) — Requires an Exposure Control Plan, Hepatitis B vaccination at no cost to at-risk employees, proper sharps disposal, and annual training.
• Hazard Communication Standard (29 CFR 1910.1200) — Requires Safety Data Sheets (SDS) for every hazardous chemical, properly labeled containers, and employee training.
• General Duty Clause (Section 5(a)(1)) — Requires employers to provide a workplace free from recognized hazards, including proper ventilation and ergonomic considerations.

1.6  Record Retention Requirements

Proper record retention is both a legal requirement and your strongest defense in the event of an audit, complaint, or lawsuit. Texas imposes specific minimum retention periods:

Record Type	Minimum Retention	Authority
Adult patient medical records	7 years from last treatment	TMB Rule §163.2
Minor patient medical records	Until age 21 or 7 years (whichever longer)	TMB Rule §163.2(c)(2)
OSHA training records	Employment + 3 years	29 CFR 1910.1030
HIPAA policies & documentation	6 years from creation	45 CFR §164.530(j)
Informed consent forms	Same as medical record (7 yr min)	TMB / Best Practice

This chapter provides the foundational regulatory framework for your med spa operations. The chapters that follow dive deep into each area — physician oversight and delegation protocols (Chapter 2), HIPAA compliance and patient privacy safeguards (Chapter 3), OSHA safety standards and infection control procedures (Chapter 4), and scope of practice definitions for every role in your facility (Chapter 5).