CPOM Compliance: The Ultimate Guide to Building a Legally Sound Med Spa in California
What Is CPOM Compliance—and Why It Matters in California
CPOM compliance is a cornerstone of legally operating a medical spa in California. The Corporate Practice of Medicine (CPOM) doctrine restricts non-physicians from controlling any part of medical decision-making. For med spa owners, this means offering services like Botox, microneedling, or hormone therapy without violating CPOM principles is critical to staying in business.
California’s Medical Board treats CPOM compliance as a serious public protection issue. The state prioritizes patient safety by ensuring clinical decisions aren’t driven by business motives. If you don’t understand how CPOM compliance affects your med spa, your entire operation could be exposed to audits, fines, or worse.
The Corporate Practice of Medicine: California’s Bright Line Rule
CPOM compliance in California draws a clear boundary between the business and medical sides of your med spa. Non-physicians may not:
- Make or influence treatment decisions
- Direct healthcare providers
- Own or control medical records or protocols
This division ensures licensed professionals—not investors or business managers—remain responsible for patient care. CPOM compliance protects both patients and providers by eliminating conflicts between profit and medical ethics.
Who Can Own a Med Spa in California?
Ownership of medical spas in California must follow CPOM compliance standards. Only licensed physicians can own or operate a medical corporation delivering clinical services. Business-minded entrepreneurs who want to participate must do so through a carefully structured model.
Here’s how to do it without violating CPOM rules:
1. 100% Physician-Owned Med Spa
This is the simplest CPOM compliance model. The physician owns the practice and is responsible for all clinical operations, supervision, and treatment approvals. It’s clean, direct, and highly compliant—but often not scalable for entrepreneurs without medical licenses.
2. MSO + PC: The Preferred CPOM-Compliant Model
For entrepreneurs, the Management Services Organization (MSO) and Professional Corporation (PC) model is the most practical approach to CPOM compliance. The MSO handles business functions, while the PC—owned solely by a licensed physician—oversees medical care.
The two entities operate under a Management Services Agreement (MSA) that outlines:
- The MSO’s non-clinical responsibilities
- The PC’s exclusive control over medical services
This separation allows for growth, profit, and delegation—without crossing the legal lines of CPOM compliance.
3. Hybrid Ownership: Proceed with Caution
In some cases, co-ownership of an MSO by a physician and a non-physician is permitted, provided the PC remains fully physician-owned. However, the arrangement must be scrutinized to prevent CPOM violations. CPOM compliance demands that no matter the structure, medical decisions and ownership remain with licensed providers.
The Active Role of the Medical Director
CPOM compliance isn’t satisfied by just listing a physician on your paperwork. The medical director must be actively involved in all clinical operations. Their duties include:
- Establishing and enforcing treatment protocols
- Supervising licensed staff like RNs and PAs
- Approving procedures and overseeing patient care
California law expects medical directors to participate in day-to-day decisions—not act as passive signatories. Failure to meet this standard breaches CPOM compliance.
Employment Structures and Compensation Under CPOM Compliance
To avoid CPOM compliance issues, payment structures must be carefully designed:
- Avoid revenue-sharing with licensed medical providers
- Never pay commissions for treatments
- Ensure compensation reflects fair market value for time or responsibilities
Agreements should also avoid fee-splitting or other arrangements that imply business control over medical decisions. All employment and contractor agreements must align with CPOM compliance rules to remain enforceable and ethical.
Licensing and Scope of Practice in a CPOM-Compliant Environment
Your med spa cannot meet CPOM compliance requirements if your staff operates outside their legal scope. In California:
- RNs must be supervised
- NPs must have standardized procedures
- PAs must work under a delegation agreement
- Unlicensed staff cannot perform medical tasks
Your compliance strategy should include regular license verification, training records, and documented delegation pathways. These practices are essential for meeting state standards for CPOM compliance.
Medical Decision-Making: Who Has the Authority?
This is non-negotiable under CPOM compliance: All clinical decisions must be made by physicians or licensed providers working under their supervision. That includes:
- Approving treatments
- Performing consultations
- Writing prescriptions
- Signing consent forms
A spa manager, MSO executive, or receptionist can never legally determine treatment eligibility. Violating this rule is one of the most common ways med spas fall out of CPOM compliance.
Marketing Under CPOM Compliance
Your med spa’s promotions must reflect reality and meet the transparency standards outlined in California law. That includes:
- Naming licensed providers
- Stating which treatments are medical
- Disclosing possible risks and contraindications
- Avoiding deceptive or exaggerated claims
False or misleading advertising can trigger board investigations—even if your operations are otherwise compliant. Marketing should always be reviewed through the lens of CPOM compliance.
Audit Readiness and Documentation Standards
A compliant med spa doesn’t just follow the rules—it proves it with documentation. Strong CPOM compliance programs include:
- Detailed treatment protocols
- Signed patient consents
- Clear delegation forms
- Regular compliance audits
- Updated Management Services Agreements
Keeping digital and physical records current will protect you if you’re ever audited by the Medical Board of California or Department of Consumer Affairs.
Build a Culture of CPOM Compliance
CPOM compliance isn’t one-and-done. It’s an ongoing process that your entire team must buy into. Build a culture that prioritizes:
- Regular legal updates
- Compliance check-ins
- Staff training on roles and limitations
- Legal reviews of all marketing and agreements
When your business culture is aligned with CPOM compliance, you reduce your risk and improve patient trust.
Why Legal Counsel Is Essential
DIY compliance is risky in California’s complex regulatory environment. A single misstep can undermine your business. You need a legal team that understands both healthcare regulations and the med spa industry. Lawyers experienced in CPOM compliance can help you:
- Set up proper ownership structures
- Draft enforceable contracts
- Review compensation models
- Create compliant protocols and MSAs
The investment in legal guidance protects your license, your profits, and your brand.
Conclusion
The potential of California’s med spa market is enormous—but so is the scrutiny. Whether you’re launching your first aesthetic venture or expanding a multi-location brand, compliance isn’t optional—it’s foundational.
At Dike Law Group, we help med spa owners across California establish legally compliant structures, draft enforceable agreements, and navigate complex healthcare regulations with confidence. Our team understands the unique challenges that come with blending wellness and medical care—and we’re here to guide you through them.
If you’re ready to align your operations with California’s regulatory standards, you can schedule an in-person meeting with our legal team to discuss your business goals and compliance needs.
For ongoing insights and updates, you can also find us on Instagram, LinkedIn, YouTube, TikTok, and Facebook, where we share practical information for healthcare business owners and operators.
