To legally operate a med spa in Georgia, you must comply with strict licensing rules designed to protect patients and ensure proper oversight. Here’s what you need to know:

  • Ownership Rules: Only licensed physicians can own or control medical services under Georgia's Corporate Practice of Medicine (CPOM) laws. Non-physicians can manage business operations through a Management Services Organization (MSO) but cannot influence clinical decisions.
  • Licenses for Staff: Physicians, physician assistants (PAs), advanced practice registered nurses (APRNs), and certified cosmetic laser practitioners must have valid state licenses. Delegation and nurse protocol agreements (NPAs) must be filed before anyone begins practicing.
  • Scope of Practice: Estheticians cannot perform injectables, IPL, or laser treatments. Laser services require certified practitioners or physicians to oversee or perform procedures.
  • Regulatory Agencies: Compliance involves multiple agencies, including the Georgia Composite Medical Board (GCMB), Georgia Board of Nursing, Georgia Drugs and Narcotics Agency, and Georgia State Board of Cosmetology and Barbers.
  • Compliance Maintenance: Med spas must maintain detailed records, including quality assurance (QA) reviews, staff competency assessments, and updated licenses. These must be available within three business days during inspections.

Failing to meet these requirements can lead to fines, disciplinary actions, or even criminal charges. To stay compliant, ensure all staff credentials, agreements, and protocols are filed properly and updated regularly.

Common Licensing Challenges in Georgia

Operating a med spa in Georgia comes with a unique set of regulatory hurdles. Missteps, even minor ones, can lead to serious consequences, including misdemeanor charges or disciplinary action from the Georgia Composite Medical Board (GCMB).

Medical Director and Ownership Rules

Georgia's Corporate Practice of Medicine (CPOM) doctrine creates specific challenges for structuring ownership and medical oversight. Non-physician entrepreneurs cannot simply hire a doctor to oversee clinical operations. All medical services must be provided through a professional entity that is owned or controlled by a licensed physician.

"Georgia restricts non-physicians from controlling medical practice. Only licensed physicians may direct clinical judgment, while MSOs may handle business operations without influencing treatment protocols, prescriptive authority, or staffing decisions." - Bolton M. Harris, J.D., In-house Legal Counsel, Medical Director Co.

Non-physicians can manage the business side through a Management Services Organization (MSO), but they must steer clear of clinical decisions, treatment protocols, or staffing matters. The medical director, who must be a Georgia-licensed MD or DO with an active, unrestricted license, holds full responsibility for all delegated actions. This includes tasks like chart reviews and quality assurance meetings. Missteps in structuring this relationship are a frequent cause of regulatory violations, which can jeopardize licensing eligibility.

Required Licenses and Registrations

Beyond ownership rules, Georgia requires specific filings before a med spa can operate. For example:

  • Advanced Practice Registered Nurses (APRNs) must file a Nurse Protocol Agreement (NPA) with the GCMB.
  • Physician Assistants (PAs) need an approved Delegation Agreement.

These agreements must be submitted before any clinical staff begin practicing. Facilities offering cosmetic laser services (other than hair removal) are also required to have a written agreement with a consulting physician. This physician must examine each patient before treatment. Additionally, the facility must display visible signage with the consulting physician’s name, emergency contact information, board certification status, and whether they are on-site. During inspections, NPAs, quality records, and device logs must be readily available within three business days. Missing or improperly filed agreements are a common violation noted in GCMB audits.

Staff Certification and Scope of Practice Limits

Georgia has strict rules about who can perform specific procedures. Under the Georgia Cosmetic Laser Services Act (O.C.G.A. §§ 43-34-240–248), only licensed physicians or certified laser practitioners (Level 1 or 2) are permitted to operate laser or IPL devices. Estheticians, for instance, are not allowed to perform injectables, IPL, or laser treatments.

The state recognizes two levels of laser licensure:

  • Assistant Laser Practitioners: Must complete three training certificates and work under direct supervision.
  • Senior Laser Practitioners: Require two training certificates, three years of clinical experience, and can supervise others.

For laser services, a Senior Laser Practitioner or consulting physician must either be on-site or immediately available via telecommunications. While Registered Nurses (RNs) can perform procedures under physician orders, they are not allowed to independently diagnose, treat, or prescribe. Violations of these rules can result in misdemeanor charges and GCMB discipline. Staying within these boundaries is essential not just for compliance but also for maintaining patient confidence.

How to Meet Georgia's Licensing Requirements

Georgia Med Spa Licensing Compliance Checklist and Timeline

Georgia Med Spa Licensing Compliance Checklist and Timeline

Applying for Licenses and Registrations

The first step in Georgia's licensing process is setting up your business entity. Georgia adheres to the Corporate Practice of Medicine (CPOM) doctrine, which means that med spas must be owned or controlled by a physician. Non-physicians can manage operational tasks through a Management Services Organization (MSO), but clinical decisions must remain under the authority of a licensed physician.

Once your entity is in place, you'll need to register through the GCMB Licensure Gateway. This online system, mandatory since July 2025, handles applications, renewals, and practice location updates. Before submitting agreements for clinical staff, you must designate a medical director. This individual must be a Georgia-licensed MD or DO with an active, unrestricted license.

To stay compliant, file all delegation agreements - NPAs for Advanced Practice Registered Nurses (APRNs) and Delegation Agreements for Physician Assistants (PAs) - before opening your facility. If your med spa offers cosmetic laser services beyond basic hair removal, ensure your signage and on-site arrangements align with GCMB standards.

Adopting a structured timeline can help streamline the process. For example:

  • First 30 days: Form your entity and submit NPAs/DAs.
  • Next 30 days: Launch a Quality Assurance (QA) program and conduct a mock audit.
  • Final 30 days: Verify staff competencies and update protocols.

Once your licenses are approved, the focus shifts to maintaining compliance to ensure smooth operations.

Maintaining Compliance After Opening

Securing licenses is just the beginning - ongoing oversight is essential. Georgia requires annual reviews of NPAs and DAs. These agreements must also be updated and re-filed with the GCMB if you expand your services or introduce new devices.

Your med spa must operate an active Quality Assurance (QA) program with regular physician involvement. This includes:

  • Routine chart reviews
  • Quarterly QA meetings to evaluate complications
  • Documented competency assessments for all staff

Keep a compliance binder (digital or physical) with detailed records, such as entity filings, NPAs/DAs, GCMB and DEA licenses, QA documentation, and device safety logs. Regulatory requests require you to produce these records within three business days.

"Missing or outdated QA records are among the most frequent GCMB audit findings." - Medical Director Co.

Advertising compliance is another critical factor. Marketing materials must accurately represent staff credentials. Non-physicians cannot use the title "Doctor" or make misleading claims about guaranteed results. Regularly review your materials to ensure they meet these standards.

Emergency preparedness is equally important. Maintain protocol packets for adverse events, such as vascular occlusion or anaphylaxis. Laser and IPL devices must have up-to-date maintenance and calibration logs. Only licensed physicians or certified laser practitioners (Level 1 or 2) can operate these devices. Estheticians are not allowed to perform these procedures in Georgia.

Mistakes to Avoid During the Application Process

Despite careful planning, certain missteps can disrupt the licensing process. A common error is failing to file delegation agreements before staff begin practicing. Submitting NPAs or DAs after opening violates Georgia law and can lead to disciplinary action from the GCMB. Always file these agreements through the Licensure Gateway before treating your first patient.

Another frequent issue involves exceeding the scope of practice. For example, estheticians in Georgia cannot perform injectables, IPL, or medical-grade laser treatments. These procedures are reserved for physicians, PAs, APRNs, RNs (under physician orders), or certified laser practitioners. Confirm that every staff member's credentials match their assigned duties.

Inadequate QA documentation is another red flag during GCMB audits. Start tracking chart reviews and meeting minutes from day one to avoid compliance issues.

Errors in MSO contracts can also lead to problems. If you use an MSO, the contract must clearly limit its role to administrative tasks like billing and HR. MSOs cannot influence clinical decisions, staffing, or treatment protocols. Contracts that suggest otherwise violate Georgia's CPOM rules.

Lastly, don't forget about citizenship verification. Non-U.S. citizens must submit a notarized Citizenship Affidavit and complete lawful presence verification through the Department of Homeland Security's SAVE program during initial licensure and each renewal. U.S. citizens only need to verify citizenship at the time of initial licensure. Neglecting this step for non-citizen staff can delay or block license approvals.

Using Prospyr to Manage Compliance and Operations

Prospyr

Prospyr simplifies compliance and operations by automating tasks like license tracking, administrative workflows, and safeguarding patient data.

Monitoring Staff Licenses and Certifications

In Georgia, licensing regulations demand constant attention to expiration dates and renewal deadlines. Prospyr’s task management and analytics tools centralize staff credential tracking, covering licenses for MDs, DOs, APRNs, and PAs, as well as Cosmetic Laser Practitioner certifications handled via the state’s Licensure Gateway system.

The platform allows you to store essential filings like NPAs and DAs in one place and sends automated alerts before certifications expire. This is especially helpful for managing laser training certificates, which require signatures from a physician or ACCME-certified educator before staff can operate devices. By automating these processes, Prospyr reduces the risk of missed renewals and lightens the load of documentation tasks.

Reducing Administrative Work

Beyond license tracking, Prospyr helps cut down on administrative overhead. Its scheduling and CRM tools ensure only properly licensed staff are booked for medical procedures. The system cross-checks that NPs, PAs, or RNs are working under valid physician delegation before confirming appointments, helping to avoid unauthorized practice issues. Additionally, digital intake forms and automated QA documentation allow your team to focus more on patient care and less on tedious paperwork.

Prospyr also keeps your compliance binder ready for inspections at all times. With features like tracked chart-review logs, competency assessments, and meeting minutes, you’ll have everything you need to meet GCMB audit requirements without last-minute scrambling.

Keeping Patient Records HIPAA-Compliant

Prospyr doesn’t just streamline operations - it also ensures patient data stays secure and HIPAA-compliant. Its HIPAA-compliant EMR system manages digital patient records, informed consent forms, and treatment protocols for services like injectables and IV therapy. All data is securely stored and easily accessible, making it simple to meet federal privacy standards and provide documentation during audits. This integrated system protects sensitive information while maintaining a smooth workflow for your team.

Conclusion

Navigating Georgia's med spa regulations requires strict adherence to physician-led oversight, timely submission of NPAs/Delegation Agreements, and ensuring all practitioners hold valid state-issued licenses - especially for laser services. As Medical Director Co. emphasizes, "When a complaint, audit, or payer review happens, you'll be asked for documents, not good intentions". This underscores the importance of maintaining thorough records and compliance at all times.

Proper licensing does more than just protect against fines, suspensions, or criminal charges - it also supports the financial health of your practice. Many providers invest between $12,000 and $20,000 working with attorneys and consultants to achieve compliance. Setting up a strong regulatory framework from the start not only saves time and money but also creates a foundation for smoother operations.

Once compliance is established, tools like Prospyr can simplify practice management. By centralizing staff licenses, automating renewal reminders, and securely storing HIPAA-compliant patient records, these platforms allow you to focus on patient care instead of scrambling for documents during inspections. Features like task management and digital forms ensure that critical items - such as delegation agreements, training records, and informed consents - are always accessible within the three business days required by Georgia regulators.

Staying compliant is an ongoing process. Conducting regular internal audits, updating protocols for new treatments, and ensuring accurate marketing materials are just a few ways to keep your med spa inspection-ready. With the right systems in place, you can meet Georgia's regulatory standards while continuing to provide outstanding care to your patients.

FAQs

Can a non-physician own a med spa in Georgia?

In Georgia, non-physicians cannot own a medical spa. This restriction is based on the legal principle known as the corporate practice of medicine, which mandates that only licensed physicians or corporations owned by physicians are permitted to own medical spas.

What paperwork is required before staff can treat patients?

Before healthcare staff can provide treatment, they need to operate under proper medical supervision. This involves submitting required agreements, such as Nurse Protocol Agreements (NPAs) for Advanced Practice Registered Nurses (APRNs) and Delegation Agreements for Physician Assistants (PAs). In addition, Georgia regulations require a licensed physician to be accessible for supervision and consultation.

Who can legally perform laser, IPL, and injectables in Georgia?

In Georgia, licensed professionals such as physicians, nurse practitioners (NPs), physician assistants (PAs), estheticians, and master cosmetologists are permitted to perform laser and IPL treatments. However, they must adhere to specific licensing requirements and supervision protocols established by the Georgia Composite Medical Board. It's crucial to stay informed and comply with these state regulations to avoid any legal complications.

Related Blog Posts