What consent forms does a med spa need?

Every med spa needs at minimum: (1) General informed consent for each treatment category (injectables, laser, skincare, body contouring), (2) Medical history and health screening form, (3) HIPAA Notice of Privacy Practices acknowledgment, (4) Photo/video consent for before-and-after documentation, (5) Financial consent and cancellation policy acknowledgment, (6) General liability waiver. Treatment-specific consent forms should be separate for each procedure — a Botox consent form should not be the same as a laser treatment consent form, as the risks, contraindications, and alternatives differ significantly.

Are digital consent forms legally valid for med spas?

Yes, digital consent forms are legally valid in all 50 US states under the ESIGN Act (2000) and UETA (Uniform Electronic Transactions Act). For a digital signature to be valid on a med spa consent form, it must: (1) clearly identify the signer, (2) demonstrate intent to sign, (3) be associated with the specific document, and (4) be retained in a tamper-evident format. Use a reputable e-signature platform (DocuSign, Jotform Sign, or your PMS's built-in consent module) that timestamps signatures and provides audit trails. Always keep digital records for at least 7 years, or longer if required by your state's medical records retention laws.

How often should med spa consent forms be updated?

Review and update your consent forms annually at minimum, and immediately whenever: (1) you add new treatments or technology, (2) your state changes medical spa regulations, (3) new risks or contraindications are identified for existing treatments, (4) your insurance carrier recommends changes, or (5) you experience a patient complaint or legal issue that reveals a gap in your forms. Have a healthcare attorney review all consent forms annually as part of your compliance audit. The cost of an annual legal review ($500-$1,500) is negligible compared to the cost of a single malpractice claim that a proper consent form could have prevented.

Med Spa Consent Forms: Complete Guide to Waivers, Informed Consent, and Legal Protection

Consent forms are the single most important legal document in your med spa. A properly drafted informed consent form protects your practice from malpractice claims, makes sure regulatory compliance, and demonstrates to patients that you take their safety seriously. Yet many med spas use generic templates downloaded from the internet that provide inadequate protection and fail to meet state-specific requirements.

The consequences of poor consent documentation are severe. In medical malpractice litigation, the first thing an attorney examines is the consent form. If your form fails to adequately disclose risks, alternatives, or contraindications — or if it was not properly signed and witnessed — your legal defense weakens dramatically regardless of the quality of care you provided.

This guide covers every med spa consent form you need, what each form should contain, how to implement digital consent workflows, and the compliance requirements that vary by state.

Legal Reality: A 2024 analysis of medical spa malpractice claims found that 43% of cases involved inadequate informed consent as a contributing factor. The average settlement for med spa malpractice claims is $125,000-$250,000. Proper consent forms are your most cost-effective risk management tool.

Essential Consent Forms Every Med Spa Needs

1. Medical History and Health Screening Form

This is the foundation of patient safety and must be completed before any treatment. It identifies contraindications, allergies, medications, and health conditions that affect treatment eligibility and safety.

Demographics: Full legal name, date of birth, address, phone, email, emergency contact
Medical history: Current and past medical conditions, surgeries, hospitalizations
Medications: All current medications including over-the-counter, supplements, and herbal remedies (critical for injectable treatments — blood thinners, NSAIDs, and certain supplements increase bruising risk)
Allergies: Drug allergies, latex allergies, topical product sensitivities, and any history of allergic reactions to aesthetic treatments
Pregnancy and nursing status: Required for virtually all aesthetic treatments
Skin conditions: Active infections, cold sore history (relevant for laser and injectable treatments), autoimmune skin conditions, keloid tendency
Previous aesthetic treatments: What treatments they have had, where, when, and any complications experienced
Update requirement: Include a statement that the patient is responsible for updating this form if their health status changes, and that the form must be reviewed at least annually

2. Treatment-Specific Informed Consent Forms

Each treatment category requires its own informed consent form. Never use a single generic consent form for all services — the risks, alternatives, and expected outcomes differ significantly between treatment types.

Injectable Consent (Botox, Dysport, Fillers)

Your injectable consent form must cover:

Nature of the procedure: What is being injected, where, and in what quantity
Expected results: Realistic outcome expectations and timeline (Botox takes 3-7 days for full effect, fillers are immediate but may swell)
Risks and side effects: Common (bruising, swelling, redness, asymmetry) and rare but serious (vascular occlusion, blindness with filler, allergic reaction, infection)
Contraindications: Pregnancy, nursing, neuromuscular disorders, allergy to ingredients, active infection at injection site
Alternatives: Other treatment options that could achieve similar results
Post-treatment instructions: What to avoid (exercise, alcohol, lying flat for Botox) and when to seek medical attention
No guarantee clause: Results vary by individual and are not guaranteed
Touch-up policy: When touch-ups are complimentary vs. additional cost

Laser Treatment Consent

Device identification: Specific laser or light device being used and its FDA clearance status
Skin type assessment: Fitzpatrick skin type classification and its relevance to treatment safety and outcomes
Risks: Burns, blistering, scarring, hyperpigmentation, hypopigmentation, eye injury, herpes reactivation
Pre-treatment requirements: Sun avoidance, discontinuation of retinoids, no self-tanning products
Number of sessions: Expected treatment series and the fact that multiple sessions are typically required
Eye protection: Acknowledgment that protective eyewear will be worn during treatment

3. HIPAA Notice of Privacy Practices

Federal law requires every healthcare provider, including med spas, to provide patients with a Notice of Privacy Practices (NPP) that explains how their protected health information (PHI) will be used, stored, and shared.

How you collect and use patient information
When you may share information without consent (treatment, payment, healthcare operations)
When you need written authorization to share information (marketing, sale of PHI)
Patient rights (access, amendment, accounting of disclosures, restriction requests)
Your breach notification procedures
Contact information for your privacy officer
Patient signature acknowledging receipt (keep signed copy in their file)

4. Photo and Video Consent

Before-and-after photos are essential for marketing and clinical documentation, but using patient images without proper consent creates significant legal liability.

Separate from treatment consent: Photo consent must be a standalone document, not buried in your treatment consent form
Specific use authorization: Clearly state each intended use — clinical records, social media, website, advertising, educational presentations — with individual checkboxes so patients can consent to some uses and decline others
Identifiability: Specify whether photos will be de-identified (cropped, blurred) or may show identifying features
Duration: How long you will use the images and whether consent is revocable
Compensation: State whether the patient will or will not receive compensation for the use of their images
Right to withdraw: Explain how patients can revoke consent and what happens to images already published

5. Financial Consent and Cancellation Policy

Pricing for the specific treatment being authorized
Payment terms and accepted payment methods
Cancellation and no-show policy with specific fees
Refund policy (most med spas have a no-refund policy for completed treatments)
Package and membership terms if applicable
Statement that the patient is responsible for payment regardless of insurance coverage or claim outcome

6. General Liability Waiver

While an informed consent form covers treatment-specific risks, a general liability waiver addresses broader risks associated with visiting your facility.

Acknowledgment of voluntary participation in elective procedures
Assumption of risk for known and unknown complications
Release of liability for outcomes within the standard of care
Agreement to follow pre- and post-treatment instructions
Agreement to disclose accurate and complete medical history
Arbitration or mediation clause (check state-specific enforceability)

Important: A liability waiver does NOT protect you from negligence or malpractice. It protects against claims arising from known risks that were properly disclosed. If a patient experiences a complication that was listed on the consent form and occurred despite proper technique, the waiver supports your defense. If the complication resulted from provider error, the waiver provides no protection.

Elements That Make Consent Forms Legally Defensible

The Four Pillars of Valid Informed Consent

Disclosure: You adequately explained the procedure, risks, benefits, and alternatives in language the patient can understand
Comprehension: The patient understood the information — avoid medical jargon, offer translations for non-English speakers, and use a reading level appropriate for your patient population (aim for 6th-8th grade reading level)
Voluntariness: The patient consented freely without coercion, undue influence, or pressure. Never have patients sign consent forms immediately before treatment while they are already prepped and feeling pressured to proceed.
Competence: The patient has the legal and mental capacity to consent — they are of legal age, not under the influence of substances, and mentally capable of understanding the decision

Best Practices for Consent Documentation

Use plain language: Replace "ecchymosis" with "bruising," "edema" with "swelling," and "vascular compromise" with "blood vessel blockage that could cause tissue damage"
Be specific about risks: "Complications may occur" is legally insufficient. List specific risks with approximate frequency: "Bruising occurs in approximately 20-30% of patients and typically resolves within 7-10 days"
Include a verbal discussion note: Add a checkbox or line stating "The provider discussed this consent form with me and answered my questions" followed by both the patient and provider signatures
Date and time stamp: Record the exact date and time of signature, not just the date
Witness signature: Have a staff member witness the consent process, especially for higher-risk procedures
Cooling-off period: For new patients, send consent forms 24-48 hours before their appointment so they can review at home without time pressure

Digital Consent Forms: Implementation Guide

Benefits of Going Digital

Pre-appointment completion: Patients complete forms at home before their visit, saving 15-20 minutes of appointment time
Legibility: No more deciphering handwriting — typed entries are always clear
Completeness: Digital forms can enforce required fields, preventing patients from skipping critical health questions
Storage and retrieval: Instant access to any patient's consent history, searchable and backed up
Audit trail: Digital signatures include timestamps, IP addresses, and device information that strengthen legal validity
Version control: Make sure every patient signs the current version of your forms, not an outdated one

Choosing a Digital Consent Platform

Your digital consent solution must meet these requirements:

HIPAA compliance: The vendor must sign a BAA and use encrypted storage
E-signature validity: Compliant with ESIGN Act and your state's UETA adoption
PMS integration: Forms should sync automatically with your practice management system
Mobile-friendly: Most patients will complete forms on their phones
Offline capability: In-office tablets should work even if internet connectivity drops
Custom branding: Forms should display your logo and branding for a professional experience
Conditional logic: Show or hide questions based on previous answers (e.g., only show pregnancy questions for patients who identify as female)

State-Specific Considerations

Medical spa regulations vary significantly by state. Key variations that affect your consent forms include:

Medical director requirements: Some states require the medical director to personally sign consent forms for certain procedures, even if performed by a nurse practitioner or PA
Scope of practice: Which providers can perform which procedures varies by state and affects who can obtain consent
Cooling-off periods: Some states require a minimum waiting period between consent and procedure for certain treatments
Minor consent: Age requirements and parental consent rules for aesthetic treatments on patients under 18
Records retention: Minimum retention periods for medical records (and therefore consent forms) range from 5-10 years after last treatment, with many states requiring longer retention for minors
Language requirements: Some states require consent forms to be provided in the patient's primary language if the practice serves a significant non-English-speaking population

Pro Tip: Have a healthcare attorney in your state review all consent forms before use. Generic templates from national organizations may not meet your state's specific requirements. Budget $1,000-$3,000 for a comprehensive consent form review and customization by a medical malpractice attorney familiar with aesthetic practices.

Common Consent Form Mistakes

Using one form for all treatments: A single generic consent form provides inadequate disclosure for any specific procedure. Create separate forms for each treatment category.
Burying important information: Risks and contraindications should be prominently displayed, not hidden in fine print or buried in dense paragraphs
Failing to update forms: Using outdated forms that do not reflect current risks, technology, or regulations leaves gaps in your legal protection
Not documenting the consent conversation: The form alone is not sufficient. Document that a verbal discussion occurred, questions were asked and answered, and the patient demonstrated understanding
Obtaining consent under pressure: Having patients sign consent forms while sitting in the treatment chair creates the appearance of coercion. Complete consent before the patient enters the treatment room.
No witness: While not legally required in all states, having a staff member witness consent signing significantly strengthens your legal position
Failing to provide copies: Always offer the patient a copy of their signed consent form. With digital consent, this is as simple as an automated email delivery.

Consent Form Workflow: Best Practice

48 hours before appointment: Send digital consent forms via email or text for at-home completion
At check-in: Verify forms are complete. If not completed digitally, provide a tablet for in-office completion
During consultation: Provider reviews the consent form with the patient, discusses risks and alternatives verbally, and answers questions
Before treatment: Both patient and provider sign the form. Witness signs if applicable. Timestamp is recorded.
After treatment: Post-treatment instructions are provided (these were referenced in the consent form)
Filing: Digital forms are automatically saved to the patient's record. Paper forms are scanned and uploaded within 24 hours.
Annual renewal: Flag patients who have not updated their medical history form in 12+ months. Require updated forms before their next treatment.

Streamline Your Consent Workflow

RunMedSpa automates digital consent forms, pre-appointment delivery, completion tracking, and secure storage — keeping your practice compliant while saving 15+ minutes per patient visit.

Join the Waitlist

Frequently Asked Questions

Can a patient withdraw consent after signing?

Yes, a patient can withdraw consent at any time before or during a procedure. Informed consent is an ongoing process, not a one-time document. If a patient expresses doubt or changes their mind, stop the procedure immediately. Document the withdrawal of consent in their chart, note what was communicated, and have the patient sign a treatment refusal form. Never pressure a patient to proceed after they express hesitation.

Do I need separate consent forms for returning patients?

Yes, best practice is to obtain fresh treatment-specific consent for each visit, even for returning patients receiving the same treatment. The medical history form should be reviewed and updated annually. Treatment consent should be renewed each visit because the patient's health status may have changed, and it demonstrates ongoing informed consent. Many practices use a streamlined "returning patient" version that references the original detailed consent while confirming that the patient's understanding and health status remain current.

What if a patient refuses to sign a consent form?

Do not perform the treatment. Informed consent is both a legal requirement and an ethical obligation. If a patient refuses to sign, explain why the form is necessary and address any specific concerns they have. If they still refuse, document the refusal in their chart, explain that you cannot proceed without consent, and offer to reschedule so they can review the form at their convenience. Never waive the consent requirement for any patient, regardless of how loyal or low-risk they may seem.

Should I have my consent forms translated into other languages?

If you regularly serve patients who are not fluent in English, providing consent forms in their primary language is strongly recommended and may be legally required in some jurisdictions. At minimum, use a professional medical translator (not Google Translate) to create forms in your most commonly encountered non-English languages. Also consider having a bilingual staff member available to conduct the verbal consent discussion. Document the language in which consent was obtained and whether an interpreter was used.