Are Medical Spas Subject to HIPAA?

As you may already know, medical or (med) spas have become very popular over the last few years. Some offer vitamin-infused face masks designed for skin, and others go to some extremes to extract your genetic material to treat you with. While these businesses do have some medical practices and concepts ingrained into their operations, they are not to be confused with a medical doctors' office. Med Spas are not doctors' offices, however they keep track of client / patient information the same way. Given the fact that they both keep track of secure data that does involve some medical records about the people they work with, Med Spas are, in fact, subject to HIPAA laws and regulations. If this is your first time reading about us here at interactive accountants, we have experience with HIPAA guidelines and helping medical professionals keep track of it all. Check HERE for more information about HIPAA and your business.

Tips for HIPAA and Medical Spas

The types of guidelines that Med Spas are subject to within HIPAA are not that different from a doctor's office. Sure, there are no dental records or MRIs sitting in a file, but these Spas can still have some medical information like your blood type or specific skin conditions. Again, it's important to think about the type of medical information that a spa is keeping track of. Needless to say, context is essential. While following these HIPAA guidelines, there are a few factors that go into this. The first of which is keeping your clients' information secure. Keeping the knowledge that your clients disclose to you secure is not only necessary if you want to keep those clients coming back, but you are legally required to do so. Under HIPAA guidelines, this information needs to be stored in a secure location or database. As previously mentioned in our other article regarding HIPAA guidelines and medical practices, one piece of advice we offer regarding this is to keep this information in separate and secure databases.

Finding the right HIPAA-compliant database software is a significant first step to being HIPAA compliant. This is because, at its core, HIPAA is all about patient confidentiality and security. This means that your number one priority when thinking about HIPAA should be to make your clients' information is as complex to access as possible for anyone who is not supposed to have that information. It's why every time you call your doctor, they ask you to confirm your date of birth, just another layer of security. Another great tip for staying HIPAA-compliant would be prioritizing your client's privacy. This goes beyond just securing all of their data; this includes not sharing information with other people in the office and, as mentioned previously, making sure to verify that your client is who they claim to be. One aspect of privacy that you may not have considered is photos. Spas and medical spas alike often want to show the client the type of services they offer and give actual client testimony so that the client trusts your business. The thing to be careful about with photos is only to take pictures of your client with their consent if you wish to use their photo for advertising. This is so important because it goes beyond libel lawsuits and also impacts your HIPAA compliance. Once again, we see how the concept of privacy is placed above everything when thinking about HIPAA.

We want to get you thinking about one final variable: customer rating. As a business, you want to know that your customers are happy with the service you're providing. Like any other business, you're probably going to do this by creating a survey and asking what your customers think about whatever aspect of your business you're considering improving. However, when doing this as a Med Spa, you need to be careful to keep your customers' information private because their experiences can fall under HIPAA jurisdiction. An excellent way to avoid this issue is to make your surveys or customer reports anonymous. Anything beyond a specific customer complaint should be left anonymous so that you can improve your business and not have to worry about breaching privacy standards. We here at Interactive Accountants serve a variety of businesses, both medical and other, and I have extensive experience in how to help run a business. At the end of the day, that's why medical spas are like a regular spa or a doctor's office. There are still transactions being made and goods or services being provided. One of the reasons that the line between medical doctors' offices and recreational Spas can get a little blurry is that Med Spas do include a degree of medical care, but most don't take health insurance as payment. This is because it's not technically a medical procedure; it is a procedure being done for your own well-being. A good metaphor is to think about plastic surgery. Some may be covered by insurance like a rhinoplasty if you have issues breathing, but for the most part, because it's an elective procedure that is not necessary for your health, insurance is not a variable that's going to be considered.

In the future, some key points to take away are to emphasize the importance of your client's privacy and satisfaction with your business. We here at interactive accountants make it our priority to help keep your taxes and books in order and help your business succeed because the better your business does, the better our business does.

We have many more ideas and services to help you and your business thrive under HIPAA guidelines. Here at Interactive Accountants, assisting businesses to grow and succeed financially and compliantly is our number one goal. We are here to help! If you're still not convinced yet to give us a call, feel free to look at our other blogs regarding the help we offer medical services and businesses.
If you are a professional in any field that HIPAA applies to, you will need a CPA firm that understands what your business does and what it needs. So give us a call or schedule a free consultation with our owner Matthew Shiebler, CPA. He's been practicing accounting for over 25 years now and is a business owner, just like you!