On May 12, 2025, President Donald Trump issued an Executive Order (EO) entitled “Delivering Most-Favored-Nation Prescription Drug Pricing to American Patients” with the goal of ensuring Americans pay no more for prescription drugs than other developed nations.

The EO directed the Secretary of Health and Human Services to communicate most-favored-nation (MFN) price targets to manufacturers, and if significant progress is not made toward such pricing structures, to propose a rulemaking plan to address the issue. The EO further directed the HHS Secretary to facilitate direct-to-consumer purchasing programs for manufacturers selling their products at the MFN prices.

In furtherance of these goals, on July 31, 2025, President Trump sent letters to leading pharmaceutical manufacturers outlining steps they must take to bring down the prices of prescription drugs in the United States to match the lowest price offered in other developed nations.  

As a result, on September 30, 2025, President Trump announced the first agreement with a major pharmaceutical company, Pfizer, to bring American drug prices in line with the lowest price paid by other developed nations.  According to the White House, the agreement with Pfizer will:

  • Provide every state Medicaid program with access to MFN prices on Pfizer products;
  • Ensure “foreign nations can no longer use price controls to freeride on American innovation” by guaranteeing MFN prices on all new medicines brought to the market by Pfizer;
  • Require Pfizer to repatriate increased foreign revenue realized as a result of the administration’s trade policies; and
  • Require Pfizer to offer medications at deep discounts when selling directly to American patients.

Also on September 30, the administration announced it would be rolling out a new direct-to-consumer website called TrumpRx, where individuals can buy prescription medications at discounted prices rather than through insurance. Though few specific details were provided about TrumpRx, the administration announced at least four Pfizer medicines, Eucrisa, Duavee, Zavzpret and Xeljanz, would be available through the website, which is planned for launch in “early 2026.”

The Pfizer deal and the announcement of TrumpRx constitute significant steps towards reaching the administration’s goal of lowering prescription drug prices for American citizens. However, the lack of specifics in the rollout of TrumpRx leaves many questions unanswered. At the top of that list is whether the TrumpRx program, which addresses the cash price of prescription drugs, will have a tangible impact on the prices patients covered by insurance pay for such medications.

California has enacted two bills that will significantly impact private equity firms, management services organizations (MSOs), and physician practices operating in the state.

Assembly Bill 1415 (AB 1415) and Senate Bill 351 (SB 351) build on longstanding concerns about the corporate practice of medicine (CPOM) by expanding regulatory oversight of transactions and strengthening statutory prohibitions on non-physician influence over clinical decision-making. Both measures were signed into law by Governor Gavin Newsom and are set to take effect on January 1, 2026, representing the most comprehensive update to California’s CPOM framework in decades.

AB 1415 focuses on transaction oversight and reporting. The bill broadens the scope of entities subject to the Office of Health Care Affordability (OHCA) review by expressly including MSOs, parent entities, private equity funds, and hedge funds within its notice requirements. Under AB 1415, any “material change” transaction involving a California healthcare entity—including changes of control, mergers, or significant asset transfers—will trigger a mandatory 90-day advance notice to OHCA. While the agency does not have explicit authority to block deals, its expanded jurisdiction means that private equity sponsors and MSOs must now plan for additional disclosure, regulatory scrutiny, and potential delays in closing.

SB 351 directly addresses the CPOM doctrine and explicitly extends its reach to private equity firms and hedge funds investing in medical and dental practices. The bill prohibits investors from exercising control over key aspects of clinical operations, such as hiring or firing physicians, approving diagnostic tests, controlling patient records, or dictating payer contracting terms. It also voids restrictive covenants such as non-compete and non-disparagement clauses in agreements between investors and physician practices. SB 351 grants the California Attorney General the authority to enforce these provisions and seek injunctive relief and attorneys’ fees, raising the stakes for non-compliance.

The key requirements and practice impacts of each bill are summarized on this chart:

BillFocusKey RequirementsPractical Impact
AB 1415Expands OHCA’s authority over health care transactions• Broadens scope to include MSOs, private equity, hedge funds, and parent entities.
• Requires at least 90 days’ advance notice to OHCA for “material change” transactions, including mergers, acquisitions, governance shifts, or significant asset transfers.
• Authorizes OHCA to collect data and impose reporting obligations on MSOs.		• Private equity and MSOs must account for new regulatory timelines in deal planning.
• Transactions that previously escaped notice may now face disclosure and review.
• OHCA scrutiny may delay closings or raise reputational risk.
SB 351Codifies and strengthens CPOM restrictions• Extends CPOM prohibitions to private equity firms and hedge funds.
• Bars investor interference with core clinical decisions (diagnosis, referrals, patient records, payer contracting).
• Renders void restrictive covenants such as non-competes and non-disparagement clauses in physician practice agreements.
• Grants Attorney General enforcement authority, including injunctions and recovery of attorneys’ fees.		• Heightened risk of AG enforcement actions.
• Common MSO/PE contract provisions may need revision.
• Physicians gain greater statutory protection against investor control.
• Potential chilling effect on investment structures in California.

Together, AB 1415 and SB 351 underscore California’s effort to curb perceived overreach by private equity in healthcare and to preserve physician independence. For private equity firms, MSOs, and physician groups, the new laws require proactive contract review, careful structuring of governance rights, and early regulatory engagement in transactions. Given California’s outsized influence, these developments may also set the tone for similar legislative efforts across the country.

As of this writing, New Jersey has not introduced new CPOM legislation comparable to AB 1415 or SB 351. However, there has been significant talk in the healthcare industry and in regulatory circles about ways in which the government can strengthen its oversight and authority over private equity investment in healthcare.

AB 1415 and SB 351 encompass the types of strengthened controls one would expect, and thus, those involved in private equity transactions in New Jersey should not be surprised if similar bills are introduced here in the coming future. Nevertheless, for the time being, New Jersey continues to enforce a long-standing prohibition on the corporate practice of medicine through professional corporation laws and Board of Medical Examiners regulations. While management services arrangements are permitted, New Jersey requires that only licensed physicians control medical practices, and regulators closely scrutinize agreements that grant non-physicians influence over clinical judgment.

For private equity firms and MSOs active across multiple jurisdictions, this means that although California now imposes explicit statutory regulation, New Jersey’s risk remains grounded in its established regulatory framework, and deal structures must be calibrated to comply with both regimes. For more information regarding New Jersey’s CPOM regulations, please see our prior posts on this blog.

Among the many ripples from the current government shutdown is a sudden rollback of telehealth flexibilities under Medicare that will impact both providers and beneficiaries. Greenbaum partner John Kaveney provides an overview of key issues for healthcare entities in this recently published Client Alert.

The U.S. Department of Health and Human Services (HHS) has announced a renewed effort under Secretary Robert F. Kennedy, Jr. to crack down on information blocking practices that limit the ability of patients to access, exchange, or use their electronic health information (EHI). 

What Is Being Targeted

  • Those failing to comply with the legal obligations under the 21st Century Cures Act (2016), including certified health IT developers, providers, health information networks, and health information exchanges.
  • Any efforts that hinder or otherwise unlawfully restrict access, exchange, or use of EHI.

What Laws Empower HHS

  • The 21st Century Cures Act gives ASTP/ONC (the Office of the Assistant Secretary for Technology Policy / Office of the National Coordinator for Health Information Technology) and the HHS Office of Inspector General (OIG) authority to enforce rules against information blocking.  
  • The ONC’s Cures Act Final Rule confirms that patients must have free, easy electronic access to their EHI—including via apps of their choice—and that providers should be able to choose digital tools without being hampered by excessive costs or technical barriers.  

Key Voices

HHS officials emphasized that data transparency is central to transforming healthcare.

In the words of Deputy Secretary Jim O’Neill:

“Unblocking the flow of health information is critical to unleashing health IT innovation and transforming our healthcare ecosystem. . . We will take appropriate action against any health care actors who are found to be blocking health data for patients, caregivers, providers, health innovators, and others.”

This statement underscores the administration’s broader goal of empowering patients in an effort to improve care.

Moreover, such efforts to root out information blocking have already begun.

Tom Keane, MD, Assistant Secretary for Technology Policy and National Coordinator for Health Information Technology has stated:

“We had already begun reviewing reports of information blocking against developers of certified health IT under the ONC Health IT Certificate Program and are providing technical assistance to our colleagues at OIG for investigations.”

Thus, the time for action by providers and others to ensure compliance with the law is now. 

Key Changes & Enforcement Measures

  • HHS is increasing the resources committed to identifying and curbing information blocking.  
  • The ONC and OIG will play leading roles—the ONC reviewing reports of information blocking and offering technical assistance, and the OIG investigating and taking enforcement actions where necessary.
  • Those found violating the law may face:
    • Disincentives under applicable Medicare/Medicaid‑linked programs (for providers)
    • Civil monetary penalties up to $1 million per violation (for health IT developers, health information networks, or exchanges) 
    • Termination of certification or being banned from the ONC Health IT Certification Program for certified health IT developers who fail to comply

Why This Matters

  • For patients: guaranteed legal rights to see, use, and share their EHI, which HHS believes supports more informed decision‑making, error detection, easier coordination of care, and better health outcomes.  
  • For innovators: clearer expectations and enforcement, which HHS believes can reduce uncertainty, encourage development of tools, apps, or platforms that leverage health data more freely.
  • For healthcare providers: greater interoperability, less friction in data exchange, supporting efforts to improve care, reduce waste, and increase efficiency.

What to Do

  • Reporting: Patients, providers, innovators, or anyone who has witnessed or experienced information blocking can report through the ONC’s “Report Information Blocking Portal.”  
  • Compliance: Those subject to the information blocking rules should evaluate their practices now to ensure they are not in violation of the law—especially around how they share EHI, which apps are supported, and cost/technical barriers.

Bottom Line

HHS’s increased focus on enforcement of information blocking rules represents a clear warning to the healthcare industry – patient data must flow freely, legally, and responsibly. For healthcare providers and IT vendors, now is the time to ensure full compliance with federal law or face potential significant consequences.

Compliance programs, in coordination with legal counsel, should be vetting all relevant policies and procedures, and their operational implementations, to ensure consistency with the law.

In recent weeks, vaccine policy has become a flashpoint at the state level. On September 3, 2025, the governors of Oregon, California, and Washington inaugurated a West Coast Health Alliance, a regional partnership aimed at preserving scientific integrity in vaccine policy amid growing skepticism toward federal health leadership. Through this partnership, the three states will start coordinating health guidelines by aligning immunization recommendations informed by respected national medical organizations and scientific evidence-based recommendations from trusted scientists, clinicians, and other public health leaders. While each state will independently pursue strategies shaped by their unique demographics, geographics, and laws, the Alliance’s coordinated plan is intended to ensure consistency and transparency across the West Coast in determining who should receive vaccines and under what circumstances.

In subsequent developments, Hawaii announced it would join the Alliance, expanding the collaboration to four states united behind evidence-driven immunization recommendations, respecting tribal sovereignty, and acknowledging each jurisdiction’s unique regulatory needs.

By contrast, Florida has moved in the opposite direction. Florida surgeon general, Joseph Ladapo, stated on September 3 that the state plans to end all state vaccine mandates, including for students to attend schools. Ladapo said his agency would roll back mandates for a half-dozen or so vaccines under its authority but that the agency will need to work with the Florida legislature on a broader package of reforms. He did not specify which vaccine mandates his agency would do away with.

Currently, all states have vaccine requirements to attend public schools with specific exceptions that vary by state (mainly for medical and religious reasons). This move to reverse the vaccine mandate for school children, and possibly a larger group, shows a significant shift in state-level policy and signals growing divergence nationwide.

What This Means for New Jersey Providers and Health Systems

These developments highlight how states are increasingly asserting authority over vaccine policy, diverging from federal standards. While most states have historically aligned closely with CDC guidance, the current climate suggests we may see greater variability in immunization requirements, school-entry rules, and employer/healthcare provider obligations.

For New Jersey providers, this trend matters for several reasons:

  • Regulatory Drift: If states like California or Florida test new approaches, others may follow, either strengthening or loosening requirements.
  • Compliance Complexity: Multi-state providers, payors, and vendors will need to navigate inconsistent state rules.
  • Future in NJ: New Jersey could face pressure to adopt its own state-specific vaccine policies if public confidence in federal guidance erodes further.

Greenbaum’s Healthcare team is actively monitoring these state-led initiatives. We are prepared to advise physician groups, health systems, and management companies on compliance with evolving immunization requirements, the potential need to adjust policies for multi-state operations, and any state-specific rulemaking that could impact school-based, workplace, and clinical vaccination obligations.

Although much of the public commentary related to the One Big Beautiful Bill Act (OBBBA) has focused on dire predictions that millions will lose coverage, healthcare leaders – including hospital system leaders, compliance teams and finance departments – should pay close attention to the regulatory details of the bill and take proactive steps now to address highly consequential changes to eligibility, provider funding, and state financing mechanisms. Greenbaum healthcare attorneys Jim Robertson and Sukrti Thonse provide an overview of the legislation’s significant impacts in this recently published Client Alert.

An article in the August 9, 2025, issue of the New England Journal of Medicine highlights the opportunity, if not the responsibility, of the bar in the private law sector to fill the gaps in healthcare access, quality, and accountability resulting from the Trump administration’s deregulation efforts regarding federal administrative agencies and legislation. Moreover, the termination or redirection of many federal programs and funding will put increased strain on the regulation of healthcare at a state-law level. State-level regulation has commonly encompassed insurance requirements and consumer protection issues. But there are other aspects of healthcare that need attention.

The authors of the NEJM article are professors of law and public health at Boston University and the University of Chicago. They identify the body of law encompassing contracts, torts, and fiduciary duties as the key areas that will respond to the potential vacuum following federal deregulation efforts. They characterize the changes being implemented by the Trump administration as “causing a seismic shift in health care governance.”

Beginning their review with the diminution in the authority and staffing of the Food and Drug Administration, the authors foresee an increased use of contractual provisions to enable private entities such as insurers to require evidence of safety or efficacy to obtain reimbursement for new products and services. They also note that states that purchase healthcare for large numbers of people can build public health goals into their contracts with private payers and healthcare organizations, commenting that the use of market leverage to promote cost containment or quality improvement is not new but is of increased importance with the erosion of public law regulators.

Tort law will likely become “a critical backstop for accountability and quality control in health care” through medical malpractice actions, including informed consent, and product liability claims. The civil justice system including tort liability is widely recognized as advancing objectives of compensation for losses, deterrence of future wrongful conduct, and encouraging safety. The conservative Cato Institute has acknowledged that “[i]n some instances tort liability does serve a potentially risk-reducing role by fostering new safety measures” although it questions whether it makes economic sense to make all products risk-free. 

Corporate governance and fiduciary responsibilities are highlighted by the weakening of governmental regulators. The NEJM authors hypothesize that “[i]f public oversight wanes, courts may face pressure to dial up enforcement of duties of care and loyalty in private-law frameworks.” They also note the hybrid nature of some actions that might be taken in the private law sector springboarding from statutes such as the False Claims Act, antitrust statutes, and civil rights laws. Many, but not all of these provide a private right of action.

The NEJM article concludes with a discussion of several risks in relying on private law. These include the difficulty of developing standards for robust ethical conduct and clear comprehensive contracts. The authors foresee a return to an atmosphere of “caveat emptor” for patients, with a need to be wary of insurance policy provisions and treatment options and to subject them to appropriate scrutiny and evaluation. They also point out the inherent imbalance across the general population that follows from the advantage that well-informed or well-resourced parties have in negotiating and navigating these circumstances. Legal counsel is not automatically available to everyone. Even in the setting of tort actions where representation is commonly provided through a contingency fee agreement, there is delay and unpredictability of result that takes away from the appeal of pursuing tort remedies. The authors conclude: “Regardless of whether the elevation of private law in health care represents a temporary stopgap or a durable shift, the time to reckon with its implications is now.”

Ironically, in the same week that the NEJM article appeared, Heather Cox Richardson, a professor of American history at Boston College, published one of her “Letters from an American” making note of the 90th anniversary of the signing of the Social Security Act by President Franklin Delano Roosevelt on August 14, 1935. The primary focus of her historical review was the role of Frances Perkins as Secretary of Labor and the experiences in her life that led her to be the driving force behind the legislation. The Social Security Act was a move away from the notions of “rugged individualism” toward a basic social safety net of interdependence with the pooling of funds available from tax dollars. The congressional vote on enacting the Social Security Act was 371 to 33 in the House of Representatives and 77 to 6 in the Senate. Perkins is the longest serving Secretary of Labor in the country’s history, serving from 1933 to 1945. In a speech delivered in 1962, Perkins stated: “One thing I know: Social Security is so firmly embedded in the American psychology today that no politician, no political party, no political group could possibly destroy this Act and still maintain our democratic system.”

The juxtaposition of Perkins’ 1962 comments with the observations regarding healthcare deregulation in the 2025 NEJM article is thought-provoking. At least since Justice Brandeis’ 1932 decision in New State Ice Co. v. Liebman, the states have been recognized as “a laboratory [to] try novel social and economic experiments without risk to the rest of the country.”  While there is the potential of returning to the era when “states’ rights” was a code word, the strong tradition of federalism to the contrary was recognized by Justice Brennan in his classic 1977 Harvard Law Review article entitled “State Constitutions and the Protection of Individual Rights.

The NEJM article identifies several areas of challenge to the bar. Are we ready?

An article published in the August 2025 issue of New Jersey Lawyer, a New Jersey State Bar Association publication, notes:

“The concept of artificial intelligence has permeated almost all aspects of society. AI is being implemented more and more each day by major technology companies to try to improve daily living and optimize the delivery of data and information in our daily lives. AI is also being viewed as a tool that will revolutionize and improve the delivery of health care.”

Read more about the concerns being raised by members of the health care industry, and the federal government,  about the use of AI by insurers in this article authored by Greenbaum partners Bob Hille and John Kaveney.

The U.S. Court of Appeals for the First Circuit, in United States v. Regeneron, has joined the Sixth and Eighth Circuits in adopting the “but-for” standard to find that a violation of the Anti-Kickback Statute (AKS) triggers the False Claim Act (FCA). The First, Sixth, and Eighth Circuits have adopted the burdensome “but-for” causation standard to prove that a violation of the AKS also violates the False Claims Act. This arguably makes it more difficult for the government to establish liability. The Third Circuit is now the lone Circuit that has adopted a more lenient “causal link” standard. This widening split among the federal circuit courts may motivate the United States Supreme Court to clarify the appropriate applicable standard.

First Circuit Decides United States v. Regeneron Pharmaceuticals, Inc.

Regeneron manufactures Eylea, a drug approved by the U.S. Food and Drug Administration (FDA) for treating an ophthalmological condition. The economics behind Medicare Part B create an incentive for Regeneron to price Eylea in a manner that frees the patient from the co-pay.

The government in United States v. Regeneron Pharmaceuticals, Inc. alleged that Regeneron paid more than $60 million over the course of four to five years to a foundation that provided co-payment assistance to patients suffering from an ophthalmological condition and that some or all of those donations were unlawful kickbacks.

The long-awaited decision in this case called for the First Circuit to determine the meaning of the words “resulting from” as used in a 2010 amendment to the federal Anti-Kickback Statute.

FCA Liability Standard for AKS Violations

The AKS imposes criminal liability on anyone who “knowingly and willfully offers or pays any remuneration (including any kickback, bribe, or rebate)” to induce a person to “recommend … ordering any … service … for which payment may be made in whole or in part under a [f]ederal health care program.” 42 U.S.C. § 1320a-7b(b)(2). Thus, the AKS targets any remunerative scheme through which a person receives or solicits payment in return for directing a patient to a program under which payments may be made from federal funds.

A 2010 amendment to the AKS established an express link to the False Claims Act. Therefore, the AKS now provides that “a claim that includes items or services resulting from a violation of [that Statute] constitutes a false or fraudulent claim for purposes of [the False Claims Act].” 42 U.S.C. § 1320a-7b(g). In other words, an “AKS violation that results in a federal [healthcare] payment is a per se false claim under the FCA.” Guilfoile v. Shields, 913 F.3d 178, 190 (1st Cir. 2019).

The FCA, in turn, imposes civil liability on anyone who “knowingly presents, or causes to be presented, a false or fraudulent claim for payment or approval” or “knowingly makes, uses, or causes to be made or used, a false record or statement material to a false or fraudulent claim.” 31 U.S.C. § 3729(a)(1)(A), (a)(1)(B).

Importantly, the AKS does not define the term “resulting from.” Accordingly, the Circuits have split in their interpretation of the AKS statute’s meaning of the words “resulting from.”

Notably, the Supreme Court denied certiorari following the Sixth Circuit’s decision to adopt the more stringent “but-for” causation standard. However, the First Circuit’s decision and the widening Circuit split may finally motivate the Supreme Court to clarify the appropriate applicable standard when evaluating the meaning of “resulting from” as set forth in 42 U.S.C. § 1320a-7b(g).

The medical spa industry is thriving, but with growth comes complexity, particularly in New Jersey where healthcare and professional licensing rules intersect with business and real-estate regulations. For physicians, nurses, or allied health professionals exploring a new medical spa venture, expanding an existing practice, or preparing for a sale, understanding the state’s unique requirements is crucial to avoiding costly enforcement actions.

This post distills the key legal and operational considerations, including entity structuring, scope-of-practice limits, privacy, billing, antitrust, and zoning, and highlights recent developments related to medical spas, or medspas as they are commonly referred to, in New Jersey.

Business Structure & Corporate Practice of Medicine

Operating through the correct entity and avoiding unauthorized corporate control of a medical practice is foundational. Some key considerations include:

Entity Selection: The Corporate Practice of Medicine (CPOM) doctrine prohibits non-physician entities from owning or controlling medical practices to ensure that clinical decisions are made by licensed healthcare professionals and are not influenced by corporate interests. New Jersey mandates that medical services be offered through a professional entity owned by licensed physicians, such as a professional corporation (PC). As a result, medical spa operators typically organize into two complementary entities: one a PC owned and governed by licensed clinicians to deliver all clinical services, and the other a Management Services Organization (MSO), often established as a corporation or LLC, to oversee non-clinical activities like billing, marketing, human resources, and facility upkeep.

CPOM Prohibitions: Non-providers may not direct or control clinical decisions; fee-splitting or tying compensation to referrals is forbidden. For example, New Jersey’s CPOM regulations forbid professionals with a narrower scope of practice (such as chiropractors, physical therapists, or nurse practitioners) from employing physicians. In the case Allstate Ins. Co. v. Northfield Med. Ctr., P.C., the New Jersey Supreme Court held that a chiropractic-led ownership structure likely violated CPOM because the chiropractor could fire the physician at will and shared more directly in the practice’s profits—demonstrating that true physician control is non-negotiable.

Risk of Non-Compliance: Violating CPOM not only risks insurers clawing back claims as false submissions, but also exposes physicians, corporate entities, and advising attorneys to professional discipline or fraud charges. For anyone opening a medical spa, it’s essential that physicians hold both legal and practical authority over medical protocols, hiring/firing, and profit distribution. Read more of our CPOM-centered posts here.

Recent Developments:

  • Oregon SB 951 (effective June 9, 2025) expands CPOM restrictions—prohibiting MSOs and their principals from owning or controlling professional medical entities, with a private right of action for physicians. Under SB 951, MSOs that provide non-clinical support to professional medical entities may no longer be majority-owned, managed, or controlled by the same individuals who hold PC shares or key leadership roles in the practice—effectively closing “friendly PC” loopholes that previously allowed private‐equity and other unlicensed entities to exert significant influence over medical practices. While this does not impact New Jersey’s CPOM restrictions, New Jersey regulators might consider tailored amendments to balance physician autonomy with the operational realities of modern MSO partnerships.
  • In June 2025, New Jersey’s Attorney General announced that Ana Velazco, owner of a medical spa in Fair Lawn, agreed to a five-year suspension of her massage and bodywork therapy license and a $15,000 fine after investigators found she performed unlicensed invasive medical procedures—such as suture removal, fluid drainage, Mesolipo injections, and microneedling. The consent order permanently bars Velazco from owning or operating a massage business in the state and mandates that any future practice be under the supervision of a licensed therapist. This case reinforces the perils of blurring non-clinical and clinical roles and the need for airtight entity structures. Medical spa operators must ensure that all medical-grade procedures are conducted only by appropriately licensed entities, structured so that physicians or other authorized clinicians retain true control over clinical activities, to avoid similar sanctions.

Licensing, Scope of Practice & Supervision

Ensuring each provider practices only within their authorized scope—and that non-physician staff are properly supervised—protects patient safety and mitigates malpractice exposure. Some considerations to know and document:

Permissible Delegations: Under New Jersey law, physicians (MDs and DOs) and physician assistants (PAs) enjoy broad authority to perform, supervise, and delegate medical spa services, including injectables, laser therapies, and chemical peels. Nurse practitioners, called Advanced Practice Nurses (APN) in New Jersey, and PAs may likewise evaluate patients, develop treatment plans, and carry out many of the same procedures under their collaborative practice agreements. Registered nurses are permitted to administer certain aesthetic treatments—such as specific neuromodulator injections or non-ablative laser sessions, but only pursuant to a detailed, physician-signed protocol. In every case, the supervising physician or APN/PA must exercise “direct supervision” under New Jersey rules, meaning they must be immediately available on the premises or via real-time audio/video connection and conduct periodic in-person or chart reviews to confirm compliance with the written protocol.

Unlicensed Personnel: New Jersey strictly prohibits unlicensed personnel or non–healthcare staff from performing or assisting with any medical-grade procedure. For example, individuals without the appropriate license may not inject, peel, or operate lasers, even under remote direction. The State Board of Medical Examiners and Board of Nursing will scrutinize any lapse in documented oversight.

Medical spa operators should strive to maintain up-to-date delegation orders and supervision logs, renew protocols at least annually (or whenever new treatments are adopted), and ensure that physicians retain the final authority over all clinical and safety decisions.

Required Documentation: New Jersey requires APNs and PAs to have written collaboration agreements with a supervising physician before performing any medical‐grade Medi-Spa services. Under N.J.A.C. 13:37-6.3, APNs’ joint protocols must list authorized injectables, lasers, chart‐review frequency, and emergency procedures. Likewise, PAs’ agreements under N.J.A.C. 13:35-2B.10 must define delegated tasks, supervision levels (on-site or virtual), and adverse-event protocols. These agreements ensure treatments occur only with documented physician oversight.

Privacy & Data Security

Medical spas often collect and sometimes monetize sensitive health information. Robust privacy and security practices are mandated by federal law, and a single breach can trigger steep fines and reputational harm. Key Considerations include:

PHI Safeguards: Any medical spa capturing identifiable treatment data (treatment plans, before/after photos) must implement the Health Insurance Portability and Accountability Act’s (HIPAA) administrative, technical, and physical safeguards, including privacy notices, breach-response plans, encryption, and annual staff training. In practice, this means conducting regular risk assessments to identify vulnerabilities in records systems, designating a Privacy Officer to oversee compliance, and maintaining strict access controls so that only authorized personnel can view or modify electronic Protected Health Information (PHI). New Jersey’s breach-notification laws also require prompt patient and regulator alerts. Failure to comply can lead to significant fines and reputational damage.

Marketing Consents: Given that many medical spas obtain referrals and business through their social media posts, it is important for these businesses to obtain separate, documented patient authorizations for the use of images or testimonials. Each release should clearly describe what media will be used (e.g., social media, website, print ads), how long it will remain in circulation, and the patient’s right to revoke consent at any time.

Fraud & Abuse; Billing Compliance

Improper referral incentives or miscoding of services can lead to severe enforcement actions under the Anti-Kickback Statute, Stark Law, and False Claims Act. This section highlights some key elements related to structuring financial arrangements and billing practices to stay compliant.

Anti-Kickback & Stark: It is important to structure all MSO and physician-compensation arrangements at fair market value, without referral-volume incentives. Any bonus structures, percentage-of-collections models, or other incentives that could be viewed as rewarding referral volume should be avoided.

Billing Segregation: Medical spa businesses should clearly separate cash-pay “cosmetic” services (e.g., Botox, fillers, laser hair removal) from insurer-billed “medically necessary” treatments (e.g., scar revision, lesion removal). Businesses should also implement distinct charge masters or billing codes, maintain separate patient statements or invoices, and train front desk staff to verify the type of payment at scheduling.

Recent Developments

  • In Advisory Opinion 25-03 (posted June 11, 2025), the U.S. Department of Health and Human Services Office of Inspector General (OIG) reviewed a proposed arrangement between a MSO and an affiliated professional corporation providing telehealth staffing and administrative services. The OIG concluded that the arrangement met all elements of the “personal services and management contracts” safe harbor at 42 C.F.R. § 1001.952(d)—including a written, one-year agreement, a clear description of services, fixed fair market value-based fees negotiated at arm’s length, and commercial reasonableness irrespective of referrals. This opinion highlights that when MSO contracts are carefully documented, priced at fair market value, and explicitly decoupled from referral incentives, they can safely coexist with the Anti-Kickback Statute.

Antitrust Considerations

Collaborating with other providers or negotiating group-rate contracts can cross the line from pro-competitive clinical integration into illegal “price-fixing.” It’s important to be mindful of:

Collaborations & Pricing: Medical spas must steer clear of any agreements with competitors to set service prices, divide markets, or limit output—classic “price-fixing” or “market allocation” that is automatically illegal. For example, if two or more medical spas agree to charge the same fee for Botox treatments or divide geographic territories to avoid competing with one another, that would likely constitute illegal “price fixing.”

Provider Networks: Any coordination with other medical spa operators, physician groups, or payers over fee schedules, contract terms, or referral arrangements risks triggering an antitrust investigation. Even informal discussions about typical charges or preferred insurer rates can be construed as an attempt to standardize pricing or disadvantage certain competitors. To minimize risk, it’s important to keep all negotiations and contract-bargaining separate and unilateral and to avoid any multi-party communications that could suggest concerted action on rates or terms.

Recent Developments:

  • In June 2025, the Federal Trade Commission’s (FTC) Health Care Division issued an updated “Topic and Yearly Indices of Health Care Antitrust Advisory Opinions,” a comprehensive compendium that organizes all Commission and staff opinions by subject and year. This update signals that any joint venture proposal involving shared contracting or integration with payers will receive heightened review. Medical spa operators considering group purchasing, shared protocols, or joint negotiations, should ensure their arrangements are clearly pro-competitive and well documented.

Real Estate, Zoning & Facility Requirements

A medical spa’s physical location must comply with local zoning and health regulations. Misclassification can lead to costly enforcement actions or forced relocation. Key considerations include:

Zoning Classification: It’s important to confirm the municipality’s “medical office” vs. “spa” use permit requirements to avoid enforcement actions. Securing the correct use permit or variance often involves submitting floor plans, a business description, and proof of professional licensure to the planning or zoning board, and failure to do so can result in fines, cease‐and‐desist orders, or forced relocation. If the medical spa uses a business name other than the name of the physician or the corporate name, the facility may need to register it as a fictitious business name or that the medical spa is “doing business as” (dba) that business name. It’s also wise to confirm any signage, parking, and accessibility requirements tied to medical use permits, as these may differ from those for traditional spas.

OSHA & Sanitation: Depending on the services offered by the medical spa, treatment rooms must be outfitted to meet OSHA’s Bloodborne Pathogens Standard, which includes having approved sharps‐disposal containers, an exposure control plan, and staff training records on file. Beyond sharps, readily accessible hand‐washing stations or alcohol‐based dispensers, a stocked first‐aid or emergency kit (including eye‐wash solutions), and regularly updated Safety Data Sheets for all chemicals and topical agents are required. It’s important to perform routine facility inspections and maintain maintenance logs in the event of a compliance audit.

Conclusion

The regulatory landscape for medical spas in New Jersey is multifaceted and evolving. A proactive compliance strategy centered on the right entity structure, clear delegation protocols, robust privacy and billing controls, antitrust vigilance, and proper facility permits will safeguard the medical spa’s practice and patients alike. If you’re launching, expanding, or selling a medical spa, Greenbaum’s Healthcare practice team can assist with translating these requirements into operational policies, updating your agreements, and navigating any related legal issues.