Medical Director Liability: What Can Go Wrong (And Has)

The Medical Director Is the Linchpin of Med Spa Compliance — and Liability

Every clinical procedure performed at a med spa flows from the supervising physician's authority. The medical director doesn't need to be in the room for every injection — but they do need to establish the protocols, verify the qualifications of staff they're delegating to, and maintain meaningful, documented oversight of operations. When that oversight is absent or nominal, both the spa and the physician face serious consequences.

State medical boards have made the medical director relationship a priority enforcement target. They've seen the pattern too many times: an MD signs an agreement, collects a monthly fee, rarely visits, never reviews protocols, and has no real knowledge of what's happening at the spa they're nominally supervising. When something goes wrong — or when a regulator simply looks closely — the consequences for both parties are severe.

Case Study #1: Iowa — $10,000 Fine for "Working Remotely"

In December 2025, the Iowa Board of Medicine fined Dr. Daniel Kollmorgen $10,000 for inadequate supervision of 4Ever Young Med Spa in Waukee, Iowa. The finding was specific: Kollmorgen was physically on-site at the spa only approximately two to three hours per month.

Iowa's med spa regulations — Iowa Administrative Code 653—13.8 — require a medical director to:

Be physically located within 60 miles of the spa at all times during its business hours
Provide a minimum of four hours per week of in-person staff supervision
Establish and maintain written protocols for all delegated procedures
Be available for consultation with non-physician staff during business hours

Kollmorgen's actual practice — largely remote, minimal physical presence — failed both the location and supervision time requirements. The $10,000 fine was levied against him personally, and the violation is now part of his permanent disciplinary record with the Iowa Board of Medicine.

This case is particularly instructive because the spa itself didn't face an emergency closure. The investigation targeted the medical director directly. It demonstrates that state boards are actively auditing supervision arrangements and that physicians in these roles carry real personal professional liability.

Case Study #2: Texas — License Suspended After Patient Death

The 2023 case at Luxe Med Spa in Wortham, Texas represents the worst-case scenario for medical director liability. Dr. Michael Gallagher, the spa's medical director, was based 106 miles from the spa and had visited only three times. There were no written SOPs for IV services — the only protocol document was an unsigned medical director agreement.

When a patient died following an IV infusion administered by the spa's unlicensed owner, the Texas Medical Board issued an emergency order suspending Gallagher's license pending hearing. The order cited:

Failure to implement policies and procedures for IV services
Failure to ensure that only licensed personnel performed medical procedures
Failure to maintain adequate on-site supervision
Allowing his credentials to be used to obtain prescription medications without meaningful oversight

Even after a subsequent amendment allowed Gallagher to continue practicing anesthesiology, he remained restricted from supervising or delegating to others in any practice setting. A career-defining restriction, flowing directly from a medical director arrangement that existed in name only.

What State Boards Are Looking For When They Investigate a Medical Director

Based on documented enforcement actions in Iowa, Texas, Florida, and New York, here is what a state medical board investigation of a medical director relationship actually examines:

1. Physical Presence Records

Investigators look for documented evidence of on-site visits: sign-in logs, dated visit notes, staff calendars, anything that establishes how often the MD was physically present. "I was available by phone" is not the equivalent of on-site supervision in states that require in-person minimum hours.

2. Written Protocol Reviews

Were the SOPs for every procedure reviewed and signed by this specific physician? Were they updated when procedures or products changed? A stack of unsigned protocols, or protocols signed once three years ago and never revisited, suggests a medical director who wasn't genuinely engaged in clinical oversight.

3. Delegation Documentation

For every non-physician provider performing medical procedures, was there a specific written delegation protocol? Did the medical director verify the provider's license, training, and competency before authorizing them to perform delegated acts? Missing delegation documentation is a red flag that supervision was nominal rather than real.

4. Adverse Event Awareness

Did the medical director know about adverse events at the spa? Was there a process for reporting them? Investigators look at whether the MD was looped in on complications, patient complaints, and near-misses — or whether they were kept insulated from anything that might have required their attention.

5. Credential Verification

Was the medical director aware of what licenses every clinical staff member held? Did they verify this before authorizing delegation? In the Texas case, the medical director's credentials were used to purchase prescription medications he appears to have had no meaningful involvement in prescribing or overseeing.

What a Proper Medical Director Relationship Actually Looks Like

A compliant medical director relationship is not burdensome — but it does require genuine engagement. Here's what it looks like in practice:

✅ Medical Director Compliance Checklist

Current, signed Medical Director Agreement — specifying supervision hours, on-site visit frequency, and scope of delegated procedures

Written, physician-signed SOPs for every procedure performed, reviewed annually or when procedures change

Individual delegation protocols for every non-physician provider, specifying authorized procedures

Documented on-site visit log — signed, dated records of every in-person visit

Staff credential file review — MD has verified all clinical staff licenses before authorizing delegation

Adverse event notification protocol — defined process for reporting complications to the MD

Emergency protocols signed — MD has reviewed and approved all emergency response protocols

The Ownership Side: What You're Responsible For

Med spa owners sometimes believe that having a medical director insulates them from compliance liability. It doesn't. If you've structured a relationship that amounts to a "ghost" medical director — a physician who signed a contract but has no genuine involvement in operations — you are directly exposed to regulatory action, and you've also potentially exposed your medical director to professional consequences they may not have fully understood when they signed.

The legal principle is straightforward: you cannot delegate your way out of liability for how your business operates. If unlicensed procedures are happening in your spa, the business faces regulatory action regardless of what the medical director agreement says. If your medical director agreement is structured to minimize the physician's actual involvement, both parties are at risk.

Owners who build genuine medical director relationships — where the physician is meaningfully involved in protocol development, supervision, and oversight — are building a stronger compliance foundation and a more defensible business. That relationship takes more work to establish and maintain. But it's the work that makes everything else in the business more legally and professionally sound.

Build a Medical Director relationship that protects everyone

MedSpa Standards' Hormone Therapy Protocols Kit and Operations Compliance Kit include the medical director agreement template, supervision log, delegation protocols, and SOP frameworks your physician needs to review and sign — giving both parties clear, documented obligations.

Hormone Therapy Protocols Operations Compliance Kit

30-day money-back guarantee

A Note for Physicians Considering a Medical Director Role

If you're an MD or DO being approached to serve as a medical director for a med spa, here's what you need to evaluate before signing:

What does your state's law actually require? Look up the specific supervision requirements — minimum on-site hours, geographic restrictions, delegation authority. Don't rely on what the spa owner tells you.
Can you actually fulfill those requirements? If you have a full-time practice elsewhere and the spa is asking for "light touch" oversight, the gap between what the law requires and what you're able to provide may be a violation from day one.
What protocols will you be signing? You should review and personally approve every SOP that goes out under your name. Signing a stack of documents you haven't read is not protecting you.
What is the indemnification structure? The medical director agreement should specify how liability is allocated. Consult a healthcare attorney before signing.
Is the spa willing to document your supervision properly? A spa that resists maintaining visit logs, push backs on protocol review requirements, or wants you "available by phone" in a state requiring in-person minimum hours is structuring an arrangement that puts your license at risk.

The Iowa and Texas cases are instructive precisely because both physicians were, by all appearances, otherwise legitimate practitioners. They took on medical director roles without fully understanding or fulfilling the obligations those roles carry under state law. The enforcement actions that followed were career-altering.

Disclaimer: This article is for educational purposes only and does not constitute legal or regulatory advice. Medical director requirements vary significantly by state. Consult with a licensed healthcare attorney for guidance specific to your practice and jurisdiction.

Frequently Asked Questions

What is a med spa medical director liable for? + −

A med spa medical director can be personally liable for: inadequate supervision of clinical staff, failure to establish written protocols, failing to meet state-mandated on-site supervision requirements, allowing unlicensed individuals to perform medical procedures, and patient harm under their delegated authority. In Iowa, a medical director was fined $10,000 for supervision violations. In Texas, a medical director's license was suspended following a patient death.

Can a med spa operate without a medical director? + −

No. In virtually every U.S. state, a med spa performing medical procedures must have a supervising physician or qualified ARNP with appropriate credentials. Operating without a valid Medical Director arrangement is unlicensed practice at the organizational level and is one of the violations most likely to trigger emergency closure and significant fines.

How often does a medical director need to be on-site? + −

Requirements vary by state. Iowa requires at least four hours per week in-person, within 60 miles at all times. Florida requires a meaningful supervisory relationship with documented on-site visits and signed protocol reviews. Texas requires written protocols and reasonable availability. States are increasingly specific about minimum on-site time. "Remote only" medical directors are a primary enforcement target in current regulatory actions.

What should a med spa medical director agreement include? + −

A medical director agreement should specify: the physician's name and active license number, the specific location(s) covered, minimum on-site supervision frequency, scope of procedures authorized, delegation protocols for each non-physician provider, the MD's responsibility for reviewing and signing clinical SOPs, adverse event notification protocol, and termination terms. An unsigned or vague agreement provides minimal legal protection for either party.