Saturday, June 27, 2026 Never be the last to know Go Pro · $20/mo →
Inside MedSpa
Intelligence for Medical-Aesthetics Owners
FDA CLEAREDIntense Pulsed Light Therapy Device — Sanhe LEFIS Electronics Co., Ltd.FDA CLEAREDBarbed PDO Suture — Sutura Medical Technology, Inc.FDA CLEAREDERBECRYO 2 Cryosurgical Unit and Accessories — Erbe Elektromedizin GmbHFDA CLEAREDLumiGlam Laser System (SHE-LSP601-3) — Beijing Sano Laser S&T Development Co.,LtdFDA CLEAREDCurrentBody Skin LED Multi Light Therapy Mask (MK-110D) — The Beauty Tech Group, Ltd.RECALLFDA recall: PAYLESS COMPOUNDERS, LLC — Semaglutide-Glycine-Cyanocobalamin Injectable, 2.5 RECALLFDA recall: HTO Nevada Inc. dba Kirkman — MAXIMUM, ZONE 1, 4% Lidocaine Cream, 1/2 oz bottRECALLFDA recall: Pro Numb Tattoo Numbing Spray LLC — Pro Numb Tattoo Numbing Spray, For Sensiti
This is your last free article this week. Subscribe to keep reading every article, the trackers, and the twice-a-week brief.Go Pro · $20/mo →
Compliance

Good-Faith Exam Done Right: Building a Defensible Workflow With Telehealth and Standing Orders

The good-faith exam is the gate between a legal treatment and an unlicensed-practice problem. Most practices have a policy; far fewer have a workflow that would actually survive scrutiny.

Good-Faith Exam Done Right: Building a Defensible Workflow With Telehealth and Standing Orders
Image: Inside MedSpa
By · Jun 6, 2026 · How we report

The good-faith exam is the gate. It's the medical evaluation that establishes a treatment is appropriate for a specific patient before that patient is treated, and it's one of the foundational things that separates injectables-as-medicine-done-properly from injectables-as-unlicensed-practice. Almost every practice has a policy describing a good-faith exam. Far fewer have a workflow that would actually survive a regulator asking to see exactly how a specific patient was cleared before a specific treatment — and the gap between the policy and the workflow is where the exposure lives.

This is general education for owners, not legal or medical advice. Good-faith-exam requirements are state-specific; build your workflow with your medical director and counsel.

A good-faith exam that exists in your policy binder but not in your actual workflow is worth exactly nothing the day a regulator asks to see how a specific patient was cleared.

Policy is not workflow

The single most important distinction in this topic is between having a good-faith-exam policy and having a good-faith-exam workflow. A policy is a paragraph in a binder stating that exams happen. A workflow is the actual, repeatable sequence by which every patient is evaluated by an appropriately authorized provider, cleared, and documented before treatment — every time, without exceptions that "everyone knows about." When a regulator examines a practice, they don't grade the policy; they ask to see how a particular patient was actually handled. A practice whose answer is "well, our policy says…" but whose records don't show the exam actually occurred for that patient has a policy and no defense. The workflow, executed and documented patient by patient, is the thing that protects you.

Build it to your state, not to someone else's

Good-faith-exam requirements — who may perform the exam, what it must involve, whether and how telehealth is permitted — are set by state law and vary. This is exactly the area where copying a model that works in another state gets practices in trouble. A telehealth-based exam workflow that's fully compliant in one jurisdiction may be impermissible in another, and telehealth exams specifically are an area of active regulatory attention, with rules that differ and evolve. So the first step in a defensible workflow isn't designing the process — it's confirming, for your state, what the exam must be and who can perform it. Build to your state's actual requirements, with your medical director and counsel, rather than to a template or a competitor's apparent practice.

The elements of defensibility

A defensible good-faith-exam workflow generally needs to demonstrate, for every patient:

  • That the exam actually occurred before treatment — not as a formality but as a real evaluation of appropriateness.
  • That it was performed by an appropriately authorized provider per your state's rules.
  • That it's documented in a way that lets you show, after the fact, that it happened as required.
  • That the workflow matches your state's specific requirements, including any telehealth conditions.

The throughline is provability. You're not building a process to feel compliant; you're building one where you can produce, for any patient a regulator names, the evidence that the gate function happened correctly. If you can't show that patient-by-patient, you don't have a defensible workflow regardless of how good your policy reads.

Standing orders and protocols: part of it, not a substitute for it

Standing orders and protocols can be legitimate parts of a compliant structure where your state permits, governing how delegated treatments proceed under appropriate authorization. But they're frequently misunderstood as a way to skip the underlying requirements, and they aren't — they don't eliminate the exam and supervision obligations beneath them. How standing orders may be used, and what they can and can't substitute for, is state-specific and belongs in the structure your medical director and counsel design. Used correctly, they're part of an efficient, compliant workflow; used as a shortcut around the good-faith exam, they're a misunderstanding that creates exposure rather than removing it.

What to do

  • Build a workflow, not just a policy — a repeatable, documented sequence ensuring every patient is properly examined and cleared before treatment.
  • Confirm your state's specific requirements first — who performs the exam, what it involves, and whether telehealth is permitted — and build to those, not to a template.
  • Make it provable patient by patient. Defensibility means being able to show, for any named patient, that the exam happened as required.
  • Use standing orders and protocols correctly, as part of a compliant structure, never as a shortcut around the underlying exam and supervision requirements.

The good-faith exam is one of the load-bearing compliance elements of an injecting practice, and it's one where the difference between safe and exposed isn't whether you have a policy — nearly everyone does — but whether you have a workflow that actually happens and can be proven. Build it to your state's real requirements, execute it for every patient, document it so it's provable, and the gate does its job. Leave it as a paragraph in a binder, and you'll discover the policy was never the thing protecting you the day someone asks to see how one specific patient was cleared.

Frequently asked questions

What is a good-faith exam in a med spa?

It's the required medical evaluation establishing that a treatment is appropriate for a specific patient before it's performed — a foundational element of treating injectables and many procedures as the practice of medicine done properly. Its specific requirements, including who may perform it and whether telehealth is permitted, are set by state law. This is general education, not legal advice.

Can a good-faith exam be done via telehealth?

In some states and circumstances, yes; in others, no, or only under conditions. Telehealth-based exams are an area of active regulatory attention, and whether and how they're permitted varies — making it essential to confirm your state's rules rather than assuming a model used elsewhere is acceptable.

What makes a good-faith exam workflow defensible?

That it actually happens for every patient before treatment, by an appropriately authorized provider, with proper documentation — and that the workflow matches your state's requirements. A defensible workflow is one where you can show, patient by patient, that the exam occurred as required, not just that a policy exists.

How do standing orders fit in?

Standing orders and protocols can be part of a compliant structure where permitted, governing how delegated treatments proceed, but they don't eliminate the underlying exam and supervision requirements. How they may be used is state-specific and should be structured with your medical director and counsel.

Free weekly brief

Get the free weekly brief.

The week's most important moves in medical aesthetics — distilled to a two-minute read, free. Unsubscribe in one click.

Free · weekly · unsubscribe anytime. Privacy.

Stay three moves ahead of every practice in your market.

Knowing it happened is table stakes. Inside MedSpa Pro hands you the play — what each move means for your margins, your license, and your patients, and exactly what to do about it — in a two-minute brief every morning. The owners who read it never get blindsided.

Get the edge · $20/mo

Join the owners who run ahead of the industry. Cancel anytime, one click.

Inside MedSpa Pro

By the time it's news, it's too late.

The rebate cut, the scope-of-practice bill, the competitor opening down the street — it hits your business before the trade press ever covers it. Pro gets you there first: what happened, why it touches your margins, and exactly what to do — at 6 AM, in two minutes.

Go Pro · $20/mo Never be the last to know. Cancel anytime.
The twice-a-week intelligence brief Go Pro · $20/mo