Most med spa owners know they need insurance. Fewer know exactly what their policy actually covers, and more importantly, what it quietly excludes. The difference between those two things is where six-figure lawsuits live.
Med spa insurance coverage typically includes professional liability (malpractice), general liability, commercial property, product liability, cyber/data breach liability, and workers' compensation, bundled together to protect against both clinical and business risks. But the details matter far more than the category names. A policy that "includes malpractice" might still exclude the specific procedure that triggered your claim.
This guide goes deeper than the overview on our med spa insurance pillar page. Here, we break down each coverage type in detail, show you exactly which procedures are covered (and which aren't), walk through the six coverage gaps that catch most med spas off guard, and teach you how to read the one document that tells you everything: your declarations page.
What Does Med Spa Insurance Cover?
Medical spa insurance coverage is a package of policies that protects your practice against clinical malpractice claims, business liability, property loss, data breaches, employee injuries, and product-related lawsuits. No single policy covers everything. It's the combination that matters.
Understanding your medical spa insurance coverage in detail (what's included, what's excluded, and where the gaps are) is the difference between a policy that protects you and one that gives you a false sense of security.
Think of it as layers. Your malpractice policy handles clinical errors. Your general liability handles premises accidents. Your property coverage protects your equipment. Your cyber policy covers data breaches. Each layer addresses a different risk, and gaps between layers are where claims go uncovered.
Here's what each layer actually does, and where the limits are.
Coverage Types Explained
Professional Liability / Medical Malpractice
Professional liability, also called medical malpractice insurance, covers claims alleging that a procedure you performed caused harm due to error, negligence, or failure to obtain proper informed consent. This is the most critical coverage for any med spa.
What triggers a malpractice claim isn't always a botched procedure. Claims arise from:
- Clinical errors: wrong injection site, incorrect dosage, burns from laser miscalibration
- Adverse outcomes: vascular occlusion from filler, prolonged bruising, scarring, infection
- Informed consent failures: the patient wasn't told about risks, or the consent form was inadequate
- Scope of practice violations: a staff member performed a procedure they weren't licensed to do
- Failure to screen: performing a procedure on a patient with contraindications
Defense costs alone can be significant. Even if a claim has no merit, your insurer pays for attorneys, expert witnesses, depositions, and court costs. Defense costs are sometimes included within your policy limits (eroding your available coverage) or paid in addition to limits. Check which structure your policy uses.
Real claim example: In Pennsylvania, a $1.2 million judgment was issued against a med spa after a nurse with a suspended license performed chin filler injections that caused permanent disfigurement (CMF Group, Med Spa Claims Case Studies). The facility's policy responded, but the judgment exceeded its limits, and the owners were personally liable for the remainder.
Typical limits: $1 million per claim / $3 million aggregate is the industry standard for med spas.
Claims-made vs. occurrence is a critical distinction. Claims-made policies cover claims filed during the active policy period. Occurrence policies cover incidents that happened during the policy period, regardless of when the claim surfaces. If you cancel a claims-made policy without purchasing tail coverage, you have zero protection for anything that happened during that policy's term. Understand the full difference here.
General Liability
General liability covers non-medical claims: bodily injury, property damage, and advertising injury that occur on your premises or as a result of your business operations. It does not cover anything related to the procedures you perform.
What triggers a GL claim:
- A client slips on a freshly mopped floor and breaks her wrist
- A delivery driver trips over equipment in your hallway
- Water damage from your suite affects the neighboring tenant
- Advertising injury: a competitor claims your marketing makes false or misleading statements about their business (this one is often overlooked)
What does not trigger a GL claim: anything involving a medical procedure. If a patient has a bad reaction to a chemical peel, that's a malpractice claim, not a GL claim.
Landlord and lease requirements: Most commercial landlords require tenants to carry general liability with minimum limits of $1 million per occurrence / $2 million aggregate, and to name the landlord as an additional insured on the policy. If your lease requires it, you can't open without it.
Product Liability
Product liability covers claims arising from products you use on patients during procedures and products you sell retail. This is a coverage area where many med spas have a dangerous gap.
Here's the distinction: your malpractice policy typically covers adverse reactions to products used during a procedure. For example, a patient reacts badly to the specific brand of hyaluronic acid filler you injected. That's a clinical event.
But what about the skincare products you sell in your lobby? If a patient buys a retinol serum from your retail display, uses it at home, and develops a severe chemical burn, that's a product liability claim, not a malpractice claim. Your malpractice policy likely won't cover it.
This gap gets wider if you sell private-label skincare. When you put your brand name on a product, you take on manufacturer-level liability, even if a third party actually formulated and produced it. A standalone product liability policy or endorsement covers this exposure.
Cyber & HIPAA Liability
Cyber insurance covers financial losses from data breaches, ransomware attacks, and regulatory penalties related to your handling of protected health information (PHI). Your med spa is a HIPAA-covered entity the moment you collect medical histories, treatment records, or before-and-after photos, which is day one for most practices.
Cyber coverage has two components:
- First-party coverage: your own costs: breach notification to affected patients (legally required within 60 days under HIPAA Breach Notification Rule, 45 CFR 164.404), forensic investigation, data recovery, ransomware payments, credit monitoring for affected patients, and business interruption during the incident.
- Third-party coverage: claims against you: lawsuits from patients whose data was exposed, regulatory defense costs, and HIPAA fines, which range from $141 to $71,162 per violation, with annual maximums up to $2.1 million per category (HHS Enforcement).
Important: Standard general liability and malpractice policies do not cover HIPAA fines or data breach costs. Without a cyber endorsement or standalone policy, you're uninsured for these exposures. Full cyber risk explainer here.
Workers' Compensation
Workers' compensation covers medical bills, lost wages, and rehabilitation costs when an employee is injured on the job. Most states require it as soon as you have one employee.
Med spa-specific workplace injuries include:
- Needlestick injuries from handling syringes, sharps, and injectable supplies
- Laser burns from accidental exposure during treatments
- Chemical exposure from medical-grade peels, disinfectants, and sterilization products
- Repetitive strain from performing detailed injection work for hours
State requirements vary. Some states mandate workers' comp for all employers; others exempt businesses with fewer than a certain number of employees. Even where it's optional, carrying it protects you from employee injury lawsuits that can far exceed premium costs.
Business Owner's Policy (BOP)
A business owner's policy bundles general liability and commercial property coverage into one policy, typically at a lower cost than buying them separately. For smaller med spas, a BOP is often the most efficient foundation.
The commercial property portion is especially important for med spas because of equipment costs. A single laser device can cost $50,000 to $175,000 to replace (AmSpa, Medical Spa Industry Statistics). Add microdermabrasion units, IPL machines, cryolipolysis devices, treatment chairs, and retail inventory, and your equipment exposure easily reaches $200,000–$500,000.
A BOP typically covers:
- Equipment and devices (replacement cost)
- Furniture, fixtures, and leasehold improvements
- Inventory: skincare products, injectable supplies, consumables
- Business interruption: lost income if a covered event forces you to close
Bundling through a BOP saves most practices 15–25% compared to separate GL and property policies.
Additional Coverages
Depending on your practice, you may also need:
- Employment Practices Liability (EPLI): wrongful termination, discrimination, and harassment claims from staff
- Equipment breakdown: covers mechanical or electrical failure (different from property damage caused by fire or flood)
- Business interruption: replaces lost income during a covered closure
- Umbrella / excess liability: additional limits above your GL and malpractice policies
- Commercial auto: if you provide mobile services or use vehicles for business errands
Each of these can be added as a standalone policy or endorsement. See our cost guide for typical pricing.
Med Spa Insurance Coverage by Procedure Type
Not every procedure is covered by every policy, and the gaps aren't always obvious. The table below shows which coverage type applies to common med spa procedures and whether you'll likely need a special endorsement.
| Procedure | Malpractice | General Liability | Product Liability | Endorsement Needed? |
|---|---|---|---|---|
| Botox / Dysport | Yes | No | Yes | Usually included in med spa policies |
| Dermal fillers | Yes | No | Yes | Usually included |
| Laser hair removal / resurfacing | Yes | No | No | May require specific laser endorsement |
| Chemical peels | Yes | No | Yes | Usually included |
| PRP / platelet-rich plasma | Check policy | No | No | Often requires endorsement |
| IV vitamin therapy | Check policy | No | Yes | Often requires endorsement |
| Body contouring (CoolSculpting, etc.) | Check policy | No | No | Often excluded on standard policies |
| Semaglutide / weight loss programs | Check policy | No | Yes | Frequently excluded, limited carriers |
| Ketamine therapy | Check policy | No | No | Specialty carrier required (MediSpaCover) |
"Check policy" means your standard med spa malpractice may or may not cover it. You need to verify with your carrier or broker. These are the procedures most likely to fall into coverage gaps, especially if you added them after your policy was written.
A key takeaway: Botox and dermal fillers are covered by most specialized med spa policies. But the moment you move into PRP, IV therapy, body contouring, weight loss medications, or ketamine, coverage becomes carrier-specific and endorsement-dependent.
What Med Spa Insurance Does NOT Cover (Common Exclusions)
Every insurance policy has exclusions: procedures, situations, or claim types that are explicitly not covered. Understanding your exclusions is just as important as understanding your coverage. Here are the most common ones:
- Procedures not scheduled on the policy. If your policy lists specific covered procedures and you perform something not on the list, the claim will likely be denied. This is the most common denial reason we see.
- Off-label use with ambiguous policy language. Many injectable treatments involve off-label use (Botox for jaw slimming, filler in the nose). Some policies cover off-label use; others exclude it or use vague language that gives the insurer room to deny.
- Independent contractor acts. If a 1099 injector causes harm and your policy only covers W-2 employees, the claim against your facility may not be covered.
- Elective/cosmetic procedures on standard business policies. A standard commercial policy (not designed for med spas) will almost certainly exclude medical aesthetic procedures.
- Intentional acts and criminal behavior. No policy covers deliberate harm.
- Sexual misconduct. Standard malpractice policies exclude sexual abuse and molestation claims. A separate endorsement is required.
- Contractual liabilities. Obligations you voluntarily assumed through contracts (like indemnification clauses in vendor agreements) are generally excluded.
- HIPAA fines without cyber coverage. Your GL and malpractice policies won't pay regulatory fines for data breaches. You need a cyber policy or endorsement.
Read every exclusion in your policy. If something is ambiguous, ask your broker to get written clarification from the carrier. Ambiguity in exclusion language almost always favors the insurer at claim time.
The 6 Coverage Gaps Most Med Spas Miss
These aren't theoretical risks. They're the gaps we see most often in the policies med spa owners bring to us for review, and each one has cost real businesses real money.
1. The Independent Contractor Gap
If you use 1099 injectors, aestheticians, or nurses, your facility's malpractice policy may not cover their work. Many policies only extend coverage to W-2 employees. When a 1099 contractor causes an adverse outcome and the patient sues your med spa entity, your insurer can deny the claim, leaving you to fund your own defense.
The fix: Require contractors to carry their own professional liability and provide proof; if available, request endorsements that protect your entity (or use contractual indemnity). Alternatively, add an independent contractor extension endorsement to your policy. The endorsement typically adds $500–$1,500 per year to your premium.
2. The Procedure Creep Gap
You added IV vitamin therapy six months ago but never updated your policy. Your malpractice coverage lists Botox, fillers, and chemical peels, but IV therapy isn't on the schedule. A patient has an adverse reaction to an IV infusion, and your carrier denies the claim because the procedure wasn't covered.
This is incredibly common. Med spas evolve their service menus faster than they update their insurance. Novatae Risk Group has documented multiple cases where IV therapy claims were denied because the procedure was added after the policy was written and never endorsed (Novatae, Med Spa Coverage Gaps).
The fix: Every time you add a new procedure, call your broker the same week. Most endorsements can be added mid-term.
3. The Claims-Made Tail Gap
You switch carriers and don't purchase tail coverage on your old claims-made policy. Any incident that happened during the old policy's term, even if the claim isn't filed for two more years, is now completely uncovered. Neither your old carrier nor your new one will pay.
Tail coverage (also called an extended reporting period) commonly runs ~1.5x-2.5x the expiring annual premium (carrier/specialty dependent). It's expensive, but the alternative is having zero coverage for your entire claims history with that carrier. More on claims-made vs. occurrence policies.
The fix: Budget for tail coverage whenever you're on a claims-made policy. Or ask your new carrier about "nose coverage" (prior acts coverage), which may cover prior incidents at a lower cost than a full tail.
4. The Medical Director Myth
Your medical director has their own malpractice insurance. You assume it covers your med spa. It almost certainly does not. A medical director's personal malpractice policy covers their individual clinical practice, not your business entity, not your other practitioners, and not procedures they didn't personally perform.
In a scenario where a nurse practitioner administers filler at your med spa and the patient sues your business, the medical director's personal policy will not respond. Your med spa needs its own entity-level professional liability policy. Read our full breakdown of medical director liability.
The fix: Ensure your med spa entity is the named insured on its own malpractice policy. The medical director should also have supervisory liability coverage, either on their personal policy or via endorsement on your facility's policy.
5. The Retail Product Gap
Your malpractice policy covers products used during procedures but not products sold over the counter. A patient buys a glycolic acid serum from your retail shelf, uses it improperly at home, and suffers chemical burns. They sue your med spa. Your malpractice insurer says it's not a clinical event, it's a product liability claim, and declines coverage.
This gap is especially dangerous for med spas that sell private-label skincare. When your brand is on the bottle, you carry product liability even if someone else manufactured the product.
The fix: Add a product liability endorsement or standalone policy. If you sell retail, this isn't optional. It's a coverage gap with real exposure. Premiums for product liability coverage typically range from $300–$800 per year for most med spas.
6. The Off-Label Use Gap
Many injectable treatments involve off-label use, and your policy language around off-label procedures may be ambiguous or exclusionary. Botox used for jaw slimming, filler used in the nose (non-surgical rhinoplasty), Kybella used off its FDA-approved area. These are common procedures that technically fall outside the drug's approved indication.
Some policies explicitly cover off-label use. Others are silent on it, which gives the insurer room to argue the procedure wasn't covered. Others exclude it outright.
The fix: Ask your broker to get a written statement from your carrier confirming whether off-label use of the specific products you administer is covered. Don't accept "it should be fine." Get it in writing.
Endorsements & Policy Customization
An endorsement (also called a rider) is a modification to your base policy that adds, removes, or changes coverage. Endorsements are how you customize a standard med spa policy to match your actual practice.
Common endorsements for med spas include:
- Procedure-specific endorsements: adds coverage for procedures not included in the base policy (PRP, IV therapy, body contouring, etc.)
- Sexual abuse and molestation coverage: covers claims of sexual misconduct by staff. Standard malpractice excludes this; the endorsement adds it back. (PPIB is one carrier that offers this endorsement for med spas.)
- License action defense: covers legal costs if a practitioner's license is challenged by a state board as a result of a malpractice claim. PPIB includes this as an available endorsement on their med spa insurance programs.
- Independent contractor extension: extends your facility's malpractice coverage to 1099 workers
- Prior acts coverage (nose coverage): covers incidents that occurred before your current policy's start date, useful when switching carriers to avoid needing tail coverage
- Medical director supervisory liability: covers the medical director for claims arising from their supervision of your clinical staff
- Communicable disease endorsement: covers claims related to infection transmission during procedures
- Private-label product liability: covers products sold under your brand name
How endorsements work in practice: Most can be added mid-term (you don't have to wait for renewal). Each carries an additional premium, typically $200–$1,500 depending on the endorsement type and your risk profile. Your broker can request endorsements from your carrier and have them active within days.
How to Read Your Declarations Page
Your declarations page (dec page) is the single most important document in your insurance file. It's the summary page at the front of your policy that tells you, in plain terms, exactly what's covered, for how much, and for what time period. If you only read one page of your policy, make it this one.
Here's what to look for and why it matters:
Named insured. This is who the policy actually protects. Confirm your business entity is listed correctly (the LLC name, not just your personal name). If your entity name is wrong or missing, claims against the business may be denied. If you operate under a DBA, it should be listed too.
Policy period. The start and end dates of your coverage. Claims-made policies only cover claims filed during this window (unless you have tail or prior acts coverage). Check that there's no gap between your old policy's end date and your new one's start date.
Coverage parts and limits. This section lists each coverage type (professional liability, general liability, property, cyber, etc.) with the corresponding limits:
- Per-occurrence/per-claim limit: the maximum the policy pays for any single claim
- Aggregate limit: the maximum the policy pays for all claims during the policy period
- Deductible/self-insured retention: what you pay out of pocket before coverage kicks in
Scheduled procedures. This is the section most med spa owners don't check carefully enough. Many med spa policies schedule covered procedures. If a service isn't listed (or endorsed), it may not be covered, so confirm in writing before offering it. Every service you offer should appear here. If you added microneedling or IV therapy last quarter, check that it's been endorsed onto the schedule.
Endorsements list. Every endorsement attached to your policy should be listed by name and form number. Cross-reference this with the endorsements you requested. If you asked for an independent contractor extension and it's not on the dec page, it wasn't added to your policy.
Premium breakdown. Shows what you're paying for each coverage component. This is useful for understanding where your dollars go and for comparing quotes from different carriers.
Pro tip: Pull out your dec page right now and check three things: (1) Is your entity name correct? (2) Are all your current procedures listed? (3) Are all the endorsements you thought you had actually there? If any answer is "no" or "I'm not sure," call your broker today.
Annual Coverage Audit Checklist
Your med spa evolves every year: new procedures, new staff, new equipment, new regulations. Your insurance should keep up. Run through this checklist at every renewal:
- Review all procedures offered vs. procedures scheduled on your policy. Did you add any services this year? Are they all endorsed?
- Verify all practitioners are covered. Both W-2 employees and 1099 contractors. Did you hire anyone new?
- Check equipment values against property limits. Did you purchase or lease new devices? Is the coverage amount still adequate?
- Confirm cyber coverage matches your current data practices. Did you add new software, switch EMR systems, or start storing patient photos digitally?
- Review state regulatory changes. Supervision rules, scope of practice laws, and insurance minimums change frequently.
- Evaluate whether your limits are still adequate. If your revenue grew significantly, your exposure grew too. A $1M/$3M policy may have been sufficient at $500K revenue but not at $2M.
- Check your claims-made retroactive date. If you've been on claims-made policies, make sure the retroactive date reaches back to when you first had coverage.
Based on our brokerage portfolio, we find that roughly 40% of med spas have at least one meaningful coverage gap when they come to us for review. An annual audit catches these before they become claim denials.
Frequently Asked Questions
What does med spa insurance typically cover?
Med spa insurance typically covers professional liability (malpractice), general liability, commercial property, product liability, cyber/data breach liability, and workers' compensation. Together, these protect against clinical errors, premises accidents, equipment loss, data breaches, and employee injuries. The specific procedures covered depend on your policy's schedule and endorsements. See our full med spa insurance guide for an overview of each coverage type.
What's usually excluded from med spa insurance?
Common exclusions include procedures not listed on your policy schedule, off-label use (depending on policy language), acts by independent contractors not covered under your policy, sexual misconduct (without a separate endorsement), intentional or criminal acts, and HIPAA fines without cyber coverage. Read about common med spa claims to understand what types of incidents lead to denied claims.
Do I need separate coverage for Botox and fillers?
On most specialized med spa malpractice policies, Botox and dermal fillers are included in the base coverage. However, standard business or spa policies typically exclude injectables entirely. Always confirm that your specific injectable procedures are explicitly listed on your policy's procedure schedule. Don't assume they're covered.
Is cyber insurance included in a standard med spa policy?
No. Cyber and HIPAA liability coverage is not included in standard general liability or malpractice policies. It must be added as a separate endorsement or standalone policy. Given that med spas are HIPAA-covered entities handling protected health information, cyber coverage is strongly recommended.
What endorsements should I add to my med spa policy?
The most commonly needed endorsements are: procedure-specific coverage for services beyond standard injectables (PRP, IV therapy, body contouring), independent contractor extension, sexual abuse/molestation coverage, license action defense, and prior acts coverage if you're switching carriers. Your broker can review your practice and recommend the specific endorsements you need. Get a coverage review.
How often should I review my coverage?
At minimum, annually at renewal. But you should also contact your broker any time you add a new procedure, hire or contract with a new practitioner, purchase new equipment, or expand to a new location. Service menus evolve faster than policies, and keeping them aligned is how you avoid the procedure creep gap that leads to denied claims.