Med spas and aesthetic clinics are part retail business, part medical practice — and that dual nature is exactly where AI helps and where compliance gets misunderstood. AI can fill the calendar and cut admin, but the moment patient health data is involved, HIPAA can apply. Here’s how to adopt it right, and how dgm implements it. (dgm implements osFoundry, a separate company’s platform — we are not osFoundry.)

What AI actually does for med spas

The honest framing: AI’s fastest wins are booking, marketing, and admin — filling the calendar and reducing front-desk load — with documentation and photo workflows close behind. The retail side is low-risk; the medical side carries real obligations.

High-value use cases

  • Scheduling and intake — booking, reminders, and pre-visit forms to keep the calendar full.
  • Marketing and CRM — nurturing leads and clients (a major growth lever for med spas).
  • Before-and-after photo management — organizing and handling treatment photos (see the HIPAA note).
  • Documentation — drafting treatment and consent documentation for review.

The compliance reality: HIPAA can apply

This is the most misunderstood part of med-spa operations. HIPAA can apply — and the trigger is providing medical services that create PHI and conducting electronic standard transactions, not whether you bill insurance. Many med spas handle PHI (treatment records, prescriptions for injectables or GLP-1 medications, and identifiable photos), so the common belief that “cash-pay means no HIPAA” is a misconception worth correcting.

Two practical implications:

  • Before-and-after photos tied to identity are PHI — AI photo and CRM tools touching them are business associates needing a BAA.
  • Staff often underestimate this exposure, so getting the controls right matters.

Confirm your HIPAA status; dgm builds the appropriate controls into the implementation where PHI is involved.

How to start

Start with booking and marketing automation — the fastest, lowest-risk wins — while treating any patient health data (including photos) with HIPAA-grade care and a BAA. Prove the calendar and admin gains, then expand. dgm’s assessment finds the right starting point and confirms your compliance posture.

How dgm helps

dgm implements osFoundry and other AI for US med spas and aesthetic clinics — connecting it to your booking, marketing, and clinical systems with appropriate controls, and training your team. Pricing is fixed and public: a $399 assessment and $3,999/month implementation, with no per-seat fees. If you’d rather explore the platform first, go straight to osFoundry; if you want med-spa AI done right, that’s where dgm comes in.