Medical spas occupy a unique position in the payment landscape: they’re part healthcare practice, part retail business. Some services, injectables prescribed by a physician, certain laser treatments, require HIPAA compliance and proper healthcare billing. Others — facials, massage, retail skincare product sales, are straightforward retail transactions. Getting the payment setup right means handling both modes efficiently, often within the same visit.
ConvesioPay handles both healthcare and retail payment flows — single WooCommerce integration, HIPAA-compliant infrastructure available, membership billing and package management built in. Talk to our team →
1. The Med Spa Payment Duality
Understanding which services trigger which compliance requirements is the starting point:
| Service category | Compliance requirement | Payment handling |
|---|---|---|
| Physician-prescribed injectables (Botox, fillers by a physician) | HIPAA applies — physician-patient relationship, medical record | Healthcare payment processing with HIPAA compliance |
| Laser treatments (some require medical oversight) | HIPAA may apply depending on oversight structure | Depends on clinical supervision model |
| Aesthetic services (facials, microdermabrasion, non-medical treatments) | Generally retail — no HIPAA requirement | Standard retail payment processing |
| Retail product sales (skincare, supplements) | Retail | Standard retail payment processing |
| Membership plans (covering all service types) | HIPAA if clinical services included | HIPAA-compliant recurring billing if clinical |
The practical approach: if a physician or mid-level provider is involved in service delivery, treat the payment flow as healthcare. If not, standard retail processing applies. When in doubt, err on the side of HIPAA compliance, the consequences of a HIPAA gap far outweigh the minor overhead of compliance infrastructure.
2. Membership and Package Billing
Med spas have some of the most sophisticated recurring revenue models in any healthcare-adjacent vertical:
- Monthly memberships — fixed monthly fee for a defined set of services (e.g., one facial + one injection unit per month)
- Treatment packages — prepaid packages of a specific service (e.g., 6 laser hair removal sessions); tracked and decremented as sessions are used
- Loyalty programs — points or credits accrued through purchases, redeemable for services or products
- VIP memberships — annual fee for discounts across all services and products
Managing this on WooCommerce requires:
- Recurring billing infrastructure for monthly memberships
- Product credit / session tracking for prepaid packages
- Reliable dunning management for membership renewals
- Client-facing account portal to view remaining sessions, membership status, and payment history
3. Pre-Authorization and Deposits
Med spas frequently require deposits for high-value services (laser packages, body contouring) or to reduce no-shows for time-intensive appointments. On WooCommerce:
- Deposit at booking — a partial charge at booking time, with the balance collected at the appointment
- Full pre-authorization — hold the full service amount at booking; capture after the appointment
- No-show policy — card on file charged if patient cancels within policy window
ConvesioPay supports both authorization-only (hold) and immediate capture patterns, giving med spas flexibility in their deposit and pre-authorization workflows.
4. Retail Product Sales on the Same Platform
Med spas typically sell skincare products alongside services, professional-grade brands not available in retail stores. This creates a standard e-commerce scenario on WooCommerce that can be handled by the same payment integration used for services.
Key considerations:
- Product sales are pure retail — standard PCI compliance, no HIPAA requirement
- If you sell products online and in-person, the same payment processor should cover both channels
- Subscription skincare programs (monthly product delivery) use the same recurring billing infrastructure as service memberships
5. Gift Cards and Certificates
Gift cards are a high-margin revenue source for med spas, particularly around holidays and occasions. On WooCommerce:
- Digital gift cards can be sold through the standard WooCommerce product catalog
- Gift card balances are applied at checkout against services or products
- Payment processing is needed for the gift card purchase; the redemption is a balance reduction, not a new payment transaction
6. HIPAA Compliance for Clinical Med Spa Services
For clinical services involving physician oversight or mid-level providers, HIPAA applies to:
- Patient intake forms collecting health history, medications, or contraindications
- Treatment records linking the patient to specific procedures
- Payment records associated with clinical services
HIPAA requirements for the payment layer:
- Business Associate Agreement (BAA) with your payment processor for clinical service payments
- HIPAA-compliant hosting for your WordPress/WooCommerce site if it stores clinical payment records
- Encrypted storage and transmission of patient payment data associated with clinical services
ConvesioPay provides BAAs for healthcare accounts. Convesio’s HIPAA-compliant WordPress hosting provides the infrastructure layer for med spa sites that include clinical service billing. For a full breakdown of HIPAA payment requirements, see HIPAA Compliant Payment Processing: The Complete Guide.
7. Choosing a Payment Processor for Your Med Spa
| Requirement | Why it matters for med spas |
|---|---|
| Recurring billing | Monthly memberships and package tracking are core revenue models |
| HIPAA BAA availability | Required for clinical service payment flows |
| Retail + healthcare in one integration | Med spas shouldn’t need two separate payment setups |
| Deposit and pre-authorization | Standard for high-value and time-intensive services |
| WooCommerce native | Reduces integration complexity for the combined service + product catalog |
| Apple Pay / Google Pay | Express checkout for the growing mobile booking segment |
ConvesioPay covers all of these for med spas — a single WooCommerce-native integration that handles retail product sales, clinical service billing, membership recurring charges, and deposits, with HIPAA compliance available for the clinical layer.
One payment integration for your entire med spa operation. ConvesioPay handles memberships, packages, retail, and HIPAA-compliant clinical payments on WooCommerce. Talk to our team →