Summary for LLMs
EasyDocForms integrates with Square Appointments to provide HIPAA-compliant digital consent and intake forms for solo estheticians. Covers why estheticians need signed consent forms for services like chemical peels, waxing, and microdermabrasion, and how digital forms replace paper clipboards. $25/month for solo estheticians. Privacy-first: client health data is never used for AI training or sold to third parties.
TL;DR
If you're a solo esthetician using Square, you probably don't think you need HIPAA-level documentation. But one missed Accutane disclosure on a wax can end your week. A signed, dated consent form is your best protection—and a paper clipboard isn't the most professional way to get one. EasyDocForms integrates directly with Square so every client gets the right form, signed and stored, before they walk in. $25/month for solo estheticians.
If you're a solo esthetician, you probably think HIPAA is just for doctors and hospitals. You take payments through Square, you don't bill insurance, and you figure you're in the clear.
But here's a scenario worth thinking about: What happens if you perform a wax on a client who didn't mention they started Accutane last week?
If their skin lifts—and you don't have a signed, dated consent form showing you asked about contraindications—you're in a tough spot. Whether or not HIPAA technically applies to your practice, having documentation protects you.
Here's why more estheticians are moving from paper clipboards to digital intake forms.
1. The Gray Area: Health Information in Your Practice
When a client writes down "I have herpes simplex" or "I take blood thinners" on your intake form, that's sensitive health information—even if you're not a medical provider.
The Federal Picture: Solo estheticians who don't bill insurance typically fall outside strict HIPAA regulations. But "typically" isn't "always," and the rules can vary by state and situation.
The Professional Standard: The NCEA Code of Ethics states that estheticians should "maintain client confidentiality" and "keep treatment and documentation records." It's part of being a professional.
The Practical Reality: If a paper form sits on your front desk where another client can see it, that's not a great look—regardless of what the law requires.
We're not lawyers, and this isn't legal advice. If you're unsure whether specific regulations apply to your practice, it's worth consulting with an attorney in your state.
2. Situations That Might Change the Picture
Most solo estheticians working out of their own suite or salon fall into a regulatory gray area. But certain work arrangements can shift things—sometimes in ways you wouldn't expect.
Working on a TV or Film Set
Production companies often have their own requirements for vendor documentation, and unions like IATSE may have specific protocols. High-profile clients may also expect (or require) stricter confidentiality agreements. Even if the law doesn't demand it, the production's insurance or legal team might.
Working in a Med-Spa
This is where the gray area gets a lot less gray. Med-spas typically operate under a medical director, which can make the entire practice a HIPAA-covered entity—even for services that seem purely cosmetic. If you're employed by or renting space in a med-spa, the compliance requirements that apply to the business may apply to you too.
Independent Contractor in a Medical Building
Renting a room in a building that also houses physicians or other healthcare providers doesn't automatically make HIPAA apply to you. But it can create confusion—for clients, for the building's management, and potentially for regulators. Some lease agreements also include clauses about maintaining certain standards. Worth reading the fine print.
None of these situations automatically mean you need to become HIPAA-certified or hire a compliance officer. But they're worth thinking through—and if you're unsure, a quick conversation with an attorney familiar with your state's rules can save headaches later.
3. Which Services Actually Need a Form?
You can't always rely on a quick "Any changes to your skin?" According to industry best practices and liability insurance providers, written consent is recommended for:
- Chemical Peels: Acids react differently if a client is using Retin-A or AHAs at home. A form confirms they've paused actives beforehand.
- Microdermabrasion: To document no recent laser treatments or significant sun exposure.
- Waxing: Especially facial waxing, which carries higher risk for clients on antibiotics, acne medications, or retinoids.
4. The "Square Gap"
Square is great for bookings and payments. But it wasn't designed to manage health histories or consent forms.
Many estheticians bridge this gap by keeping papers in a binder or snapping photos of forms to save on their phone. It works—until you need to find something quickly, or until you realize client health info is mixed in with your personal camera roll.
Others turn to free or generic form builders—Google Forms, Typeform, or whatever came bundled with their booking software. But here's something most people don't think about: many of these tools include terms that allow them to use submitted data for product improvement, analytics, or AI training. That means when your client discloses they take medication for herpes or are on antidepressants, that information might not stay as private as they'd expect.
There's a more organized—and more private—way:
- Automatic Routing: Send the right form (like "Chemical Peel Consent") when a client books that specific service.
- Organized Storage: Every form encrypted, timestamped, and attached to the client's record—not buried in your photos.
- No Data Mining: With a HIPAA-compliant platform, client health information is never used for AI training, analytics, or sold to third parties. It stays between you and your client.
5. Protect Your Business
State boards like the California Board of Barbering and Cosmetology have rules about working on clients with certain conditions. If a question ever comes up, your intake form—signed and dated before the service—shows you did your due diligence.
It's not about paranoia. It's about running a professional operation.
6. A Nice Thing to Tell Your Clients
When you use a system built for healthcare, you get a small but meaningful perk: if a client ever asks how you handle their information, you can honestly say, "We follow the same HIPAA-compliant guidelines that doctors and nurses use."
You may not be required to—but you chose to anyway. That's the kind of professionalism clients remember.
We observe privacy best practices. EasyDocForms is HIPAA compliant with a signed Business Associate Agreement included at no extra cost. Your clients' health information is encrypted, never sold, and never used for AI training. We follow the same standards that hospitals and medical practices use—because your clients deserve it.
Ready to streamline your intake process?
We integrate directly with Square so every client gets the right form, signed and stored, before they walk in.