ProofOps Medical is the AI evidence assistant for Texas med spas and IV clinics. We centralize staff credentials, Good Faith Exam evidence, medical-director documents, product sourcing, waste/sharps records, and missing-document follow-ups into a single audit-ready file — surfaced before a patient complaint, an insurance renewal, a medical-director review, or an inspection notice turns into an emergency.
Two regulatory shifts and a string of high-profile enforcement events have raised the bar on documentation for Texas med spas and IV clinics. Documentation gaps are increasingly what turn routine reviews, complaints, and renewals into high-stress events. Owners who were "fine last year" report different expectations in 2026.
Tap any story below for the full article and sources.
You almost certainly have a waste collector. A training provider. A medical director. Written procedures somewhere. The trouble is that the proof sits across paper binders, vendor portals, the front-desk inbox, the owner's phone, three spreadsheets, and someone's Drive folder. When TMB knocks or your insurer asks at renewal, you can't produce it in 24 hours.
ProofOps Medical does one thing: it pulls every piece of compliance proof your clinic generates into a single digital file, keeps it current with AI agents that chase the gaps, and hands you an inspection-ready PDF every month. The work you already do, finally legible to an inspector.
Each capability addresses a documentation gap that has shown up in real Texas inspections, insurance audits, or board complaints in the last twelve months. Most are uncontested in the small-clinic segment.
See it on your own clinic →
proof@yourclinic.com inbox.Stericycle manifests, MedPro pickup receipts, training certificates, SDS sheets, BAA confirmations — auto-CC'd to one address. Our agent reads each PDF, classifies it (manifest / cert / SDS / invoice / BAA), files it under the right tag with date, vendor, and license number extracted, and updates your readiness score. Your staff touches nothing.
Stericycle pickup three days late? The agent dials their 800 number, navigates the IVR, requests the manifest, logs the call recording, files the result. The same workflow handles MedPro Disposal, your training provider, and state license renewal portals. Your front desk stops chasing paperwork for vendors that should be sending it.
Click "Run the drill." A voice walk-through poses inspector-style documentation questions drawn from §169.25, HB 3749, and OSHA 1910.1030 — the same families of records carriers, boards, and inspectors ask about — for 15–25 minutes, then surfaces a gap report, a recording your medical director can review, and a checklist of what to organize next. Not a prediction of how any specific TMB inspector will conduct an actual inspection.
ProofOps reads from Aesthetic Record, Boulevard, Symplast, or PatientNow. Any patient on the schedule for an injectable, IV, laser, or other delegated procedure is checked against the GFE record on file using the rules your clinic has configured for §169.25. If the documented exam is missing, expired, or appears non-compliant with those rules, the agent SMS-flags the medical director and the front desk before the appointment, and adds the chart to the owner's review queue. The clinical decision to proceed with treatment remains with the licensed provider.
A meaningful share of Texas clinic staff — front desk, MAs, estheticians — speak Spanish as a first language. ProofOps' SMS and voice agents are fluent in both. Training renewals, BBP acknowledgments, incident reports, and owner escalations are delivered in the language each staffer chose at onboarding. Compliance you'll actually get done.
ProofOps continuously polls TMB, the Texas Board of Nursing, and TDLR for every named staffer. NP license expiring in 60 days? CPR cert lapsing in 30? Medical director's DEA renewing next quarter? The agent escalates to the staffer, then to the owner if it isn't resolved. No more discovery during an audit that someone's been out of license for six months.
Your malpractice carrier wants proof at renewal. Click once. ProofOps assembles a single, branded PDF containing: training certificates, BBP exposure-control plan + last review date, manifest log, sharps container records, incident log, ECP review, license copies, BAA list, and last twelve months of readiness scores. Renewals stop being a four-week scramble.
Hit the "Inspection notice" button. ProofOps runs a complete gap scan, generates a four-page briefing for staff (front desk script, RN script, medical director script), drafts replies to anticipated findings, and surfaces every document the inspector is most likely to request — based on what TMB is currently citing. Done in ten minutes.
A dedicated section of your binder holds the medical director agreement, written delegation orders, standing protocols, supervision arrangement, emergency contact method, periodic review dates, and signed staff acknowledgments — each item dated, versioned, and linked to the named clinician it covers. The information your medical director, your insurance carrier, and the TMB ask for first lives in one place that anyone with access can produce in minutes.
Your dashboard shows a daily readiness score, broken down by category — Medical Director, Staff Credentials, Product Source, Waste & Sharps, Training, GFE evidence, Incident logs — calculated from your actual document state, not a self-attestation. The score is internal to your team and your insurance broker; it is not a medical-safety certification, public seal, or substitute for any regulatory finding.
Compliance products fail because the migration is painful. We do the migration for you.
Twenty-minute call. We map your current vendors, EMR, training provider, medical director arrangement, and where your existing proof lives.
We import your last twelve months of binders, set up the vendor inbox, connect Stericycle / MedPro / your EMR, and onboard staff via SMS in their preferred language.
Agents run continuously. Gaps surface as SMS to the responsible staffer; unresolved items escalate to the owner. Your readiness score updates daily.
On the 1st of every month, your branded readiness PDF lands in the owner's inbox. Carriers appreciate organized documentation; inspectors and reviewers can see a clear evidence trail faster.
Patient complaint. Medical-director review. Insurance renewal. Inspection notice. ProofOps Medical gives owners one place to find staff credentials, Good Faith Exam evidence, medical-director records, product-sourcing proof, waste/sharps records, and missing-document follow-ups — before any of these situations becomes urgent.
Surface the treatment record, GFE evidence, consent, staff credentials, and product source for the appointment in question — without a frantic email chain.
Show delegation orders, standing protocols, supervision arrangement, and signed acknowledgments — all dated and current — in one organized view.
Generate a single evidence pack with credentials, training proof, vendor records, incident summaries, and 12 months of readiness scores — ready to send your broker.
Run a documentation drill, get a gap report, and have role-specific scripts ready for your medical director, RN, and front desk before the inspector arrives.
You don't need MedTrainer's hospital LMS or Compliancy Group's eight-week onboarding. You need the file ready before the next inspection — and someone who answers the phone.
Comparison reflects publicly available vendor information as of May 2026. Vendor names and trademarks are property of their respective owners. "Limited," "Reminder only," and similar entries reflect feature scope rather than absence.
Get my free Texas documentation auditBecause that's what it is. Single location, transparent pricing, no per-seat surprises, no annual lock-in, no termination fees. Cancel any time.
Solo med spa, owner-led, single location.
Single location, full AI agent stack and chase service.
proof@ inbox + Vendor Document ChaseMulti-location or high-risk (IV, sedation, dermatology).
The setup fee is a one-time charge that funds the people and engineering work to move twelve months of paper, email threads, vendor portals, and spreadsheets into a clean digital file — and to wire your real systems into ProofOps so the agents can do their job from day one.
proof@ inbox. Our AI agent does the rest: it uploads, classifies, tags, date-stamps, and files each one against manifests, training certs, SDS sheets, BAAs, and incident logs. No manual data entry. We send a one-page capture checklist at kickoff so the front desk knows what to send and the order to send it in.proof@ address, with Stericycle / MedPro / training providers re-routed.If we miss any of the six measurable milestones below in your first 30 days, we refund your setup fee plus your first month's subscription. No investigation, no fine print.
The guarantee depends on you supplying these items on time so the integration can go as planned. The 30-day clock for any affected milestone pauses while we're waiting on a Customer-supplied item.
You hold up your end — supply the items above on time, approve the integrations, report issues within 7 days — and we hold up ours. A milestone whose timing depends on a Customer-supplied item that arrived late is excluded from the guarantee. Otherwise, you walk away with everything paid back. See full terms in the FAQ →
All prices in USD. One location per subscription. Multi-location pricing on request. Setup fee billed at signup; subscription billed monthly thereafter unless paid annually.
Includes §169.25, HB 3749, OSHA 1910.1030, and evidence-workflow review.
We'll review what's publicly visible (your site, Google Business Profile, IV menu, team page) plus a brief intake on your medical director arrangement, GFE workflow, and waste vendor. You get a one-page PDF with the documentation gaps a Texas Medical Board inspector or insurance underwriter would surface today.
Within one business day, you'll receive a 2-page PDF that includes:
We'll email it from info@proofopsmedical.com. If you don't see it within 24 business hours, check spam — and feel free to reply directly to that thread.
That's exactly what the 30-Day Delivery Guarantee is for. If we miss any of the six measurable milestones below by day 30 of your subscription — for reasons within our control — we refund your setup fee plus your first month's subscription. No investigation, no fine print.
The guarantee is a partnership. To keep our 30-day promise, we need you to supply the following items within 7 days of signup so integration can go as planned:
proof@ inboxThe 30-day clock for any affected milestone pauses while we're waiting on a Customer-supplied item. Once you've supplied everything we asked for, the clock resumes. If a milestone slips because of something you didn't supply on time (for example, you didn't approve the EMR connection or didn't send captured paper records), that milestone is excluded from the guarantee. Otherwise, if we miss any of the six milestones for reasons within our control, you walk away with the setup fee and first month back.
Capture is on the clinic — but it's not the data-entry slog you might be picturing. You don't sit at a scanner all day, and you don't manually upload anything one-by-one.
For paper records, the front desk simply scans the page on your existing printer or
snaps a phone photo, then forwards it to your dedicated proof@yourclinic.com
inbox (or attaches it to a quick text message). Our AI agent picks it up from there:
uploads it to your secure binder, classifies it (manifest / training cert / SDS / BAA / incident log /
GFE record / etc.), extracts the date, vendor, license number, and expiry, files it against the right
tag, and updates your readiness score. No manual data entry, no manual filing.
For digital records — anything already in email, vendor portals, EMR exports, or shared drives — we handle the import for you during the 7-day migration window. You forward the relevant inboxes and grant access; the agent does the migration.
We send a one-page capture checklist at kickoff that lists what to send and the order to send it in, so a single afternoon of front-desk work gets the bulk of your 12-month history into the binder.
No, and we won't pretend to. Your medical director sets clinical policy and signs delegation orders. Your OSHA consultant validates your exposure-control plan. Your attorney advises on TMB responses. ProofOps is the operational layer that proves their work was actually performed and stored — and that your day-to-day staff workflows didn't drop the ball.
Stericycle's portal stores manifests well. It does not chase missing receipts, run a §169.25 inspector simulation, watch your EMR for missing GFEs, poll the Texas Medical Board for license renewals, or generate a one-click insurance pack. Their guarantee covers OSHA bloodborne-pathogens citations only — ours covers HIPAA, TMB, BON, and state aesthetic-board documentation gaps that theirs explicitly excludes. Use both. They complement.
Aesthetic Record, Boulevard, Symplast, PatientNow, Nextech, and Mangomint at launch. If you use a different EMR, we connect via report exports until a native integration ships. Unlike Moxie, ProofOps does not require you to switch your practice-management system — we work alongside whatever you already run.
ProofOps offers HIPAA-ready onboarding — we sign a Business Associate Agreement with every customer before any PHI touches our system. Documents are stored encrypted at rest and in transit. We do not train AI models on your data. Access is least-privilege by design and fully audit-logged. Detailed security documentation is available on request.
We run a one-hour discovery call, then complete migration within seven business days. Most clinics receive their first full readiness PDF on day 30. The setup fee ($999 / $2,500 / $4,999 depending on plan) covers the actual labor of moving twelve months of paper, email threads, vendor portals, and spreadsheets into your digital binder — plus EMR integration, voice-agent configuration, and staff onboarding in both languages. Pay annually upfront and we credit 50% of the setup fee back to your account. Either way, the migration is done by us, not your front desk.
Yes, any time. There's no annual lock-in and no termination fee — your subscription ends at the close of the current billing cycle and you stop being billed. Setup fees and past monthly fees are not refundable (the setup fee covers actual migration labor we perform upfront; the monthly fee covers the agents and infrastructure that ran during the period). You keep an exportable copy of your data for 30 days after cancellation.
We start with Texas because §169.25 and HB 3749 created an immediate compliance gap and we want to do one state extremely well before expanding. Florida, California, Arizona, and Georgia are next on the roadmap. If you operate in those states and want to be on the early-access list, mention it on the audit form.
The Wortham, Texas case last week is a tragedy that became a precedent. A patient died. Two operators were charged with felonies. An entire industry of well-run clinics now operates under a presumption of guilt unless documentation proves otherwise.
The truth is most med spas and IV clinics aren't reckless — they're under-tooled. Their compliance work is real; the proof of it is scattered across paper binders, vendor portals, the front-desk inbox, the owner's phone, three spreadsheets, and someone's Drive folder.
ProofOps Medical exists to close that gap. Not to lecture owners about regulations they already know. Not to replace the medical directors and OSHA consultants who do the underlying work. To centralize the proof, run the agents that chase the gaps, and stand behind the file we hand you with our own money.
If you run a Texas clinic, a 20-minute call costs you nothing. The Wortham headlines have already changed what your insurer, your inspector, and your patients expect. We can help you meet that bar before your next audit, not after.
We keep our claims specific: ProofOps is built around the regulatory frameworks below and focused on documentation workflows — so you know exactly which paperwork it produces.
Get your free Texas documentation audit or talk to the founder. Either way, you'll know within an hour whether ProofOps Medical is right for your clinic.
The Wortham case is the practical illustration of why Texas's new medical-spa rules exist — and a preview of what enforcement looks like when documentation and supervision live only on paper.
On April 28–29, 2026, Amber Johnson, owner of Luxe Med Spa in Wortham, Texas, and Dr. Michael Patrick Gallagher, the spa's former medical director, surrendered to authorities to face a combined 39 felony charges related to the 2023 death of patient Jenifer Cleveland during an IV hydration session. Johnson faces 14 charges. Gallagher faces 25.
The criminal case is the first major prosecution against a non-clinician-owned IV practice under the framework Texas reorganized in 2025. According to court filings and reporting from KCEN, Dr. Gallagher — the named medical director on the spa's regulatory paperwork — was approximately 100 miles away at the time of Cleveland's IV infusion. Johnson, a phlebotomist, did not hold a Texas license to administer IV therapy. The supervision and delegation paperwork that should have governed the procedure either did not exist or was not being followed.
Inside the Texas medical-aesthetics community, the Wortham case is widely cited as the catalyst for HB 3749 ("Jenifer's Law"), which took effect September 1, 2025 and now restricts IV initiation to MD, APRN, PA, or RN providers under a documented physician-supervision arrangement. The arrests last week are the first major criminal action under that new posture.
Why this matters for every Texas med spa and IV clinic. The felony exposure traces directly to documentation. The medical director was named on paper. The supervision was not happening in practice. The gap between the two is what the prosecution is built on. Spas that operate the same way today face the same exposure tomorrow — not someday, this quarter.
The questions a Texas Medical Board investigator (and, increasingly, a District Attorney) will ask on the first day of an inquiry are now well-rehearsed: Show me your medical director's signed delegation orders. Show me the standing order for this procedure, dated and reviewed. Show me the supervision log for the last 30 days. Show me the Good Faith Exam that authorized the patient on the schedule today. If those records cannot be produced — clean, dated, and in writing — the gap is the case.
Federal enforcement against independent aesthetic practices used to be a theoretical risk. As of April 1, 2026, it is a public, named, indexed event — and the bar is documentation, not adverse outcomes.
On April 1, 2026, the U.S. Food and Drug Administration issued its first-ever DSCSA warning letter to a dispenser-tier facility — Pure Indulgence Aesthetics in Southlake, Texas. The Drug Supply Chain Security Act (DSCSA) governs the chain-of-custody documentation that must accompany any prescription drug as it moves from manufacturer to wholesaler to dispenser. The letter cited unit-count discrepancies in the practice's Botox records and inadequate documentation of receipt, transfer, and storage transactions for federally controlled aesthetic injectables.
For the medical-aesthetics industry, this is a watershed. DSCSA enforcement has historically focused on wholesalers, distributors, and large healthcare systems. Targeting an independent med spa — and doing so over documentation, not patient injury — signals that small aesthetic practices are now squarely on FDA's radar.
The warning letter is also a brand event. Federal warning letters are public, indexed by FDA, and routinely surface in patient web searches and insurance underwriting reviews. A single letter can affect renewal pricing for years and triggers patient questions ("Why is your name on the FDA's website?") that no amount of marketing can outrun.
What every Texas med spa needs to be able to produce on inspection. Unit-by-unit transaction records for every DSCSA-covered product (Botox, Dysport, Xeomin, Daxxify, dermal fillers, certain biologics) — including: who you bought it from (T2/T3 trading partner), the lot and serial number, the date received, the storage location, the patient or chart number it was used on, and the date administered. "We probably have it somewhere" is not the answer.
Practices that buy through reputable suppliers usually receive the chain-of-custody records they need. The compliance gap is almost always on the dispenser side — the records sit in someone's email, a vendor portal, or a paper binder, and nobody reconciles them against actual usage. A single missing line item is enough to support a finding.
When state regulators decide to act on documentation, they don't wait for a patient injury. New York's 2024 sweep is the modern enforcement playbook — and Texas's legal framework is already in place to run the same one.
Between June and September 2024, the New York City Council convened an interagency working group to address the rapid growth of unregulated medical-aesthetics practices. The working group brought together the New York State Department of Health, the State Education Department, and the Office of Professional Discipline to coordinate enforcement.
By September 2024, four NYC med spas had their licenses revoked. Eleven additional investigations were ongoing as of the Council's December 2025 progress report. Most striking: the most common findings were not patient injuries. They were documentation deficiencies — missing or vague delegation paperwork, unsigned protocols, undisclosed staffing, and unverifiable medical-director arrangements.
Why this matters for Texas. State-led enforcement playbooks travel. The NYC playbook — interagency coordination, documentation-first findings, public licensing actions — is the model state regulators across the country are studying. Texas, with the new TMB Chapter 169 rules and HB 3749 already in force, has the legal framework already in place. What is missing is the interagency execution, and industry observers including AmSpa and ByrdAdatto expect a similar enforcement push in Texas in 2026–2027.
The "we have a medical director" answer that historically passed in routine inspections is now considered insufficient under every modern enforcement playbook. What inspectors look for is the trail: who is the medical director, when did they sign the delegation order, when did they last review the protocols, where are the supervision logs, and is the staff member performing the procedure documented as a delegate. A spa that "has" a medical director but cannot produce that trail is no longer in compliance under either the New York or Texas regimes.
The reasonable response is not to acquire a different medical director. It is to make the documentation trail real, current, and producible — within minutes, not weeks — so the answer to the inspector's first question is, "Yes, here it is."
The rule change that quietly redefined what "compliance" means for every Texas med spa, IV clinic, and aesthetic dermatology practice in 2025.
Effective January 9, 2025, the Texas Medical Board retired its prior delegation rule (§193.17) and replaced it with Chapter 169, sections §169.25 through §169.28. The new rules explicitly classify nonsurgical cosmetic procedures — Botox, dermal fillers, IV therapy, laser, microneedling, and similar — as the practice of medicine.
What changed in practice:
The Texas Medical Board has stated explicitly that vague GFEs and standing orders do not meet the new standard. Inspectors are visiting practices across Texas and asking, on the first day of an investigation, to see the GFE record, the delegation order, and the supervision log for the procedures observed in the schedule.
The practical effect on the industry has been immediate. Practices that "have a medical director" but cannot produce these specific documents on inspection are operating outside the rule. The penalty is rarely the headline-grabbing fine — it is the inability to continue practicing the procedure until the documentation is corrected, board referral, license action against the medical director, and reputational impact in a market where patients now openly check public board-action records before booking.
The Wortham/Luxe Med Spa felony case in April 2026 is the practical illustration of what happens when the §169.25–169.28 paper trail is missing and a patient is harmed. The criminal exposure runs to the named medical director and the owner — not just to the staffer who held the syringe.
If your business model is "non-clinician-owned IV clinic," HB 3749 didn't end your business — it raised the documentation bar so high that paperwork is now the difference between operating and being shut down.
Effective September 1, 2025, Texas House Bill 3749 — known as Jenifer's Law in honor of Jenifer Cleveland — took effect. The bill restricts the initiation of any elective IV therapy in Texas to four provider categories: a physician (MD/DO), an advanced practice registered nurse (APRN), a physician assistant (PA), or a registered nurse (RN), all operating under a documented physician-supervision arrangement.
Practical implications for Texas IV hydration clinics, mobile IV businesses, and med spas that offer IV menus:
The bill was prompted by the 2023 death of Jenifer Cleveland during an IV hydration session at Luxe Med Spa in Wortham, Texas. The criminal prosecution arising from that death — owner and ex-medical director surrendered on felony charges in late April 2026 — is the practical illustration of what HB 3749 is intended to prevent.
What inspectors and underwriters now ask for: the supervising physician's name and license number, signed delegation orders for every IV protocol on the menu, the supervision arrangement (in-person, telehealth, on-call) and the cadence at which standing orders are reviewed, and the IV-initiation log showing which licensed provider initiated which patient's infusion. Texas IV clinics that have not updated their delegation paperwork, supervision protocols, and provider rosters since September 1, 2025 are operating against the rule.
Documentation-only OSHA fines on small clinics are no longer rare. The same standard, the same paperwork, and the same penalty math apply across every state — including Texas.
In 2024, OSHA assessed a $14,502 civil penalty against a small medical practice in Naperville, Illinois (DuPage County) for inadequate documentation of bloodborne-pathogen training. The penalty was issued under 29 CFR 1910.1030 — the Bloodborne Pathogens Standard that applies to every Texas med spa, IV clinic, dental office, tattoo studio, and aesthetic practice that handles sharps or biohazard materials.
In the same enforcement window, DuPage County reported that twelve small practices were cited for missing or expired annual exposure-control-plan reviews — another straightforward documentation finding under the same standard. None of these citations involved patient injury. They were paperwork findings.
Penalty math owners often underestimate. Serious BBP findings start at $16,550 per instance in 2026. Willful or repeated findings can reach $165,514 per instance. A single inspection that surfaces three documentation deficiencies — a missing ECP review, an undated training log, and an incomplete sharps log — can produce a five-figure exposure on a single visit, regardless of clinical performance.
Why "we have Stericycle" is not a complete answer. Medical-waste vendors like Stericycle and MedPro Disposal include a documentation toolkit with their pickup contracts, and Stericycle's Steri-Safe Platinum tier carries a "No Fine. No Fail" guarantee — but only for OSHA bloodborne-pathogens citations. It does not cover HIPAA, Texas Medical Board, Texas Board of Nursing, or state aesthetic-board citations. Most documentation findings against med spas in 2024–2026 fall outside the OSHA-only carve-out.
What an OSHA inspector typically asks for, in order: the current Exposure Control Plan and the date of last review (must be annual); the Bloodborne Pathogens training records for every clinical staff member, signed and dated; the sharps-container log; the post-exposure incident log (even if empty, the log must exist); the SDS sheets for any chemicals used in the practice; and PPE training records. A practice that cannot produce all six within an hour is rarely walking out without findings.
The Texas Department of Insurance, professional liability underwriters, and increasingly insurance brokers are aware of this enforcement pattern. Many carriers now ask, at renewal, for documentation evidence of the items above. Carriers that previously accepted attestation are moving to evidence-based renewal underwriting in 2026.