Compliance

How Obris Launch builds the legal floor into every medical aesthetics practice site.

Scope. This page describes the six compliance outputs auto-generated on every site Obris Launch builds for medical aesthetics practices — medi-spa, plastic surgery, cosmetic dermatology, and aesthetic-only clinics. It is not legal advice. Each practice is responsible for its own state-specific regulatory posture and should consult counsel for case-by-case questions.

Frameworks covered

HIPAA — Health Insurance Portability and Accountability Act
FTC §255 — Federal Trade Commission endorsement and testimonial guidelines
TCPA — Telephone Consumer Protection Act (2024 one-to-one consent rule)
ABPS / ABMS — board certification truth-in-advertising
State medical boards — state-specific aesthetic medicine and scope-of-practice rules
ADA / WCAG 2.2 AA — accessibility standards

1. HIPAA Notice of Privacy Practices (45 CFR § 164.520)

Every Obris Launch site ships with a Notice of Privacy Practices on its own page, formatted under 45 CFR § 164.520, linked from the footer separately from the Privacy Policy. The HHS-mandated header statement renders verbatim.

2. FTC Individual Results disclaimer (FTC §255)

Auto-injected inline on every before-and-after image, every gallery page, and every testimonials section. Non-removable by default — the disclaimer cannot be toggled off through the editor or any CMS-level setting.

3. TCPA opt-in consent (FCC 2024 one-to-one)

Unchecked checkbox with STOP/HELP language on every contact form. Always renders visible — never set to hidden programmatically. Form submissions are blocked at the validation layer until the box is explicitly checked.

4. Board certification naming (FTC truth-in-advertising)

A required, non-optional field at intake. The template generates the full attribution — "Board Certified by the American Board of Plastic Surgery" — and never the abbreviated "board-certified plastic surgeon" without the named board. Auto-links to certificationmatters.org for public verification.

5. Accessibility statement (ADA / WCAG 2.2 AA)

Every site ships with a dedicated accessibility page, pre-populated with WCAG 2.2 AA conformance language and linked from the footer at launch. Updated automatically when the build's accessibility scan reports a regression.

6. Anonymized testimonials (HIPAA + FTC §255)

Testimonial components disable full-name plus condition pairings by default. Auto-anonymizes to first name + last initial. Diagnosis context is disabled at the schema layer — even if a practice tries to add it through the editor, the field rejects.

Why this approach

In medical aesthetics, the legal floor is too often treated as the operator's problem — something the practice will figure out later, with the healthcare attorney, on a timeline that quietly turns into "never."

Obris Launch was built around a different assumption: the platform should ship the legal floor before the page is published. Six outputs, generated automatically from the practice intake, linked from the site's footer, updated when the rules change — not a feature a practice turns on, but the foundation the rest of the marketing stack sits on top of.

Questions about a specific scenario

This page covers the defaults that ship on every site. For state-specific or scenario-specific compliance questions — board scope rules, FDA promotional language for a particular product, AmSpa norms, multi-state telehealth — email hello@obris.co.