Log In

Get Started

HIPAA-Compliant Software Built for Medical Spas

Med spas handle protected health information every day. Knack Health gives you a secure, no-code platform to build the systems you actually need — with a signed BAA, encrypted data, and tools built around how your business runs.
Book a Demo
Medical spas don’t fit neatly into any software category — often too specialized for generic healthcare platforms, and operating in a compliance environment that most booking and practice management tools weren’t built for.
Knack Health gives you a no-code platform to build exactly what your operation needs, with encryption, role-based access, a signed BAA, and record change logs included.

What med spa teams build with Knack Health

From patient intake to provider notes, these are the workflows that tend to end up in non-compliant tools at most med spas. Knack Health has solutions for every use case.

Patient Intake and Medical History

Build custom digital intake forms that collect medical history, allergy information, and treatment preferences and feed them into a secure, searchable database covered by your BAA.

Consent Form Tracking

Track which patients have signed which consent forms, when they signed, and for which procedures, with a timestamped record that holds up to a compliance review.

Before-and-After Photo Management

Store patient photos in a HIPAA-compliant environment with role-based access, linked to patient records by treatment date and procedure type.

Treatment History and Notes 

Build a structured treatment log for each patient — procedures performed, products used, provider notes, and follow-up instructions — with access controls that keep sensitive records visible only to the right staff.

Patient Communication

Send automated appointment reminders, follow-up messages, and treatment updates directly from your Knack app, with all communication tied to the patient record.

Staff Credentials and Provider Records

Maintain HIPAA-compliant records for provider licenses, certifications, and training documentation, with expiration alerts and role-based access keeping HR and clinical records separate.

Built for the operational reality of
running a medical spa

Independent Med Spa Owners 

You're running a business that's part healthcare practice, part hospitality operation, and most off-the-shelf tools weren't built with both in mind. Knack Health gives you a compliant operational foundation without requiring developers or an enterprise contract.

Clinical Directors
and Providers

You need structured, accessible patient records — treatment history, consent documentation, medical intake — without the overhead of a full EMR. Knack Health gives you a configurable system that fits how your practice actually operates.

Multi-Location Med
Spa Groups

Compliance, credentialing, and patient data across multiple locations creates risk that shared drives can't handle safely. Knack Health supports centralized databases with location-level access controls so each site operates independently while leadership has full visibility.

HIPAA compliance built in, not bolted on

Signed BAA Included 

Every Knack Health account includes a signed Business Associate Agreement as standard — no separate request, no enterprise tier required.

Encrypted Data and Role-Based Access 

Patient data is encrypted at rest and in transit. Role-based permissions let you control exactly who can access treatment records, photos, and consent documentation — by role, not by trust.

Record Change Logs 

Every change to a patient record is logged with a timestamp and user attribution. That's the kind of documentation that matters when you're responding to an audit or a patient dispute.

What our users are saying

“Knack is instrumental in the daily running of the business. It literally runs every facet of our company, from front to back. In the beginning, it probably took me three or four days to build out a new section. Now I can build something new in under an hour.”

JD Worley​

CEO, Curetech​

“The two things that were really a game changer for me with Knack was that they were keeping up with the HIPAA rules and regulations. There was a big change last year and they were keeping up with the change.”

Joe Luzi

Founder, Social Health Research

“Knack allows an enormous amount of flexibility but is also very robust. Usually, robustness is compromised when you introduce malleability, but in Knack’s case, I haven’t experienced that.”

Amir Gander

Royal Free London NHS Foundation Trust, University College London Director

Plans and Packages

Choose the level of compliance and support your team needs.

HIPAA Core

Ideal for:
Clinics, practices, and healthcare teams with core HIPAA and security requirements.

Starting at $625
Contact Sales

Features:

  • HIPAA-ready hosting and signed BAA

  • Encrypted data storage and transfer

  • Record change log history

  • Real-time scheduling and appointment booking
  • Access to healthcare templates

  • Fully HIPAA-compliant AI app builder

  • Unlimited app users and builders

HIPAA Enterprise

Ideal for:
Larger healthcare organizations and networks with advanced security, integration, or support needs.

Contact for pricing
Contact Sales

Features:

  • Everything in HIPAA Core
  • Dedicated or isolated infrastructure options
  • Priority support and SLAs
  • Advanced integration and automation support
  • Custom onboarding and migration assistance
  • Security documentation support for vendor reviews
See all pricing and plan details

Give your med spa the compliance infrastructure it actually needs.

Start with a free trial. A signed BAA and HIPAA-compliant infrastructure are included from day one.
Talk to Our Team

HIPAA-Compliant Med Spa Software FAQs

Does HIPAA apply to medical spas?

Yes. Any medical spa that administers treatments by licensed medical professionals — injections, laser procedures, IV therapy, and similar — and collects patient health information is subject to HIPAA as a covered entity or business associate. That includes intake forms, treatment records, consent documentation, and before-and-after photos tied to patient identities.

Yes. A signed BAA is included with every Knack Health account. You do not need to request it separately or upgrade to access it.
Not for scheduling and payments — Knack Health is not a booking or point-of-sale platform. But for patient records, intake, consent tracking, treatment history, and staff management, it can serve as the primary system. Some med spas use it as their core operational database. Others use it alongside existing tools to handle what those tools weren’t built to do compliantly.
Yes. Knack Health supports secure file and image storage linked to patient records, with role-based access controls and encryption. Photos are stored within the HIPAA-compliant environment covered by your BAA.

Knack Health starts at $625 per month and includes unlimited users. See full pricing at Knack.com/Health/Pricing 

Purpose-built med spa EMRs come with fixed workflows that may or may not match how your practice operates. Knack Health is configurable — you build the tools your practice actually needs, structured the way your team works, without being constrained by a vendor’s template. It’s a better fit for practices that have specific operational needs or want more control over their data structure.
Most teams have a working intake form or patient database within a day or two of starting. More complex builds — multi-location systems, connected consent and treatment history workflows — typically take one to two weeks depending on the scope.