The Check-In

Medical spas don't look like hospitals, but they operate like healthcare providers in many ways. You collect medical histories. You document treatments. You store before-and-after photos. You may prescribe medications or conduct telehealth consultations. All of that involves protected health information (PHI) — and that makes HIPAA compliance a legal obligation, not simply a best practice.

This guide explains what medical spa HIPAA compliance requires in 2026: what counts as PHI, when HIPAA applies to your medspa, the penalties for getting it wrong, what your software must do, and a practical checklist to act on today.

This is not legal advice. For guidance specific to your practice, consult a healthcare attorney familiar with your state's requirements.

At a glance

Quick Summary

  • HIPAA (the Health Insurance Portability and Accountability Act) applies to most medspas that collect health information as part of clinical treatments — regardless of practice size or whether you bill insurance.
  • PHI includes patient names combined with treatment details, medical histories, before-and-after photos, prescriptions, and payment data linked to treatments.
  • You must have signed Business Associate Agreements (BAAs) with every vendor that handles patient data.
  • 2026 HIPAA penalties range from $145 per violation (unaware) to $73,011+ per violation (willful neglect, uncorrected), with an annual cap of $2,190,294.
  • Zenoti is designed to support medspa HIPAA compliance — HIPAA-compliant photo storage, role-based access, BAAs, encrypted transmission, and audit trails.

Why HIPAA applies to medspas (even without insurance billing) 

One of the most common misconceptions is that HIPAA only applies to large hospitals or insurance-based providers. In reality, medspa HIPAA requirements are tied to the type of information you collect, not the size or branding of your business.

Many medspas qualify as covered entities or operate under physician supervision because they:

  • Collect medical histories and health questionnaires
  • Provide clinical treatments (injectables, laser, skin procedures)
  • Maintain treatment documentation
  • Prescribe or manage medications
  • Offer telehealth consultations

Even if you do not bill insurance, HIPAA may apply if you electronically transmit health information in connection with certain healthcare transactions.

For official guidance, refer to the HHS HIPAA official guidance and the HHS definition of covered entities.

The takeaway: if you provide medical aesthetic services and handle patient health information, HIPAA compliance for aesthetic clinics likely applies to you.

The 2026 HIPAA enforcement environment has intensified. The HHS Office for Civil Rights (OCR) resolved 22 enforcement actions in 2024 alone — including fines against small practices, not just large hospital networks. The OCR's ongoing risk analysis enforcement initiative, which began in 2025, specifically targets whether covered entities have conducted a Security Risk Assessment. Medspas that have not done so are at elevated risk.

“Zenoti is the simplest solution for our industry, with the right electronic medical records in place, HIPAA compliance, and streamlined operations — essentially running things the way our industry is meant to be run.”

- Ben Crosbie, CEO, The DRIPBaR

What counts as protected health information in a medspa (and what surprises most owners)

To understand HIPAA compliance for medspas, you first need clarity around what qualifies as protected health information. In simple terms, PHI is individually identifiable information related to a patient’s health condition, treatment, or payment for healthcare services.

In a medspa setting, protected health information may include:

  • A patient’s name combined with treatment details
  • Intake forms and medical histories
  • Clinical notes and treatment plans
  • Before-and-after photos tied to a patient’s identity
  • Telehealth consultation documentation
  • Prescription records
  • Payment data linked to specific treatments
Information Type PHI or Not PHI?
Patient name alone Not PHI on its own
Treatment type alone (e.g. 'Botox treatment') Not PHI on its own
Patient name + treatment type combined PHI — individually identifiable health information
Before-and-after photos without patient identity Generally not PHI
Before-and-after photos linked to patient record PHI — photos tied to identity and treatment
Medical intake forms and health questionnaires PHI — health condition + identity
Payment data (credit card number alone) Not PHI
Payment data linked to a specific treatment PHI — payment for healthcare services
Telehealth consultation notes PHI — health information + identity
Prescription records PHI — health condition, identity, treatment
Employee name without patient connection Not PHI

The key phrase is “individually identifiable.” A treatment type alone is not PHI. A name alone may not be PHI. But when health-related information is connected to a person’s identity, it generally becomes protected health information in a medspa context. Photos are often one of the most overlooked areas. They're a great marketing tool, but if images are tied to a patient and reflect medical treatment, they are typically considered PHI.

That's where purpose-built tools make a difference.

Zenoti's Photo Manager is designed with medspa compliance in mind — storing before-and-after photos in HIPAA-compliant cloud storage, tied directly to patient records, with role-based permissions and consent workflows built in. So your team can capture, compare, and showcase transformations confidently, without the compliance guesswork.

Ready to transform your clinical photography? See how Zenoti Photo Manager could work for your medspa.

2026 HIPAA penalty tiers for medical spas

HIPAA penalties are structured in four tiers based on the level of culpability. The 2026 figures below reflect the Jan. 28, 2026, inflation adjustment published in the Federal Register by HHS, applying the 2025 cost-of-living multiplier.

Tier Violation Type Minimum Per Violation Annual Cap (same provision)
Tier 1 Did not know and could not have known $145 per violation $36,630
Tier 2 Reasonable cause, not willful neglect $1,461 per violation $146,524
Tier 3 Willful neglect — corrected within 30 days $14,602 per violation $365,866
Tier 4 Willful neglect — not corrected $73,011 per violation $2,190,294

Source: HHS Federal Register, January 28, 2026. Penalties apply per violation — a single data breach affecting 50 patient records is 50 separate violations.

In 2024, the OCR collected $12.8 million in civil penalties and settlements from healthcare providers. The most common reasons for enforcement actions against small practices include: failure to conduct a security risk assessment, missing or inadequate BAAs, delayed breach notifications, and improper disposal of PHI.

Important Note

Criminal HIPAA penalties apply for intentional misuse of PHI. These range from fines up to $250,000 and prison terms up to 10 years depending on intent. For medspas, the risk of criminal charges is low, but civil enforcement of the above tiers is active and increasing.

Business Associate Agreements for medical spas

A Business Associate Agreement is a legally required contract between your medspa and any third-party vendor that creates, receives, maintains, or transmits protected health information on your behalf. Operating without a signed BAA with these vendors is a HIPAA violation — even if no breach has occurred.

For a medical spa, required BAAs include:

  • Practice management and medspa software platform (e.g. Zenoti, AestheticsPro, Pabau)
  • Cloud storage provider (e.g. AWS, Google Cloud, Dropbox — only if storing PHI)
  • Email marketing platform (if campaigns are segmented by treatment history or health data)
  • Telehealth platform (if conducting virtual consultations that involve PHI)
  • Payment processor (if payment data is tied to specific treatments)
  • Shredding or records destruction company
  • IT service provider with access to systems containing PHI
  • Attorney handling patient record disputes or healthcare litigation

A BAA must specify what the vendor is permitted to do with PHI, what security safeguards they maintain, how they will notify you of a breach (within 60 days maximum), and how PHI will be destroyed or returned when the relationship ends.

Zenoti provides a signed BAA for medspa clients. This is one of the first questions to ask any software vendor before entering a contract involving patient data. If a vendor cannot provide a BAA, they cannot handle PHI — no exceptions.

Vendor Type BAA Required?
Practice management / medspa software Yes — stores and transmits PHI
EHR / charting platform Yes — stores clinical PHI
Cloud storage (if storing PHI) Yes — even if data is encrypted
Email platform (general newsletters) No — if content does not include PHI
Email platform (treatment-specific campaigns) Yes — if segmented by health data
Payment processor Yes — if payment tied to specific treatment
Cleaning company No — but may need confidentiality agreement
Telehealth platform Yes — clinical PHI transmitted
IT support provider Yes — if access to PHI systems
Attorney for patient data matters Yes — accesses PHI in legal context

Common HIPAA compliance risks in medspa operations

Most compliance gaps are not intentional. They emerge from everyday workflow decisions in busy, growing practices. Understanding these blind spots is central to strengthening medspa patient data security.

Texting treatment-specific details

Appointment reminders that mention specific procedures — “See you for your filler appointment tomorrow” — involve PHI. If the messaging platform is not HIPAA-compliant and has not executed a BAA with your practice, every one of those texts is a potential violation. Use a HIPAA-compliant messaging system with a signed BAA.

Storing before-and-afterpPhotos on personal devices

Capturing treatment photos on personal smartphones is the single most common PHI exposure risk in medspas. Without a formal device policy, encryption, and secure storage with access controls, personal devices holding patient photos are a liability. Use a purpose-built photo management tool with HIPAA-compliant cloud storage — Zenoti's Photo Manager stores all patient images in encrypted, access-controlled cloud storage, tied directly to the patient record.

Shared front-desk logins

When multiple staff members share a single system login, you lose the ability to audit who accessed which patient record and when. The HIPAA Security Rule requires user-level access controls and audit trails. Every team member needs their own login, with permissions limited to the patient data relevant to their role.

Using non-compliant communication apps

Consumer apps — standard text messaging, WhatsApp, standard email — do not provide HIPAA-compliant encryption or access controls. Internal staff communications about patients must use compliant tools. Switching to a platform with a signed BAA for all patient-related communications closes this gap.

Missing BAAs with software vendors

Operating without signed BAAs with your software providers, cloud storage, and IT vendors is a direct HIPAA violation regardless of whether a breach occurs. Audit your vendor list and request BAAs from any vendor with access to patient data.

Unsecured intake and consent forms

Paper intake forms left visible at reception, emailed PDFs without encryption, and online forms without secure transmission all create exposure. Digital intake forms collected through a HIPAA-compliant platform — with encrypted transmission and storage — negate all three risks.

Marketing campaigns using treatment history

Targeting patients with email campaigns based on their treatment history (re-engaging Botox clients, for example) uses PHI for marketing. This is permitted under HIPAA's treatment exception, but the tool used to execute the campaign must have a BAA in place, and the opt-out mechanism must be clear. Using a non-compliant email platform for treatment-segmented campaigns is a violation.

These operational realities don’t mean your practice is “non-compliant.” They highlight why a structured approach to HIPAA compliance for medspas is essential.

Software and HIPAA: What medspa owners should look for

Technology decisions directly influence how medspas remain HIPAA-compliant. Because many aesthetic practices rely on multiple platforms — scheduling tools, payment processors, CRM systems, telehealth platforms — the risk often lies in fragmentation.

Feature Why It Matters for HIPAA Zenoti
Signed BAA Required to use any software that handles PHI Yes — provided to medspa clients
Role-based access controls Limits PHI access to authorized staff only Yes — granular per-role permissions
Encrypted data storage Protects PHI at rest from unauthorized access Yes — encrypted cloud storage
Encrypted data transmission Protects PHI in transit Yes — TLS encryption
Audit trail / access logs Required to demonstrate who accessed PHI and when Yes — full audit trail
HIPAA-compliant photo storage Before-and-after photos are PHI — must be stored securely Yes — Photo Manager with compliance controls
Digital consent forms Replaces paper forms; secure transmission and storage Yes — digital intake and consent workflows
Secure two-way messaging Patient communication must be HIPAA-compliant Yes — compliant messaging within platform
E-prescriptions (Surescripts) Prescription records are PHI — must be handled securely Yes — integrated e-prescribing
Multi-location access controls Each location's PHI should be isolated where appropriate Yes — location-level permissions

When evaluating systems, consider whether they support the following.

Encrypted data storage

PHI should be encrypted both when transmitting and while stored on any company devices.

Role-based access controls

Not every team member needs access to every record.

Look for systems that allow:

  • Clinical staff to access medical histories and treatment notes
  • Administrative staff to manage scheduling and payments
  • Controlled, selective visibility based on job role

Granular role permissions reduce unnecessary exposure and strengthen patient data security for your medspa.

Audit logs

Audit trails provide visibility into who accessed what data and when. This transparency supports oversight and internal accountability.

Secure cloud infrastructure

Cloud-based software can meet HIPAA compliance for aesthetic clinics — but only if built with healthcare-grade security in mind. Ask vendors about their hosting environment and safeguards.

Business associate agreements (BAAs)

If a vendor stores or processes PHI on your behalf, a business associate agreement (BAA) may be required to clarify shared responsibilities.

Rather than viewing this as a technical checklist, think of it as vendor due diligence. For more detail refer to HHS OCR enforcement guidance. Your compliance posture depends not just on your internal processes, but also on the systems you trust.

“Zenoti has been essential since our 2019 transition. It unified three databases and now runs everything from bookings to payments — we couldn’t operate without it.”

- Jo Kelton, Chief Operating Officer, Removery


Hidden HIPAA risks in payments, intake forms, and online booking

The retail-clinical blend in medspas often creates subtle compliance challenges.

Secure digital intake

If patients submit health histories online, those forms must be transmitted and stored securely. Convenience should not come at the expense of compliance.

Payment systems and PHI separation

Payment processors focus on card security (PCI compliance), which is different from HIPAA. However, when financial transactions are directly tied to treatment details, PHI considerations come into play.

Clear separation between clinical records and payment systems — while maintaining appropriate safeguards — helps reduce risk.

Online booking data

Consider what information patients provide during medspa online booking. Collecting unnecessary medical disclosures at this stage may increase exposure if they aren't properly secured.

Integrated platforms can reduce risk by limiting data handoffs between disconnected tools. Fewer system gaps often mean fewer compliance vulnerabilities.

Industrty insight:

97% of medical spa clients say they want mobile appointment booking, highlighting how central digital systems have become to patient interactions.

Source:

2025 Beauty and Wellness Benchmark Report, Zenoti

Online booking is a frequently overlooked point of compliance risk. A guest who books an injectable treatment online has created a record linking their identity to a specific medical service. If that booking confirmation is sent via a non-compliant email system, or the booking data is stored in a general CRM without a BAA, HIPAA has already been violated. Zenoti's online booking system for medspas handles intake forms, consent collection, and booking confirmation within a single HIPAA-aware environment — eliminating the fragmentation that creates these gaps.

HIPAA and medspa photos: Clinical vs. marketing use 

In aesthetic practices, images serve two purposes: clinical documentation and marketing/promotion. These functions should be clearly separated.

A patient gallery used for treatment records should be access-controlled and limited to authorized staff. A marketing gallery used for promotional purposes should operate separately, with proper patient authorization and careful removal of identifying information.

Maintaining this separation supports medspa safeguards for protected health information while still allowing your business to grow.

Telehealth and ePrescribing: HIPAA considerations for medspas

As more medspas expand into virtual consultations and digital prescribing, compliance responsibilities expand with them.

If you offer telehealth services:

  • Confirm the platform supports encrypted communication.
  • Ensure consultation records are securely documented.
  • Verify integration into the patient’s clinical file.

If you manage prescriptions electronically, integrated e-prescribing systems can reduce manual handling of PHI. For example, Zenoti’s ePrescribe with Surescripts integration lets providers send prescriptions digitally — including EPCS and non-EPCS medications — directly from within the patient profile, connected to 95% of U.S. pharmacies.

When systems are unified and purpose-built for healthcare environments, it becomes easier to manage HIPAA compliance consistently across aesthetic clinics.

Learn how Zenoti supports compliant digital prescribing

The marketing use of before-and-after photos requires explicit written patient authorization that is distinct from the clinical consent obtained at the time of treatment. Many medspas use a single consent form for both clinical and marketing purposes — this is permissible, but the marketing consent must be clearly separated with an explicit opt-in, not bundled into the clinical consent as a condition of treatment. Patients must be able to consent to clinical photography without consenting to marketing use.

Zenoti's Photo Manager stores all patient images in HIPAA-compliant cloud storage with role-based access controls. Clinical images and marketing-release images are tracked separately within the patient profile. Watermarking, before-and-after overlay tools, and consent status are all managed from one system — so your team knows at a glance which images can be used publicly.

Staff training and internal HIPAA policies for medspas

Even the most secure platform cannot prevent compliance gaps caused by unclear policies or inconsistent habits.

To strengthen how medspas stay HIPAA compliant, consider whether you have:

  • Defined access protocols by role
  • Clear policies for personal device usage
  • Documented photo storage procedures
  • Ongoing compliance awareness training
  • Incident response guidelines

Training does not need to be complex. It should be practical, repeatable, and tied directly to daily workflows. When your team understands how everyday actions affect medspa patient data security, compliance becomes part of culture—not just documentation.

HIPAA Training Requirement Frequency
Initial HIPAA Privacy and Security Rule training for all new staff At hire — before any PHI access
Recurring HIPAA training for existing staff Annually at minimum
Breach response training (what to do if PHI is exposed) Annually — include simulated scenario
Role-specific training for staff with elevated PHI access At role change or when access level changes
Documentation of all training sessions Ongoing — required for OCR audit readiness
Security risk assessment update Annually or when significant system changes occur
BAA audit — verify all vendor agreements are current Annually or when onboarding new vendors

Medspa HIPAA compliance checklist

Use this checklist to assess where your practice stands on patient data security.

  • Confirm whether HIPAA applies to your practice (most medspas that provide clinical services qualify)
  • Identify every system that stores or transmits PHI — scheduling, EMR, payments, photos, telehealth
  • Verify you have signed Business Associate Agreements (BAAs) with all relevant vendors
  • Review role-based access controls: does each staff role see only what they need?
  • Audit how patient photos are captured, stored, and accessed
  • Confirm digital intake and consent forms are transmitted and stored securely
  • Confirm messaging tools used for appointment reminders are HIPAA-compliant
  • Review personal device policies for clinical photography and staff communication
  • Ensure audit logs are enabled so you can see who accessed patient records and when
  • Schedule recurring staff training on PHI handling and compliance responsibilities

If most of these areworks in progress,you're not alone. Themedspas that stay ahead of compliance tend to have one thing in common: a platform built for the way aesthetic practices actually operate.

Explore how purpose-built medspa software handles compliance →

What to do if you’re unsure about your compliance: How to assess your medspa’s current HIPAA compliance posture

If you’re uncertain about your current compliance posture, that's a signal to review — not to panic.

Practical next steps may include:

  • Consulting a healthcare compliance professional
  • Consulting the American Med Spa Association (AMSPA) for industry-specific guidance
  • Reviewing vendor agreements and confirming BAAs where applicable
  • Conducting an internal audit of how patient data flows through your systems
  • Evaluating whether your current tools align with medspa HIPAA requirements

A structured review can uncover gaps that aren’t obvious in day-to-day operations.

When does HIPAA not apply to a medspa?

Not every medspa automatically qualifies as a HIPAA covered entity. If a practice offers purely cosmetic services with no clinical oversight, collects no individually identifiable health information, and does not electronically transmit health data in connection with healthcare transactions, HIPAA may not apply. That said, the line between cosmetic and clinical is increasingly blurred in modern medspa environments. If in doubt, consult a healthcare compliance professional before assuming HIPAA does not apply to your practice.

Medspa data security is part of patient trust, not just regulation:

HIPAA compliance for medspas isn’t just about regulation. It’s about trust. Patients trust you with their appearance, their health history, and their personal information. Protecting that data is part of delivering high-quality care.

As your practice evolves — adding telehealth, expanding services, refining marketing, or opening new locations — your systems and processes should evolve with it. Taking time to assess whether your current tools, access controls, communication platforms, and workflows support strong medspa patient data security can reduce risk and strengthen confidence.

Compliance doesn’t have to feel overwhelming. With thoughtful systems, clear policies, and ongoing awareness, you can build a practice that protects both your patients and your business.

From ePrescribing and telehealth documentation to HIPAA-compliant photo storage and unified patient records, a true software growth partner like Zenoti brings your clinical and operational workflows into one secure platform, so compliance scales as your practice does.

See how Zenoti supports medspa compliance

FAQs

Does HIPAA apply to medspas?

Yes, HIPAA likely applies to medspas that collect health information in connection with medical aesthetic treatments, even if the practice doesn’t bill insurance. If your medspa provides clinical services — injectables, laser treatments, or telehealth consultations — and you electronically transmit health information, HIPAA’s Privacy and Security Rules may apply. Consult a healthcare compliance professional to confirm your specific obligations.

What counts as PHI in a medspa?

Protected health information (PHI) in a medspa includes any individually identifiable information linked to a patient’s health condition, treatment, or payment — such as medical histories, treatment notes, before-and-after photos tied to a patient’s identity, prescription records, and payment data linked to specific procedures.

What is HIPAA-compliant medspa software?

HIPAA-compliant medspa software provides encrypted data storage, role-based access controls, audit logs, and secure cloud infrastructure. It also includes a signed Business Associate Agreement (BAA) with the vendor, confirming shared HIPAA responsibilities. Platforms like Zenoti are purpose-built for medical aesthetics and include these safeguards alongside clinical features like charting, photo management, and e-prescribing.

Are before-and-after photos considered PHI?

Yes, when before-and-after photos are tied to a patient’s identity and reflect medical treatment, they are generally considered protected health information (PHI) under HIPAA. These images must be stored in HIPAA-compliant systems with access controls and consent documentation.

Do I need a Business Associate Agreement with my software vendor?

If your software vendor stores or processes PHI on your behalf — which most medspa management platforms do — a Business Associate Agreement (BAA) is required under HIPAA. Before using any scheduling, EMR, or patient communication tool, confirm whether the vendor provides a signed BAA.

How do medspas stay HIPAA compliant day-to-day?

Medspa HIPAA compliance is maintained through a combination of secure software, clear internal policies, staff training, and ongoing review. Key practices include using role-based access controls, avoiding unsecured messaging for patient information, storing photos in HIPAA-compliant systems, and conducting regular audits of how patient data flows through your practice.

Does a medical spa need to be HIPAA compliant?

Yes, in most cases. Medical spas that collect health information as part of clinical treatments — injectables, laser procedures, prescriptions, telehealth consultations — are typically covered entities or operate under physician supervision that triggers HIPAA obligations. HIPAA applies based on the type of information you collect and transmit, not the size of your practice or whether you bill insurance. If you store patient names alongside treatment details, medical histories, or before-and-after photos, HIPAA likely applies.

What is protected health information (PHI) in a medical spa?

Protected health information (PHI) in a medical spa includes any individually identifiable information related to a patient's health condition, treatment, or payment for healthcare services. In practice, this means intake forms and medical histories, clinical notes and treatment records, before-and-after photos tied to a patient's identity, prescription records, telehealth consultation documentation, and payment data linked to specific treatments. A patient name alone or a treatment type alone may not be PHI, but the two combined almost always are.

What is a Business Associate Agreement (BAA) and does my medspa need one?

A Business Associate Agreement (BAA) is a legally required contract between a covered entity and any third-party vendor that handles protected health information on your behalf. For medical spas, this includes practice management software, EHR or EMR system, cloud storage provider, email marketing platform, telehealth tool, and payment processor — any vendor whose service involves accessing, storing, or transmitting patient data. Operating without a signed BAA with these vendors is a HIPAA violation, even if no breach has occurred.

What are the penalties for HIPAA violations for a medical spa?

HIPAA violation penalties for medical spas are structured in four tiers based on culpability. For violations the practice was unaware of, fines start at $145 per violation. For violations due to reasonable cause, the minimum is $1,461. For willful neglect that is corrected, the minimum is $14,602. For willful neglect that is not corrected, fines start at $73,011 per violation with an annual cap of $2,190,294 for repeated violations of the same provision. These are 2026 inflation-adjusted figures from HHS. Penalties apply per violation, so a single breach affecting multiple patient records compounds significantly.

Is Zenoti HIPAA compliant for medical spas?

Yes. Zenoti offers a Business Associate Agreement (BAA) and meets HIPAA's technical safeguard requirements — PHI encryption at rest and in transit, role-based access controls, audit logging, and a HIPAA-compliant photo management system for before/after documentation.

What HIPAA compliance steps should a medspa take immediately?

The six most urgent steps for medspa HIPAA compliance are: (1) Conduct a security risk assessment to identify where PHI is stored, transmitted, and accessed. (2) Appoint a HIPAA compliance officer. (3) Audit all vendors who handle patient data and ensure signed BAAs are in place with each one. (4) Replace any non-compliant messaging or storage tools with HIPAA-compliant alternatives. (5) Implement role-based access controls so staff can only access PHI relevant to their role. (6) Train all staff on HIPAA Privacy and Security Rules — and document that training.

What HIPAA requirements apply to medspas?

Medspas employing licensed medical professionals must sign BAAs with software vendors, encrypt Protected Health Information, restrict PHI access through role-based permissions, maintain audit trails, train staff annually on HIPAA rules, and implement breach notification procedures.

Does medspa software need to be HIPAA compliant?

Yes. Any software storing or processing Protected Health Information must be HIPAA compliant. The vendor must sign a BAA and meet HIPAA Security Rule requirements. Using non-compliant software exposes a medspa to penalties up to $1.9 million per violation category per year.

What data does HIPAA protect in a medical spa?

HIPAA protects any patient-identifiable health information — before/after photos, clinical charting, intake forms, treatment notes, e-prescription records, and any of the 18 HIPAA identifiers combined with health data. Standard booking data becomes PHI when linked to a clinical record.

Danielle Pietersen

Written by

Danielle Pietersen, Guest Writer

With an advanced sociology degree and eight years of writing experience, Danielle Pietersen blends research and storytelling to make complex topics approachable. She focuses on education, lifestyle, and finance, creating clear, practical content that supports better decisions and smoother day-to-day experiences.

Learn more about Danielle Pietersen
Cheryl Cole

Reviewed by

Cheryl Cole, Managing Editor

Cheryl uses her background in journalism to help brands bring their unique stories to life. Passionate about content strategy, she has extensive experience leading both print and digital publications. As managing editor of The Check-In, Cheryl is committed to providing wellness professionals with high-quality, tailored content designed to help grow their brands.

Learn more about Cheryl Cole