Consentz

Consentz logo
Menu
Sign In / Register
SIGN IN / REGISTER
digital-consent-forms

How to Set Up Digital Consent Forms for Your Aesthetic Clinic

Every aesthetic practitioner knows the paper shuffle. Consent forms handed to patients on a clipboard at the door. Ink smudges. Illegible signatures. A drawer somewhere that nobody wants to open because finding anything in there takes twenty minutes and a torch.

Digital consent forms solve all of that — and they do something paper never could: they create a timestamped, tamper-proof audit trail that holds up under CQC inspection, looks as professional as your treatments, and removes the “I never received that form” conversation from your life entirely.

This guide walks you through exactly how to set up digital consent forms for your aesthetic clinic — what they need to contain, how to send them, and how to make the switch without disrupting a single patient appointment.

Why digital consent forms matter in 2026

The regulatory direction in UK aesthetics is clear: the sector is moving toward more formal oversight. Since June 2025, nurse and midwife prescribers are required to consult face-to-face before prescribing cosmetic injectables — and documentation of that consultation is now more important than ever.

The CQC, which regulates clinics offering thread lifts, IV therapy, and other regulated activities, treats consent documentation as one of the most heavily scrutinised areas during inspection. Inadequate consent processes are the leading cause of enforcement action against aesthetic clinics.

Paper consent forms create three specific problems:

  • Loss risk: Paper forms get misfiled, damaged, or lost. If you cannot produce a consent form during an inspection or legal challenge, it effectively does not exist.
  • Compliance gaps: Generic paper forms rarely cover treatment-specific risks in the detail CQC and insurers expect.
  • Patient experience: A clipboard of forms at the door signals “clinic admin” rather than “clinical expertise”. Digital pre-appointment forms signal the opposite.

What an aesthetic consent form must include

Before you set anything up digitally, make sure you know what each form needs to contain. A generic tick-box form will not pass CQC scrutiny and will not protect you legally.

Treatment-specific risk information

You need separate consent forms for each treatment type — a Botox consent form, a dermal filler consent form, a thread lift consent form, and so on. Each must list the specific risks for that procedure. The Montgomery v Lanarkshire ruling (2015) established that clinicians must discuss all risks a reasonable person would want to know, regardless of how unlikely the practitioner considers them.

Cooling-off period confirmation

CQC guidance requires a minimum cooling-off period of 24–48 hours between the initial consultation and performing a cosmetic procedure. Your form should confirm the date the information was provided and the date consent was confirmed — separate entries.

Capacity statement

The patient must confirm they understand the information provided, can weigh it to make a decision, and are giving consent voluntarily without pressure. Document any capacity concerns immediately and do not proceed if doubt exists.

Separate photo consent

Treatment consent and photo consent are not the same document. A patient can consent to treatment and decline photography. Photo consent should specify: whether images will be stored, how long, who can access them, and whether they may be used in marketing — this last point requires specific opt-in under GDPR. See our guide on before and after photos in aesthetic clinics for the full breakdown.

Separate marketing consent (GDPR)

Marketing consent must be freely given, specific, informed, and unambiguous under UK GDPR. It cannot be bundled into the treatment consent form. A patient who declines marketing consent should still receive their treatment without any difference in care.

Tired of juggling 5 different tools to run your clinic?

Bookings, consent forms, patient records, payments, marketing — Consentz is the aesthetic clinic software that puts it all in one place so you can focus on your patients, not paperwork.

Book Demo

How to set up digital consent forms: step by step

Step 1: Choose a platform built for aesthetics

General document tools like DocuSign or Google Forms were not designed for aesthetic consent. They have no concept of treatment-specific forms, cooling-off period enforcement, or CQC audit trails. Choose a platform that understands how aesthetic clinics actually work.

Consentz includes a built-in consent library with pre-built, customisable forms for Botox, dermal fillers, thread lifts, chemical peels, laser treatments, PDO threads, and more — each with treatment-specific risks, capacity assessment, and CQC-compliant documentation standards built in. You can explore the full clinic management software to see how consent sits inside the wider patient journey.

Step 2: Build treatment-specific forms — not one generic form

Work through your treatment menu and assign a specific consent form to each one. If you are starting from scratch, begin with your highest-volume treatments and work down.

Each form should include the elements covered in the section above. If your platform includes pre-built templates (as Consentz does), customise them to reflect your specific protocols, pricing structure, and any treatment variations you offer.

Step 3: Configure your pre-appointment send workflow

Digital consent forms deliver maximum value when patients complete them before they arrive at the clinic. This serves the cooling-off requirement, means the consultation is more focused, and ensures the patient has had time to read everything without feeling rushed.

Set up your platform to automatically send the relevant consent form when an appointment is booked — triggered by the treatment type selected. Patients receive a link by email or SMS, complete the form on any device, and their signed response links directly to their patient record.

Step 4: Ensure your e-signature creates a proper audit trail

An audit trail for consent must include: the date and time the form was sent, the date and time it was completed, the IP address or device confirmation, and a record that cannot be retrospectively altered. Consentz consent records are non-deletable once archived — a specific feature that protects against tampering claims and satisfies legal defensibility requirements.

Step 5: Brief your team on the new workflow

The most common failure point in a paperless transition is not the technology — it is people defaulting to the old process. Run a short team session covering: how to check that a consent form has been completed before the patient arrives, what to do if a patient has not completed it by the day of the appointment, and how to access the consent record during the consultation.

UK clinics: CQC compliance checklist for digital consent

If your clinic is CQC-registered — or if you offer regulated activities such as thread lifts or IV therapy — your digital consent system should meet the following requirements:

  • Treatment-specific forms, not generic documents
  • Date of information provision and date of consent confirmation recorded separately (evidencing cooling-off period)
  • Capacity assessment documented for each patient, each treatment
  • Signed copy accessible and retrievable immediately — not buried in a filing system
  • Version-controlled forms: if you update a form, old signatures are preserved against the version that was current at the time
  • Staff training recorded: inspectors check whether your team understands the consent process, not just whether you have forms

For a complete overview of documentation requirements, see our CQC compliance documentation toolkit.

US clinics: HIPAA considerations for digital consent

For US aesthetic clinics and medspas, digital consent forms must be managed in a HIPAA-compliant environment. This means:

  • Data must be stored and transmitted with encryption (at rest and in motion)
  • Business Associate Agreements (BAAs) must be in place with any third-party platform handling patient data
  • Patient data must only be accessible to authorised staff
  • Audit logs must be maintained for access and changes to patient records

Consentz is ISO 27001:2013 accredited and uses AWS 256-bit AES encryption for all data. See our guide to HIPAA compliant medical spa software for the full compliance picture.

Common mistakes to avoid

  • One form for all treatments: Fails CQC and increases legal risk. Each treatment needs its own.
  • Sending consent and collecting signature at the same appointment: This bypasses the cooling-off requirement. Always send forms before the consultation.
  • Bundling photo consent and marketing consent into the treatment form: These must be separate opt-ins.
  • Using a platform without a proper audit trail: If you cannot prove when a form was sent, completed, and by whom, it may be inadmissible in a complaint or legal challenge.
  • Not training staff: CQC inspectors assess whether your team understands the consent process, not just whether the system exists.

Frequently asked questions

1. Can patients sign consent forms on their phone before coming in?

Yes — and this is the recommended approach. Patients complete their forms at home, at a time that suits them, without the pressure of a practitioner waiting to proceed. This satisfies the cooling-off requirement and makes consultations more focused. Any device with a browser can be used.

2. Do digital consent forms hold up legally if there is a dispute?

Yes, provided the platform creates a proper audit trail — timestamp of when the form was sent, timestamp of when it was signed, and a record that cannot be altered retroactively. Courts and regulators accept digital signatures when these conditions are met. The important thing is choosing a platform that creates that trail automatically, not one that simply saves a PDF.

3. What happens if a patient has not completed the consent form before their appointment?

You have two options: have the patient complete it on a clinic device at the start of the appointment (a tablet works well), or — if the treatment requires a cooling-off period — reschedule the treatment portion until the form has been completed for the required minimum of 24–48 hours. Do not skip the form or rush the process.

4. How long should I keep aesthetic consent forms?

UK guidance recommends retaining clinical records for a minimum of eight years after the last appointment. For patients under 18, records should be kept until the patient’s 25th birthday, or eight years from the last appointment, whichever is later. Digital storage makes long-term retention significantly easier than paper filing.

5. Do I need a separate consent form for touch-up appointments?

It depends on the interval and whether circumstances have changed. For regular top-up appointments within a short time frame, reviewing and reconfirming existing consent is often sufficient — but you must document that review. For patients returning after a long gap, or if the treatment plan has changed, full re-consent is required.

Table of Contents

Start Growing Your Aesthetics Clinic Today

  • Streamline patient management effortlessly
  • End manual admin and missed appointments
  • Grow your practice with built-in marketing
  • Join 200+ elite clinics—trusted since 2012
BOOK DEMO

Related articles

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top
Schedule a Demo

Schedule a Demo and we'll onboard and set up your clinic for FREE

Consentz Gif
BOOK DEMO