Standards

A merchant’s affiliates must comply with all program standards. Affiliates are any individual, business, or entity who previously, currently, or is expected to have a commercial and/or professional relationship with the applicant organization or its principals. This means any person or entity that exercises control over or participates in the business must not be affiliated with or control any other entity that violates these standards. This includes but is not limited to partner pharmacies, businesses or medical practices, supplying wholesalers, co-owned companies, staff, any associated medical personnel, and may include entities that are promoted on the domain seeking certification. All affiliates and partners must be operating legally.

A merchant's partners, defined as organizations essential to supporting the applicant’s continuum of care, such as partner pharmacies responsible for the fulfillment of prescription medication to patients, are generally required to be LegitScript-certified or accredited by another recognized body, with limited exceptions permitted only at LegitScript's sole discretion.

Applicants’ websites must clearly disclose all states, territories, provinces, and/or countries in which applicants’ services are available. Where required by law, this Standard also requires that practitioners with an internet presence must display an accurate street address and the identity and location of medical practitioners engaged in providing medical care or advice to patients on their website.

The website must also display an accurate street address for any dispensing pharmacy or pharmacies. In certain circumstances, applicants may post the address for their corporate headquarters. The applicant must also provide an accurate, readily accessible, and responsive phone number or secure contact mechanism via the website, allowing patients to contact or consult with a provider and/or pharmacist regarding complaints or concerns, or in the event of a possible adverse event involving their medication or treatment.

The applicant must comply with all provisions of applicable laws and regulations pertaining to protected information or protected health information, including privacy provisions. When required by law, the applicant must post its privacy policy on its website.

For example, US-based applicants who collect, store, or transmit Protected Health Information (PHI) must be in compliance with all applicable HIPAA requirements.

The applicant shall only dispense or offer to dispense prescription drugs upon receipt of a valid prescription issued by a person authorized to prescribe under applicable laws. A valid prescription is defined by applicable statutes, regulations, or laws in the jurisdictions served by the applicant. A pharmacy must not distribute or offer to distribute, and a practitioner must not prescribe or offer to prescribe, prescriptions or prescription drugs in a way that violates the laws of the jurisdiction(s) they serve and must comply with all applicable telemedicine laws or regulations. A prescription or prescription drug must not be prescribed or dispensed prior to the provision of care by a licensed medical professional.

The applicant or affiliates may not engage in practices or extend offers that may deceive or defraud patients or the public in any way, including but not limited to any material detail regarding the pharmacy, pharmacy staff, medical practitioners, drugs, treatments, or financial transactions.

Failure to provide full and accurate information as requested, in LegitScript’s sole discretion, will result in denial. Applicants may undertake reasonable remedial action during the certification process without penalty.

An applicant’s business practices may not pose a reputational risk to LegitScript or the LegitScript Healthcare Certification program.

Applicants and certified clients must advertise in a manner that is transparent and in accordance with all applicable laws and regulations. Advertisements must not deceive, mislead, or defraud the public in any way.

Applicants advertising on internet platforms in apparent violation of the platforms' terms of service may be considered to be attempting to circumvent the goals of the LegitScript certification program. If LegitScript discovers such advertising, it may be grounds for certification denial or revocation.