Healthcare Certification

Standards

Our healthcare certification process is trusted around the world because it is rigorous and thorough. This page details what we look for.

Apply Now

Registration & Compliance Internal Practices External Practices

Registration & Compliance

Our first step is making sure you are who you say you are and that you have the necessary documentation.

1. Licensure or Registration

Merchants must be adequately licensed for the services they offer. For example, if facilitating prescribing or dispensing, the applicant must only facilitate the dispensing or prescribing of drugs by pharmacies or medical practitioners that are licensed or registered in good standing to operate a pharmacy or engage in the practice of pharmacy or medicine in all required jurisdictions. This includes the jurisdiction from which the drugs are dispensed or prescribed and the jurisdiction to which the drugs are offered to be shipped and the patient’s jurisdiction, except in circumstances allowed by law.

2. Legal Compliance

The applicant must comply with all provisions of applicable laws. For the US, this includes but is not limited to state laws and regulations; the Federal Food, Drug, and Cosmetic Act; and the Federal Controlled Substances Act. Additionally, the website or business must not facilitate the prescribing or dispensing of, or offer to facilitate the prescribing or dispensing of, medications that have not been approved by the regulatory body in that jurisdiction or are otherwise exempt from approval. The applicant’s website and any dispensing pharmacy must adhere to all applicable pharmacy licensure, drug safety, and supply-chain laws and regulations.
Laws governing controlled substances vary by country. The applicant must be in compliance with all applicable laws and regulations for controlled substances. For example, any dispensing pharmacy or prescribing practitioner, if dispensing or prescribing controlled substances to US residents, must be registered with the US Drug Enforcement Administration (DEA), and must be in compliance with DEA rules and regulations.

3. Domain Name Registration

For applicants with a website, the domain name registration information of the website must be accurate, and the domain name registrant must have a logical nexus to the applicant’s business, such as the dispensing pharmacy or medical practice. Websites utilizing anonymous domain name registration services will not be eligible for approval. This Standard may be met by making the domain name registration information public, acquiring and maintaining a valid EVSSL certificate, or providing to LegitScript adequate documentation showing the domain name registration information for your website.

4. Applicant Location

All pharmacies that dispense drugs on behalf of the website must be domiciled in the country to which the website offers to ship drugs, except where reciprocity exists, drug importation is expressly permitted as a matter of law, or other legal authority permits or does not require the pharmacy to be domiciled in the jurisdiction. Medical practitioners must be domiciled or recognized in the patient’s jurisdiction, unless otherwise expressly permitted as a matter of law. Shipping drugs or providing telemedicine internationally is generally problematic.

Internal Practices

We check to see that your affiliates and staff have the required qualifications.

5. Prior Discipline

6. Background and History

Applicant, including key staff, must disclose any prior criminal, regulatory, or civil violations. Applicant must also disclose any litigation commenced, resolved or otherwise addressed that involves the applicant at any time over the past ten years. Prior offenses or other bad acts, including any prior regulatory discipline may be a disqualifying factor, in LegitScript's sole discretion. Additionally, neither the applicant, any other business under applicant's current or former control, or any of applicant's current employees may have been listed on HHS's List of Excluded Individuals/Entities within the last five years.

External Practices

We make sure your patient services or treatment practices are in compliance with applicable laws.

7. Affiliates

A merchant’s Affiliates must comply with all program standards. This means any person or entity that exercises control over or participates in the business, including but not limited to, pharmacy, business or medical practice, website, staff, any associated medical personnel, must not be affiliated with or control any other entity that violates these standards.
Affiliates are any individual, business, or entity who previously, currently, or is expected to have a commercial and/or professional relationship with the applicant organization or its principals. For example, this includes but is not limited to supplying wholesalers, co-owned companies, and partner pharmacies.

8. Patient Services

For applicants with an internet presence, the website must display an accurate street address for any dispensing pharmacy or pharmacies. In certain circumstances, pharmacies may post the address for their corporate headquarters. The pharmacy must provide an accurate, readily accessible, and responsive phone number or secure mechanism via the website, allowing patients to contact or consult with a pharmacist regarding complaints or concerns, or in the event of a possible adverse event involving their medication.
Where required by law, this Standard also requires that practitioners with an internet presence must display an accurate street address and the identity and location of medical practitioners engaged in providing medical care or advice to patients on their website.

9. Privacy

The applicant must adhere to all privacy laws and regulations in the jurisdictions where they serve. For any applicant offering to facilitate the dispensing of drugs to or within the US, the transmission of any information that would be considered Protected Health Information (PHI) under the HIPAA Privacy Rule (45 CFR 164) must occur in accordance with HIPAA requirements, including the use of Secure-Socket Layer or equivalent technology for the transmission of PHI, and for any online transmissions, the applicant’s website must display a privacy policy that accords with the requirements of the HIPAA Privacy Rule.

10. Validity of Prescription

The applicant or, if applicable, website shall dispense or offer to dispense prescription drugs only upon receipt of a valid prescription, as defined below, issued by a person authorized to prescribe under applicable laws. A pharmacy must not distribute or offer to distribute, and a practitioner must not prescribe or offer to prescribe, prescriptions or prescription drugs in a way that violates the laws of the jurisdiction(s) they serve and must comply with all applicable telemedicine laws or regulations. A “valid prescription” is one issued pursuant to a legitimate patient-prescriber relationship as defined by applicable law. This requirement for valid prescriptions is dependent upon a showing that the prescribing and dispensing of the drug, as well as the location of the patient, all occur or exist within a jurisdiction that has expressly authorized, by statute, regulation, or other applicable law, alternate requirements for a valid prescription.

11. Transparency

None of the applicant’s business practices may engage in practices or extend offers that may deceive or defraud patients or the public in any way, including but not limited to any material detail regarding the pharmacy, pharmacy staff, medical practitioners, prescription drugs, or financial transactions. Failure to provide full and accurate information as requested, in LegitScript’s sole discretion, will result in denial. Applicants may undertake reasonable remedial action during the certification process without penalty.
An applicant’s business practices may not pose a reputational risk to LegitScript or the LegitScript Healthcare Certification program.

Learn More About Becoming Certified

Healthcare Certification Application Checklist

Ready to apply? Check out our application checklist prior to submission to best prepare yourself for Certification.

Fact Sheet

The LegitScript Healthcare Certification fact sheet gives you a high-level overview of the program and addresses common questions.

Process

We don't cut corners on our process because we're dedicated to helping compliant healthcare providers demonstrate the highest quality of care. Here's what you can expect.