What LegitScript actually does
LegitScript is an independent verification and monitoring service based in Portland, Oregon. It evaluates internet pharmacies, telehealth providers, and healthcare merchants against a set of compliance standards covering pharmacy licensing and registration, prescriber credentials and state licensing, compliance with the Ryan Haight Act (which governs online prescribing of controlled substances), HIPAA and patient privacy protections, and advertising and marketing compliance.
Certification is voluntary — providers apply, pay a fee, and undergo review. LegitScript monitors certified entities on an ongoing basis and can revoke certification if compliance issues arise. Major advertising platforms (Google, Meta, Bing) require LegitScript certification for healthcare advertisers, which is why many telehealth platforms pursue it.
What certification does and doesn't prove
It does prove: The provider has verifiable pharmacy and prescriber licenses, their business practices were reviewed against legal compliance standards, they're subject to ongoing monitoring, and they meet minimum privacy and advertising standards.
It doesn't prove: Clinical quality of care, medication efficacy, customer service quality, or that the compounding pharmacy they use is the highest quality available. LegitScript verifies legal compliance, not clinical excellence.
How to check a provider's status
Visit legitscript.com and use their search tool. Enter the provider's domain name or company name. Results will show one of several statuses: "Certified" (actively certified and monitored), "Not Certified" (hasn't applied or wasn't approved), or "Rogue" (identified as operating illegally). You can also look for the LegitScript certification seal on the provider's website, though a seal alone isn't sufficient — always verify on LegitScript's site directly, as fake seals exist.
Should you only use LegitScript-certified providers?
Not necessarily. Many legitimate GLP-1 telehealth providers haven't pursued LegitScript certification — it's voluntary, costs money, and not all providers prioritize it. A provider without certification isn't automatically unsafe; it just means they haven't undergone this specific third-party review. Use LegitScript status as one data point alongside the other verification steps: state licensing, pharmacy credentials, FDA warning letter history, and pricing transparency.
However, if a provider claims to be LegitScript certified but doesn't appear in the LegitScript database, that's a serious red flag — it likely means they're displaying a fake certification seal.