Wellness MD — Doctor Led Infrastructure
All Articles
Compliance· April 28, 2026· 8 min read

How to Get LegitScript Certified: A Practical Guide for Med Spas and Wellness Clinics

What LegitScript is actually evaluating, what you need in place before you apply, and how to avoid the common mistakes that delay or sink certification.

You've decided to get LegitScript certified. Good. Now the real question: what does it actually take, and how do you get through it without months of back-and-forth and a rejected application?

This guide walks through the LegitScript Healthcare Merchant Certification process specifically for med spas, IV hydration clinics, GLP-1 weight loss programs, and peptide therapy practices — the categories where certification is most urgently needed and where most clinics get tripped up during the application.

Understand What LegitScript Is Actually Evaluating

Before you fill out a single field, understand what LegitScript is looking for. The Healthcare Merchant Certification program evaluates businesses across nine core standards:

  • Regulatory compliance — Are you properly licensed in your state? Does your business structure comply with applicable laws?
  • Legitimate business operations — Are you a real, verifiable business with a physical presence and documented operational history?
  • Medication and product sourcing — Are the medications or compounds you use sourced from licensed, legitimate suppliers?
  • Prescribing practices — Are prescriptions issued by licensed practitioners, based on legitimate clinical evaluation?
  • Advertising and marketing accuracy — Is your website and advertising truthful, not misleading, and compliant with healthcare advertising standards?
  • Privacy and patient data protection — Do you have documented HIPAA-compliant policies and practices in place?
  • Transparency — Are your prices, policies, credentials, and services clearly disclosed?
  • Patient safety practices — Do you have documented protocols for adverse events and patient complaints?
  • Business affiliations — Are all affiliated entities, suppliers, and partners also compliant?

The review isn't a quick checkbox exercise. LegitScript analysts actually look at your website, your advertising, your documentation, and your business structure. Applications that are incomplete or that have red flags in any of these areas will be delayed or rejected.

Before You Apply: What Needs to Be in Place

This is where many clinics make mistakes — they apply before they're ready, which wastes the non-refundable application fee and can result in a rejection that takes months to resolve.

Active, Verified Physician Oversight

LegitScript will look closely at your medical director arrangement. For clinics offering GLP-1s, peptides, IV therapy, or HRT, you need a documented physician relationship — standing orders, a collaboration agreement, evidence of genuine oversight. A physician whose name appears on your website but who has no real involvement in your clinical operations is a red flag, not a pass.

A Compliant Website

Your website is the first thing LegitScript reviewers look at. Common issues that delay or sink applications:

  • Health claims that imply guaranteed results or suggest you're treating specific diseases without appropriate disclaimers
  • Pricing for prescription medications advertised directly (rather than pricing for the associated clinical service)
  • Missing or incomplete terms of service, privacy policy, refund policy, and contact information
  • Testimonials that make clinical claims
  • Referencing medications by name without appropriate framing

Before you apply, walk through your website as if you were a compliance reviewer. Every service page, every product description, every pricing section.

Verified Licensing

You'll need to provide documentation of your applicable state licenses — business license, professional licenses for all clinical staff, and any healthcare facility licensing your state requires. If you're in a state that requires a clinic license or a home health license for IV therapy, that documentation needs to be current and in your file before you apply.

Source Documentation for Medications

If you're offering compounded GLP-1s, peptides, or other compounded medications, you need to be able to document where they come from. LegitScript will want to see that your compounding pharmacy is state-licensed and ideally PCAB-accredited (the gold standard for compounding pharmacy quality). Sourcing from an unverified supplier is disqualifying.

HIPAA Policies and Agreements

Business Associate Agreements with all relevant vendors (your EMR, your telehealth platform, your practice management software), a documented privacy policy, staff training records on HIPAA — these are all part of what LegitScript evaluates under patient data protection.

The Application Process — What to Expect

Once your documentation is in order, here's how the process flows:

Step 1: Create Your LegitScript Account

Go to legitscript.com and create a merchant account. Select Healthcare Merchant Certification and enter the domain you want certified. Note that each domain requires its own application and fee — if you have multiple clinic locations under different URLs, each needs its own certification.

Step 2: Pay the Application Fee

The current application fee is $975 per domain. This fee is non-refundable regardless of outcome — which is exactly why you want to be ready before you submit. Annual certification fees apply once approved.

Step 3: Complete the Application

The application itself asks detailed questions about your business model, services, prescribing practices, medication sourcing, and compliance history. Be thorough and accurate. Inconsistencies between your application and your website — or between your stated practices and your actual operations — will generate review questions that extend your timeline.

Step 4: Document Submission

After initial application review, LegitScript will typically request supporting documentation. This is where the pre-work you did in the previous section pays off. Clinics that have their documentation organized — licensure, medical director agreements, standing orders, sourcing documentation, privacy policies — move through this phase significantly faster than those who are scrambling to gather it.

Step 5: Review Period

The standard review timeline is 2–4 weeks for well-prepared applications. However, applications with compliance questions, missing documentation, or website issues can take significantly longer. Some clinics report review periods of several months if their application generates back-and-forth with LegitScript analysts.

Step 6: Certification (or Request for Remediation)

If approved, your business is added to LegitScript's verified directory and you receive your certification credentials for use on your website and in your advertising. If not approved, you'll receive guidance on what needs to change before reapplying.

Ongoing Compliance After Certification

Certification isn't a one-time event. LegitScript conducts ongoing monitoring of certified merchants — including website audits and advertising reviews. If your website changes significantly, if your services evolve, or if your advertising content drifts from what was approved, your certification can be put on hold or revoked.

This is another reason why the clinical and operational infrastructure matters beyond just getting approved. The practices that earn certification — legitimate physician oversight, compliant advertising, accurate sourcing — need to be maintained as ongoing operational standards, not checked off and forgotten.

How Wellness MD Group Supports the Certification Process

Because Wellness MD Group is LegitScript certified and works daily with the compliance requirements of the med spa and wellness clinic space, affiliated clinics benefit from a team that has already navigated this process.

Specifically, Wellness MD Group can help with:

  • Medical director placement that satisfies LegitScript's clinical oversight requirements — not just a name on a contract but a documented, engaged physician relationship
  • Protocol and standing order development that demonstrates the clinical integrity LegitScript evaluates
  • Website and content review before application — identifying and correcting the issues that most commonly delay or deny certification
  • Application guidance so you're submitting complete, accurate documentation from the start
  • Post-certification compliance — ongoing monitoring to ensure your advertising and website content stays aligned with your certification

Getting LegitScript certified is achievable for any legitimate, licensed wellness clinic. The challenge is knowing what "ready" actually looks like — and having the right foundation in place before you spend the application fee.

Written by Wellness MD Group
Partner With Wellness MD

Let's Build Your Practice — Together.

From Medical Directors and Good Faith Exams to LegitScript, marketing, and end-to-end business consulting — Wellness MD Group is the partner behind hundreds of thriving wellness practices nationwide. Tell us where you are, and we'll show you what's next.

Keep Reading

All Articles
Collaborating Physician

How to Find a Collaborating Physician for Your Med Spa or Wellness Clinic

Finding the right collaborating physician is the legal backbone of any med spa, IV lounge, or wellness clinic. Here's what they actually do, why it's harder than it sounds, and how to find the right fit.

Medical Director

What Are Medical Director Services — And Why Your Wellness Clinic Needs One

A real medical director service goes well beyond signing your standing orders once a year. Here's what's actually included, what it costs to get wrong, and how to find the right physician for your clinic.

IV Hydration

How to Start an IV Hydration Business: Requirements, Compliance, and What Nobody Tells You

Walk-in IV bars and mobile IV therapy are booming — but the compliance requirements are real. Here's what RNs, NPs, and entrepreneurs need to know before opening doors (or stocking the van).