Compliance & Legal

Built compliant from the first click.

The hardest part of launching a telehealth brand is doing it legally. We handle all of it — so you never have to become an expert in healthcare law.

HIPAA Compliant LegitScript Certified Physician-Owned Medical Group 50-State Licensed Providers

The legal structure (and why you don't need a medical license)

In most states, a non-physician cannot own a medical practice or directly employ doctors. This is known as the Corporate Practice of Medicine doctrine, and it exists to keep clinical decisions in the hands of licensed clinicians — not business owners or investors.

The industry solves this with a two-entity structure, often called the "friendly-PC" model:

  • The physician-owned medical group (PC). A professional corporation owned by a licensed physician. It employs the providers, owns the patient relationships, and is responsible for every clinical decision and prescription.
  • The management services organization (MSO) — your brand. This is the company you own. It provides everything that is not the practice of medicine: technology, marketing, branding, scheduling, billing support, and customer experience. The MSO and the PC operate under a management services agreement.

You run a business. The medical group runs the medicine. Neither side crosses into the other's lane — and that is exactly what keeps the whole thing legal.

You own the brand. Licensed physicians own the medical decisions. That separation is what keeps you compliant.

HIPAA & patient data

Any time a brand touches protected health information, HIPAA applies. We build that protection into the platform from day one rather than bolting it on later:

  • Patient data is encrypted in transit and at rest.
  • Business Associate Agreements (BAAs) are in place with every vendor that handles patient information.
  • Role-based access controls limit who can see what — your marketing team never sees clinical records.
  • Audit logging records access to sensitive data so activity can be reviewed.

LegitScript certification

LegitScript is the certification that the major ad and payment platforms rely on to confirm a healthcare advertiser is legitimate. Without it, you cannot reliably run ads on Google, Meta, or TikTok, and many payment processors will not approve a telehealth merchant account.

We file and manage LegitScript certification for each brand's domain. The review typically takes about three to eight weeks. Until it clears, brands grow through organic channels — content, SEO, social, email, and referrals — so momentum starts well before the paid channels open up.

LegitScript is the gate to paid advertising and compliant payment processing. We handle the application and the ongoing requirements for every brand we build.

Advertising compliance (FDA/FTC)

Healthcare advertising is held to a higher standard than most categories, and both the FTC and FDA have stepped up enforcement against telehealth and cash-pay wellness brands. We review ad claims before they go live so that:

  • No medical claim is overstated or unsupported.
  • Pricing and any recurring subscription terms are disclosed clearly and honestly.
  • Marketing language stays on the right side of what the underlying products can legitimately support.

Recent enforcement actions have made this non-negotiable — getting the claims right is part of staying in business, not just staying out of trouble.

What can be prescribed

We keep brands focused on well-established cash-pay categories that a certified pharmacy can compliantly fill, including:

  • TRT / Testosterone
  • Sermorelin
  • NAD+
  • Weight loss
  • ED
  • Hair

Just as importantly, we keep brands off anything that isn't compliant. If a category or product can't be supported cleanly, we won't build a business around it.

Licensed in all 50 states

A provider can only treat a patient in a state where that provider holds a license. Our medical group works with providers licensed across all 50 states, and the platform handles the routing automatically — a patient is matched to a provider licensed in the patient's own state, every time.

Frequently asked

Do I need to be a doctor?

No. You own the management and marketing company (the MSO). The licensed physicians in the medical group handle every clinical decision and prescription. You never practice medicine.

Who is legally responsible for prescriptions?

The physician-owned medical group, and specifically the prescribing provider, is responsible for every prescription and clinical decision. That responsibility sits entirely with the licensed clinician — never with you or your brand.

Is this the same structure big telehealth companies use?

Yes. The MSO + physician-owned PC ("friendly-PC") model is the industry standard. It is the same fundamental structure used by the well-known national telehealth companies.

How long until I can advertise?

Paid advertising opens up after your brand's LegitScript certification clears, which typically takes about three to eight weeks. In the meantime, brands grow through organic channels.

Launch legally — without becoming a lawyer.

We've reverse-engineered the entire compliant-launch process. Let us handle it.

Apply Now →