Merchant Readiness Score

Does your clinic have at least one licensed clinician (MD, DO, NP, or PA) actively involved in patient care?

Yes, a full-time licensed clinician is on staff Yes, we use a part-time or contracted clinician No licensed clinician is involved

How does your clinic handle prescriptions?

Synchronous telehealth visit before every prescription Asynchronous questionnaire reviewed by licensed clinician Prescription issued without clinician review We sell products that do not require a prescription

Which of the following best describes your pharmacy relationship?

Licensed 503B compounding pharmacy or FDA-approved drug Licensed 503A compounding pharmacy Research use only (RUO) supplier Overseas or non-licensed supplier

Does your clinic operate in states where telehealth prescribing is fully permitted for your services?

Yes, we only operate in compliant states Mostly yes, with a few edge cases we are working through Not sure or operating across all states without checking

Do you have a Business Associate Agreement (BAA) in place with all vendors who handle patient data?

Yes, BAAs are in place with all relevant vendors Partially, still working through the vendor list No BAAs in place

What is your current LegitScript certification status?

Fully certified by LegitScript Application submitted, review in progress Planning to apply within 90 days Not familiar with LegitScript or not planning to apply

Are your advertising and marketing campaigns compliant with LegitScript's guidelines (no unapproved treatment claims, no before/after guarantee language)?

Yes, reviewed by a compliance professional We believe so but have not had a formal review We run ads with outcome guarantees or unapproved claims

Do you run paid digital advertising (Google, Meta, TikTok)?

Yes, and our ads are LegitScript-certified Yes, but we have not obtained ad certification yet We do not run paid ads (organic only)

Has your domain or brand ever been flagged, banned, or suspended by Google, Meta, or a payment processor?

Never Once, resolved and appealed successfully Yes, currently flagged or multiple prior incidents

When a patient signs up for a subscription, do they see the recurring billing terms clearly before entering payment?

Yes, displayed prominently with explicit checkbox acknowledgment Mentioned in fine print or terms of service link No explicit disclosure before checkout

Can a patient cancel their subscription online without calling or emailing?

Yes, self-service cancellation via patient portal or account page Patient must email or call to cancel No clear cancellation path is provided

What does your billing descriptor look like on a patient's bank statement?

Clear clinic or brand name that matches our website Parent company or processor name (confusing to patients) We don't know what it says

What is your refund policy for subscription charges?

Published refund policy with clear timeframe and process Case-by-case, not publicly documented No refunds allowed or no policy published

Does your website make specific outcome claims (e.g., "lose 30 lbs in 3 months", "guaranteed results")?

No, all claims are educational or include appropriate disclaimers Some claims exist but we are in the process of updating them Yes, we make specific outcome guarantees

Do your testimonials or before/after photos meet FTC guidelines (clearly labeled, not representative of typical results)?

Yes, all testimonials include disclosures We use testimonials without result disclaimers We use unverified or fabricated testimonials

Does your website describe drug products by their generic or brand names (e.g., semaglutide, tirzepatide)?

No, we use compliant naming conventions for our payment category Yes, some pages name drugs directly without full context Yes, our homepage prominently advertises specific drug names

Have you received any cease-and-desist letters, FDA warning letters, or FTC actions?

Never Once, fully resolved Yes, currently under review or multiple incidents

Does your website have a current Privacy Policy that covers HIPAA-compliant data handling?

Yes, HIPAA-compliant privacy policy reviewed by legal counsel Yes, but it is a generic template not reviewed for HIPAA compliance No privacy policy on site

Do patients sign informed consent forms before beginning treatment?

Yes, digitally signed consent forms with version history Yes, but the process is informal or not consistently documented No formal informed consent process

Do you maintain medical records for each patient?

Yes, full EMR/EHR records stored securely for minimum 7 years Partial records kept, not a complete EMR system No formal medical record keeping

Do your Terms of Service clearly describe subscription billing, cancellation, and your dispute resolution process?

Yes, explicit billing and cancellation terms in our ToS Generic ToS that does not address recurring billing specifics No Terms of Service on site

Merchant Readiness Score

Clinical Legitimacy

LegitScript Certification

Subscription Billing UX

Marketing Compliance

Documentation & Policies

Where should we send your report?

Dimension Breakdown