What LegitScript, HIPAA, and Platform Policies Actually Require from Your Rehab Marketing

Since 2017, Google has required LegitScript certification for any addiction treatment center running Google Ads. Meta followed with similar requirements. Without certification, your paid advertising options on the two largest platforms simply don't exist.

LegitScript evaluates treatment facilities across multiple domains:

• Licensing verification — confirming valid state licenses for all locations and service types advertised
• Clinical standards — reviewing treatment protocols, staff credentials, and patient care practices
• Marketing claims audit — examining all advertising materials, website content, and testimonials for accuracy
• Business practices review — assessing billing transparency, patient brokering policies, and referral relationships

The certification process typically takes 4-8 weeks and costs between $950 and $2,500 annually depending on facility size and service scope. Expect detailed documentation requests covering clinical protocols, staff licensure, and marketing materials.

Critical consideration: LegitScript certification is not a one-time event. The organization conducts ongoing monitoring and can revoke certification for policy violations discovered after approval. Marketing content changes should be reviewed against LegitScript standards before publication.

This is educational information, not legal advice. Verify current certification requirements directly with LegitScript and platform representatives.

Many treatment centers understand HIPAA protections for clinical records but miss where these rules intersect with digital marketing. The moment a prospective patient submits information through your website, HIPAA considerations begin.

Digital touchpoints requiring HIPAA attention:

• Contact forms and chat widgets — any form collecting health information needs encryption and proper data handling protocols
• Analytics and tracking pixels — Meta Pixel, Google Analytics, and remarketing tags can create PHI exposure when combined with IP addresses and health-seeking behavior
• Call tracking systems — recorded calls discussing treatment needs constitute PHI and require compliant storage
• Email marketing platforms — sending health-related communications requires HIPAA-compliant email services with proper BAAs
• CRM and lead management — storing prospect information that includes health details requires compliant systems

The 2022 HHS guidance on tracking technologies clarified that IP addresses combined with health information constitute PHI. This means standard analytics implementations on treatment center websites may create compliance exposure.

Practical implications: Review your analytics setup, remarketing pixel placement, and third-party integrations. Many standard marketing tools require configuration changes or HIPAA-compliant alternatives in healthcare contexts.

Consult with a healthcare privacy attorney for facility-specific guidance on digital marketing compliance.

While HIPAA provides baseline patient privacy protections, 42 CFR Part 2 imposes additional confidentiality requirements specific to substance use disorder treatment records. These rules directly affect what you can do with patient information in marketing contexts.

Key distinctions from HIPAA:

• Consent requirements — 42 CFR Part 2 requires written patient consent for most disclosures, even when HIPAA would permit them
• Re-disclosure prohibitions — recipients of Part 2 information cannot redisclose it, which affects testimonial usage and referral documentation
• Criminal penalties — violations can result in fines up to $500 for first offenses and up to $5,000 for subsequent violations, plus potential criminal prosecution

Marketing implications:

Patient testimonials require careful handling. Even with written consent, the format and distribution of testimonials must comply with Part 2 restrictions. Video testimonials posted publicly may create re-disclosure risks if they identify the individual as receiving substance abuse treatment.

Alumni programs and success story campaigns need structured consent processes that address both initial disclosure and potential re-disclosure scenarios. Generic testimonials that don't identify individuals as treatment recipients present lower compliance risk.

The 2020 CARES Act aligned some Part 2 provisions with HIPAA, but significant distinctions remain. The Substance Abuse and Mental Health Services Administration (SAMHSA) provides updated guidance on Part 2 requirements.

Part 2 compliance requires legal counsel familiar with substance abuse treatment regulations in your jurisdiction.

The Federal Trade Commission regulates advertising claims across industries, but addiction treatment marketing receives particular scrutiny given the vulnerable population involved. Understanding FTC standards prevents costly enforcement actions and reputational damage.

Claims requiring substantiation:

• Success rates — claiming specific cure rates, sobriety percentages, or outcome statistics requires rigorous scientific evidence
• Treatment superiority — comparing your facility favorably to others requires documentation supporting the comparison
• Endorsements and testimonials — results depicted must represent typical outcomes, or clear disclosure of atypical results is required
• Professional credentials — staff qualifications and facility accreditations must be accurate and current

Common compliance failures in rehab marketing:

Testimonials are the most frequent problem area. A former patient claiming "this program saved my life and I've been sober for five years" implies outcomes that may not be typical. The FTC requires either substantiation that such results are representative or clear disclosure that results vary.

Before-and-after narratives in video content face similar scrutiny. The transformation depicted must reflect typical patient experiences, or the content must include appropriate disclaimers.

Practical guidance: Review all marketing claims through the lens of "can we prove this is typical?" When in doubt, add clear disclaimers such as "Results vary. Addiction recovery depends on individual circumstances and commitment to treatment."

The FTC provides industry-specific guidance for health-related advertising claims. Legal review of marketing materials is advisable.

Beyond LegitScript certification, Google and Meta maintain their own policies governing addiction treatment advertising. These platform-specific rules affect targeting options, landing page requirements, and ad content restrictions.

Google Ads addiction treatment policies:

• Targeting restrictions — limited audience targeting options compared to other industries; no remarketing to users who visited treatment-related pages
• Landing page requirements — must direct to the certified treatment center's website; no lead aggregator or referral pages
• Ad content standards — cannot use crisis language, guarantee outcomes, or employ high-pressure tactics
• Geographic targeting — country-specific certification requirements apply

Meta (Facebook/Instagram) addiction treatment policies:

• Special Ad Category — addiction treatment ads may fall under housing/credit restrictions in some contexts
• Certification display — LegitScript certification may need visible display on landing pages
• Audience limitations — restricted custom and lookalike audience options

Policy enforcement realities:

Both platforms use automated systems plus human review. Accounts can be suspended for policy violations, sometimes without clear explanation. Appeals processes exist but can take weeks. Maintaining backup advertising channels and diversified marketing strategies reduces single-platform dependency.

Policy updates occur without advance notice. Campaigns approved previously may be disapproved under updated guidelines. Regular policy review and maintaining relationships with platform representatives helps navigate changes.

For a comprehensive approach to navigating these requirements, explore our guide on building a regulation-aligned rehab SEO campaign.

Federal regulations establish baseline requirements, but state licensing boards frequently impose additional marketing restrictions. These vary significantly by jurisdiction and can be more restrictive than federal standards.

Common state-level restrictions:

• Testimonial limitations — some states prohibit or heavily restrict patient testimonials in treatment center advertising
• Outcome claim restrictions — state-specific rules on claiming success rates or treatment efficacy
• Referral and patient brokering rules — regulations on compensation for patient referrals vary dramatically by state
• Required disclosures — mandatory disclosure language about licensing, insurance coverage, or patient rights
• Advertising pre-approval — some states require review of advertising materials before publication

High-scrutiny states:

Florida, California, and Arizona have implemented particularly detailed regulations following industry concerns. Florida's Patient Brokering Act, for example, affects referral relationships and marketing partnerships common in the treatment industry.

Multi-state operations:

Treatment centers operating across multiple states face the most complex compliance landscape. Marketing materials acceptable in one state may violate rules in another. Facilities accepting patients from other states may need to comply with both originating and receiving state requirements.

Practical steps: Identify all state jurisdictions relevant to your marketing reach. Request current advertising guidelines from each state licensing board. Update your compliance review process whenever regulations change or you expand to new markets.

State regulations change frequently. Maintain relationships with healthcare attorneys in each relevant jurisdiction for current guidance.