- Healthcare paid search certification is category-specific: online pharmacy, telemedicine, addiction services, health insurance, and pharmaceutical manufacturer each have their own certification track.
- LegitScript is the cross-platform standard, accepted by Google, Microsoft, Meta, LinkedIn, TikTok, and Netflix.
- Microsoft Advertising additionally accepts NABP accreditation as an alternative path for pharmacy advertisers.
- Content rules apply on top of certification: no unsupported clinical claims, no direct health targeting language like "your condition" or "your symptoms", no comparative drug claims.
- Google reintroduced limited HCP targeting in May 2025 via Customer Match and remarketing, restoring B2B health advertiser access while keeping consumer-side targeting tightly restricted.
- For the legal context see pixels, HIPAA, and the HHS; for a working example of compliant healthcare paid search at scale see our Bicycle Health case study; for the identity-loss context see the cookieless future for digital health ads.
9 min read · Pillar: Digital Health Performance Marketing
Paid search on Google and Microsoft is the highest-intent acquisition channel in healthcare, and it is also the most heavily policed. With eMarketer projecting US healthcare and pharma digital ad spend to reach $26 billion in 2026, the regulated nature of these channels is no longer a fringe concern. Every category that touches a patient, a prescription, or a clinical claim now sits inside a certification and verification regime that has tightened year over year since 2023.
The platforms do not publish a single master rulebook. Requirements vary by service type (online pharmacy, telemedicine, addiction treatment, health insurance, pharmaceutical manufacturer), by country, and by who the ad is targeting (consumer vs. licensed healthcare professional). The result is a moving compliance surface that disapprovals and suspensions land on without warning.
This guide is the working reference for how the two major search platforms regulate healthcare advertisers right now, what the standard certifications cost in time and effort, and where the policy edges have shifted most recently.
distinct certification programs Google operates across health verticals
major ad platforms that accept LegitScript as their health credential
share of US healthcare and pharma ad spend going to digital in 2025
projected US healthcare digital ad spend in 2026
What Google Ads requires from healthcare advertisers
Google’s Healthcare and Medicines policy is structured as a category framework. Different products and services map to different certification programs, and an advertiser may need more than one if their offering spans categories.
Certification by category
The active certifications most healthcare advertisers run into:
- Online pharmacies, telemedicine providers, and addiction treatment services must hold LegitScript certification before serving ads. The application is paid, runs on annual renewal, and requires evidence of licensure, professional credentials, and lawful operation in every jurisdiction served.
- Health insurance advertisers in the United States must hold G2 certification through Google’s health insurance program for that category.
- Pharmaceutical manufacturers serving prescription or over-the-counter drug ads must hold a separate Google manufacturer certification, granted on a country-by-country basis.
- Advertisers personalizing ads with restricted drug terms need an additional restricted drug terms certification covering compliance with state, federal, and self-regulatory standards.
Certification is the entry ticket, not the finish line. Even a fully certified advertiser is still subject to the platform’s content rules on every ad and landing page.
Content rules that apply regardless of certification
- No unsupported clinical or efficacy claims in ad copy or on the landing page
- No promotion of unsafe, unapproved, or recalled products
- No personalization that implies knowledge of a user’s health condition (banned phrases include “your condition”, “you may be suffering from”, “your symptoms”)
- No comparative claims against named competing drugs or treatments without supporting evidence
- No targeting of consumers in sensitive demographic categories for restricted health topics
Recent policy shifts worth knowing
Google has moved on three meaningful fronts in the most recent policy cycle:
- Limited HCP targeting reintroduced (May 2025). Eligible B2B health advertisers can again use Customer Match and remarketing to reach licensed healthcare professionals in their professional capacity. Consumer-side health targeting remains tightly restricted, so creative and landing pages need to be segmented to keep B2B campaigns from leaking into consumer placements.
- Healthcare and Medicines policy update (July 2025). Refinements to how restricted drug term advertising works, including the new certification path for personalized ads.
- Further update (October 2025). Additional clarifications on which categories qualify under which certification program.
- Regulatory context (June 2024). Separately from platform policy, the AHA v. Becerra court ruling vacated key parts of HHS’s March 2024 online tracking guidance, reshaping what tracking healthcare advertisers may legally deploy alongside the platform-level certification rules above.
What Microsoft Advertising requires from healthcare advertisers
Microsoft’s Pharmacy and Health Care policy tracks closely to Google’s framework, with a few key differences in how credentials are accepted.
Accepted certifications
- Pharmacy and prescription drug advertisers need either LegitScript certification or NABP (National Association of Boards of Pharmacy) accreditation. Microsoft is one of the few major platforms that accepts NABP as an alternative path, which can matter for brick-and-mortar pharmacies already accredited through that route.
- Telemedicine, addiction services, and online pharmacy categories generally require LegitScript, in line with the cross-platform standard.
- Health insurance advertisers are subject to category-specific verification depending on the country and product line.
Same content rules, slightly different enforcement
Microsoft’s content rules are substantially aligned with Google’s, including the bans on direct health targeting language, unsupported claims, and personalization that implies medical knowledge of the user. Enforcement timelines differ, and Microsoft’s reviewer queue typically responds faster to clarification requests than Google’s certification queue, which can be an advantage when fixing a disapproval mid-flight.
Without certification and policy fit
- Ads disapproved at the keyword, creative, or landing-page level with no detailed reason
- Account-level suspensions that wipe out audience learning and require a fresh certification cycle to recover
- Lost ramp time during peak enrollment or seasonal acquisition windows
- Compliance risk that compounds across paid social, programmatic, and email channels
With certification and policy fit
- Eligible to scale across both major search platforms with predictable approvals
- Access to the limited HCP targeting B2B health advertisers regained in 2025
- A durable account history that survives platform policy refreshes
- Foundation for the rest of the compliance stack: server-side attribution, BAA-covered martech, consented audience building
The compliance audit every healthcare advertiser should run
Before launching or scaling on either platform, walk through this checklist. The yes-or-no answers tell you whether you are operating inside the current rule set or running on borrowed time.
- ✓Do we hold the right certification (LegitScript, G2, NABP, or pharmaceutical manufacturer) for every service category we advertise?
- ✓Have we documented our pharmaceutical licenses, state authorizations, and professional credentials so verification renewals do not stall ramp?
- ✗Does any active ad copy use phrasing like “your condition”, “your symptoms”, or “you may be suffering from”?
- ✗Are HCP-targeted creatives or landing pages reachable by consumer audiences through poorly segmented campaigns?
- ✓Is every landing page free of unsupported efficacy claims, comparative drug claims, and unapproved indication language?
- ✓Are we routing conversion events through a HIPAA-compliant server-side stack rather than browser pixels on patient pages?
The bigger picture
The platform policy story and the HIPAA tracking story are converging. Google and Microsoft are tightening who is allowed to advertise; HHS and the courts are tightening what tracking can fire when that advertiser sends a click to a patient-facing page. The advertisers that ramp fastest in 2026 are the ones who treat both layers as one compliance program, not two adjacent projects.
The legal history of pixel-tracking enforcement is covered in depth in pixels, HIPAA, and the HHS. The identity-loss context for why first-party data has become central to healthcare paid media is in the cookieless future for digital health ads. For a working example of a behavioral health brand running compliant paid search at scale, see our Bicycle Health case study, which nearly doubled lead volume with double-digit declines in cost per lead while staying inside the compliance envelope.
A note on AI search and long-term visibility
AI Overviews and large-language-model search assistants are increasingly the layer answering “what does Google require to advertise a telehealth service” before a user ever clicks a result. Pages structured with clear category breakouts, accurate certification names, and dated policy references are the ones cited. Healthcare brands that maintain authoritative, evergreen reference pages on their own site are building a moat that survives every quarterly platform update.
Matchnode runs healthcare paid media programs across Google Ads, Microsoft Advertising, and the broader paid social landscape. For the cross-platform planning side, see our more ad platforms service overview, and for the social-channel companion strategy see paid social services.
