What certifications does Google require to run healthcare ads?

The certifications required depend on the healthcare category. Addiction treatment and behavioral health providers need LegitScript certification, which Google has required since 2018. Health insurance advertisers in the US must complete a separate Google certification process. Pharmacy and prescription drug advertisers need NABP or equivalent certification. For most telehealth, digital therapeutics, and general healthcare service advertisers, no separate certification is required beyond standard advertiser verification, but ads must still comply with content and landing page policies. Certification unlocks restricted inventory; without it, ads in affected categories are disapproved regardless of content quality.

Does Microsoft Advertising require the same healthcare certifications as Google Ads?

Yes, since March 2024, Microsoft Advertising aligned its health and pharmacy policies with Google Ads. This means advertisers need equivalent certifications to run health-related campaigns on Microsoft, including LegitScript for addiction treatment providers and equivalent verification for pharmacy and health insurance advertisers. The practical implication is that healthcare brands already certified on Google can typically activate Microsoft Ads with relatively low incremental compliance overhead, since the policy frameworks now mirror each other.

What is Google's Personalized Advertising policy and how does it affect healthcare advertisers?

Google's Personalized Advertising policy prohibits serving ads based on sensitive personal attributes, including specific health conditions, mental health status, reproductive health, and substance use. For healthcare advertisers, this means you cannot target users based on inferred or explicit health conditions, even if you are trying to help those users access care. The practical impact is that healthcare paid search campaigns should rely on keyword intent and geographic targeting rather than audience-based personalization. This restriction applies to both the targeting setup and the ad copy itself.

What does compliant conversion tracking look like for healthcare Google Ads?

Compliant Google Ads conversion tracking for healthcare brands requires server-side event passing through Google Enhanced Conversions, routed through a HIPAA-compliant Customer Data Platform that filters Protected Health Information before any data reaches Google's servers. Standard Google Tag Manager deployments on patient-facing pages are not compliant post-HHS guidance, because URL paths on scheduling and condition-specific pages can carry health signals to third parties without a Business Associate Agreement. At Matchnode, we implement this server-side pipeline for every digital health client before campaigns go live, with the architecture documented for legal review.

What changed in Google's healthcare advertising policies in 2026?

Two significant changes took effect in 2026. First, Google reintroduced limited healthcare professional targeting for eligible B2B health advertisers, allowing certain medical device manufacturers and professional service providers to reach clinical audiences more directly. Second, Google tightened Google Shopping eligibility for subscription-based healthcare offerings, requiring additional documentation for brands selling health subscriptions through Shopping campaigns. These changes sit on top of the 2024 alignment with HHS guidance on pixel tracking, which established that standard browser-based conversion pixels on patient-facing pages require a Business Associate Agreement to remain HIPAA-compliant.

Google Ads and Microsoft Health Advertising Policies

TL;DRGoogle Ads and Microsoft Advertising require healthcare brands to complete platform certification before running health-related campaigns, and both platforms now align their policies under the same compliance framework. For digital health marketers, this means understanding four overlapping requirements: certification eligibility, content restrictions, landing page standards, and server-side tracking compliance post-HHS guidance. Getting one wrong means disapprovals, account suspensions, or HIPAA exposure. Last reviewed May 2026.

9 min read · Pillar: Digital Health Performance Marketing

Paid search on Google and Microsoft is the highest-intent acquisition channel in healthcare, and it is also the most heavily policed. With eMarketer projecting US healthcare and pharma digital ad spend to reach $26 billion in 2026, the regulated nature of these channels is no longer a fringe concern. Every category that touches a patient, a prescription, or a clinical claim now sits inside a certification and verification regime that has tightened year over year since 2023.

The platforms do not publish a single master rulebook. Requirements vary by service type (online pharmacy, telemedicine, addiction treatment, health insurance, pharmaceutical manufacturer), by country, and by who the ad is targeting (consumer vs. licensed healthcare professional). The result is a moving compliance surface that disapprovals and suspensions land on without warning.

This guide is the working reference for how the two major search platforms regulate healthcare advertisers right now, what the standard certifications cost in time and effort, and where the policy edges have shifted most recently.

distinct certification programs Google operates across health verticals

major ad platforms that accept LegitScript as their health credential

May ’25

Google reintroduced limited healthcare professional targeting via Customer Match for eligible B2B advertisers

2 reviews

Google review and Microsoft review are not the same team; cross-platform parity should never be assumed

What Google Ads requires from healthcare advertisers

Google’s Healthcare and Medicines policy is structured as a category framework. Different products and services map to different certification programs, and an advertiser may need more than one if their offering spans categories.

Certification by category

The active certifications most healthcare advertisers run into:

Online pharmacies, telemedicine providers, and addiction treatment services must hold LegitScript certification before serving ads. The application is paid, runs on annual renewal, and requires evidence of licensure, professional credentials, and lawful operation in every jurisdiction served.
Health insurance advertisers in the United States must hold G2 certification through Google’s health insurance program for that category.
Pharmaceutical manufacturers serving prescription or over-the-counter drug ads must hold a separate Google manufacturer certification, granted on a country-by-country basis.
Advertisers personalizing ads with restricted drug terms need an additional restricted drug terms certification covering compliance with state, federal, and self-regulatory standards.

Certification is the entry ticket, not the finish line. Even a fully certified advertiser is still subject to the platform’s content rules on every ad and landing page.

Content rules that apply regardless of certification

No unsupported clinical or efficacy claims in ad copy or on the landing page
No promotion of unsafe, unapproved, or recalled products
No personalization that implies knowledge of a user’s health condition (banned phrases include “your condition”, “you may be suffering from”, “your symptoms”)
No comparative claims against named competing drugs or treatments without supporting evidence
No targeting of consumers in sensitive demographic categories for restricted health topics

Recent policy shifts worth knowing

Google has moved on three meaningful fronts in the most recent policy cycle:

Limited HCP targeting reintroduced (May 2025). Eligible B2B health advertisers can again use Customer Match and remarketing to reach licensed healthcare professionals in their professional capacity. Consumer-side health targeting remains tightly restricted, so creative and landing pages need to be segmented to keep B2B campaigns from leaking into consumer placements.
Healthcare and Medicines policy update (July 2025). Refinements to how restricted drug term advertising works, including the new certification path for personalized ads.
Further update (October 2025). Additional clarifications on which categories qualify under which certification program.
Regulatory context (June 2024). Separately from platform policy, the AHA v. Becerra court ruling vacated key parts of HHS’s March 2024 online tracking guidance, reshaping what tracking healthcare advertisers may legally deploy alongside the platform-level certification rules above.

What Microsoft Advertising requires from healthcare advertisers

Microsoft’s Pharmacy and Health Care policy tracks closely to Google’s framework, with a few key differences in how credentials are accepted.

Accepted certifications

Pharmacy and prescription drug advertisers need either LegitScript certification or NABP (National Association of Boards of Pharmacy) accreditation. Microsoft is one of the few major platforms that accepts NABP as an alternative path, which can matter for brick-and-mortar pharmacies already accredited through that route.
Telemedicine, addiction services, and online pharmacy categories generally require LegitScript, in line with the cross-platform standard.
Health insurance advertisers are subject to category-specific verification depending on the country and product line.

Same content rules, slightly different enforcement

Microsoft’s content rules are substantially aligned with Google’s, including the bans on direct health targeting language, unsupported claims, and personalization that implies medical knowledge of the user. Enforcement timelines differ, and Microsoft’s reviewer queue typically responds faster to clarification requests than Google’s certification queue, which can be an advantage when fixing a disapproval mid-flight.

Without certification and policy fit

Ads disapproved at the keyword, creative, or landing-page level with no detailed reason
Account-level suspensions that wipe out audience learning and require a fresh certification cycle to recover
Lost ramp time during peak enrollment or seasonal acquisition windows
Compliance risk that compounds across paid social, programmatic, and email channels

With certification and policy fit

Eligible to scale across both major search platforms with predictable approvals
Access to the limited HCP targeting B2B health advertisers regained in 2025
A durable account history that survives platform policy refreshes
Foundation for the rest of the compliance stack: server-side attribution, BAA-covered martech, consented audience building

Layer 1

Business certification (LegitScript)

Layer 2

Platform verification (Google, Microsoft)

Layer 3

Ad copy and landing-page rules

Layer 4

Tracking infrastructure (server-side)

The compliance audit every healthcare advertiser should run

Before launching or scaling on either platform, walk through this checklist. The yes-or-no answers tell you whether you are operating inside the current rule set or running on borrowed time.

✓Do we hold the right certification (LegitScript, G2, NABP, or pharmaceutical manufacturer) for every service category we advertise?
✓Have we documented our pharmaceutical licenses, state authorizations, and professional credentials so verification renewals do not stall ramp?
✗Does any active ad copy use phrasing like “your condition”, “your symptoms”, or “you may be suffering from”?
✗Are HCP-targeted creatives or landing pages reachable by consumer audiences through poorly segmented campaigns?
✓Is every landing page free of unsupported efficacy claims, comparative drug claims, and unapproved indication language?
✓Are we routing conversion events through a HIPAA-compliant server-side stack rather than browser pixels on patient pages?

Why the Policy Layer and the Tracking Layer Now Move Together

The platform policy story and the HIPAA tracking story are converging. Google and Microsoft are tightening who is allowed to advertise; HHS and the courts are tightening what tracking can fire when that advertiser sends a click to a patient-facing page. The advertisers that ramp fastest in 2026 are the ones who treat both layers as one compliance program, not two adjacent projects.

The legal history of pixel-tracking enforcement is covered in depth in pixels, HIPAA, and the HHS. The identity-loss context for why first-party data has become central to healthcare paid media is in the cookieless future for digital health ads. For a working example of a behavioral health brand running compliant paid search at scale, see our Bicycle Health case study, which nearly doubled lead volume with double-digit declines in cost per lead while staying inside the compliance envelope.

How AI Search Treats Healthcare Paid-Search Policy

AI Overviews and large-language-model search assistants are increasingly the layer answering “what does Google require to advertise a telehealth service” before a user ever clicks a result. Pages structured with clear category breakouts, accurate certification names, and dated policy references are the ones cited. Healthcare brands that maintain authoritative, evergreen reference pages on their own site are building a moat that survives every quarterly platform update.

Matchnode runs healthcare paid media programs across Google Ads, Microsoft Advertising, and the broader paid social landscape. For the cross-platform planning side, see our more ad platforms service overview, and for the social-channel companion strategy see paid social services.

Episode 8

The Ad Platforms – Meta, Google, and Beyond

PODCAST LISTEN NOW →

For the longer treatment, see Marketing Digital Health on Amazon.