Building a GLP-1 Telehealth Platform: What You Need to Know
Summarize this article instantly with:
ChatGPT 
Perplexity 
Grok GLP-1 telehealth companies have received more warning letters from the FDA between September 2025 & March 2026 than they had in the entire previous decade. Hit for false claims or unauthorized drug marketing, over 30 of these 70 platforms got the letters in a single day on March 3, 2026.
Things got more interesting when Novo Nordisk sued Hims & Hers following the latter’s launch of a $49 compounded semaglutide pill. However, Novo Nordisk dropped the lawsuit quickly, with Hims agreeing not to advertise compounded GLP-1s. Instead, it switched to selling branded Ozempic and Wegovy.
Skip to April 1, the FDA approved Eli Lilly’s oral weight-loss pill Foundayo (orforglipron), eliminating one of the last reasons for anyone still making the case for compounded alternatives.
That said, it’s apparent that the era of compounding loopholes is over. But the market, which is worth $50 billion (& growing) itself, still needs good software. The platforms that actually make it will certainly be the ones built on real compliance foundations, not regulatory workarounds.
This guide takes you through what it really takes to build one such platform today. More than just the glossy features overview, we’ll discuss the compliance-first version.
What the Regulatory Landscape Looks Like Right Now
Building in 2026? You’re getting yourself into a regulatory environment that has changed more in six months than it did in five years.
FDA: Active Enforcement Mode
The FDA has suddenly gone from a comparatively hands-off approach to quite aggressive, introducing a few turning points. Here’s the key timeline:
| Date | Action | Impact |
|---|---|---|
| Feb 2025 | Semaglutide shortage declared resolved | Compounders given 60-90 day wind-down |
| Sept 2025 | First wave of warning letters begins | Telehealth platforms marketing compounded GLP-1s targeted |
| Feb 2026 | FDA refers Hims to DOJ | Signal that enforcement includes major public companies |
| March 2026 | 30 warning letters in single batch | Commissioner Makary: more letters in 6 months than previous decade |
| April 2026 | Compounding policy clarified, Foundayo approved | Compounders must stop “essentially copies”; oral alternative now available |
The semaglutide shortage was declared resolved in early 2025, which gave compounders not a long enough wind-down window. Next came the warning letters that rolled in through the fall.
By February 2026, the FDA was already referring cases to the DOJ, including Hims, clearly signalling towards the fact that nobody is big enough to be in the crosshairs.
All this made one thing clear: your platform cannot help sell or market compounded GLP-1 medications. No more gray area. What you can do is support legitimate prescribing of FDA-approved branded medications — Ozempic, Wegovy, Mounjaro, Zepbound, and now Foundayo — through licensed providers with patient relationships that actually exist.
DEA: The December 31 Deadline
The not-so-lenient Ryan Haight Act rules don’t apply to semaglutide or tirzepatide, as GLP-1 drugs themselves aren’t controlled substances. However, if your platform is involved with medications like phentermine or topiramate, you have to pay attention.
The pandemic-era telehealth flexibilities that let you prescribe controlled substances without an in-person visit are going through the last of their fourth one-year extension, which is set to expire on December 31, 2026.
While permanent rules are yet to be finalized, it’s safe to assume that they will now require video visits instead of only phone calls, identity verification before the first consultation, as well as legit documents to show that a real medical evaluation was done.
State Medical Boards: The Real Compliance Burden
If federal rules are the floor, state rules are the ceiling. And undoubtedly, state compliance is where most platforms get caught up.
| State | Key Requirements | CPOM Enforcement | Notes |
|---|---|---|---|
| California | Physician must be licensed in CA; telehealth consent required; medical records retention 7 years | Strict — Business and Professions Code §2400 | Actively investigating MSO-PC structures in digital weight-loss |
| Texas | Texas Medical Board registration required; initial visit can be telehealth; prescriber must be TX-licensed | Strict — Texas Occupations Code §164.052 | Scrutinizing revenue-sharing between MSOs and PCs |
| New York | Provider must be NY-licensed OR have limited permit; informed consent documented | Moderate-Strict | Department of Health reviewing telehealth prescribing practices |
| Florida | Telehealth-friendly; provider must be FL-licensed; standard of care applies | Moderate | Less CPOM scrutiny but active pharmacy board enforcement |
| Illinois | Licensed in IL or hold telehealth license; in-person not required for initial consult | Moderate | Relatively permissive but evolving |
Every state has different regulations. California, Texas, and New York are among the stricter ones needing physicians to be licensed in-state, documented telehealth consent, and you’ll find regulators proactively scrutinizing how your platforms are structured.
While Florida stands out as more friendly, it has an active pharmacy board enforcement. Illinois is relatively permissive, but it’s evolving.
What you essentially need to understand is that your platform must be aware of your patient’s location and comply with their state’s rules properly.
The MSO-PC Structure: What Tech Founders Need to Understand
Quite a few first-timers in the healthcare industry are caught off guard upon learning that in most states, a regular tech company can’t employ doctors or practice medicine. It’s called the Corporate Practice of Medicine doctrine, and it’s a solid legal constraint.
The standard workaround is a two-entity structure:
- The MSO (Management Services Organization) — make that your tech company. It is supposed to run the platform, handle marketing, billing, and patient acquisition.
- The PC (Professional Corporation) — this should be an entirely separate entity owned by a licensed physician. Use this to employ or contract the actual providers as well as make all clinical decisions.
Connect these two through a Management Services Agreement, where the MSO provides technology and admin support to the PC in exchange for a fee.
Where Platforms Get in Trouble
While this works quite well for now, it’s important to note that the regulators in California, Texas, and New York are increasingly looking past the paperwork to ask who’s really in charge.
So you might have a problem if your software is responsible for supervising prescriptions, if management fees are tied to revenue in a way that it seems like fee-splitting, or if the physician-owner of the PC is no more than a figurehead.
But your platform needs to enforce this boundary in code. Practically speaking, this means clinical decisions, prescribing protocols, and provider credentialing should be configured only through the PC, and not hard-coded by your engineering team. Make sure to use role-based access control to separate clinical administration from business operations.
Let's Start Your Project Today
Ready to build your GLP-1 Telehealth Platform with us? Reach out now – our experts are just one click away.
Technical Architecture: What a GLP-1 Telehealth Platform Actually Requires
This is the part a lot of guides look over because feature lists are fun but architecture is work. A good GLP-1 platform needs to have all of this under the hood:
Layer 1: Patient Intake and Clinical Assessment
What it does: This is where patients share their health history, get screened for contraindications (things like thyroid cancer history or pancreatitis that would make GLP-1s inappropriate), and build a relationship with a provider.
Technical requirements:
- HIPAA-compliant forms with PHI encryption at rest and in transit
- BMI calculator with clinical threshold logic
- Medication interaction screening via a drug interaction database like First Databank or Medi-Span
- Insurance eligibility checks
- Identity verification for controlled substance protocols
- State-specific consent forms served based on patient location
Architecture note: But here comes the most important architectural decision: you need to build your state compliance logic as a rules engine, instead of hardcoded if/else statements.
A patient’s location decides which consent form they see, the providers they can meet, and the prescribing rules that apply. So, you cannot push code every time there’s an update to the consent requirements since these rules change over time.
Layer 2: Telehealth Consultation and Prescribing
What it does: This is where the video visit, clinical notes, and the prescription come in.
Technical requirements:
- WebRTC-based video
- Structured clinical documentation (SOAP notes)
- E-prescribing through the NCPDP SCRIPT standard
- Surescripts network integration to route prescriptions to pharmacies — getting certified directly runs $50,000–$80,000 and can take 3–6 months; most startups go through an intermediary like DrFirst or DoseSpot instead — plan on $15,000–$30,000 and 2–4 months
- Electronic Prescribing for Controlled Substances (EPCS) functionality if handling controlled substance prescriptions, with its own DEA-mandated two-factor authentication requirements
Architecture note: That last part is a bigger lift than most people expect. Either way, we recommend budgeting for it early or it can become a real bottleneck.
Layer 3: Treatment Management and Monitoring
What it does: Of course GLP-1 treatment isn’t a one-and-done prescription. For instance, Semaglutide begins at a smaller dose and titrates up eventually over 16–20 weeks. A platform will need to track where each patient is in that schedule, flag side effects that need clinical attention, and keep the providers aware.
Technical requirements:
- A dosing protocol engine
- Side effect reporting with escalation logic
- Lab integrations for things like A1C and thyroid function (via FHIR R4 APIs connecting to Quest, Labcorp, or an aggregator like Health Gorilla)
- Wearable/smart scale integrations through Apple HealthKit and Google Health Connect
Architecture note: One thing worth noting– if you’re collecting physiologic data — weight, blood pressure — from FDA-cleared devices on a regular basis, there’s a chance you qualify for Remote Patient Monitoring reimbursement under Medicare. The CPT codes are 99453, 99454, 99457, and 99458, and they need at least 16 days of data collection per month. It’s a good revenue stream that many GLP-1 platforms in the market are starting to work around.
All in all: this is certainly tougher to build than it was two years back. The regulatory environment is stricter, the compounding shortcuts are no longer there, and the technical requirements are greater. But the market is much bigger too and more durable than we’ve ever seen it be. Platforms built on solid compliance infrastructure — not loopholes — are the ones that will still be around in five years.
Layer 4: Pharmacy Network and Fulfillment
What it does: Routes prescriptions to appropriate pharmacies, handles prior authorization, and tracks fulfillment status.
Technical requirements:
- Pharmacy network integration is a must, as branded GLP-1 medications require specialty pharmacy or mail-order fulfillment in most cases
- Prior authorization automation via CoverMyMeds API or NCPDP ePA standard
Insurance formulary checking (is Wegovy on this patient’s plan? What tier? What’s the copay?) - Patient Assistance Program integration (Novo Nordisk and Lilly both offer savings programs, and your platform should surface these automatically)
- Prescription status tracking and patient notifications
- Refill management with adherence monitoring
Prior authorization is a big operational bottleneck. The majority of commercial insurance plans require prior authorization for GLP-1 medications. This process takes anywhere between a couple of days to weeks, with the initial rejection rate being as high as 50%.
Over 90% of commercial insurance plans require prior auth for GLP-1 medications. The process takes 2-14 days on average and has a 30-50% initial denial rate.
To improve your provider’s efficiency, you should build automated prior authorization submission features, such as pre-populating clinical data from the patient’s chart, attaching the required documentation, and routing to the correct payer portal.
Many competitors find prior authorization a difficult task. However, none of them explain how to build it. The workflow typically involves the following:
- Check payer-specific criteria (BMI thresholds, documented diet/exercise attempts, comorbidities)
- Auto-populate PA forms with data already in the patient chart
- Submit electronically via NCPDP ePA or payer-specific portal API
- Track status and handle peer-to-peer review scheduling if denied
- Auto-generate appeal documentation for initial denials
All this takes time — don’t expect it to be done in a day or two. You should budget at least $20,000-$35,000 for prior auth automation across the top 10 commercial payers.
This is certainly tougher to build than it was two years back. The regulatory environment is more strict, the compounding shortcuts are no longer there, and the technical requirements are greater. However, the market is much bigger, too, and growing.
Build a platform that complies with all the regulatory frameworks, and it will be around even after a few years.
What It Actually Costs to Build
No one actually provides the cost estimate to build a GLP-1 telehealth platform. Here’s what we see at Tech Exactly based on the architecture described above.
MVP Platform — $90,000–$160,000
Timeline: 4-7 months
Includes:
- Patient intake with state-specific compliance engine for at least 5 states
- Telehealth video consultation (WebRTC)
- E-prescribing integration via DrFirst or DoseSpot (not direct Surescripts)
- Basic treatment protocol management (semaglutide titration tracking)
- Provider dashboard with clinical documentation
- Patient mobile app (React Native or Flutter for cross-platform and savings)
- HIPAA-compliant infrastructure (AWS HIPAA-eligible services, encryption, audit logging). Check our security architecture guide for healthcare apps for what CTOs need to validate before going live
- Payment processor integration for DTC billing or Stripe integration
- Admin panel for user management and reporting
Does not include:
- Insurance billing, prior auth automation, RPM integration, AI features, direct Surescripts certification, and compliance for more than 5 states
Full Platform — $220,000–$380,000
Timeline: 8-14 months
Everything in MVP, plus:
- Insurance eligibility verification and claims submission
- Prior authorization automation for the top 10 payers
- RPM integration (smart scales, CGMs, wearables) with CMS reimbursement support
- Lab integration (Quest, Labcorp via Health Gorilla)
- Advanced dose management with medication interaction screening
- Multi-state compliance engine, for all 50 states
- AI-powered clinical decision support, with SaMD classification awareness
- Pharmacy network integration with fulfillment tracking
- Patient engagement automation, like check-ins and educational content
- Provider credentialing and state license management
- Analytics dashboard with clinical outcomes reporting
Cost Breakdown by Component
| Component | MVP Cost | Full Platform Cost | Timeline |
|---|---|---|---|
| Patient intake + compliance engine | $10,000–$18,000 | $25,000–$40,000 | 3-6 weeks |
| Telehealth video (WebRTC) | $12,000–$20,000 | $15,000–$25,000 | 4-6 weeks |
| E-prescribing integration | $15,000–$30,000 | $40,000–$80,000 | 6-12 weeks |
| Treatment management | $8,000–$15,000 | $20,000–$35,000 | 4-8 weeks |
| Patient mobile app | $15,000–$30,000 | $30,000–$50,000 | 6-10 weeks |
| Provider dashboard + admin | $10,000–$18,000 | $20,000–$35,000 | 4-8 weeks |
| HIPAA infrastructure + DevOps | $8,000–$15,000 | $15,000–$25,000 | 2-4 weeks |
| Insurance + prior auth | — | $20,000–$40,000 | 6-10 weeks |
| RPM + wearable integration | — | $15,000–$30,000 | 4-8 weeks |
| Lab integration | — | $10,000–$20,000 | 3-6 weeks |
| AI clinical decision support | — | $15,000–$30,000 | 4-8 weeks |
| QA + security testing | $12,000–$20,000 | $20,000–$35,000 | 4-6 weeks |
Ongoing Costs
| Item | Monthly Cost |
|---|---|
| HIPAA-compliant cloud hosting (AWS/GCP) | $1,500–$5,000 |
| E-prescribing platform fees (DrFirst/DoseSpot) | $500–$2,000 |
| Video infrastructure (Twilio, Vonage) | $300–$1,500 |
| Insurance verification APIs | $200–$800 |
| Lab integration fees | $200–$500 |
| Monitoring + security tools | $200–$500 |
| App maintenance | 15-20% of build cost annually |
AI Features: Where the FDA Line Gets Blurry
Every GLP-1 telehealth platform is racing to integrate AI. We are also seeing a huge push for chatbots for triage, doze optimization, and even predicting how patients will respond to treatment. Implementing these features is technically easy; it’s the regulatory classification that’s difficult to crack.
The FDA’s framework for Software as a Medical Device (SaMD) draws a line between clinical decision support and clinical decision making:
Not a medical device (lower risk):
- Chatbot that answers general questions about GLP-1 side effects using curated content
- Dashboard that displays patient weight trends and lab values
- Scheduling assistant that suggests follow-up appointment timing
- Educational content recommendation based on treatment phase
Potentially a medical device (requires regulatory strategy):
- Algorithm that recommends specific dose adjustments based on patient response data
- Predictive model that identifies patients at risk of adverse events
- Tool that screens patients for GLP-1 eligibility without physician review
- Any AI that clinicians rely on for treatment decisions without independent clinical judgment
The difference is important as FDA-regulated SaMD requires IEC 62304 software lifecycle compliance, design controls, and potentially a 510(k) submission. All of this easily adds $50,000-$150,000 to your budget and extends the development timeline by 6-18 months.
Be very clear about this: AI features in your GLP-1 telehealth platform should support clinical decisions, not make them. Its job will be to surface relevant information, highlight patterns, and flag anything of concern.
The physician will always be in the loop and make the final decisions. You should also document clearly that your telehealth system is designed as a clinical decision support tool, not a diagnostic or treatment tool.
If you need a bigger view of where autonomous AI is heading in clinical settings, our piece on agentic AI in healthcare provides more insight, right from decision support to autonomous systems.
Let's Start Your Project Today
Ready to build your GLP-1 Telehealth Platform with us? Reach out now – our experts are just one click away.
The Business Model After Compounding
Many businesses made easy money in GLP-1 telehealth by sourcing semaglutide from a compounding pharmacy for $50-$100/month and then charging patients $199-$399/month. That’s an easy $150 to $300 in profit.
This model is now dead, though. Instead, these models are replacing it:
Model 1: Branded Drug + Care Delivery (DTC)
Prescribe FDA-approved branded GLP-1s. Generate revenue from consultation fees ($50-$150/visit), monthly subscription for care management ($30-$80/month), and pharmacy partnerships. The margins are thinner than compounding, but this is sustainable and legally defensible.
Platform requirement: Strong patient engagement and retention features. When not competing on drug price, you compete on care quality. The platform becomes the product.
Model 2: Employer / Health Plan Partnerships (B2B)
Sign contracts with employers or insurers to provide weight-management programs. This wil help build a sustainable revenue per covered life. Pricing will be linked to outcomes. All the big contracts are here. Employers incur $1,800+ in additional annual healthcare costs per obese employee.
Platform requirement: Outcomes reporting, population health dashboards, claims integration, SOC 2 Type II certification. Employers and payers will not enter into a contract with a platform that can’t prove clinical and financial outcomes. The challenges of healthcare software development — data security, interoperability, regulatory compliance — are the bare essentials for winning enterprise deals.
Model 3: RPM + Chronic Care Management
Layer CMS-reimbursable RPM services (CPT 99453-99458) on top of the weight-management program. Collect physiologic data from connected devices. Bill Medicare/Medicaid for monitoring services. Revenue per patient: $60-$120/month from RPM alone, plus consultation fees.
Platform requirement: Full RPM infrastructure, connected device integration, clinical staff workflow for monitoring. While the most technically complex model, it generates the most defensible revenue.
Model 4: Pharma Partnership / Branded Platform
Partner with Novo Nordisk, Lilly, or their pharmacy benefit managers to operate a co-branded telehealth experience. Hims’ post-settlement agreement to sell branded Ozempic and Wegovy is an early version of this model.
Platform requirement: White-label capability, brand compliance tools, pharmacy network integration. The tech is easy; the business development is the hard part.
FTC Marketing Compliance: The Rules Most Platforms Ignore
The FDA handles drug safety and compliances. The FTC handles advertising. And they both are actively enforcing in the GLP-1 space.
Platform marketing rules that matter:
- No weight-loss guarantees. Period. You cannot make bold claims like “Lose 20% of your body weight.” This will require qualification with proven results. The FTC mandates that if your testimonials show exceptional results, you must disclose what typical users experience.
- No “affordable semaglutide” or “compounded Ozempic” language. It’s these terms that initially led FDA to send warning letters. Your platform cannot market compounded drugs by using the branded alternative as a reference.
- Clinical claims require evidence. Any health outcome claim must be backed by competent and reliable scientific evidence. “Our patients lose X pounds on average” requires actual data, not projections.
- Before-and-after photos need disclaimers. And the disclaimers need to include what typical results look like, not just “results may vary.”
You must build FTC compliance into your platform at the content management level. Create an approved content library with pre-screened language. This will help block user testimonials that make unsupported claims. This is a web application feature, not a legal afterthought, and it’s not that challenging
Build or Wait? A Decision Framework
Given that the regulations are still changing, some founders may be wondering if it’s too risky to build now. Here’s how to think about it:
Build now if:
- You’re targeting the branded drug + care delivery model (legally clear, growing market)
- You’re building for employer/health plan partnerships (long sales cycle. Start now to close in Q1 2027)
- You have clinical advisors who understand the MSO-PC structure
- You can budget for compliance-first architecture ($90K+ MVP, not $30K)
Wait if:
- Your business model depends on compounded GLP-1 medications (that window is closed)
- You plan to serve patients in all 50 states without a state-by-state compliance strategy
- You don’t have a physician partner for the PC entity
- You’re looking for a sub-$50K build (the compliance requirements make this impossible to do safely right now)
Regardless of timing:
- The DEA permanent telehealth rules dropping in H2 2026 will change prescribing requirements. Build for flexibility.
- Oral GLP-1 alternatives (Foundayo, others in pipeline) will shift the market from injectables. Your platform should support both delivery mechanisms.
- Insurance coverage for GLP-1s is expanding (Medicare, Medi-Cal). Platforms with insurance billing infrastructure will capture volume that DTC-only platforms can’t.
Ready to Build a GLP-1 Platform That Survives 2026?
The GLP-1 telehealth market is only going to get bigger. The FDA’s enforcement of rules only clears out the low-effort, hacky platforms. For founders who are actually building compliant platforms, the competitive landscape is actually getting less crowded.
At Tech Exactly, we build telemedicine platforms and healthcare applications for startups navigating exactly this kind of regulatory complexity. We’ve worked through HIPAA infrastructure, EHR integrations, and compliance-first architectures right from the get-go.
If you’re scoping a GLP-1 or weight-management telehealth platform, talk to us. We’ll give you an honest assessment of what it takes: technically, financially, and regulatorily.
Let's Start Your Project Today
Ready to build your GLP-1 Telehealth Platform with us? Reach out now – our experts are just one click away.
FAQs on Building a GLP-1 Telehealth Platform
An MVP with telehealth video, e-prescribing, and state compliance for 5 states costs $90,000–$160,000 and takes 4-7 months. A full platform with insurance billing, prior auth automation, RPM integration, and compliance for all 50 states will cost around $220,000–$380,000 over 8-14 months. Ongoing costs (hosting, API fees, maintenance) add $3,000–$10,000/month.
Not without some major risks. The FDA declared the semaglutide shortage resolved in February 2025, ended enforcement discretion for compounders, sent 70+ warning letters to telehealth platforms, and referred Hims & Hers to the DOJ. Semaglutide is patent-protected in the US until 2032. Building a platform around compounded GLP-1 distribution carries significant legal and regulatory risk.
In most states, you need a Management Services Organization (MSO) for the tech/business side and a separate Professional Corporation (PC) owned by a licensed physician for the clinical side. This structure satisfies the Corporate Practice of Medicine laws. States with strict CPOM enforcement — California, Texas, New York — are actively investigating digital weight-loss platforms, so getting the structure right is essential.
The platform itself typically doesn't. But AI features that make clinical recommendations — dose adjustments based on patient data, eligibility screening without physician oversight, adverse event prediction — may qualify as Software as a Medical Device (SaMD) under FDA's framework. Design AI features to support clinical decisions rather than make them, and consult regulatory counsel early if your product crosses into diagnostic or treatment territory.
GLP-1 drugs (semaglutide, tirzepatide) are not controlled substances, so the DEA telehealth rules don't directly affect GLP-1 prescribing. However, if your weight-management protocol includes controlled substances like phentermine, the permanent rules will apply. Build your platform with audio-video capability and identity verification regardless — the direction of regulation is toward stricter requirements, not looser ones.
State licensing and CPOM compliance. Federal rules get the headlines, but state medical board requirements determine where you can operate and how your corporate structure must work. A platform that's HIPAA-compliant but operates in California without proper MSO-PC separation is still a compliance violation waiting to happen.
