Medvi Proved the Demand. Now the Founders Who Own Pharmacies and Clinics Are About to Win.

By now you’ve probably seen the story.

One guy. $20,000. Two months. A stack of AI tools. No employees, no venture capital, no office. Just Matthew Gallagher in Los Angeles, building Medvi into a telehealth company that hit $401 million in sales in its first full year and is now on pace for $1.8 billion in 2026.

The tech press called it the fulfillment of Sam Altman’s prophecy — the solo billion-dollar company. Proof that AI has compressed the entire startup playbook into something one determined person can execute from their living room.

They’re not wrong. The New York Times verified the financials. The model is real. And the lesson for every operator paying attention is important: the demand for digital-first healthcare is enormous, and the window to capture it is open right now.

But there’s a second story inside the first one. And if you run a compounding pharmacy, own a med spa, manage a clinic network, or have physician partners who send patients your way, that second story is the one that actually matters to you.

What does Medvi’s $1.8 billion growth mean for pharmacy and clinic operators?

It means patient demand for digital-first healthcare delivery is massive and validated. But Medvi’s fully outsourced model — with no owned pharmacy relationships, physician networks, or compliance infrastructure — is already showing cracks through FDA warnings, vendor data breaches, and zero competitive moat. The real winners will be operators who already have clinic and pharmacy relationships and can launch their own platforms fast enough to capture the demand Medvi proved exists.

Key Takeaways

1. The demand is proven. Medvi went from zero to $401 million in one year selling digital-first healthcare. Patients will move when the experience is frictionless — the market is not theoretical.
2. The rented model is fragile. An FDA warning letter, a 1.6-million-patient data breach at a vendor, and active lawsuits all trace back to the same root cause: Medvi owns its brand but controls nothing underneath it.
3. Phase Two belongs to operators with real relationships. Founders who already have pharmacy partnerships, clinic networks, or physician relationships hold the durable assets Medvi can’t rent — and can launch compliant platforms in months, not years.

What Medvi Actually Built

Strip away the headlines and Medvi’s model is straightforward: a world-class marketing and customer acquisition engine wrapped entirely around other people’s infrastructure.

• Licensed physicians? Contracted through CareValidate and OpenLoop Health.
• Prescription processing? Outsourced.
• Pharmacy fulfillment and shipping? Outsourced.
• Compliance? Outsourced.

Gallagher owns the brand, the website, the ad creative, and the checkout flow. Everything underneath is rented.

As a growth playbook, it’s genuinely impressive. Concentrate entirely on acquiring customers. Let partners handle the expensive, heavily regulated infrastructure underneath. Move fast, iterate constantly, and post margins that make incumbents like Hims & Hers look bloated — Medvi claims a 16.2% net margin versus Hims’ 5.5%, with a fraction of a percent of the headcount.

But the same architecture that made Medvi fast is now the source of its biggest problems. And understanding those problems is where the real opportunity for pharmacy and clinic operators comes into focus.

When You Rent Everything, You Own Nothing

The FDA Warning

On February 20, 2026 — six weeks before the New York Times profile went live — the FDA sent Medvi a warning letter for misbranding the compounded medications it sells. The violations were straightforward: Medvi’s site implied it was the actual compounder of the semaglutide and tirzepatide generating all that revenue, and used language suggesting FDA approval where none exists.

Medvi didn’t compound anything. It never did. But because its pharmacy relationships are entirely outsourced, it inherited compliance exposure it had no real ability to control.

And Medvi wasn’t alone. In March 2026, the FDA issued similar warning letters to more than 30 telehealth companies for the same category of violations — misbranding compounded GLP-1 products and implying equivalence to FDA-approved drugs. A STAT News analysis found that at least 30% of those companies shared clinical affiliations with just four nationwide medical groups. This wasn’t a targeted investigation. It was a systemic problem with the rented-infrastructure model itself.

The Data Breach

Meanwhile, in January 2026, OpenLoop Health — the platform handling Medvi’s physician network and clinical workflows — suffered a data breach. A threat actor claimed to have exfiltrated records from approximately 1.6 million patients:

• names
• contact information
• dates of birth
• medical records

OpenLoop confirmed the breach to the Texas Attorney General and now faces multiple class action lawsuits. Medvi’s patients are among those affected, even though Medvi never directly handled their data.

The vulnerability goes deeper than any single incident. A class action complaint filed against OpenLoop and compounding pharmacy Triad Rx alleges that compounded oral tirzepatide tablets sold through the network have no scientifically demonstrated mechanism of absorption — and names Medvi as one of roughly a dozen nearly identical telehealth storefronts running on the same backend infrastructure.

The Structural Problem

This is the core issue with building on rented infrastructure in healthcare: you absorb your vendors’ risk without getting their control.

• When OpenLoop has a breach, Medvi has a breach.
• When a pharmacy partner makes a compliance error, it surfaces under your brand.
• When the regulatory environment shifts — as it is right now across the entire GLP-1 and compounding space — your ability to respond depends entirely on decisions made by organizations you don’t manage.
• And if OpenLoop gets acquired, pivots, or simply raises its rates tomorrow? You have limited leverage and no real alternative.

The Moat Problem

Medvi owns no proprietary relationships. No exclusive pharmacy access. No clinic network. No prescribers who are specifically invested in its success. A better-funded competitor can copy the marketing. A pharmacy can launch its own patient-facing brand. A telehealth platform can build its own consumer product. The business is defensible only as long as Gallagher’s marketing stays sharper than everyone else’s — and when you’re one of a dozen storefronts sharing the same backend, that’s a thin edge.

None of this makes Medvi a failure. It makes it Phase One.

Phase Two: How Compounding Pharmacy Owners Can Build What Medvi Couldn’t

Here is what Gallagher proved: patients will enthusiastically choose digital-first healthcare delivery when the experience is frictionless. The demand is real, it’s large, and it’s growing fast.

What he didn’t prove — and what the thin rented model can’t prove — is whether you can build something durable on top of it. Something that doesn’t evaporate when a vendor gets breached, a regulator sends a warning letter, or a competitor with deeper pockets runs the same playbook with a bigger ad budget.

What Durability Actually Looks Like

Durability in this market comes from relationships that can’t be rented:

• A compounding pharmacy partnership that gives you access to patient-specific formulations nobody else can fulfill the same way.
• A clinic network that trusts you enough to route their patients through your platform.
• Physicians who are partners or investors, not contractors shared across fifty other brands.

These aren’t things you can buy from OpenLoop or CareValidate. They take years to build and they’re nearly impossible to replicate quickly.

If you have any one of these, you’re already holding something Medvi spent hundreds of millions of marketing dollars trying to approximate — and still doesn’t fully have.

The question isn’t whether the opportunity is real. Gallagher answered that. The question is whether you can move fast enough to activate what you already have before someone without your relationships tries to build around you.

The Build Problem

Most pharmacy and clinic operators know they should have a platform. Most of them haven’t built one yet — not because the opportunity isn’t obvious, but because building a HIPAA-compliant telehealth platform from scratch is slow, expensive, and technically complicated in ways that have nothing to do with the healthcare problem you’re actually trying to solve.

Why Operators Get Stuck

Intake flows, physician review dashboards, pharmacy routing, patient portals, audit logging, business associate agreements, secure messaging — none of it is hard to understand and all of it is hard to build correctly under compliance requirements.

Most operators either get stuck in the build, hand it to a development team that’s never worked in healthcare, or spend eighteen months and significant capital before they have anything to show a patient.

Gallagher solved his version of this by outsourcing the hard parts entirely. The cost, as described above, is that his business is only as stable as his vendors.

The Alternative: Own the Platform, Not Just the Brand

The alternative is purpose-built infrastructure designed specifically for this build pattern. HIPAA-compliant components for the things that are the same across every telehealth build — intake, physician review, prescription routing, patient tracking, admin panels — built around your pharmacy and your clinic relationships, not someone else’s.

Owned by you at the application layer, so if a vendor relationship changes you’re updating an integration, not rebuilding your company.

That’s how a founder with an existing pharmacy relationship and a clinic network gets to market in three to four months instead of eighteen. Not because corners were cut, but because the compliant foundation was already built and waiting.

The Window Is Open Right Now

The GLP-1 and compounding markets are at an inflection point. The FDA is actively tightening enforcement — 30+ warning letters in a single month signal a regulatory posture that’s only going to intensify. Pricing pressure among generic platforms is already driving a race to the bottom.

And the gap between what patients can access through a Medvi-style storefront and what they can access through an operator who actually knows their clinical context — who has the right pharmacy relationship, the right physician oversight, the right niche expertise — is enormous and almost entirely uncaptured.

Medvi proved patients will move when the experience is good. What it couldn’t prove is whether they’ll stay, deepen the relationship, and refer others — because the rented model isn’t really designed to support that. You can’t build a real clinical relationship through a platform that shares your physician pool with fifty other brands and routes your prescriptions through someone else’s pharmacy.

Operators who own their pharmacy relationships and clinic networks can build that depth. They have the infrastructure to deliver something that looks less like a GLP-1 checkout flow and more like an actual healthcare practice with modern delivery on top of it.

Gallagher proved the demand is there. The founders who move in the next six to twelve months — with real clinic and pharmacy relationships and the right platform behind them — are the ones who will own the market when Phase Two shakes out.

Topflight Apps builds HIPAA-compliant telehealth platforms for pharmacy and clinic operators — founders with existing relationships who are ready to activate them. We’ve already helped a pharmacy operator launch a compliant medication storefront that hit seven-figure ARR within six months. Specode, our healthcare SaaS platform, provides the compliant infrastructure to get there faster without starting from scratch. If you’re in this window and want to talk through what your build looks like, reach out here.