In this episode, Jenny shares key insights from Hedy & Hopp’s 2025 patient privacy research. Analyzing 254 provider and payor websites, the audit shows a decline in Google Analytics 4 usage, a rise in server-side tagging, and improved compliance as Universal Analytics is removed by many. However, risky practices persist, with 29.92% of sites still using at least one conversion tracking pixel and some relying on non-HIPAA-compliant form tools. Meanwhile, more organizations are exploring alternative analytics solutions, and a growing number of marketers are operating without any tracking at all.
Resources
2024’s Patient Privacy Findings Podcast Episode: https://creators.spotify.com/pod/show/wearemarketinghappy/episodes/By-The-Numbers-The-Current-State-of-Healthcare-Marketing-Tools-e2itnm7/a-ab770oe
Connect with Jenny:
Email: jenny@hedyandhopp.com
LinkedIn: https://www.linkedin.com/in/jennybristow/
If you enjoyed this episode we’d love to hear your feedback! Please consider leaving us a review on your preferred listening platform and sharing it with others.
Jenny: [00:00:00] Hi friends. Welcome to today’s episode of We Are, Marketing Happy, a healthcare marketing podcast. My name is Jenny Bristow. I am your host and I’m also the CEO and founder at Hedy & Hopp. Hedy & Hopp is a full-service, fully healthcare marketing agency that is very proud to work with providers and payers across the country to help patients find them more easily to secure care.
I am jazzed to share with you today an updated research project. Last year, Hedy & Hopp did a deep dive into 118 healthcare provider and payor websites. We wanted to understand the state of patient privacy. So many shifts have happened as far as influence from OCR, FTC, new state laws have come online.
We are tireless advocates of patient privacy and making sure that as healthcare [00:01:00] marketers, we’re doing everything in our power to make sure that we’re collecting, storing and using this information in a safe and compliant fashion. So we wanted to see what people were doing. Last year, we did a big state of the state, released those findings.
We’ll link to the show of last year in the show notes if you’re interested in listening. But this year we wanted to double down, so we more than doubled the websites that we audited. We were up to this year, 254 websites. The websites for the providers and payors range from small critical access hospitals, single location children’s hospitals, all the way up to multi-state, large regional providers. Also, single and multi-state payors.
We wanted to understand what are folks doing. How are, how have they responded through the lens of marketing technology to all of these privacy changes and shifts in the landscape? And I’m here today to share those findings with you. So, big picture, all of this [00:02:00] education has been happening, right? We’ve been talking about all of the potential issues.
We’ve been talking about potential. I know a lot of folks have been receiving some nasty grams from FTC and OCR. Lots of class action lawsuits are happening. How are marketers responding? Well, the good news is they are responding. We have seen a huge shift in the technology that’s being used on healthcare websites.
And the sort of tracking technologies folks are using for the marketing analytics. So let’s get into it. Again, we expanded the data set this year to 254 websites and our marketing operations team went through and dug into the analytics and the site code. So we wanted to understand a couple of key things.
What marketing analytics technologies are folks using? What conversion tracking pixels are they using and then what other technologies are they using on their site that may have compliance implications, such [00:03:00] as forms. So, first of all, the number of folks using Google Analytics 4 implemented the traditional way to traditional Google tag manager has dropped drastically.
So in one year, we have seen implementation of Google Analytics 4 drop from 70 percent to right under 50%. So a 20 percent swing in one year. Now, I think what’s really interesting about this is Google Analytics has always really been seen as the industry norm. Even super large, multi-state or large regional, they use the paid version, Google Analytics 360.
Most folks were on this platform. You would have a handful of folks that maybe were on a different analytics tool because of previous experience with that tool. But for the most part, everybody was on Google Analytics 4. So we saw a pretty big drop from the first time that we did this audit, it was over 90 percent and a 70 percent last year.
[00:04:00] And now we’re down to right under 50 percent this year. So it’s a pretty staggering drop. Now, a lot of folks are still using Google Analytics 4 outside of that 49%, but they’re implementing it using server-side Google Tag Manager. Now you’ll know that that’s something Hedy & Hopp preaches. We’re big fans of sGTM implemented using a B business associates agreement with Google by using one of their cloud servers.
You could filter out any variables that from a privacy perspective, you don’t want to collect and store. It’s by far the most affordable implementation for folks to do. And we have seen that jump from 2.5 percent up to right under 6% of folks using server-side Google Tag Manager on with that they’re using Google Analytics 4 so big jump of folks using that.
The other big pivot that we have seen is folks are finally cleaning up their old [00:05:00] tags. So I kind of laughed about this when we were doing the study last year because almost 45, those 44.91 so almost 45 percent of folks still had Universal Analytics of Google, the Universal Analytics tags on their site.
It stopped processing data mid 2023. So that meant that folks had really held on to it for quite a long time after it had stopped collecting and processing data by the time we did this study. Well, very excited to say that that number has dropped down to right under 18%. So we had a drop from 45 percent to 18 percent of folks that have that old Universal Analytics tag on their sites.
Great job cleaning up old tags. Marketers Another thing is let’s talk about who’s high risk. Let’s talk about who are still doing risky activities. 76 websites, which is right under 30 percent are still using one conversion tracking pixel. So that means it’s either a programmatic tracking pixel. It’s a Meta, Google [00:06:00] Ads.
76 websites are still using some sort of conversion tracking. And that’s if you dig down deeper, you’ll see that 26 only have a programmatic conversion tag and then 26 still have a media, meaning an ad platform conversion pixel. Those are not the same 26, it’s 26 separate that have one or the other.
And then unfortunately, six websites are still using a form provider that is not HIPAA compliant. So that is a huge red flag. If you have a form software or form tool on your website that is not HIPAA compliant, that means that information is likely not secure and you need to reevaluate the way that you’re collecting information.
So those six websites definitely need to do some additional diligence. Other marketers are pivoting. So, right around 40%. It’s 40.55 percent do not have Google Analytics 4, but they’re using some other [00:07:00] analytics tool provider. The two front runners by far are FreshPaint. At 26 websites and Piwik Pro at 19 websites.
Then there were a splattering of other website or other tools such as Matomo, Mixpanel, et cetera. We did not want to list all of them because most of them only had just a few each. But again, FreshPaint and Piwik Pro are by far the front runners when you look at what tools folks are using besides Google Analytics 4 and Server Side Google Tag Manager.
Those are the three directions folks are really going. And then the last most interesting thing is how many folks are flying blind? I think this is something that a lot of folks have wondered about. I’ve casually shared this number in a few different folks in the industry that I’ve chatted with over the last couple of weeks since we wrapped up our research.
And kind of as a game, ask them what percentage they thought, how many providers and payors do you think are flying blind at this point with absolutely no analytics [00:08:00] tracking technology on their sites. Well, I will tell you in 2024, it was 12%. That number has risen to 28.35%. So we have more than doubled the number of folks from a healthcare marketing perspective that are flying blind.
So. Again, that likely means that their legal team is not comfortable with them implementing anything. They’re likely in the middle of a lawsuit or dealing with a lot of heavy legal challenges and conversations internally, and they don’t have any sort of comfortability and finding a compliant solution.
Some of those folks may be in the middle of implementing a safe solution. So we’ll look at the findings in 2026 and see what sort of shift it is made from there and see, you know, what sort of progress the industry has made. But I was pretty shocked to find out it’s 28 percent of folks in the industry right now, based off of our survey data set that are flying completely blind.
So [00:09:00] hopefully this information was helpful and allowed you to kind of level set where your organization is compared to folks in the industry. If you’re hearing this information and saying, Uh oh, what if I’m one of the, you know, folks that are high risk that are maybe doing these behaviors that aren’t fully compliant yet?
Well, here’s five steps that I recommend that you do in order to begin moving forward. First is an audit. Everybody needs to audit. You need to understand what tools and technologies are on your site, what pixels are on your site, what form tools you’re using, what embeds you have, et cetera. Strongly recommend adopting a server-side tagging analytics strategy where you can be in complete control of what data you collect or another analytics tool or a CDP.
Number three, avoid risky tactics like remarketing. You just got to stop it. I know we miss remarketing too, but remarketing is dead in our industry. We just can’t do it anymore in a compliant way. Stop using all third-party tracking [00:10:00] pixels. Number four, secure business associate agreements with all of your vendors, thinking software, and agency partners.
If they’re doing anything with your marketing and technology for your organization, you need to have a business associates agreement in place, making sure they legally understand what they need to be doing to protect patients information. And then 5 become friends with your legal and compliance teams and create a plan.
I’m still talking to lots of folks in the industry that their legal team hasn’t brought this up yet. And so it may be on you to lead the conversation, but you need to chat with them and make sure that you’re aligned as an organization. And if they aren’t talking to you yet, please be proactive and talk to them because it’s up to us as an industry to continue pushing this forward and find solutions that protect our patients.
We will have all of this information embedded on our website in our blog post. If you want to see the visuals of the survey [00:11:00] findings, we have an infographic to share everything. Submit questions. I’m happy to answer any questions. We have a super detailed research findings that we distilled into these results and tried to pick out the ones that we thought would be the most interesting to folks.
One thing that I would say is that if you went to SHSMD or HCIC in the last two years, your organization is included in these findings. We used those groups as part of the data set and then rounded it out by making sure we covered the largest providers across the country as well.
So hopefully today was helpful and informative. Thank you for tuning in. Please like and subscribe. I look forward to seeing you on a future episode of We Are, Marketing Happy. Cheers.
