In this episode, Jenny chats with three experts about a hot topic in healthcare marketing—server-side Google Tag Manager (sGTM) vs. Customer Data Platforms (CDPs). She’s joined by Mark Brandes, Hedy & Hopp’s Director of Data & Technology, Tyler Zey and Adam Putterman, co-founders of Ours Privacy. Together, they break down the key differences between these two privacy solutions and help healthcare marketers figure out which one’s the best fit for their needs.
With more focus than ever on HIPAA, FTC, and state regulations, many marketing teams are wondering how to stay compliant while still getting the insights they need. This episode takes a closer look at how sGTM and CDPs work, their pros and cons, and gives you a simple framework to help you decide which one’s right for your team, based on your size, budget, and goals.
Connect with Mark:
https://www.linkedin.com/in/markbrandes
Connect with Tyler:
https://www.linkedin.com/in/tylerzey
Connect with Adam:
https://www.linkedin.com/in/adamputterman
Connect with Jenny:
Email: jenny@hedyandhopp.com
LinkedIn: https://www.linkedin.com/in/jennybristow/
Further your understanding of what compliance means for healthcare marketing and get certified for it here: https://wearehipaasmart.com/
If you enjoyed this episode, we’d love to hear your feedback! Please consider leaving us a review on your preferred listening platform and sharing it with others.
Jenny: Hi friends, welcome to today’s episode of We Are, Marketing Happy, a healthcare marketing podcast. My name is Jenny Bristow. I am the CEO and founder at Hedy & Hopp, a full service marketing agency that specializes in healthcare. And I’m also your host. I am very excited today to be joined by three guests. This is the first time we’ve had three guests on this podcast, so it’s going to be a very exciting episode, but our very own Mark Brandes, Hedy & Hopp’s, Director of Data and Technology is joining us.
And then, two of the co-founders at Ours Privacy. So Adam Putterman and Tyler Zey are joining us. So welcome, gentlemen.
Adam: Thank you for having us. We’re excited for this too.
Jenny: Yeah. So today’s topic is one that, I think we hear the question posed by clients and prospects almost every single day.
Right. They’re trying to figure out how to make their websites and their digital marketing ecosystem compliant from HIPAA, FTC and state laws and all of the incoming, you know, the the constantly shifting regulatory environment. And the question is sGTM or CDP, which is going to meet my needs. So today we’re going to do a fun Face off sGTM versus CDP.
We’re going to understand how both of the platforms work or how the technologies work. We’re going to talk about the pros and cons, and hopefully this content will be really helpful for you and your organization. If you’re trying to figure out what path will make sense for you based off of your budget and the level of technology and marketing sophistication within your organization.
So to get started, I would love Mark. I would love if you could give us about a two minute summary. How does sGTM, which stands for server-side Google Tag Manager. How does that help marketing organizations in the healthcare space or marketing teams in the healthcare space, stay compliant?
Mark: Yeah. Thanks, Jenny. So a lot of us are familiar with Google Tag Manager in general.
We’ve heard the term, we know that it’s out there. That’s a software you can kind of, stick on your website and you can add different tags and triggers to. And what that means is, if I want to send data to Google Analytics from my website, then I can put a Google Analytics tag in my GTM container that’s on the website, and that’ll send data to Google Analytics.
Or if I want to send data to Facebook or Snapchat or something else, I just have to add that tag onto my GTM whenever I want to send it. I can set up a trigger and it sends that data away. The thing that we’ve run into with that is that it’s kind of more of a black box, right?
You don’t necessarily know exactly what’s being sent. You know, some of it I know that I want to send my link, click on this button event to Google Analytics 4, so you’ll be sending that data to Google Analytics 4, but you don’t know the rest of the data that goes along with that, right?
It’s not just that event name. There’s a lot of other information that gets sent. There’s the page URL. There’s actually some user information. So there’s data that gets sent. And there was always kind of a black box with Google Tag Manager. And so with sGTM, what happens is you actually add another server into that mix. And so instead of you sending data directly to say, a Google Analytics for Facebook, you’re actually going to put a server in the middle of that communication.
And then that server is going to pick up that information. And then inside there you’re going to be able to say, okay, I don’t want to send this piece of data. I don’t want to send that piece of data, I want to change this piece of data so nothing gets stored on this server. Nothing is out of compliance.
You’re going to want to use a server that has a BAA that you have all your legal requirements in place with that. There’s a few good ones out there, right? So there’s AWS, there’s Google Cloud. So there’s a few different servers you can use. But the idea is now you have control over that data flow.
You can edit things, like I said before, they go to those platforms.
Jenny: I love it. That is a very succinct, wonderful explanation. Thank you. Tyler, how does a CDP work?
Tyler: Yeah, it’s largely similar. Right. You send it all the data just as you would with GTM. It’s just then you have more of a UI layer over the top of that that’s more unified for each destination.
So you’re not, you know, sending to Google Analytics 4 and Snapshotting and figuring out the differences between each one. It’s more unified. But there’s also this sense of, identity that is stitched across time, where you have a user that maybe you’ve, you know, hydrated various properties on or the CDP automatically provides it with synthetic data, and then you can, send that back to the destinations largely in the same way, you know, auditing or removing or redacting or modifying, with built in functions and things that you wouldn’t want to send back for PHI and PII.
But from a conceptual point of view, you know, you put a little snippet on the website or, you know, hook up to things like third-party form tools, getting webhooks, API calls sent in, which might be another point that it’s a little different than sGTM because you, can have all those other endpoints feed into it, maybe more easily, maybe not.
Depending on how your GTM setup is. And then, yeah, you just send it out to the various destinations.
Jenny: Very nice. So we have folks come to us often, and they really are not sure what the right solution is for them. And Adam, something I’ve heard you talk about before that I’d love if you could break down for us is the maturity framework, because there’s budget considerations which we’ll talk about.
I want to get into the pros and cons of both of these platforms next. But there’s also a general sense of maturity where, based off of, you know, where that organization is, level of marketing sophistication, maybe one tool makes more sense than the other. So break it down for us. How do you view this?
Adam: Yeah, I think we talk about this a lot as well.
And, depends on scale compliance needs, how big your team is, a lot of things. So how we’ve thought about it is stage zero is you’re just pixeling. You really shouldn’t do this. You know, Jenny, you talked about you probably provide data for all of these stages, which would be really interesting or which has been really interesting.
But stage zero is you’re just pixeling. You have a Facebook pixel on your site, you’re not moderating it at all, and you’re taking on a ton of compliance risk. There’s there’s some ethical concerns there. You’re not really thinking about it. I think most organizations have moved away from that, thankfully. Stage one is you remove the pixels and now you’re flying blind so you’re no longer at risk.
There’s no compliance risk. But now you have significant challenges or obstacles being placed on your marketing team. Your ads are potentially unoptimized and not working. You might not even know they’re not working because you don’t have any analytics set up. So, you know, there’s a baseline visibility problem. So that’s when we see organizations start to move to stage two, which is you’re building something internally.
sGTM is a great solution. Some teams will see, invest in conversion APIs for every destination and and and really sink their teeth into that. This way, you get performance, you get privacy. It’s a great approach. And then the kind of obstacles here are what happens as you scale. How do you maintain it? How do you continue to invest in it and invest in it or grow it?
And that’s when organizations kind of move into stage three, which is using a healthcare-specific CDP, obviously something like Ours Privacy would fall into that. Similar to stage two, you have compliance, you have performance, but now you also have sort of the peace of mind of this is all that we do. The seamlessness of, the UI layer that Tyler mentioned and then the performance and compliance benefits or primarily performance benefits of identity stitching already being connected to every destination.
So being able to roll out experiments in a very quick way, you have to start to have some negatives potentially around cost and then learning the tool. And then lastly, and this is where it starts to get really fun, is when you move into stage four and you go beyond just advertising and using the CDP to get back to a, kind of pre privacy world and start integrating third party data, clean rooms and building a sort of unified, holistic approach to your marketing that includes connecting anything and everything to everything internally, but in a compliant way.
Jenny: Yeah, I love that, Adam, because that is the exact framework that we help folks decide. I mean, in healthcare, I think, it’s aspirational to want to have a lot of automation in our marketing work, to have a CRM integration, to provide personalized experiences. A lot of organizations aren’t yet there. So one of the things that we ask those specific questions, and that is kind of our deciding factor, of are you sophisticated enough yet?
Or the money to spend on a CDP makes sense? If not, maybe spending less money on sGTM in the short term, while you get to that level of sophistication, invest that money in getting a CRM or in, you know, those other areas of your marketing function, then you can move over to a CDP, because we’ve seen a couple of groups invest in a CDP too early, and then they found it as a waste of money, when in reality it isn’t anything but a waste of money.
If you are built appropriately to leverage all of the enhanced functionality.
Adam: That’s a great point, and I’m curious when you when you, were going through the survey results, how often were you seeing a mismatch in stages? Or also did you see a lot of work because you’ve done it multiple years in a row? You just run out?
Are you seeing a lot of people progress through the cycle, or kind of where do they get stuck? Just curious for your take on that really great question.
Jenny: So for our listeners, Adam is referring to our 2025 state of patient privacy. So this is the second year where we have done an audit on hundreds of healthcare websites, and we look at the code, our analytics operations team goes through and determines what tags and tools and technologies folks are actually using.
So it’s not a survey where folks are telling us, because some of the people would not want to tell us what we found, they would not even respond to the survey. So this is a much more accurate representation. We included everything from super large, you know, state-wide or multi-state hospital systems, health systems, all the way down to critical access hospitals and everything in between.
So we’ve seen tremendous shifts. For example, in 2024, we had 70% of websites still using Google Analytics 4. That dropped down to right under 50%. So a 20% drop in Google Analytics for usage, which is pretty significant. And we saw a drop from, right under 45% of old messy tags, meaning, you know, Universal Analytics, which stopped working in 2023.
So the fact folks still had it on their site in 2024 showed how messy it was. That dropped from 44% down to 17%. So that just shows a huge awareness of not having those tags that are really non-functioning and not providing value on your site. We also, though, saw a huge jump from 12% of folks not having any analytics on their site at all to 28%.
So a huge jump that likely had a lot to do with getting nasty grams from OCR and the FTC, class action lawsuits have continued to increase. So those are legal teams that really are on the super, super conservative spectrum, of where they want to be for marketing analytics technology.
Adam: It’s interesting too. Just a quick plug for, I don’t know if it’ll be obsolete by the time this, or, irrelevant by the time this airs.
But, having a messy tag set up is important, especially with things like we just saw. I saw you post about it with the GTM change that’s coming out in a few days at this point. And it matters. It’s not just a, quality of life workflow improvement. Like these things get change unless you need to know why they’re there and what they’re doing.
Jenny: Yeah, exactly. Exactly. Mark, I’d love to go back to you and have you give us just from your perspective. I know we’ve worked, but at this point, dozens, if not over 100 different organizations of various sizes in the healthcare space over the last year. What do you see as some of the biggest pros and cons of when an organization chooses to move forward with sGTM?
When is it a winner for their organization?
Mark: Yeah, I typically think that there are, you know, they like their GA4. They like that Google Analytics, they’ve used it for years. They have structures put in place. They have reporting dashboards. And so they really don’t want to move away from that. But they also, are comfortable. They’ve already removed a lot of pixels from their site.
They’ve already gotten used to living in that world. And so when you have a situation like that, I think sGTM makes a lot of sense because it’s not going to impact you. There’s nothing else you kind of need to learn. You can approach an agency like Hedy & Hopp. We can set things up for you, and then they’re just kind of going, right?
So it’s kind of out of sight, out of mind, knowing they’ve got to kind of do to control, and, you know, to the point that Adam was making, once you get a little more sophistication, those types of teams maybe look to add somebody on their team for doing analytics or doing more technology, then they can start asking the questions about, okay, well, what are we doing with this type of data?
What are we doing over here? And then we can be there for those conversations. And then I think you see that growth right? That maturity to understand. Okay, well, maybe you guys are thinking about moving into this type of technology now. And so is that, an adjustment inside of sGTM we make, or do we look at another solution for you down the road?
And so I think having folks come in like that really, you know, they’ve they’re nervous. They’re nervous about, hey, we got this letter from HHS. You know, we’re nervous about that. We don’t know what’s on our site. Those types of folks, I think, right away we can really make a huge benefit to them, right. Because of the kind of the low cost that is associated with this GTM.
There’s not as much of an approval process. Sometimes it’s just, hey, get in there, do it, and we’re going and we’re compliant, you know, pretty soon. So it really gets them up to speed with compliance very fast. And I think people appreciate that. But I think, yeah, there’s a point there where there’s a lot of technology that’s used in the sGTM setup.
You have to have a lot of different skill sets across a lot of different softwares to kind of stitch all that stuff together. And so, you know, you met hear Tyler and and Adam mentioned that there’s just an ease of use with the UI on a CDP. You’re not going to have that with this GTM necessarily, right?
But you’re going to have to rely on an agency like us, maybe to go in and help you set that up. So those are kind of the things that I used to think about when, when clients are asking.
Jenny: And I would say to Mark, often, our clients, it’s kind of a set it up and then they don’t have a lot of changes they anticipate having to make to their tracking.
They don’t have a lot of new technologies they plan to integrate in the next, you know, 6 to 18 months. So that’s another thing that I think I’m interested in hearing Tyler’s perspective. Tyler, give us your perspective from the CDP side. When is it truly a benefit for clients to choose a CDP route?
Tyler: Well, I think there’s compliance from a high point of view, and then there’s compliance from like your technology team’s point of view of like soc2 and, you know, like if your company workforce is high trusting and a lot of those frameworks require any server your company maintains to have, like monitoring for error rate and like, you know, usually some guidelines along logs being retained for 13 months and usually a firewall in front of it. And ability to like audit what’s going in and out of the system, and in real time. And, I think a lot of those, unless you set it up right. And if you do set up all those, it does increase the cost for sGTM.
Drive up the complexity and, you know, like the compliance nature of it from a different side, maybe more of the engineering or IT side of the house to a point where it maybe isn’t necessarily as, palatable, or easy to use, you know, and even from our experience with it, experimenting with it, we do a lot of experimenting, like until we deploy it, like in a multi-region way, one, you know, like once on the West Coast, one’s on the East Coast.
We wouldn’t see single-digit percentage differences in traffic, to GA4 through it. So I think the running and operating of that does take a little bit of cloud engineering, in addition to just marketing. And I think with the CDP, you get that, out of the out of the box, in that compliance to without the the overhead of maybe more engineering compliance.
Jenny: Yeah, that makes a lot of sense. I would, love to talk about kind of what we see the future, where we see the future going for marketing, analytics and tracking. I think we all could just take a collective sigh about with everything going on in the government, who knows if any sort of actual, you know, adherence, of compliance is actually going to happen in the future.
But I think we all can just generally agree that privacy concerns aren’t going to go away and they’re going to continue getting tougher and rougher. Adam, I’d love to hear your perspective of your thoughts of the industry, of what you think’s going to happen over the next, you know, 1 to 2 years.
Adam: Yeah. I think that one, we’re going to see an expansion of state expansion of state privacy law presence like like states launching that don’t currently have one and two is complexity there.
You know, there’s a bill on the governor’s desk, I think in New York that would have a drastic impact on the entire industry. And I think that’s only going to fragment and increase. Two I think the class actions are going to significantly increase because people are having early success. That’s partially a good thing. Partially a bad thing.
And then three, I think we’ll see more action, like Meta’s data restrictions where the advertisers themselves, whether it be a Reddit or a LinkedIn, are going to push people towards the conversion APIs and server-to-server connections for their own selfish reasons. But also it’s, you know, it’s good from a privacy perspective. And then organizationally, I think what we’re most interested in or what what we’re keeping a close pulse on is really that’s that final stage of the maturity cycle, which is, as your survey is showing, more and more people, you know, move away from fixed line, moving away from big blind, they’re also opening up capacity to start experimenting with new destinations.
So like let’s finally launch a podcast, advertisements or whatever it may be. And then third-party data, and clean rooms. We’ve seen some really, really interesting use cases.
Tyler And that to piggyback on that, like with the conversion API, I, I think it all is going to converge eventually. Maybe not next year, but over the next like three years towards that clean room mentality where you have your internal data and instead of like a real, instead of like a conversion API or the first version of pixeling, I think that’s where it all kind of had it.
And it, it will, it’ll be slow. But right now it feels really complicated. But I think there are you’re starting to see breakthroughs in ways that make it less complicated and companies that make it less complicated. And I think it will be, it sounds really abstract too, but essentially, I think it’s a really, easy way to share back that the types of people that, or the type of audience that you’re trying to attract without sharing back that individual.
PHI or PII, you know.
Mark: Yeah. And I, you know, one of my big concerns, Jenny, is kind of leaving some of the small businesses, the small regional hospitals kind of in the dust there. Right. Like, I don’t think those small regional hospitals are going to be considering clean rooms anytime soon. You know, they have a one-person marketing department that is just trying to keep the lights on for the hospital.
So how do we help that person actually stay compliant? Because some of this stuff came as a huge surprise to them. Like, they’re not they’re not trying to they don’t really realize what they’re doing with Facebook because all they know is it’s helping them do their marketing, and that’s where they get their reporting. And now what do I do?
And so how do we help them? I think that’s one of the things Adam mentioned, all the different state laws that are going to affect if you’re in a a small hospital that’s like multi-state, right, because you’re near a border, like you can have multiple things you need to keep track of. And how do you do that? Right?
You don’t have a compliance team. You may have a legal person on a call, but so those are things we run into all the time with some of these hospitals, that are on the smaller scale and, and helping them out, is so difficult because there’s not really a great repository out there.
A lot of the things we run into is, you know, they just want a list of what, what can I do and what can’t I do. And I am the bearer of bad news to say it depends. Right. There’s just so much gray area and and I think, you know, listening to Adam speak about all those changes that are happening until I feel like there’s some sort of national law, it’s going to be so difficult for people to handle all this.
And I just don’t know when that’s going to, to happen. Even with the guidance that came out from HHS, there’s just a lot of gray area and there haven’t been a whole lot of judge’s ruling saying, okay, this is okay, and that’s not okay. We had the one from Texas about IP addresses and page views, but other than that, it was kind of left still up in a gray area a little bit.
Right. And so I’ve talked to a lot of lawyers over the past two years. And you’ll have on the same call they will vehemently disagree about we can do this and we can’t do that, or this is never a good sign. Yes it is. And so it’s it’s so difficult. And and how do we get there. And I’m not sure our legal system is going to keep up.
And so it’s on hospitals to really be proactive as possible I think. And that’s something that we’re going to see is that I’m trying to just hey, I know we can maybe legally do this, but is it actually worth it? And so making those kind of decisions, I think you’re going to need some consulting help there.
Jenny: And that’s a great point.
I think that’s one of the things that we are trying to do as an organization. And part of what I view this podcast role is, is continuing to educate because the larger folks that have the budgets, they can, you know, do things like buy these technologies and implement them. But some of the smaller folks want to do justice, right for their patients.
And so they need a mix of a technology solution and then education to be able to get there. So I know, you know, Adam and Tyler, that’s near and dear to your heart as well. You know, from an education perspective, to help the industry
Tyler: And making it easy, you know, like, we really try, I would say very hard not to compare us to other, but to make the UI and the experience easy so that it is, something that’s approachable to more people.
I wouldn’t say we’re there yet, but we try it.
Adam: It shouldn’t be harder to do the right thing in the space. Yeah. And right now it’s much, much, much harder. Very easy to just put a pixel on the site.
Jenny: Absolutely. And to turn on a retargeting campaign, Yeah. That much whole other conversation. Well, gentlemen, the three of you, thank you so much for joining me today.
You know, Adam, I know both you and I are both going to be at Swaay and HMPS in the next couple of months. So for anyone who was there, if you want to continue this conversation in person, I know we would love to continue it. Please approach us. If you see us out there. We’d love to get nerdy with you.
Otherwise, if you have any questions, please reach out to us. I will put all of our contact information in the show notes. So we would love to hear from you. Please like and subscribe to our channel. We’re very proud of the subscriber base that we have built up. And look forward to dropping new episodes every Friday.
So that’s it for today’s episode. Have a fabulous rest of your day, and we’ll talk to you soon.
Adam: Thanks again for having us.
