View All Blog Posts

sGTM vs GTM: Navigating Data Compliance

Today, Jenny welcomes Hedy and Hopp’s own Director of Analytics and Decision Science, Mark Brandes to talk about the difference between GTM (Google Tag Manager) and sGTM (Server-Side Google Tag Manager).

Mark states that, while many healthcare marketers utilize traditional web GTM as an essential analytics tool, the tool is really focused on adding information to send between platforms. GTM doesn’t offer a ton of options for removing information, which is a critical consideration when it comes to sensitive PHI/PII that might get shared.

With Server-Side Google Tag Manager, the container lives on your server that you control, making it a safer place where you can make changes in a compliant environment. SGTM is a solution that allows you to continue using platforms like GA4 in a compliant and safe way.

This episode does include a visual presentation, so if you’re just listening in, you can download that presentation here to follow along.

Connect with Mark:


Connect with Jenny:

Jenny: [00:00:00] Hi friends, welcome to today’s episode of “We Are, Marketing Happy,” a healthcare marketing podcast. I am so excited to have Hedy and Hopp’s own Mark Brandes. He is our Director of Decision Science and Analytics. Join us today. Mark is going to walk through and explain the difference between Google Tag Manager versus server-side Google Tag Manager. 

This has been a technical explanation we’ve been doing a lot for folks that have been inquiring about our patient privacy package that we’re now offering and just understanding the technology and how it functions can be really helpful to understand how it’s able to safely protect patient information. 

So I will say this is one of the rare podcasts that we actually do have a visual cue. So if you’re listening on Spotify or any other audio-only platform, please know that there’ll be a link in the show notes to access the deck. Otherwise you can always go to our YouTube channel and actually watch the whole video recording [00:0one:00] as well.

And with that, Mark, I’ll hand it over to you. 

Mark: Yeah, great. Thanks for having me on Jenny. So, yeah, we wanted to have a conversation about GTM and sGTM because there’s still some confusion around it. People are still getting kind of used to what both technologies are some people think it’s a replacement for one or do I need them both?

And so we’re gonna help out with that today by giving you a little bit of a background on GTM and then kind of walk you through SGTM. So, it starts off with a software we’re all kind of familiar with which is GTM. A lot of us have used it or are aware of it, have seen it on our websites.

But really the idea with kind of a traditional, web GTM tagging container. The idea is that you’re gonna have this container on your website, and it’s gonna have multiple different tags. They’re all going to be assigned to say different events or different platforms. So when somebody downloads a form or goes to a page, that’s going to signal something in your GTM container, what they call a trigger.

[00:02:00] And those triggers are then going to tell the tags to then send data. To whatever platform you want to. So if you want Facebook to know that this form was downloaded, you would send that signal then to a tag, which would send that data to Facebook or to Google Analytics or to something else. So, you also have 3rd parties in here.

Some people send stuff to Pardot. Some people send stuff to a click tracking platform, like  HotJar. So that’s really what’s going on here. It’s kind of sending all these individual signals to all these different platforms. 

Jenny: And GTM stands for Google Tag Manager. Just for those of us that are listening in the call that maybe it’s not their day to day technology, GTM is Google Tag Manager.

Mark: That’s right. Thanks, Jenny. So, yeah. And with that I think what we’ll see from a privacy standpoint is that with Google Tag Manager in the slide for you, as if you were watching, I’m kind of showing you an example of what one of those tags that might look like inside of GTM. And for those of you listening, I’ll kind of explain [00:03:00] it a little bit, but basically the idea is there’s several fields where you can basically put information in.

You can say what I’m going to tell whatever software this thing is. So, the one I’m looking at right now is a tag in GTM that would send data to Google Analytics for. To tell them somebody clicked on a link to click to email. So that’s usually like some email link somewhere on your page. Somebody clicked it to send an email.

So we’re going to send that trigger to our GA4 to let that platform know that this event happened. And so what you’ll see in this image is that there’s a lot of different ways to add data to GTM tags. So that’s usually the way I explained it as, you can add different variables. You can add more information.

You can add if there’s other what the link was, what it said what kind of style it was in. So there’s a lot of different fields on a lot of different info. You can add on to that tag. The thing is, there’s not a whole lot of ways to remove information in these tags. There are some there’s some abilities you [00:04:00] have to say, cut out certain pieces of data, but those aren’t always available. And usually it’s all about adding more information to the tag and not necessarily removing it. And so what that tells us is that kind of the compliance we’re looking for, based on the new HIPAA guidance, based on some of the new guidelines we’re following, it’s difficult to remove things like IP address or certain device information from a tag like this within GTM.

So that brings us to sGTM. And so just like Jenny explained, this is now a server-side Google Tag Manager instead of just Google Tag Manager. So what we just showed was kind of what we call a web GTM. So the idea is it’s on your site. It’s based in Google servers. So it’s a web-based GTM, based in Google servers.

The difference here with sGTM is now it’s a server-side Google tag manager and we call it a server-side because now we’re [00:05:00] placing it on your client’s or your server. And so it’s in a place where you control, you have the keys to that server and therefore it becomes a safer place than say, putting it on Google server.

So now. You have the ability to make changes where you kind of control the environment. And that creates kind of a safe Harbor for that data. 

Jenny: And one good point is that it still may be a Google server, but it’ll be a Google server only for your organization. And Google will sign a business associates agreement in order to promise that they’ll keep that information safe and secure.

Mark: That’s right, Jenny. And so even though, yeah, the server technically is owned by another property, you can have those business associates agreements in place with them to actually make sure that’s still a safe environment for you. Okay, so what sGTM is, so it really is a separate container. 

So, how we talked about GTM being a container on your site that holds all these tags. Well, this is going to be a separate container apart from that. [00:06:00] So the idea is they aren’t replacing each other. They work in tandem. So the idea is you can still continue to have your GTM container that has all your tags already set up.

What you’re going to add to the equation now is this SGTM container, which is now going to accept the signals from your GTM container and enable you to make some data transformations. So I’ll show an example here in a second. So again, reminding you just real quick, because I feel like it’s good to just do a quick switch here.

This is our traditional web tag. We just talked about. So now when we’re watching. When we switch to sGTM, you can kind of see that change that happens. Right? So instead of all those individual tags, sending their data straight to each platform. Now, all of that data is going to your cloud server instead, inside of your sGTM container.

And now what’s going to happen is within there, you’re going to accept those pieces of data into your and now, when they’re in there, sGTM gives you a chance to actually adjust some [00:07:00] of that data to change it up. And then once you’ve changed it now, you can actually do the same piece of movement that you did before.

Which is take that data and send it to the platforms. So you can continue that process after you’ve cleaned the data. So we’ll show a little bit what’s going on behind the scenes. This gets a little bit more technical for everybody. But the idea is if you were to go in when you’re on a website with the choosing, say, Google, GTM or Google Analytics 4, what you’d see if you went saying to the network information is you’d see little packets of information that are getting past the different places. The one that GA4 typically sends is the one that we see with that pink arrow headed to it up at the top there. It’s that collect kind of statement.

So the idea is that’s what GTM is helping to send to Google Analytics 4 to tell it all the different things that you’re collecting and all the different pieces of [00:08:00] information. So, one of those in there could be your IP address. It could be data. It could be the name of the event. So there could be all kinds of pieces of info.

So, what’s happening here is all this data instead of it going straight to GA4, like we showed with the Web GTM. With sGTM, it’s now coming into that container and what happens is you can see that next step down where it says GA4 client there. 

What happens is that client is now going to split all those variables out, so we can see them all and therefore we can adjust them. So we may have that field one equals value one there. That could be, your IP address and then what the IP addresses is. And then what we can do is basically take that, adjust it and change it. So we can remove some pieces of, some pieces of information from that IP, they call them octets so it’s in between all those little dots.

So we can remove a couple of those to make it more vague. Right? So we can still know, maybe a city, maybe a state, but we wouldn’t know that person’s [00:09:00] specific IP and their specific location. And so now we’ve helped kind of anonymize that a bit. And so we can send that data instead to GA4. Which is helping not identify the person, but still give us some of that data.

And so what we’ve done is we’ve basically made that data transformation. We’ve taken in that variable. We’ve changed up the value and then we’ve sent it out. And so that doesn’t have to just be necessarily IP address. You can say, remove a page URL. So if that’s something you don’t want, say, Facebook to have access to, you don’t think it needs URLs.

Well, you can remove those URLs. You can hash them and send those along to Facebook then. So it wouldn’t actually know what page this event happened on. So you have a way to kind of clean your data in different ways. And so what data available, what things you can kind of transform are all different based on the software you’re working with.

But that’s one of the wonderful things about is it gives you kind of list. You can see all these variables. You can see the values in them, [00:one0:00] and then you can make rules to change each one of them. And so, in that way. That’s how kind of the two softwares work together. You’ve got GTM doing its kind of standard triggering and tagging.

And then basically that data is getting now sent to this SGTM server where it’s kind of making these adjustments for you. 

Jenny: Yeah. And I think one thing that’s really interesting is whenever we are doing a patient privacy implementation, we have the ability to work with our client and their legal and compliance teams, and really align on exactly what data needs to be cleaned.

What data they are comfortable sharing, because some people are more conservative than others based on their state and the subindustry within healthcare, et cetera, but it does allow you then to continue using platforms like Google analytics for in a compliant and safe way, because a lot of clients and folks are coming to us because they’ve already invested lots of time and energy on getting dashboards and reporting infrastructure set up.

And so this is a way to kind of continue that, but in a safe way. 

Mark: Yeah, that’s exactly right, Jenny. And we do have those conversations quite often. [00:oneone:00] There’s always going to be a little gray area there. So there’s, different legal counsels can have different opinions. And until some of this really, gets into case law and we have some kind of judgments there, we’re going to kind of still live in that gray area.

And so I think this is what’s so nice is, yeah, we can list all those out and we can make decisions, we can document it all. So it can be shared, it can be referred to which is a really handy thing. 

Jenny: And modified. Right, in the future. So whenever a case does happen, we have all the documentation and then go back and modify it, which really cleans things up that you don’t have to do a whole other audit, a year or two from now, whenever some clarity is released.

Exactly. Yeah. So, well, Mark, thank you so much for our listeners. I know this was a slightly more technical episode than we typically do, but for those of you that are heads down trying to figure out your patient privacy solution, understanding how the technology actually works and functions can really help empower you to make the right decisions for your own organizations, marketing tech stack.

So, as always, if you have any [00:one2:00] questions or you want to chat with the Hedy and Hopp team directly. Reach out to us, go to our website, fill out the contact form. We’d be happy to talk to you about your own marketing tech stack implementation and any specific questions you have about how to make sure that your patient’s information is safe.

And with that, thank you for tuning into this week’s episode of “We Are, Marketing Happy.” We look forward to seeing you on a future episode. Bye.



About the Author

The Hedy & Hopp digital production team is the glue that keeps all activation work running. From auditing websites and tagging, to content strategy and CRM implementation, our digital production unicorns ensure the tiniest detail is reviewed and accurate before it gets to our clients. Their determination in finding solutions for any challenge makes this team marketing happy.

More from this author
Next Blog Post

Building Blocks of a Content Marketing Strategy

In today’s episode, Jenny breaks down the fundamentals of building a successful content marketing strategy,…