In my latest research collaboration with Piwik PRO, we found that 73% of major US healthcare websites continue to run advertising trackers even when visitors have explicitly opted out of data sharing.
That raised an obvious question: Why is this still happening?
After analysing the findings in more detail, I believe the answer is surprisingly simple.
Many healthcare organisations are trying to solve the wrong problem.
They assume compliance is about configuring Google Analytics, advertising pixels, consent banners and tag managers correctly. To an extent that is true of course.
In reality, the problem often starts much earlier.
They are using technologies that were never designed for websites that handle sensitive user data in the first place.
The Inherited Marketing Stack
Most healthcare organisations did not deliberately choose a non-compliant technology stack.
They inherited it.
Google Analytics became the default because it was free, familiar and effective. Advertising pixels from Google, Meta and Microsoft naturally followed. Marketing teams built reporting and attribution around them, agencies optimised campaigns using them, and nobody questioned whether these tools were appropriate for handling patient-related interactions.
Outside regulated industries, they work extremely well.
Healthcare is different.
Patients searching for oncology, fertility treatment, mental health services or booking appointments are not simply generating marketing data. Their online behaviour can reveal health information that attracts far greater legal protection than ordinary website analytics.
That changes everything.
You Cannot Configure Every Problem Away
One of the biggest misconceptions I encounter is that enough configuration can make any data collection platform compliant.
Sometimes it can. Sometimes not.
Advertising platforms exist to receive behavioural data so they can optimise advertising and build audiences. Remove enough information to eliminate the compliance risk and you also remove the very functionality those platforms were designed to provide.
Similarly, some analytics platforms simply were not designed for environments where Business Associate Agreements (BAAs), strict data governance and healthcare privacy obligations are fundamental requirements.
No amount of careful tag management changes the underlying architecture.
The Wrong Tools For The Wrong Environment
Imagine trying to perform surgery using woodworking tools.
The tools themselves are not defective. They were simply built for a very different purpose. That is increasingly how I view many marketing technologies deployed on healthcare websites today.
The issue is not that Google Analytics, Meta Pixel or advertising platforms are “bad” technologies. They are excellent products — for the environments they were designed to serve. Healthcare simply is not one of those environments.
Compliance Should Begin With Platform Selection
Our latest research examined 59 major US healthcare websites and found:
- 73% still operated advertising or marketing trackers despite an active Global Privacy Control (GPC) signal.
- 69% were using advertising or marketing cookies.
- 75 different tracking technologies were identified across the sites.
These findings point to a broader issue than cookie banners or consent management.
Many organisations are attempting to build compliant healthcare marketing on top of infrastructure originally designed for consumer advertising.
That creates unnecessary complexity, ongoing compliance risk and growing legal exposure.
Instead of asking:
“How do we make this platform compliant?”
Healthcare organisations should first ask:
“Is this the right platform for handling healthcare data at all?”
That is a very different question…
The report (hosted by Piwik PRO, no registration required) explores why traditional marketing technology struggles in regulated healthcare environments, examines the tracking technologies currently deployed across major US healthcare providers, and outlines a practical path towards compliant analytics and digital marketing.
If you work in healthcare marketing, privacy or digital analytics, I hope it provides a useful perspective on a problem that is becoming increasingly difficult to ignore.
Brian Clifton is a data measurement and privacy strategist and founder of Verified Data. Formerly Google’s Head of Web Analytics for EMEA, he has spent more than 20 years helping organisations build trust in their data. He is the author of the best-selling books Successful Analytics and Advanced Web Metrics with Google Analytics and a certified member of the European Association of Data Protection Professionals.

0 Comments