Healthcare & Regulated Care

You're running a modern growth operation in an environment where most of the standard measurement stack is off-limits.

Healthcare analytics and growth teams face a measurement problem nobody else does. The tools that work everywhere else — full GA4 instrumentation, Meta Pixel, session replay — either can't be used, require a BAA the vendor won't sign, or need architecture decisions your team has never had to make before.

Start with an Assessment Not sure where to start?
Regulatory environments we work in
HIPAA — analytics architectures with BAA-covered tools and PHI-safe event routing
PIPEDA — Canadian digital health platforms with cross-border data considerations
Consent-aware signal routing — events that respect opt-in state at the collection layer
Compliance architecture is built in from the start, not added after measurement design.
01The measurement problem

The tools that solved this problem everywhere else aren't available here.

In most industries, measurement gaps are architecture problems. In healthcare, they're architecture problems with a regulatory overlay that makes every standard solution more complicated than it looks.

The Meta Pixel fires PHI in the query string. GA4's data sharing settings need explicit BAA review. Session replay tools capture form fields they shouldn't. Conversion APIs route patient data through third-party infrastructure without adequate controls.

The teams that get this right don't restrict measurement. They redesign the signal layer so that accurate measurement and regulatory defensibility aren't in conflict.

That's the architecture problem. It's solvable — but the solution is building the signal layer with the regulatory environment as a design constraint, not bolting a compliance review onto a standard implementation.

02Where it breaks

The failure modes analytics and growth teams hit in regulated environments.

These aren't edge cases. They're the consistent architectural patterns that emerge when standard measurement tools are applied to healthcare.

01
The patient acquisition journey spans systems that don't share a signal layer
A patient searches, clicks an ad, visits the website, books through a scheduling tool, and arrives at the clinic. Each system captures its piece of the journey independently. The attribution story stops at the booking step, or earlier. CAC is calculated against marketing spend but not against actual patient visits.
02
Multi-domain and multi-app journeys lose signal at every handoff
A patient interacts with a marketing website, a patient portal, a mobile app, and a scheduling subdomain. Each domain boundary and app handoff is a point where identity breaks and session continuity fails. The result is fragmented conversion data that can't be reassembled downstream.
03
PHI leaks into analytics tools through standard instrumentation
Appointment types, referring conditions, and patient identifiers appear in URL parameters, form fields, and page titles that standard GA4 and ad platform instrumentation captures automatically. Data sharing is happening without visibility into what's being shared or where it's going.
04
Consent state doesn't propagate through the signal layer
Consent is captured at the front end but doesn't reliably reach every system that needs to respect it. The consent architecture is documented in a CMP but not enforced at the signal layer — which means the CMP provides legal cover without actually controlling data flow.
05
Paid media optimization runs on incomplete or non-compliant conversion signals
Ad platforms receive either stripped-down signals (because the team has been conservative about what to send) or full signals routed through a pixel that shouldn't be firing on regulated pages. Neither state is acceptable long-term.
06
The measurement architecture can't be audited because it was never documented
When the privacy or legal team asks "what data are we collecting and where is it going?" the answer requires manual investigation across multiple tools, vendors, and implementation decisions. There is no governed architecture document.
03Compliant architecture

What a HIPAA-compliant architecture looks like.

The difference between a defensible measurement architecture and an exposed one isn't which tools you use — it's how the signal layer is designed. The architecture is the decision layer.

We own
Signal collection

Server-side event collection routes data through a controlled infrastructure before it reaches any third-party tool. PHI is filtered at the server layer — not at the tag — so the filtering is enforceable and auditable.

Server-side GTMTealiumPHI filter layer
We own
Identity resolution

Patient identity is resolved using a hashed, non-reversible identifier that can connect a user across the web session, the mobile app, and the booking system without transmitting identifiable information to ad platforms.

Hashed IDPassed server-side only
We govern
Consent enforcement

Consent state is captured at the CMP and propagated through the signal layer so that every downstream system respects the same consent decision. Enforced at the signal routing layer, not just the CMP.

CMP propagationServer-side enforcement
We govern
Conversion signal

Appointment bookings, form completions, and care conversions are sent to ad platforms via Conversion APIs using server-side routing. The signal is accurate and complete — without routing patient data through client-side pixels.

Meta CAPIGoogle Ads CAPIBAA in place
We build
Warehouse truth layer

Marketing, booking, and care delivery data reconcile in a governed warehouse layer that the organization controls. Attribution, CAC, and channel performance analysis live here.

BigQuerySnowflakedbt
04How we work

Healthcare measurement requires a different starting point.

The compliance environment isn't a constraint we add at the end. It's a design parameter we start from.

01Discovery & Mapping

Regulatory environment mapped before architecture designed

The Assessment starts with a mapping of the specific regulatory obligations (HIPAA, PIPEDA, or both) against the current stack. Which tools have BAAs in place. Which tools are receiving data they shouldn't. Where the consent architecture has gaps.

What this produces
HIPAA / PIPEDA reviewTool BAA statusConsent gap analysis
  • A clear map of current compliance exposure
  • Architecture design constraints defined upfront
02Signal Architecture

Full patient acquisition journey scoped

The measurement architecture covers the full journey: from the first marketing touchpoint through the booking system, across web and mobile if both are in play, to the conversion event the business cares about. Multi-domain and multi-app continuity is a design requirement.

What this produces
Web & App continuityBooking system integrationCross-domain tracking
  • Attribution that connects marketing to actual patient visits
  • Consistent measurement across all properties
03Governance & Handoff

Documentation your privacy team can read

Every engagement produces an architecture document that describes what data is collected, how it's routed, what controls are in place, and which vendors are in the data flow. Written so the privacy and legal team can review it without needing to understand the implementation details.

What this produces
Architecture documentationData flow mappingVendor audit trail
  • Privacy and legal sign-off without friction
  • A governed architecture that can be audited at any time
05Healthcare Engagements

Two organizations. Different environments. Same problem.

Multi-location urgent care · US

NextCare

A fragmented patient acquisition journey spanning a marketing website, a mobile app, and a multi-domain booking experience — none of which shared a governed signal layer.

HIPAA / BAAMulti-domainServer-side CAPI
What changed

We built the HIPAA-compliant signal architecture across web and mobile, connected the booking conversion signal server-side, and produced the documentation the privacy team needed to sign off on the implementation.

Digital health platform · Global

Your Doctors Online

Connecting patients to licensed physicians for online consultations across jurisdictions with different regulatory requirements. The conversion event is a consultation — standard stack needed full architectural rethink.

HIPAA / PIPEDACross-jurisdictionalConsent architecture
What changed

We built the compliant signal layer, governed the cross-jurisdictional consent architecture, and connected the acquisition story from paid media through to consultation completions.

If you're running growth in a regulated environment, the Assessment is where to start.

The Measurement Architecture Assessment maps your current signal layer against your specific regulatory environment — what's compliant, what's exposed, and what's producing gaps in your attribution story.

Start here
A scoped diagnostic that maps your current state against your regulatory environment and your growth measurement needs simultaneously.
Start with an Assessment →Not sure where to start?