Find your tier.
Independent practice through hospital system and specialty pharmaceutical manufacturer. Different stack, different scale, different deployment shape — but the same state-by-state exposure surface, and the same architectural answer.
Independent Practice
Typical stack
WordPress / Squarespace / custom CMS · Google Analytics + Meta Pixel + Google Ads · Mailchimp or similar for email · standard EHR (athenahealth, Kareo, DrChrono) on separate workflow.
Exposure
Every service-page visit and appointment-form interaction forwards to Meta and Google. State wiretap and state consumer-health-privacy class actions are now filing at this scale.
Apex Vault deployment
Multi-tenant sanitization proxy. Templated BAA, one-click signature. Private first-party analytics. Sanitized Conversion API forwarding.
What stays the same
Site, CMS, forms, email platform, scheduling, reviews, EHR. Google Ads and Meta Ads accounts keep running.
MSO Platform
Typical stack
Multi-site CMS · Adobe DTM or Tealium tag manager · Adobe Analytics or GA4 + GA360 · Salesforce Health Cloud or HubSpot · Marketo or Pardot for automation. PE roll-ups often consolidate onto a single shared marketing stack across sites.
Exposure
Cross-site tracking concentration creates a state-by-state class-action surface that scales with location count. Plaintiff firms have filed against multi-site groups across CA, IL, NY, MA, FL, WA.
Apex Vault deployment
Single-tenant sanitization layer on dedicated infrastructure. Custom integrations against the existing tag manager. Negotiated BAA. Dedicated pre-go-live pen test. Letter of Attestation at activation.
What stays the same
The marketing stack Marketing negotiated. CRM. Marketing automation. Salesforce Health Cloud. Patient portal infrastructure. EHR. Apex Vault sits in front of the tracking surface only.
Enterprise Healthcare Providers
Typical stack
Adobe Experience Cloud · Tealium iQ · GA360 · Salesforce Health Cloud · Marketo · multi-property tag management · Epic / Cerner / athenahealth EHR · authenticated patient portal · multi-brand across acquired groups.
Exposure
Multi-state class-action surface plus state AG attention. Hospital-system-scale settlement risk on tracking against authenticated portal pages and condition-specific service pages. 2026 cyber-insurance renewal underwriting now conditions coverage on tracking controls.
Apex Vault deployment
Bespoke single-tenant. Custom hardening. Multi-brand support across acquired properties. Pre-go-live pen test. Independent Letter of Attestation. Annual re-validation for the life of the engagement.
Out of scope
EHR (Epic, Cerner, athenahealth, eClinicalWorks, NextGen). Authenticated patient portals. Clinical workflow systems. Care-coordination platforms. Different data paths, untouched.
Specialty Pharmaceutical Manufacturers
Typical stack
Adobe DTM / Audience Manager across branded DTC · multi-property tag management · GA4 + Bing UET + LinkedIn Insight · Marketo or Veeva CRM · MLR-approved tag configurations negotiated over quarters.
Exposure
No HIPAA safe harbor — state law applies directly without preemption arguments. State consumer-health-privacy "sale" exposure on branded DTC. State wiretap exposure on every tracker fire. Cyber and product-liability tower implications.
Apex Vault deployment
Single-tenant sanitization layer in front of the existing stack. MLR-approved tag configurations preserved at the conversion layer; only the data flow is sanitized. Pre-go-live pen test. Letter of Attestation at activation.
What stays the same
The Adobe stack. MLR-approved tag configurations. CRM. Marketing automation. Veeva. Clinical-trial systems. Pharmacovigilance infrastructure. Marketing org doesn't lose what they negotiated.
Same statutory perimeter across all four.
Stack and scale differ. HIPAA coverage differs (providers are covered entities; specialty pharma is not). The state-by-state statutory perimeter applies uniformly — state wiretap statutes, state consumer-health-privacy laws, state comprehensive privacy laws, federal ECPA, FTC §5, state AG actions, 2026 cyber-insurance underwriting. Plaintiff firms file wherever a visitor's state of residence opens a cause of action.
Request your tier sheet.
Independent Practice is publicly priced at /core. MSO Platform, Enterprise Healthcare, and Pharmaceutical tier sheets are MNDA-gated.
compliance@apexvaultcompliance.com →