APEX VAULT.
Use Cases

Four operator profiles. The same statutory perimeter.

Independent practice through enterprise hospital system and specialty pharmaceutical manufacturer. Different stack, different scale, different deployment shape. Same state-by-state exposure surface, same architectural answer.

01

Independent Practice

Scale 1 — 4 locations
Buyer Practice owner · Office manager
HIPAA Covered entity (when applicable)
Deployment Multi-tenant · 7-day cycle

Typical stack

WordPress, Squarespace, or custom CMS. Google Analytics, Google Ads, Meta Pixel for marketing. Mailchimp or Constant Contact for email. Standard EHR (athenahealth, Kareo, DrChrono, Practice Fusion, etc.) on a separate workflow.

Exposure pattern

Service-page visits, condition-page clicks, and appointment-form interactions get forwarded to Meta and Google. State wiretap and state consumer-health-privacy class actions hit this footprint nationally. HIPAA does not reach the public-facing marketing surface.

Apex Vault deployment

Multi-tenant sanitization proxy. Templated BAA with one-click signature. Private Matomo instance. Sanitized server-side Conversion API forwarding to Meta, Google, Bing, LinkedIn. Existing site, forms, email, and EHR untouched.

What stays the same

The website. The CMS. The intake forms. The email marketing platform. The patient-reviews platform. The scheduling platform. The EHR. The Google Ads and Meta Ads accounts continue running.

See Independent Practice details → Public pricing · $5K + $1,000–$2,500/mo
02

MSO Platform

Scale 5 — 25 locations
Buyer CCO · General Counsel · CPO
HIPAA Covered entity
Deployment Single-tenant · 9-week cycle

Typical stack

Multi-site CMS, often Adobe DTM or Tealium tag manager. Adobe Analytics or GA4 + GA360. Salesforce Health Cloud or HubSpot for patient outreach. Marketo or Pardot for marketing automation. PE-backed roll-ups frequently consolidate onto a single shared marketing stack across sites.

Exposure pattern

Cross-site tracking concentration creates a state-by-state class-action surface that scales with location count. Plaintiff firms have filed against multi-site groups under state wiretap statutes and consumer-health-privacy laws across CA, IL, NY, MA, FL, WA, and others.

Apex Vault deployment

Single-tenant sanitization layer on dedicated infrastructure. Custom integrations against the existing tag manager and marketing stack. Negotiated BAA. Dedicated penetration test pre-go-live. Letter of Attestation at activation.

What stays the same

The marketing stack the Marketing org has negotiated. The CRM. The marketing-automation tooling. Salesforce Health Cloud. The patient-portal infrastructure. The EHR. Apex Vault sits in front of the tracking surface only; downstream systems are untouched.

Request MSO Platform tier sheet → MNDA-gated pricing
03

Enterprise Healthcare Providers

Scale 26+ locations · hospital systems
Buyer CCO · General Counsel · CPO · CISO
HIPAA Covered entity
Deployment Bespoke single-tenant · 9-week cycle

Typical stack

Adobe Experience Cloud, Tealium iQ, GA360, Salesforce Health Cloud, Marketo, multi-property tag-management infrastructure. Epic, Cerner, athenahealth, or similar EHR. Authenticated patient portal. Multi-brand presence across acquired groups.

Exposure pattern

Multi-state class-action surface plus state AG attention. Hospital-system-scale settlement risk for tracking on authenticated portal pages and condition-specific service pages. Cyber-insurance renewal underwriting now conditions coverage on tracking controls.

Apex Vault deployment

Bespoke single-tenant deployment. Custom hardening. Multi-brand support across acquired properties. Dedicated penetration test pre-go-live. Independent Letter of Attestation. Annual re-validation pen test for the life of the engagement.

What's explicitly out of scope

EHR (Epic, Cerner, athenahealth, eClinicalWorks, NextGen). Authenticated patient portals. Clinical workflow systems. Care-coordination platforms. These run on separate data paths and are explicitly not touched by Apex Vault.

Request Enterprise tier sheet → Custom pricing · MNDA-gated
04

Specialty Pharmaceutical Manufacturers

Scale Single-brand DTC through multi-brand portfolio
Buyer CPO · General Counsel · CCO
HIPAA Not a covered entity
Deployment Single-tenant · 9-week cycle

Typical stack

Adobe DTM / Audience Manager across branded DTC sites. Multi-property tag management. GA4 plus Bing UET plus LinkedIn Insight. Marketo or Veeva CRM. MLR-approved tag configurations negotiated over quarters.

Exposure pattern

No HIPAA safe harbor — state law applies directly without preemption arguments. State consumer-health-privacy "sale" exposure on branded DTC. State wiretap exposure on every tracker fire. Cyber and product-liability tower implications.

Apex Vault deployment

Single-tenant sanitization layer in front of the existing marketing stack. MLR-approved tag configurations preserved at the conversion layer; only the data flow gets sanitized. Dedicated penetration test pre-go-live. Letter of Attestation at activation.

What stays the same

The Adobe stack. The MLR-approved tag configurations. The CRM. The marketing-automation platform. Veeva. Clinical-trial systems. Pharmacovigilance infrastructure. The Marketing org doesn't lose what it negotiated.

Request Pharmaceutical tier sheet → Custom pricing · MNDA-gated
05

The statutory perimeter is the same across all four

Stack and scale differ. HIPAA coverage differs (providers are covered entities; specialty pharma is not). The state-by-state statutory perimeter applies uniformly. Plaintiff firms file wherever a visitor's state of residence opens a cause of action.

Applies in every state where the operator has visitors

  • State wiretap statutes — CIPA §632.7 (CA), Illinois Eavesdropping, NY Penal Law §250
  • State wiretap statutes — Massachusetts Wiretap, Florida Security of Communications
  • State consumer-health-privacy laws — Washington MHMDA, Nevada SB 370
  • State consumer-health-privacy laws — Connecticut health-data provisions, others pending
  • State comprehensive privacy laws — CPRA, VCDPA, CDPA, CTDPA, UCPA, TDPSA, others
  • Federal ECPA / Wiretap Act (18 U.S.C. §§ 2510–2523)
  • FTC Act §5 — unfair and deceptive practices
  • State Attorney General consumer-privacy actions
  • Cyber-insurance renewal underwriting (2026+)
  • HIPAA (covered entities only)

Find the right tier sheet.

Independent Practice is publicly priced and self-service. MSO Platform, Enterprise Healthcare, and Pharmaceutical tier sheets are made available under MNDA.

compliance@apexvaultcompliance.com →