Dental Group Advertising: Scaling Paid Media Across Locations
A 50-location dental group spends $200,000 per month on Google Ads and Meta campaigns. Each location has its own landing page. Each landing page has Google Analytics, the Meta Pixel, a call tracking script, a chat widget, and a scheduling integration. That is five tracking technologies per location, 250 scripts running across the organization, and zero visibility into which ones are compliant.
The ROI opportunity for dental groups is real. Paid search for dental services converts at rates most healthcare verticals envy. A single new patient is worth $1,200 to $3,000 in lifetime value for a general dentistry practice, and significantly more for specialty services like implants or orthodontics. The math works. The problem is that the infrastructure required to capture that ROI at scale is the same infrastructure that created an $18.4M class action settlement for the largest DSO in the country.
$18.4M in Tracking Liability: The Aspen Dental Settlement
Aspen Dental ($18.4M class action, 2025). Aspen Dental used Meta Pixel and Google tracking tools on aspendental.com that transmitted web user data, including appointment booking information, to Meta and Google without knowledge or consent. The settlement covers February 2022 through January 2025. Source
Aspen Dental is the largest DSO in the United States. Their marketing team is sophisticated. Their ad spend is substantial. And their tracking setup was the same configuration that most dental groups use today: standard pixels on a website that accepts appointment bookings. The settlement did not involve a security breach or a rogue employee. It involved routine marketing technology doing exactly what it was designed to do.
For smaller dental groups, the Aspen case should reframe every conversation about marketing technology. If the largest DSO in the country could not avoid this outcome with their resources, a 20-location or 50-location group using the same tracking architecture faces the same risk with fewer resources to manage it.
What Makes Multi-Location Dental Marketing Uniquely Challenging
Dental group advertising has characteristics that amplify compliance risk compared to single-location practices or even hospital systems.
Decentralized website management. Many DSOs operate individual practice websites alongside a corporate site. Each website may have been built by a different agency at a different time, with different tracking implementations. The corporate marketing team sets strategy, but the actual scripts running on each practice site may vary wildly. One location might have an outdated Google Analytics tag from 2019. Another might have a TikTok Pixel added by a regional marketing manager. Nobody has a complete inventory.
Appointment booking as the primary conversion. Unlike hospital systems where marketing often drives awareness, dental group marketing is direct response. The conversion event is an appointment booking, which inherently captures patient information: name, phone number, email, insurance provider, and the type of dental service needed. When that booking happens through a form on a page tracked by Meta Pixel, all of that data flows to Facebook.
High local competition drives aggressive tracking. Dental markets are intensely local. When three dental groups are competing for "dentist near me" searches in the same zip code, the pressure to optimize every campaign drives aggressive conversion tracking, advanced audience targeting, and detailed attribution. Each of those optimization tactics increases the data flowing through third-party platforms.
Franchise and affiliate models complicate compliance ownership. Many DSOs use management services agreements where the corporate entity provides marketing support to independently owned practices. Compliance responsibility in these arrangements can be ambiguous. Does HIPAA liability sit with the practice that sees patients, the management company that runs the website, or the marketing agency that installed the pixels?
The ROI Case for Compliant Infrastructure
Dental groups often view compliance as a cost center that reduces marketing effectiveness. The opposite is true when implemented correctly.
Server-side tracking improves data accuracy. Client-side tracking loses 25% to 40% of conversion data due to ad blockers, Safari Intelligent Tracking Prevention, and browser privacy features. Server-side tracking captures conversions from your server, unaffected by browser-level blocking. A dental group that switches from client-side to server-side conversion tracking typically sees a significant increase in reported conversions, not because more patients are converting, but because the tracking is actually capturing what was already happening.
First-party data infrastructure survives platform changes. Google's deprecation of third-party cookies (eventually), Meta's ongoing signal loss from iOS privacy changes, and browser vendors' increasing restrictions on tracking all degrade client-side marketing performance. Dental groups that build first-party data infrastructure, including custom tracking domains and server-set cookies, are insulated from these platform-level changes.
Compliance reduces legal exposure that dwarfs ad spend. Aspen Dental's $18.4M settlement is roughly equivalent to what a large DSO might spend on advertising in a year. A single compliance incident can wipe out years of marketing ROI. The cost of building compliant infrastructure is a fraction of the cost of defending against a class action.
Henry Ford Health ($12.2M class action, 2025). Henry Ford Health used Meta Pixel and Google tracking technologies on its website and MyChart patient portal between January 2020 and December 2023, affecting over 819,000 consumers. Source
Henry Ford's case, while not a dental group, illustrates the scale of liability that standard tracking creates for multi-location healthcare organizations. The per-patient exposure in class action settlements means that dental groups with hundreds of thousands of website visitors face significant aggregate risk.
Campaign Architecture That Scales and Complies
Google Ads: Location-Specific Campaigns with Centralized Tracking
Campaign structure. Build campaigns at the metro or regional level with ad groups for each practice location. Use location extensions and location-specific landing pages to drive local relevance. Bid adjustments by geography let you allocate budget based on each location's patient capacity and competitive landscape.
Conversion tracking. Replace the standard Google conversion tag with server-side conversion tracking through a HIPAA-compliant CDP. When a patient books an appointment through any practice website, the conversion event is captured by your server and sent to Google's API with location attribution but without patient-level PHI. Google receives: "a conversion happened at location X." Google does not receive: the patient's name, phone number, insurance information, or dental service interest.
Attribution across locations. Centralized server-side tracking gives your corporate marketing team a unified view of performance across all locations without requiring each practice site to run its own analytics implementation. One infrastructure handles 5 locations or 500 locations.
Meta Ads: Awareness and Retention Campaigns
Campaign approach. Meta works well for dental group awareness campaigns (new location openings, special offers, community presence) and retention campaigns (existing patient engagement). Use broad geographic targeting around each practice location rather than health-specific audience targeting.
Data flow protection. Never install Meta Pixel on any practice website. Route all Meta conversion data through the Conversions API via server-side infrastructure. This ensures that Meta receives hashed conversion signals for optimization without receiving the appointment booking data that constitutes PHI.
Unified Reporting Without Unified PHI
The fundamental challenge for DSO marketing teams is reporting. The CMO needs to see cost per acquisition by location, lifetime value by acquisition channel, and ROAS across the portfolio. Standard reporting requires aggregating patient-level data across a centralized analytics platform.
Compliant reporting separates performance data from patient data. Your server-side tracking platform captures conversion events with location attribution, campaign source, and ad spend data. It does not need to centralize patient names, phone numbers, or treatment types to answer the question "which locations are generating the best return on ad spend."
Continuous Monitoring Across Every Practice Site
For dental groups, the ongoing monitoring challenge is more acute than for single-location practices. Every practice website is a potential compliance gap. A regional marketing manager adds a chatbot that installs its own tracking. A practice website redesign introduces new third-party scripts. A WordPress plugin update adds analytics code the development team never reviewed.
A web scanner that continuously crawls every practice website detects new scripts, cookies, and tracking pixels as they appear. For a 50-location dental group, this is the difference between discovering a tracking issue during a quarterly audit and discovering it during a class action deposition.
Consent management is equally critical. As state privacy laws expand and patient expectations around data handling increase, dental groups need a consent infrastructure that works across every location's website. Server-side consent gating ensures that no data flows to advertising platforms until consent is verified, regardless of which practice site the patient is visiting.
FAQ
Should each dental practice location have its own Google Ads account?
For most dental groups, a single Google Ads account with location-specific campaigns provides better budget management, easier reporting, and more efficient optimization than separate accounts per location. Use location extensions, geographic bid adjustments, and location-specific landing pages to drive local relevance within a centralized account structure. The key compliance consideration is ensuring that conversion tracking across all locations routes through server-side infrastructure rather than client-side pixels.
How do we attribute new patient value back to specific ad campaigns across locations?
Server-side tracking captures the campaign source and location for each conversion event. When a patient books through a location's website, your server records which campaign drove the visit and which location received the booking. This attribution data lives in your compliant analytics platform, separate from the patient's clinical record. You can report on cost per acquisition and ROAS by location without aggregating patient-level PHI.
What tracking scripts should we remove from our practice websites?
Audit every practice website for client-side tracking scripts that send data to third parties. Priority removals include: Meta Pixel, Google Analytics (client-side implementation), any third-party chat widget without a BAA, any call tracking service without a BAA, and any retargeting pixels from display networks. Replace these with server-side equivalents that route data through your compliant infrastructure. A web scanner can automate this audit across all locations.
Is our appointment scheduling software creating HIPAA exposure?
If your scheduling software embeds a form on a page that also runs advertising pixels, yes. When a patient fills out a booking form on a page tracked by Meta Pixel or Google Analytics, the booking data (patient name, contact information, service requested) can be transmitted to those platforms. The fix is to either remove all client-side advertising pixels from pages with scheduling forms or, better, route all tracking through server-side architecture so client-side pixels never access booking data.
How do we handle compliance for acquired practices that come with existing websites?
When acquiring a new practice, immediately audit the existing website for tracking scripts before integrating it into your marketing infrastructure. Run a web scanner to identify every cookie, pixel, and script on the site. Remove any non-compliant tracking before adding the location to your advertising campaigns. Treat every acquisition as a potential compliance liability until the website has been brought into your server-side tracking architecture.
Scaling dental group advertising does not require choosing between growth and compliance. It requires infrastructure that handles both simultaneously. If your DSO is managing paid media across multiple locations, Ours Privacy provides the server-side tracking, unified reporting, and continuous monitoring that lets you scale campaigns without scaling compliance risk.
Related reading:
Multi-Location Healthcare Advertising: Unifying Campaigns Without Unifying PHI
Google Ads for Healthcare: The Complete HIPAA Compliance Setup Guide
Google Local Services Ads for Medical Practices: Setup and Compliance
Meta Conversion API for Healthcare: Step-by-Step Server-Side Implementation
Continue Learning
Explore more HIPAA compliance resources for healthcare marketers.
Tool Compliance Reviews
Find out which marketing tools are HIPAA compliant and which ones put your organization at risk.
Server-Side TrackingServer-Side Tracking Guides
Replace risky client-side pixels with secure, compliant data collection that protects patient privacy.
Advertising Platform Guides
Step-by-step guides for running compliant healthcare campaigns on Google, Meta, TikTok, and more.
GlossaryHealthcare Marketing Glossary
Clear definitions for healthcare marketing, privacy, and compliance terms explained for marketing teams.