Is Google Ads HIPAA compliant?

No. Google explicitly does not sign Business Associate Agreements (BAAs) for the Google Ads platform, which means Google Ads is not HIPAA-compliant for handling Protected Health Information (PHI). You can run Google Ads for healthcare practices, but you must NOT pass any patient information (names, conditions, treatments, appointment types) through the platform's tracking or audience features.

Can I install the Google Ads pixel on my patient portal?

Not on any page that contains PHI — and most patient portal pages do. URLs like '/portal/dermatology-consult-confirmed/' or '/booking/diabetes-screening-complete/' contain implicit health information and trigger HIPAA violations if tracked. Limit pixel placement to generic, non-PHI pages like initial contact form confirmations.

What healthcare categories require Google Ads certification?

Addiction services (rehab, recovery centers), HIV testing or PrEP services, online pharmacies, telehealth (US-only certification), and any speculative or experimental treatments. The certification application takes 4-12 weeks and requires verifiable credentials, state licensing documentation, and adherence to specific advertising guidelines.

Can I retarget patients based on their conditions?

No — retargeting based on health conditions, treatments, or any PHI is prohibited by both HIPAA and Google's own healthcare advertising policies. You can retarget visitors based on general site visits (e.g., 'visited the clinic homepage') but NOT based on which condition or treatment page they viewed.

What's a good Google Ads budget for a medical practice?

$3,000-8,000/month for a single-location practice in most US markets. Specialty practices (cosmetic surgery, fertility, orthopedics) typically need $5K-15K/month due to higher CPCs and longer sales cycles. Primary care and urgent care can operate effectively at $2K-4K/month with proper geographic targeting.

← All posts

Google Ads for Healthcare Practices: The HIPAA Trap

Google Ads for medical, dental, and healthcare practices means HIPAA, restricted-health categories, patient privacy. How to run them without violations.

August 5, 20257 min read

Healthcare is one of the trickiest verticals on Google Ads. Not because the keyword strategy is complex — it's actually relatively straightforward. The complexity is in the layers of compliance: HIPAA, Google's restricted health categories, state medical advertising rules, and FTC guidelines on health claims.

Get any of these wrong and you face: account suspension, HIPAA violations with $50K+ fines per incident, state medical board complaints, or FTC enforcement actions.

Most healthcare practices either skip Google Ads entirely (leaving thousands of potential patients unreached), or run them carelessly and accumulate compliance risk. There's a middle path. Here's what we've learned managing accounts for medical, dental, and specialty healthcare practices.

The HIPAA + Google Ads problem

HIPAA (Health Insurance Portability and Accountability Act) restricts how Protected Health Information (PHI) can be shared, stored, and processed. Google Ads is NOT a HIPAA-compliant platform — Google explicitly does not sign Business Associate Agreements (BAAs) for ads.

This means:

You CANNOT use patient information (names, conditions, treatments) as audience targeting data
You CANNOT upload patient email lists to Google Ads (Customer Match) without explicit consent
You CANNOT use Google's tracking pixels on pages that contain PHI (like patient portals)
You CANNOT pass PHI through URL parameters or form data to Google Ads

The compliance trap most practices fall into: they install the Google Ads conversion pixel on their patient portal "thank you" page. The page URL contains the appointment type ("/portal/derm-consult-confirmed/"). That's a HIPAA violation.

How to track conversions WITHOUT HIPAA violations

Track inquiries, not appointments. Conversion = "contact form submitted" or "phone call > 60 seconds." Not "appointment booked."
Use offline conversion imports for downstream tracking. When a phone caller books an appointment, manually push that conversion back to Google Ads (without any patient identifying info). Use a unique transaction ID.
Keep the pixel off any URL containing condition or treatment info. Generic "contact-confirmed" is fine. "diabetes-consultation-scheduled" is not.
Audit your tracking setup with a healthcare-specialized agency. This isn't where you cut corners.

Google's restricted health content rules

Beyond HIPAA, Google has its own rules about what healthcare ads can say. Violating them gets you suspended.

What you CAN'T say in ads:

"Cure" anything (use "treat" or "manage")
"Best [specialty] in [city]" (Google considers this unverifiable superlatives)
"FDA-approved" without specific product approval
Specific medical claims about competitors' treatments
"Lose 30 pounds in 30 days" or any specific health outcome guarantees
Personal/sensitive health categories (e.g., HIV testing, addiction treatment) without certification

Restricted categories requiring certification:

Addiction services (rehab, recovery centers)
HIV testing or PrEP services
Online pharmacies
Telehealth (US-only certification required)
Speculative or experimental treatments

If your practice falls into any of these categories, you need to apply for the relevant Google Ads certification BEFORE running ads. Application can take 4-12 weeks.

Safe healthcare ad copy patterns

What works:

"Comprehensive [specialty] care in [city]"
"Same-day appointments available"
"Accepting new patients - [specialty] practice in [city]"
"[Specialty] care with [#] years experience"
"Call to schedule a consultation"

What gets ads disapproved:

"America's #1 [specialty]"
"Cure your [condition] in 30 days"
"Best [specialty] in [city] - guaranteed"
"Lose weight fast with our program"

Keyword strategy for healthcare practices

Healthcare keywords break into 4 buckets, each with different conversion characteristics:

Bucket 1: Symptom searches (high volume, low conversion)

Examples: "lower back pain", "headache won't go away", "skin rash treatment"

Conversion rate: 1-3%. Searchers are diagnosing, not booking. But cheap CPCs ($2-8) can produce qualified leads at scale if you have nurturing systems.

Bucket 2: Condition + treatment (medium volume, medium conversion)

Examples: "knee replacement surgery", "lasik eye surgery", "tmj treatment"

Conversion rate: 3-6%. Higher intent. CPCs $5-25. The sweet spot for most practices.

Bucket 3: Specialty + location (low volume, high conversion)

Examples: "dermatologist near me", "[city] dentist accepting new patients", "orthopedic surgeon [neighborhood]"

Conversion rate: 6-12%. Highest intent. CPCs $10-40. The most profitable bucket but limited inventory.

Bucket 4: Insurance / cost queries (variable)

Examples: "[procedure] cost without insurance", "does Medicare cover [treatment]"

Conversion rate: 4-8%. Searchers are price-shopping. Usually high quality leads if your prices are competitive.

Geographic targeting that respects healthcare reality

Healthcare is local — but more local than most verticals.

Patients drive 15-30 minutes for primary care. They drive 60-90 minutes for specialty care. They sometimes fly across state lines for elective procedures (cosmetic surgery, fertility, etc.).

Match your targeting to your specialty:

Primary care, dental, urgent care: 5-15 mile radius
Specialty care (cardiology, ortho, derm): 20-40 mile radius
Sub-specialty / elective (cosmetic surgery, fertility): State or multi-state

Don't waste budget targeting people you can't realistically serve.

Landing pages that convert healthcare traffic

Generic medical practice websites convert at 1-3%. Purpose-built campaign landing pages convert at 6-15%.

What converts:

Specialty-specific headline. "Considering knee replacement? Schedule a consultation with our orthopedic team" beats "Welcome to City Medical Group."
Provider photo and credentials. Real doctor photo, board certifications, years of experience, hospital affiliations. Patients buy from people, not logos.
Insurance accepted list. "We accept BCBS, Aetna, United, Medicare" — visible above the fold. Removes the #1 friction in healthcare buying decisions.
Same-day or next-day availability. When patients are ready to book, they want to book NOW. "Most patients seen within 48 hours" outperforms "schedule a consultation."
Clear pricing for elective procedures. If you're doing LASIK, cosmetic dentistry, fertility — show the price range. The prospects who can't afford it self-disqualify (saves your time). The ones who can pre-commit mentally before calling.
Easy appointment request. Phone number prominent on mobile. Form with 3-5 fields max. NEVER ask for SSN, insurance ID, or detailed medical history on the first form.

Budget allocation for a $4,000/month healthcare account

Campaign	Monthly Budget	Notes
Specialty + location queries	$1,400	Highest converters
Condition + treatment queries	$1,200	Strong intent
Symptom searches (top funnel)	$400	For nurture campaigns
Brand defense	$300	Practice name + provider names
Insurance / cost queries	$400	High-intent price shoppers
Remarketing	$300	Re-engagement

Expected: 30-80 inquiries per month at $50-130 CPA. From there, conversion to patients depends on your scheduling efficiency and follow-up systems.

The follow-up reality nobody talks about

Healthcare practices lose 40-60% of paid leads to slow scheduling response.

A patient inquires at 2pm. Your front desk calls back at 4:30pm — they're back at work, can't talk. They try again Tuesday at 10am — voicemail. By Wednesday, the patient has booked with the practice that returned their call within 30 minutes.

Solutions:

Online scheduling integrated to your EMR (Phreesia, Zocdoc, Solv) — patient self-serves
Live chat or chatbot for instant first response (qualifies, books, escalates to staff)
Dedicated patient inquiry phone line with rotating coverage during business hours
SMS-first follow-up — patients respond to texts faster than calls in 2026

If you're spending $4K/month on Google Ads with 24-hour response times, you're throwing away $1,600 of it.

When to start with telehealth instead

If you offer telehealth, that opens up much larger geographic markets at lower CPCs. Telehealth-specific keywords ("online dermatologist", "telehealth therapist", "virtual urgent care") have 30-50% lower CPCs than in-person equivalents because there's less established competition.

Plus, telehealth can serve patients across your full state license (or multi-state if licensed broadly), dramatically expanding TAM compared to a physical practice.

If telehealth is part of your service offering and you're not running specific telehealth campaigns, that's a quick win.

Free healthcare practice Google Ads audit

We do free audits specifically for medical, dental, and specialty practices. We check:

HIPAA-compliant tracking setup
Ad copy compliance with Google's healthcare rules
Keyword strategy fit for your specialty
Landing page conversion architecture
Lead follow-up and scheduling integration

30-min Loom recording, yours to keep. No pitch. Just clarity on whether your campaigns are compliant AND profitable.

Frequently asked questions

Is Google Ads HIPAA compliant?: No. Google explicitly does not sign Business Associate Agreements (BAAs) for the Google Ads platform, which means Google Ads is not HIPAA-compliant for handling Protected Health Information (PHI). You can run Google Ads for healthcare practices, but you must NOT pass any patient information (names, conditions, treatments, appointment types) through the platform's tracking or audience features.
Can I install the Google Ads pixel on my patient portal?: Not on any page that contains PHI — and most patient portal pages do. URLs like '/portal/dermatology-consult-confirmed/' or '/booking/diabetes-screening-complete/' contain implicit health information and trigger HIPAA violations if tracked. Limit pixel placement to generic, non-PHI pages like initial contact form confirmations.
What healthcare categories require Google Ads certification?: Addiction services (rehab, recovery centers), HIV testing or PrEP services, online pharmacies, telehealth (US-only certification), and any speculative or experimental treatments. The certification application takes 4-12 weeks and requires verifiable credentials, state licensing documentation, and adherence to specific advertising guidelines.
Can I retarget patients based on their conditions?: No — retargeting based on health conditions, treatments, or any PHI is prohibited by both HIPAA and Google's own healthcare advertising policies. You can retarget visitors based on general site visits (e.g., 'visited the clinic homepage') but NOT based on which condition or treatment page they viewed.
What's a good Google Ads budget for a medical practice?: $3,000-8,000/month for a single-location practice in most US markets. Specialty practices (cosmetic surgery, fertility, orthopedics) typically need $5K-15K/month due to higher CPCs and longer sales cycles. Primary care and urgent care can operate effectively at $2K-4K/month with proper geographic targeting.

Want this applied to your own account? We'll record a free Loom walkthrough showing exactly what we'd fix in your Google Ads. Get a free audit →