The Engagement: A Practice Spending $55K per Month with No Visibility
A multi-location vascular surgery practice with eight clinical locations across multiple states engaged us for a comprehensive website and marketing operations audit. The practice was spending approximately $55,000 per month — over $660,000 annually — across twelve or more marketing vendors. Despite this investment, leadership had no clear picture of what each vendor delivered, which marketing channels produced patients, or whether their website accurately represented the practice.
The practice administrator suspected waste but lacked the data to quantify it. The medical director wanted to know why the website did not reflect the practice's current provider roster. Neither had a framework for evaluating whether their marketing spend was producing results proportional to the investment.
What we found was worse than either expected.
Finding 1: $69,800 per Year in Unverified Vendor Charges
Our audit began with a transaction-level analysis of the practice's marketing spend. We reviewed over 2,800 individual charges across 24 months of credit card and bank statements, mapping every transaction to a specific vendor and categorizing it by function.
One vendor stood out immediately. A marketing platform had been charging the practice $5,819 per month — $69,834 annually — for 24 consecutive months. Nobody at the practice could confirm what services were being delivered. No login credentials were in use. No reports were being reviewed. The charges simply continued, month after month, on autopilot.
This is not an unusual pattern. In our experience auditing healthcare practices, vendor accumulation is a structural problem. New vendors get added when a new initiative launches, but old vendors rarely get cancelled. Over time, the marketing stack becomes a layered artifact of past decisions that nobody maintains.
The practice was also running three separate email marketing platforms simultaneously — a CRM with built-in email marketing, a standalone email platform, and a marketing automation tool — at a combined cost of nearly $1,500 per month. Two of these were fully redundant.
Finding 2: 52 of 58 Leads Went Unread in a Single Month
The most expensive finding had nothing to do with overspending. It was underspending — specifically, underspending on lead management infrastructure.
During our audit month, the practice's website generated 58 form submissions from prospective patients. Of those, 52 went completely unread. No response. No triage. No follow-up. The forms were submitted into a system that nobody monitored.
The practice operated a call center at $16,700 per month to handle inbound phone calls. The call center was effective at managing phone volume. But web form submissions — an increasingly important channel as patients research providers online — fell into a gap between the call center's phone-oriented workflow and the website platform's form capture system. Nobody owned the handoff.
Using conservative estimates of average patient value for vascular surgery procedures, those 52 unread leads represented a potential pipeline loss exceeding $100,000 per month. Even if only 10 percent of those leads would have converted to appointments, the practice was leaving over $10,000 per month on the table — more than the cost of the unverified vendor charges.
The root cause was not negligence. It was architectural. No system connected form capture to triage to response to outcome tracking. Each tool — the website platform, the CRM, the call center — handled one node in the pipeline. Nobody wired the nodes together.
Finding 3: 60+ Pages with Wrong Title Tags and 8 Missing Providers
Our crawl of the practice's 141-page website revealed content accuracy failures at every level.
Title tag errors on 60+ pages. The website platform had templated title tags incorrectly, causing the majority of pages to display misleading or inaccurate titles in search results. For a practice spending over $10,000 per month on advertising, sending paid traffic to pages with wrong metadata undermined the entire conversion funnel.
Eight providers completely missing from location pages. The practice employed multiple advanced practice providers (APPs) across its eight locations. None of these providers appeared on any location page. Patients searching for their specific provider could not find them on the practice's own website — a basic trust failure that no amount of ad spend can overcome.
Provider roster conflicts between internal sources. The practice maintained provider information in multiple systems that disagreed with each other. Without a single source of truth for which providers practiced at which locations, every downstream system — the website, the directory listings, the appointment scheduling — was working from potentially stale data.
These findings illustrate a problem that automated website health scanning is uniquely positioned to detect. The content had drifted from operational reality over months, and nobody noticed because nobody was monitoring it. A periodic scan comparing website content against a known-good provider roster would have caught these issues within days of their introduction.
Finding 4: No HIPAA-Compliant Forms and No Cookie Consent
The compliance gaps were straightforward but critical.
No HIPAA-compliant forms. The practice's website collected patient information through standard web forms with no HIPAA-compliant submission handling. For a healthcare practice, this is not merely a best-practice gap — it is a regulatory exposure. HIPAA violations can carry fines ranging from $100 to $50,000 per incident.
No cookie consent mechanism. The website used tracking scripts and marketing cookies with no consent banner or preference management. While U.S. cookie consent requirements are less prescriptive than GDPR, healthcare websites handling patient-adjacent data face heightened scrutiny.
Missing security configurations. Domain security records (DKIM, SPF, DMARC) were incomplete, and several domains had unknown auto-renewal status. These are not exotic requirements — they are baseline infrastructure that protects both the practice and its patients.
The remediation cost for compliance was modest. HIPAA-compliant form handling, cookie consent management, and security configuration totaled approximately $105 per month in tooling costs. The gap was not budget — it was knowledge. Nobody in the practice's vendor ecosystem had flagged these requirements or configured the solutions.
The Dollar Impact: $460,000+ per Year in Identifiable Waste
Rolling up all findings, the practice faced over $460,000 per year in identifiable waste across four categories:
| Category | Annual Impact | |----------|--------------| | Unverified and redundant vendor charges | $73,300 | | Unattributed advertising spend (no measurement connecting ads to patients) | $126,000 | | Pipeline loss from unread leads (conservative 10% conversion estimate) | $125,000+ | | Ad spend undermined by content accuracy failures (estimated 5–15% waste) | $6,300–$18,900 | | Total identifiable waste | $460,000+ |
This figure is conservative. It excludes the harder-to-quantify costs of wrong provider information driving patients to incorrect locations, compliance exposure, and the compounding SEO damage from months of incorrect title tags.
What a Website Health Scan Would Have Caught
Many of these findings are detectable through automated website health scanning — the kind of continuous monitoring that PageVital provides. Specifically:
Content accuracy monitoring would have flagged the 60+ incorrect title tags and the missing provider information within days of the errors appearing, not months later during a manual audit.
Compliance scanning would have identified the absence of HIPAA-compliant forms, the missing cookie consent mechanism, and the incomplete security configurations as part of a routine health check.
Performance and technical health checks would have established a baseline for the site's Core Web Vitals, accessibility compliance, and security posture — giving the practice a quantitative foundation for vendor accountability.
What automated scanning cannot detect — and where expert audit services remain essential — are the operational failures: the unread leads, the unverified vendor charges, the inverted media-to-management spend ratio. These require transaction-level analysis, workflow mapping, and strategic judgment that goes beyond what any scanning tool can provide.
The lesson is not that scanning replaces auditing. It is that continuous scanning catches the detectable problems early, freeing expert attention for the structural issues that require human judgment.
The Structural Pattern: Why This Happens to Healthcare Practices
This practice's situation was not unique. Across multiple healthcare marketing engagements, we observe the same six problem categories recurring with remarkable consistency:
- Vendor chaos and overlap — vendors accumulate, none get cancelled, deliverables go unverified
- No attribution infrastructure — ad spend flows without measurement connecting it to patient outcomes
- Website content accuracy failures — content drifts from operational reality with no monitoring
- Compliance and security gaps — HIPAA, cookie consent, and accessibility requirements go unaddressed
- Lead process breakdowns — leads are generated but not triaged, responded to, or tracked
- Operational tooling gaps — no systems for vendor management, spend analysis, or cross-platform coordination
These are not healthcare-specific problems. They are structural challenges that affect any growing business managing multiple marketing vendors. Healthcare amplifies the severity — unread leads become patient safety risks, wrong provider information becomes a care quality issue, compliance gaps carry regulatory penalties — but the underlying patterns exist across industries.
Recommendations for Multi-Location Healthcare Practices
Based on this engagement and similar audits, we recommend healthcare practices take four immediate steps:
1. Audit your vendor stack against actual transactions. Do not rely on invoices or vendor-reported costs. Pull credit card and bank statements and map every charge to a confirmed vendor and deliverable. You may find charges you did not know existed.
2. Implement lead response monitoring. Know how many form submissions your website generates, how many receive a response, and how quickly. If your response rate is below 90 percent or your response time exceeds one business day, you have a pipeline problem that no amount of advertising can solve.
3. Scan your website for content accuracy and compliance. Verify that provider information, location details, title tags, and meta descriptions match operational reality. Check for HIPAA-compliant form handling, cookie consent mechanisms, and basic security configurations. Tools like PageVital can automate these checks on a recurring basis.
4. Establish attribution before increasing spend. Before investing another dollar in advertising, ensure you can measure which channels produce patients and which produce clicks that go nowhere. Without attribution, marketing budget decisions are based on vendor promises rather than evidence.
The practice in this case study has since begun implementing these recommendations. The unverified vendor has been flagged for investigation, a lead triage protocol is being designed, and content accuracy remediation is underway across all eight locations.
PageVital helps healthcare practices and their agencies monitor website health continuously — catching content accuracy failures, compliance gaps, and technical issues before they compound into the kind of waste documented in this case study. Start a free scan to see where your practice's website stands today.