Why publish your technical standards?

Because most healthcare practices have no way to tell whether an agency's work is sound until something breaks: a HIPAA exposure surfaces, a site fails Core Web Vitals, schema is missing, or paid tracking is leaking patient data. Publishing the standard lets a practice hold any vendor, including us, to a measurable bar before signing.

Do you meet every one of these on every build?

Yes. The standard is the floor, not the upsell. A build that misses Core Web Vitals, ships without a validated schema graph, or sends patient data to an ad platform is not finished, regardless of how it looks. These are checked before anything is called done.

Is HIPAA-safe tracking really possible with Google and Meta?

Yes, with the right architecture. Google does not offer a Business Associate Agreement for Google Ads or GA4, and Meta does not for pixel data, so the funnel has to be built so protected health information never reaches them: server-side conversion events with identifiers stripped, no condition-based audiences, and validation that PHI stays out. The platform is not the compliance line; the data you send it is.

How is this different from an agency that says it does SEO?

A published, testable standard versus a promise. Schema validation, Core Web Vitals thresholds, accessibility audits, PHI-safe tracking, and entity-resolved content are either present and verifiable or they are not. We list them so the difference is checkable, not a matter of trust.

The build spec

The standard,
in the open.

Every Macbach build meets the same technical standard: a validated schema graph, Core Web Vitals green, WCAG 2.1 AA, HIPAA-safe tracking, server-side measurement, and AI-search readiness. We publish it so a practice can hold any vendor, including us, to a measurable bar before signing.

The standard, defined: The Macbach build standard is a fixed, testable specification, schema, performance, accessibility, HIPAA-safe tracking, measurement, and AI-search readiness, that every healthcare site we ship meets before it is called done. It is the floor, not an upgrade.

Grade your site against it See SitePRO

Structured data

LocalBusiness, MedicalBusiness, and Physician schema: JSON-LD, server-rendered, validated to schema.org on every build, never injected by a plugin at runtime.
A linked @graph, not loose snippets: One connected entity graph per page (Organization, WebPage, BreadcrumbList, plus page-type schema) so engines resolve the practice as a single entity.
Page-type schema: MedicalProcedure, MedicalCondition, FAQPage, Review, and Article applied to the page type, with credentialed author and reviewer attribution on clinical content.

Performance

Core Web Vitals green: LCP under 2.5s, CLS under 0.1, INP under 200ms, measured on mobile. No exceptions.
Image and font discipline: Explicit dimensions, modern formats with fallback, self-hosted fonts with font-display swap, lazy below the fold, priority on the LCP element.

Accessibility

WCAG 2.1 AA: Axe-clean at every heading level, keyboard-complete, screen-reader tested, visible focus, and reduced-motion respected.
Semantic structure: One H1, logical landmarks, labeled form inputs, real tables for tabular data, ARIA only as the gap-filler.

HIPAA and privacy

HIPAA-safe forms: Server-side validation. No protected health information in analytics, remarketing audiences, or logs.
No patient data to ad platforms: Patient identifiers and condition signals never reach Meta or Google. Tested on every build, not assumed.
Consent and policy surfaces: Cookie consent where required, with privacy, terms, and accessibility statements linked and current.

Measurement

Server-side Conversion API: Paid campaigns measured past the iOS signal loss, with PHI stripped before any event leaves the server.
Event and call tracking: Form, phone, and CTA events wired and tested, with call tracking verified per page and no PHI in any parameter.
CRM attribution: Leads forwarded into the CRM, scored and sourced, so the pipeline is measured end to end, not just the click.

AI-search readiness

Entity-resolved content: Clear, declarative facts about the practice and its providers so answer engines can map the entity and cite it confidently.
Answer-first structure: Direct 40-to-60-word answers, definition blocks, and question-phrased headings, the format AI engines lift into a composed answer.
Explicit boundaries: What a practice does not do, stated in content and schema, so an engine has nothing to hallucinate.

Answered

The standard, answered.

Why publish your technical standards?: Because most healthcare practices have no way to tell whether an agency's work is sound until something breaks: a HIPAA exposure surfaces, a site fails Core Web Vitals, schema is missing, or paid tracking is leaking patient data. Publishing the standard lets a practice hold any vendor, including us, to a measurable bar before signing.
Do you meet every one of these on every build?: Yes. The standard is the floor, not the upsell. A build that misses Core Web Vitals, ships without a validated schema graph, or sends patient data to an ad platform is not finished, regardless of how it looks. These are checked before anything is called done.
Is HIPAA-safe tracking really possible with Google and Meta?: Yes, with the right architecture. Google does not offer a Business Associate Agreement for Google Ads or GA4, and Meta does not for pixel data, so the funnel has to be built so protected health information never reaches them: server-side conversion events with identifiers stripped, no condition-based audiences, and validation that PHI stays out. The platform is not the compliance line; the data you send it is.
How is this different from an agency that says it does SEO?: A published, testable standard versus a promise. Schema validation, Core Web Vitals thresholds, accessibility audits, PHI-safe tracking, and entity-resolved content are either present and verifiable or they are not. We list them so the difference is checkable, not a matter of trust.

Hold us to it

Grade your site
against the standard.

The Practice Audit reads your site on the same dimensions: schema, speed, accessibility, tracking, and visibility. It returns a real grade, not a sales pitch.

Start the Practice Audit Why Macbach →

The standard,in the open.