What Your SEO Agency Won't Tell You Before You Sign: A Medical Practice Owner's Guide to Hiring Right

If you've sat through an agency pitch recently, you've probably heard some version of the same presentation: a slide showing your competitors' rankings, a traffic projection with a satisfying upward curve, a service breakdown that includes every SEO term you've ever come across, and a monthly investment that sounds reasonable compared to what you're already spending on marketing. The deck was polished. The presenter spoke with authority. And you left with a folder full of materials and no clearer idea of who to trust.

This guide is written from the other side of that table. After years of building and running a digital marketing agency that works with medical practices, I've watched this industry sell the wrong things to the wrong people, and I've seen what happens when a practice spends 12 months and $30,000 on an engagement that never had a chance of delivering what it promised.

The goal here is to give you the framework to evaluate what you're actually being sold, the questions that cut through a well-rehearsed pitch, and the filters that eliminate bad candidates before you've wasted a single hour on a discovery call.

Why Medical SEO Is a Different Category (and Most Agencies Don't Know It)

Most agencies that pitch medical practices have a background in consumer SEO, local business SEO, or maybe B2B content marketing. They claim healthcare expertise because they once managed an orthopedic clinic's blog or ran a Google Ads campaign for a dental group. That experience is not healthcare SEO.

Real healthcare SEO operates under constraints that don't exist in other industries. Understanding them is the first test of whether an agency belongs in the conversation.

Google's YMYL framework applies to all medical content.

YMYL stands for "Your Money or Your Life," the classification Google uses for content that can directly affect a person's health, safety, or financial wellbeing. Health content falls squarely in this category, and Google evaluates it by a stricter standard than it applies to a recipe blog or a home services company. The practical consequence: content that would rank a plumbing company in two months will not rank a medical practice in the same timeframe, and content produced by a generalist writer without medical credentials will consistently underperform against content produced with documented expertise. An agency that doesn't understand this distinction will produce content that never reaches the patients you're trying to reach.

HIPAA governs your tracking setup, not just your patient records.

The HHS Office for Civil Rights has issued guidance making clear that standard web tracking configurations — including out-of-the-box Google Analytics 4, Meta Pixel, and most behavioral retargeting setups — can violate HIPAA when deployed on healthcare provider websites, because they transmit user-level data (including IP addresses and the health-related queries that led someone to your site) to third-party servers without a Business Associate Agreement. Most agencies don't know this. They configure analytics the same way they do for every other client and move on. That gap has resulted in real enforcement actions, and if your current agency set up your tracking, there's a meaningful chance your site is non-compliant right now.

Search intent in healthcare is not uniform.

A patient searching "hip replacement surgeon near me" is in a fundamentally different position than someone searching "is hip replacement surgery covered by Medicare." The first query is commercial, local, and close to a booking decision. The second is informational, national in character, and belongs at the top of a long educational journey. An agency that treats these queries the same way, optimizing your site for traffic without distinguishing between intent types, is not building a patient acquisition strategy. They're building a traffic report.

"Within healthcare SEO, Google's YMYL standard isn't just a content filter; it's a trust framework that evaluates your entire web presence as a whole. Building the E-E-A-T signals that satisfy it requires consistent execution across every content touchpoint: procedure and service pages, provider bios, about pages, blog and educational content, and the offsite signals (citations, backlinks, review profiles) that reinforce your authority in Google's eyes. No single page carries this on its own. This compounds over time, and it requires a coordinated strategy where every piece of content is reinforcing the same signals of credibility and expertise. An agency focused purely on the technical side of SEO (keywords, rankings, site speed) while neglecting the trust architecture that makes those rankings sustainable will eventually hit a ceiling. The practices that consistently outperform competitors in organic search are the ones that have built a genuine authority presence: one that satisfies both the algorithmic requirements of YMYL and the judgment of a prospective patient deciding who to trust with their care. Building that in parallel with your traditional and AI search strategy isn't optional in healthcare. It's the foundation everything else sits on."

— Bryan Passanisi, Founder, Brown Bear Digital

The Pitch Room Reality: What Agencies Are Actually Selling You

Here's what's happening inside most agency pitches, and why the deck is rarely evidence of the work.

That competitor ranking analysis was pulled in about 20 minutes from a tool like SEMrush. The traffic projection is a formula: it takes projected keyword rankings, applies average click-through rates from industry benchmarks, and produces a number the agency has no contractual obligation to deliver. The comprehensive service breakdown is the same template they used for the physical therapy clinic and the med spa last month. None of this makes the agency incompetent. It makes the pitch a sales presentation, not a proposal, and you should evaluate it accordingly.

What distinguishes a pitch that reflects real capability from one that reflects a polished sales process:

A plan built around your actual situation.

If the agency hasn't asked about your current patient acquisition channels, your cost per acquired patient, your competitive geography, and your specific growth goals before the pitch meeting, the strategy they're presenting isn't for you. It's a healthcare SEO template with your practice name inserted.

Evidence tied to patient acquisition, not impressions.

Traffic growth and keyword ranking improvements are inputs. New patients booked from organic search is the output. Any agency with a meaningful healthcare SEO track record should be able to show you, from at least two or three client engagements, a direct connection between the SEO work they did and measurable patient acquisition outcomes. If they can't, either they don't have the evidence or they haven't been measuring the thing that actually matters.

Honest timelines.

If an agency tells you that you'll see meaningful results in 30 or 60 days, they're either setting you up for a conflict at month two or they don't understand how competitive the healthcare search landscape is in most mid-sized markets. Meaningful organic traction typically takes six months to build. Consistent, attributable patient acquisition from organic search commonly takes 12 months or more. An agency that won't tell you this upfront is managing your expectations toward a sale, not toward a realistic outcome.

"Most agencies won't tell you upfront that the person pitching you is not the person who will be doing your work. The industry standard is to sell on senior talent and deliver through junior staff who are, in many cases, still developing their skills. That's not inherently a problem. Everyone starts somewhere. The issue is what happens at the review stage. When the junior work comes back, it typically gets evaluated by someone with a general marketing background rather than deep SEO expertise. The nuances that actually determine whether a page performs over the long run require significant pattern recognition to catch. After 15 years in this industry, I see these issues immediately. Most agencies don't have that depth involved in the day-to-day review process. So the work ships with errors that compound quietly over months, and the client only notices when results plateau or decline."

— Bryan Passanisi, Founder, Brown Bear Digital

Five Questions That Separate a Real Healthcare SEO Agency from a Good Salesperson

Most "questions to ask an agency" lists fail because they tell you what to ask but not what a good answer sounds like. These five questions work as filters only if you know what you're listening for.

1. How do you track conversions for healthcare clients without violating HIPAA?

The right answer: The agency mentions server-side tracking, HIPAA-compliant call tracking platforms (CallRail with a signed BAA, for example), and a GA4 configuration that redacts sensitive data. They understand the distinction between what's legal to track and what most agencies track by default.

The red flag answer: "We use Google Analytics and track form fills." Standard GA4 out-of-the-box transmits IP addresses and health-related query strings to Google's servers without appropriate protections. An agency that offers this as the plan hasn't done serious healthcare SEO work.

2. Can you show me a healthcare client where you can connect your SEO results to actual patient acquisition, not just traffic?

The right answer: A specific case study with call tracking data, organic-attributed conversion rates, and ideally a cost-per-acquired-patient number. The agency explains what the client's acquisition problem was before engagement, what they did specifically, and what measurably changed.

The red flag answer: A graph showing organic traffic growing upward. Traffic is not patients. An agency that responds to this question with traffic data either doesn't have better proof or doesn't understand the difference between what they're reporting and what you're buying.

3. Which keywords are you planning to target first, and what's the logic behind that sequence?

The right answer: A prioritized mix of commercial-intent local keywords (your specialty + city name), condition-based queries with treatment intent, and supporting informational content that builds topical authority over time. The agency can explain why they'd sequence local commercial terms before national informational ones.

The red flag answer: A list of high-volume national health terms your practice has no realistic path to ranking for, or a flat list of keywords with no prioritization logic. This tells you the agency is building a keyword list that looks comprehensive in a pitch deck rather than a strategy designed around realistic patient acquisition.

4. Who specifically will be working on our account, and what is their direct experience in healthcare?

The right answer: A named person or small team with documented healthcare client history. Not "our team has deep healthcare expertise." Ask for a specific individual, what they've done, and what practices they've worked with previously.

The red flag answer: Vague references to "our team" with no names attached. Many agencies sell on the credentials of their principals and deliver work through junior staff or offshore writers with no healthcare background. In a YMYL category, this is a meaningful risk to content quality and performance.

5. What happens if we're 6 months in and not seeing progress?

The right answer: Defined performance milestones with agreed review intervals. A clear process for diagnosing what's working and adjusting. Some form of review provision or exit clause that doesn't require you to pay out a full contract for work that isn't performing.

The red flag answer: "SEO takes time" as the complete answer, or a 12-to-18-month lock-in with no performance language. An agency that can't define what early success looks like has no intention of being held accountable for delivering it.

Red Flags That Look Like Green Flags

These signals appear credible in a pitch. They're not.

"We specialize in healthcare SEO" without evidence of YMYL competence.

This phrase costs nothing to put on a website. What you want to see is demonstrated familiarity with how Google evaluates medical content: E-E-A-T signals, content review processes involving credentialed authors, cited sources, and documented expertise markers. If the agency can't explain what YMYL means and why it changes their content production process, the specialization claim is marketing language, not a capability.

Guaranteed first-page rankings.

No reputable SEO agency guarantees specific rankings, because Google's algorithm is not purchasable and not predictable at that level of specificity. An agency offering guarantees is either planning to use tactics that produce short-term gains and long-term penalties, or they're guaranteeing rankings for terms so low-competition they're essentially meaningless for patient acquisition.

A large healthcare portfolio with no references you can actually contact.

Ask for two or three clients from practices similar to yours that you can call. An agency with a genuine track record of healthcare SEO success has clients willing to vouch for them by name. Reluctance to provide direct references, or references that turn out to be subsidiaries or personal connections, is worth noting.

Reporting dashboards showing a lot of green numbers that never connect to patient acquisition.

Agencies control what goes into their reporting. A well-designed dashboard showing keyword rankings improving, domain authority growing, and sessions trending up can coexist perfectly with a practice whose actual new patient appointments from organic search have declined or stagnated. Ask for the line connecting their reported metrics to your front desk call volume or booking data. If they can't draw it, the dashboard is measuring their own outputs, not your outcomes.

"What I see consistently is agencies presenting impressive-looking numbers: clicks are up, impressions have grown, the link count is higher, content output has been significant. The dashboard is full of upward trends. But when you ask how any of it connects to new patient inquiries or appointments booked, the answer is usually some version of 'we're building toward that.' SEO does take time to mature. That's a legitimate reality. But it's also a convenient shield for agencies producing output without a clear north star. Clicks and impressions mean nothing if you're attracting the wrong audience. Links mean nothing if they're not building authority for the terms your patients actually search. Content volume means nothing without a strategy that maps every piece to a specific point in the patient acquisition funnel. Agencies that use these metrics as proof of progress without connecting them to patient acquisition are, in most cases, optimizing for their own deliverables rather than your business results."

— Bryan Passanisi, Founder, Brown Bear Digital

The "Test Their Own SEO" Rule

Here's a filter that eliminates most poor candidates before you get on a single call: search for them.

If an agency is pitching your medical practice on SEO services, they should be able to rank for the services they're selling. Search "healthcare SEO agency [their city]" or "medical SEO company [their region]." Look at where they appear in the results. Look at what their own website looks like from a content and technical standpoint.

This is not a perfect test. Some larger agencies with established referral networks deprioritize their own SEO because inbound demand isn't their growth bottleneck. But for most agencies pitching small-to-mid-size medical practices, not appearing in search for your own category is a signal worth taking seriously. They are asking you to trust them with a technical discipline they haven't demonstrated on their own behalf.

Beyond rankings, read their website's content. Are they publishing genuinely useful, healthcare-specific material, or generic "what is SEO" blog posts that could have been written about any industry? Do they have a documented approach to HIPAA-compliant analytics, YMYL content standards, or medical E-E-A-T? Firms that do serious healthcare SEO tend to write about what they know.

"At Brown Bear, our content approach is comprehensive, layered, and built around a single outcome: driving revenue for the practices we work with. Comprehensive doesn't just mean covering a topic thoroughly. It means approaching every piece from multiple angles and through multiple formats. Rather than a single-format page that satisfies a query on the surface, we create genuine learning opportunities for the reader: combining written content with visual explanations, structured data, supporting media, and contextual depth that gives users something they couldn't get from a standard article alone. Layered on top of that is a deliberate strategy around expertise and trust: credentialed authorship, cited sources, internal linking architecture, and offsite authority building that reinforces the practice's credibility in Google's eyes and in the patient's. We're also building for how LLMs and AI search surfaces evaluate content now, not just traditional search rankings. The goal at every level is the same: to make the content valuable enough that search engines, AI models, and prospective patients all treat the practice as the authoritative answer in their market."

— Bryan Passanisi, Founder, Brown Bear Digital

What the Right Retainer Actually Looks Like for a Medical Practice

Most pricing guides give you ranges without context. Solo practice: $750–$1,500/month. Multi-location group: $3,000–$8,000/month. These numbers aren't wrong. But they don't tell you whether any given investment makes sense for your situation.

A more useful frame: think in cost-per-acquired-patient, not monthly retainer.

If your average patient lifetime value is $2,400 (a conservative number for a primary care patient with two or three annual visits), and a well-executed SEO program produces 15 attributable new patients per month from organic search, you're adding $36,000 in lifetime patient value per month from that channel. A $2,500/month retainer for that outcome is an excellent return. The same $2,500/month retainer producing two new organic patients per month is not.

The relevant question isn't "what's a reasonable SEO budget for a practice like mine?" It's: what does patient acquisition currently cost you through your other channels (paid search, referral programs, offline advertising) and what would you accept as a reasonable equivalent cost from organic?

Agencies that have done serious healthcare SEO work can model this conversation with you before you sign. They'll ask about your average patient value, your current acquisition mix, and your realistic competitive position in your geography. If an agency can only tell you what keywords they'll target and what rankings they expect to achieve, they are optimizing for outputs they control rather than outcomes you care about.

On contract terms: one-year agreements are standard and reasonable given the time horizon of organic SEO. What is less reasonable is a full-year contract with no performance review provisions and no exit clause for significant underperformance. Before signing, negotiate for a 90-day review against defined milestones. An agency confident in their work will accommodate this. An agency that resists it is protecting their revenue, not your interests.

HIPAA, AI Search, and the New Rules of Healthcare Visibility

Two shifts are reshaping how patients find medical providers. Most agencies operating in this space today have not caught up to either.

HIPAA and web tracking.

HHS has made clear since 2022 that many standard analytics and advertising tracking configurations used by marketing agencies constitute HIPAA violations when deployed on healthcare provider sites. The risk is not theoretical: enforcement actions have followed, and the FTC has separately pursued healthcare companies under its own authority for tracking-related violations.

The practical implication for any agency evaluation: before the engagement begins, your prospective agency should be able to audit your current analytics and tracking setup, identify any HIPAA exposure in your existing configuration, and document their plan to remediate it. If this conversation doesn't come up in the sales process, raise it yourself. Any agency that is dismissive or unfamiliar with the issue should not have access to your website.

AI Overviews and healthcare search intent.

Google's AI Overviews now appear for a significant share of healthcare-related queries, particularly informational ones. When a patient searches "how long does ACL recovery take" or "signs of perimenopause," the AI Overview often provides a direct answer on the search results page, without the patient clicking through to any website.

For your practice's SEO strategy, the implications depend on what you're trying to accomplish. High-intent local queries, like "orthopedic surgeon Chicago" or "fertility clinic near me," remain largely unaffected by AI Overviews. Standard local SEO and Google Business Profile optimization still dominates those results. For informational content, the goal is no longer simply ranking on page one: it's being cited as a credible source within the AI Overview itself, which requires the kind of expert-authored, well-structured content that meets Google's elevated healthcare standards.

Ask any agency you're evaluating directly: "How has your content strategy for healthcare clients changed in response to AI Overviews?" If they have no answer, or tell you AI Overviews don't meaningfully affect healthcare search, they haven't been watching the platform they're being paid to understand.

Making the Final Decision: A Simple Evaluation Framework

After pitches, reference calls, and your own due diligence, you'll typically have two or three agencies that have cleared the filters above. Score each finalist from 1 to 3 across five criteria:

1. Healthcare-specific evidence: Do they have named, verifiable healthcare clients with patient acquisition data, not just traffic graphs?
2. HIPAA and compliance fluency: Can they explain your current tracking setup's compliance status and articulate specifically what they'll do to ensure it?
3. Strategic fit: Does their proposed approach reflect your actual situation (your specialty, your geography, your patient type) or is it a healthcare SEO template with your name on it?
4. Reporting and accountability: Are the metrics they'll report tied to patient acquisition outcomes, and is the reporting cadence defined before you sign?
5. Reference quality: Are the references they offer from practices similar to yours, and do those practices speak to patient acquisition results rather than general satisfaction?

A finalist scoring 13 or above out of 15 has genuinely cleared the bar. If none of your finalists reach that threshold, you're either working with a budget that limits your access to agencies with a real healthcare track record, or the pool you've been evaluating is too narrow and you need to expand your search.

What Good Looks Like 12 Months In

A year into a well-executed healthcare SEO engagement, you should be able to see a few concrete things: a measurable share of new patient inquiries attributable to organic search, a content presence that covers the conditions and procedures your practice treats with the geographic specificity your market requires, and a technical foundation that is clean, fast, compliant, and not generating crawl errors that suppress your visibility.

You should also be able to see what you're less dependent on. Practices that get SEO right over time reduce their reliance on paid search spend. They lower their per-patient acquisition cost. They build a compounding asset: a ranked, trusted web presence that continues to produce patient inquiries as long as it's maintained, rather than going dark the moment the ad budget stops.

"The pattern I see most consistently when auditing existing SEO programs is the same regardless of the agency: the work has been focused on content volume, and almost none of it connects to anything the business actually cares about. Practice owners are sold on blog development and long-form informational articles without any real conversation about how that content maps to patient acquisition or revenue. The result is practices that have spent tens of thousands of dollars producing content that targets the wrong terms, misses the patients who are close to a booking decision, and generates no meaningful return. The output looks active. The outcomes are absent."

— Bryan Passanisi, Founder, Brown Bear Digital

That outcome is achievable. It requires the right agency, the right timeline expectations, and a clear-eyed evaluation of who you're hiring and why.

If you want a direct conversation about what SEO looks like for your specific practice (specialty, market, goals), Brown Bear Digital works with medical practices on exactly this. No pitch deck required.