The New York-based health systems, Catholic Health System & Northwell Health, have agreed to settle class action lawsuits stemming from their use of pixels and other website tracking and analytics tools, which are alleged to have disclosed sensitive personal and protected health information to third parties such as Meta and Google without consent.
Website tracking and analytics tools are used extensively across the internet for tracking website visitors. While these tools can collect valuable information to help website owners improve their websites, they can also collect and transmit sensitive data to the third-party providers of the tools. That disclosed information may then be used for advertising purposes.
Depending on how these tools are implemented, they may violate the HIPAA Privacy Rule, such as if they are added to web pages or apps that require authentication. Over the past three years, many lawsuits have been filed over the use of these tools by healthcare providers. HIPAA has no private cause of action, so individuals cannot sue for HIPAA violations. The lawsuits were filed for alleged violations of federal wiretapping laws and state consumer protection laws.
Catholic Health System Pixel Settlement
Catholic Health System, a non-profit integrated health system based in Buffalo, New York, was sued for implementing these tools, which resulted in impermissible disclosures of protected health information to Meta and other third parties. The defendant filed a motion to dismiss, which was partially successful; however, the lawsuit was allowed to proceed, and an amended complaint – J.C. v. Catholic Health System, Inc. – was filed in the Supreme Court of the State of New York, County of Erie.
Catholic Health System denies any wrongdoing whatsoever and also denies that tracking technologies were added to its patient portal or electronic medical record system; however, following mediation, a settlement was agreed upon by all parties. The settlement provides benefits to all patients who logged into the Catholic Health System MyChart patient portal from January 1, 2020, through December 11, 2025 (Subclass 1), and any current or former patient who sought and received treatment from Catholic Health System between the same dates, not including individuals in Subclass 1 (Subclass 2).
The defendant has agreed to pay all attorneys’ fees and expenses, settlement administration and notification costs, and service awards for the class representatives. Class members in Subclass 1 may submit a claim for a one-time cash payment of $20, and members of Subclass 2 may submit a claim for a 12-month membership to a Dashlane privacy monitoring service. Class members have until March 11, 2026, to object to the settlement or exclude themselves. Claims must be submitted by April 10, 2026, and the final fairness hearing has been scheduled for April 23, 2026.
Northwell Health Pixel Settlement
Northwell Health, a New York-based nonprofit integrated healthcare serving patients in New York and Connecticut, faced similar class action litigation over the use of website tracking tools that were alleged to have disclosed sensitive personal and protected health information to third parties such as Meta and Google without patients’ knowledge or consent. Through these tools, the defendant is alleged to have disclosed information related to past, present, or future health conditions, which would allow third parties to determine that an individual was a patient or seeking treatment, together with the type of medical care being sought.
The lawsuit, Kaplan v. Northwell Health, Inc., was filed in the Supreme Court of the State of New York, County of Kings and asserted claims of breach of fiduciary duty/confidentiality, breach of implied contract, unjust enrichment, negligence, invasion of privacy under New York Civil Rights Law, violations of the New York Consumer Law for Deceptive Acts and Practices, and violations of the Electronic Communications Privacy Act.
The defendant denies all claims of fault, wrongdoing, and liability and disagrees with all contentions in the lawsuit; however, to avoid the expense of ongoing litigation and the uncertainty of a trial and related appeals, the decision was taken to settle the litigation. There are two settlement classes, with different benefits. Individuals who used Northwell Health’s FollowMyHealth patient portal between January 1, 2020, and December 31, 2023, are in Settlement Subclass 1 and may submit a claim for monetary relief of $15 per class member. All other patients of Northwell Health between January 1, 2020, and July 25, 2024, not including those in Settlement Subclass 1, are in Settlement Subclass 2 and may claim a 12-month membership to a privacy monitoring service.
The deadline for objection and opting out is March 23, 2026. The deadline for submitting a claim is April 20, 2026, and the final fairness hearing has been scheduled for April 21, 2026.
The post Catholic Health System & Northwell Health Settle Pixel Lawsuits appeared first on The HIPAA Journal.
