Northwell Health & Northbay Healthcare Settle Litigation Over Website Pixel Use
Northwell Health & Northbay Healthcare were sued over the use of tracking tools on their websites, which are alleged to have illegally disclosed sensitive data to unauthorized third parties. Both healthcare providers have agreed to settle the lawsuits.
Northwell Health Data Breach Settlement
Northwell Health has agreed to settle litigation over its use of tracking software on its website. According to the lawsuit, tracking tools such as Meta Pixel and Google Analytics code were added to its website and were configured in a manner that resulted in protected health information being transmitted to third parties, without the consent of website visitors.
The lawsuit – Kaplan v. Northwell Health, Inc. – was filed in the New York State Supreme Court, Kings County, and alleged that information about website users’ past, present, or future health conditions, including the type and date of a medical appointment, was collected and transmitted to third parties. That information could be tied to individuals via identifiers such as the their Facebook ID and IP address. The information disclosed could allow third parties to infer that the individual was seeking treatment for a specific medical condition and was a patient of Northwell Health. The lawsuit alleges that the use of tracking tools on the website without obtaining consent violated the Electronic Communications Privacy Act.
Northwell Health disagrees with the claims and contentions in the lawsuit and sought to have the lawsuit dismissed. Northwell Health believes it would have prevailed on its motion to dismiss; however, before the motion to dismiss was argued, all parties engaged in settlement discussions. After considering the likely cost of continuing with the litigation and the risks associated with doing so, the decision was taken to settle the lawsuit.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
There are two subclasses, the first of which consists of individuals who logged into the FollowMyHealth patient portal between January 1, 2020, and December 31, 2023, and any patient who booked an appointment via the website between the same dates. Those individuals may claim a cash payment of $15.00. The second subclass consists of all other Northwell Health patients between January 1, 2020, and July 25, 2024, who are not included in the first subclass. Individuals in both subclasses are entitled to a 12-month subscription to a privacy monitoring service. Claims must be submitted by April 20, 2026. The final fairness hearing has been scheduled for April 21, 2026. Individuals wishing to opt out of the settlement or object, must do so by March 23, 2026.
Northbay Healthcare Data Breach Settlement
Northbay Healthcare, the operator of two hospitals in Fairfield and Vacaville, California, and several care centers in Solano County, settled litigation over its use of website tracking tools, which are alleged to have impermissibly disclosed patient data to Meta Platforms, Google, and others.
The lawsuit – J.A., T.A., and N.C. v. NorthBay Healthcare Corporation – was filed in the Superior Court of Solano County, California, and alleged that the inclusion of the tools on its website, without informing patients and obtaining consent, resulted in an invasion of privacy and other common law and statutory violations. NorthBay Healthcare denies all allegations of wrongdoing and liability, and all material allegations in the class action complaint. After considering the likely costs of protracted litigation and the uncertainty of a trial and related appeals, the decision was taken to settle the litigation.
Under the terms of the settlement, individuals who were California residents between November 29, 2020, and May 14, 2024, and visited a Northbay Healthcare website or used the patient portal between those dates may submit a claim for a cash payment of $15.00. Class members may also claim a 12-month subscription to the CyEx Privacy Shield Pro privacy protection service. The deadline for opting out, objecting, and submitting a claim is March 12, 2026. The final fairness hearing has been scheduled for March 19, 2026.
