Novant Health Settles $6.6 Million Pixel Privacy Breach Lawsuit
Novant Health has agreed to settle a class action lawsuit that stemmed from its use of tracking pixels on its MyChart patient portal. The pixel code on the patient portal collected the personally identifiable information of users with the goals of “improving access to care through virtual visits and to provide increased accessibility to counter the limitations of in-person care,” however the information collected was also transferred to third-party technology companies that were not authorized to receive the data.
The North Carolina Health System was the first healthcare provider to report a pixel-related HIPAA violation to the HHS Office for Civil Rights (OCR). In the summer of 2022, Novant Health said the protected health information of up to 1,362,296 individuals had been disclosed to third parties such as Meta (Facebook) between May 1, 2020, to Aug. 12, 2022. The HIPAA breach was reported several months before OCR issued guidance on HIPAA and tracking pixels confirming that pixel-related disclosures of protected health information to third parties violated HIPAA. Novant Health was one of many health systems to use the code on its patient portal. According to one study, 99% of hospitals in the United States used pixels or other tracking technologies on their websites, apps, or patient portals that collected visitor information and transferred that data to third parties.
The lawsuit against Novant Health was filed on behalf of 10 Novant Health patients and similarly situated individuals who used the patient portal while the Meta Pixel code was present and alleged invasion of privacy, breach of contract, and violations of the Health Insurance Portability and Accountability Act. Novant Health maintains there was no wrongdoing and the decision to settle the lawsuit was taken to put an end to the litigation and avoid further legal costs and the uncertainty of trial.
“Novant Health takes privacy and the care of personal information very seriously and values patient trust to keep patients’ medical information private. Novant Health will continue to be as transparent as possible and provide information to patients,” said a spokesperson for Novant Health regarding the proposed settlement. “The proposed settlement is not admission of wrongdoing, and the court did not find any wrongdoing on the part of Novant Health.”
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Under the terms of the settlement, class members – individuals who used the MyChart portal between May 1, 2020, to Aug. 12, 2022 – will be eligible to submit claims for a share of the $6.6 million settlement fund. Claims will be paid pro rata once legal costs, expenses, and attorneys’ fees have been paid. Novant Health is one of several healthcare providers to have been sued over the use of pixels and other tracking technologies, including Advocate Aurora Health, which chose to settle its lawsuit for $12.225 million.