The Ohio-based nonprofit will settle claims that it unlawfully shared sensitive health data with third parties through embedded website tools.
What happened
Adena Health System has agreed to a $17.8 million settlement after facing allegations that it used tracking pixels on its MyChart patient portal to share patient data with third parties like Meta and Google. The nonprofit health system, which operates in south central and southern Ohio, allegedly allowed personally identifiable and protected health information to be transmitted without patient consent while individuals browsed the portal.
The lawsuit claimed that users’ online activity, including appointment bookings, treatment research, and physician interactions, was monitored and shared with third parties, potentially identifying individuals by linking the data to Facebook profiles if users were logged in during portal access.
Going deeper
The tracking pixels, including Meta Pixel and Google Analytics, were reportedly embedded in both public and logged-in areas of the MyChart portal. According to the lawsuit, this led to the collection of sensitive data such as health conditions, treatment preferences, search history, and provider details.
The legal claims included negligence, breach of confidence, unjust enrichment, and violations of the Electronic Communications Privacy Act. Plaintiffs also alleged that Adena Health knowingly benefited from this data sharing. Although Adena denies any wrongdoing or liability, it chose to settle to avoid ongoing litigation risks and costs.
Under the proposed settlement terms, approximately 89,000 individuals who accessed the portal between November 1, 2022, and June 3, 2024, are eligible for a $21 payment and one year of identity theft protection services. The settlement is still pending court approval.
What was said
The plaintiffs argue that embedding third-party tracking tools on a login-protected healthcare portal constitutes a serious breach of privacy and trust. The transmission of identifiable health data without user knowledge or consent raises concerns about digital surveillance in healthcare settings.
Adena Health has not admitted to any wrongdoing and maintains that its practices were lawful. However, the organization opted to resolve the matter through settlement in order to avoid a lengthy trial and further legal expenses.
FAQs
What is a tracking pixel, and why is it used?
A tracking pixel is a small piece of code embedded on a website to monitor user behavior, often for analytics or marketing purposes. In healthcare, its use becomes problematic when it collects sensitive health data without user consent.
Are patient portals like MyChart subject to HIPAA regulations?
Yes. Patient portals that store or transmit protected health information (PHI) are considered covered entities under HIPAA and must follow strict privacy and security guidelines.
How can patients find out if their data was shared through tracking pixels?
Affected individuals in this case will be notified as part of the settlement. More broadly, patients can request a privacy policy or reach out to the health provider’s privacy officer for details on third-party tracking.
Will this settlement set a precedent for similar lawsuits?
Potentially. As other healthcare systems face lawsuits over similar pixel use, this case may influence how courts and organizations approach consent, data handling, and digital tracking tools in healthcare settings.
Farah Amod
%20(81).jpg)
