Patients affected by third-party tracking tools on SSM Health’s MyChart portal may now claim compensation and privacy protection services.
What happened
SSM Health has agreed to settle a class action lawsuit involving the unauthorized sharing of sensitive health data through tracking tools embedded in its MyChart patient portal. The lawsuit, filed in December 2022, claimed that Meta Pixel and other trackers captured and transmitted personal health information to third-party companies like Meta and Google, without user consent.
The tools collected information such as patient status, conditions, treatment details, physician names, and facilities visited. These transmissions were alleged to violate patient privacy rights and several legal statutes, including HIPAA. SSM Health denies any wrongdoing but agreed to the settlement to avoid the risks of further litigation.
Going deeper
The use of third-party tracking tools, like Meta Pixel and Google Analytics, is widespread across commercial websites, but their use in healthcare settings raises legal and ethical concerns. HIPAA rules prohibit the disclosure of protected health information to external parties without a signed authorization or valid business associate agreement.
The lawsuit, Jane Doe v. SSM Health Care Corporation, alleged multiple claims, including negligence, breach of fiduciary duty, unjust enrichment, and invasion of privacy. While SSM Health disputes these claims, both sides agreed to settle to avoid a jury trial.
Patients who logged into the MyChart portal between July 6, 2020, and February 10, 2023, are eligible to participate in the settlement.
What was said
SSM Health has not admitted liability but maintains that the decision to settle is in the best interest of all parties. Class counsel and the plaintiff support the outcome and consider the terms fair. The final fairness hearing is set for November 21, 2025. Claims must be submitted by November 25, and opt-outs must be filed by October 27.
Affected individuals are eligible for a $31.50 cash payment and a one-year subscription to CyEx Privacy Shield Pro, a service offering identity protection, data broker opt-out, and dark web monitoring.
FAQs
What is Meta Pixel, and why is it a problem in healthcare portals?
Meta Pixel is a tracking tool used to monitor website interactions. In healthcare settings, it can unintentionally transmit patient data to third parties, which may violate HIPAA if proper safeguards are not in place.
How does CyEx Privacy Shield Pro protect users?
CyEx Privacy Shield Pro offers services like identity theft monitoring, scanning for personal information on the dark web, and assistance with removing data from brokers.
Why are tracking technologies legally risky in healthcare environments?
Under HIPAA, sharing patient health information with outside vendors requires specific legal agreements or patient consent. Tracking tools may bypass those protections if not properly managed.
How can patients file a claim under the settlement?
Eligible users can visit ssmhealthdatasettlement.com to file a claim for compensation or privacy services. Claims are due by November 25, 2025.
What steps can healthcare organizations take to prevent similar issues?
They should audit their digital platforms for embedded trackers, consult legal counsel before deploying analytics tools, and ensure compliance with HIPAA’s privacy and security rules.
Farah Amod
%20-%202024-11-22T182557.792.jpg)