From Clicks To Claims: Ad Tracking Lawsuits Target Healthcare Providers

May 13, 2026

Adena Health System, a nonprofit health system in Ohio, has agreed to pay $17.8 million to resolve a class action containing allegations that it improperly shared patient information with third parties through online ad-tracking tools.

The lawsuit contains allegations that Adena deployed Meta Pixel and similar tracking code on its MyChart patient portal and other web properties, allowing personally identifiable information and protected health information to be transmitted to companies such as Meta and Google without valid authorization.

Data allegedly disclosed included names, contact details, appointment information, IP addresses and details about interactions with the portal. Adena denied wrongdoing but agreed to the settlement, which still requires court approval and would provide cash payments to affected patients and fund remedial measures.

The case is one of several recent class actions targeting healthcare organizations for their use of online tracking technologies that may expose sensitive patient data to advertisers and analytics providers.

Source: https://healthexec.com/topics/health-it/cybersecurity/nonprofit-health-system-agrees-18m-settlement-over-use-ad-trackers

Commentary

The Adena settlement highlights how ordinary marketing tools can become high-stakes litigation risks when they collect or transmit information that regulators or patients (and their lawyers) view as protected health information.

Healthcare organizations should assume that any ad tracker, pixel, analytics tag or session-replay script on a patient-facing site or portal is discoverable in litigation and will be scrutinized against HIPAA, state privacy laws, and consumer-protection standards.

Loss prevention begins with a complete inventory of all web and app tracking technologies, followed by a legal and technical assessment of what data each tool captures, where it sends that data, and under what contractual safeguards.

Where tracking tools are not essential to care delivery, organizations should remove or heavily restrict them, especially on authenticated portals and pages that reveal conditions, treatments or appointment details.

For tools that remain, risk can be reduced by strong de-identification, strict configuration to avoid capturing PHI, updated notices and consent flows, and vendor agreements that clearly prohibit secondary use of any health-related data.

Regular audits and collaboration between marketing, IT, compliance and legal teams are essential to keep tracking practices aligned with evolving enforcement and class action trends.

Finally, your opinion is important to us. Please complete the opinion survey:

Product

Articles

From Clicks To Claims: Ad Tracking Lawsuits Target Healthcare Providers

A health system is tagged with a $17.8 million loss for using ad trackers. We comment on the growing wave of pixel?tracking suits and the concrete actions privacy, IT, and marketing teams should take to avoid privacy litigation.

Pay Rage And Employee Theft: When Missed Raises Or Value Slights Lead To Fraud

A former employee claims he started stealing after he did not receive a raise. We comment on how perceived pay inequity can fuel rationalizations for employee theft, and look at the value of controls and communication strategies to help reduce the risk.

What Is More Important - Pay Or Flexibility? You Make The Call

A survey reveals pay may be more important than flexibility. What do you think?

Threat Mapping: Connecting Daily Work To Cyber Risks

A survey reveals IT personnel are unable to effectively "threat map", which leaves them vulnerable. We comment on how linking routine tasks to specific cyber risks (threat mapping) empowers employees to recognize danger and help limit loss.

No Poach Agreements And Healthcare HR: What Federal Enforcers Expect

We comment on the federal antitrust risks surrounding no poach agreements in healthcare and practical compliance steps employers can take to minimize exposure to civil and criminal enforcement.