LCMC Health agrees to settle class action lawsuit over use of data trackers
Louisiana Children’s Medical Center, a nonprofit provider network, has settled a class action lawsuit filed on behalf of patients who used its website, where protected health information was allegedly sent to technology companies for the purposes of advertising.
Notably, the hospital is now referred to as LCMC Health System, with its holding company serving as the primary defendant in the case. According to the lawsuit, the health system’s website had tracking code deployed, specifically Meta Pixel, that monitored patients’ activities and sent data to Facebook, in addition to other third-parties.
While most websites deploy these types of tools, in this case LCMC Health was alleged to have the code running in the background on its patient portal, which means any information inputted through the portal could potentially be recorded and transmitted to Meta. This would include names and contact information, in addition to content typed in messages and searches that could reveal sensitive information on medical diagnoses.
Plus, the patient portal itself could house payment details, diagnosis and provider information, and more that would then be sent to technology companies to serve up targeted ads.
In the past, similar instances have constituted a data breach under federal law, subject to HIPAA reporting rules—such as one from April 2024 at Kaiser Permanente, that exposed data on 13.4 million members.
However, in general these advertising trackers are allowed to be used on provider websites, though deploying them to any area where a patient typically has to log in—such as a patient portal—that carries the risk of personally identifiable information being shared, beyond the usual IP address and browsing history.
No admission of guilt
Per the terms of the settlement in this case, LCMC Health denies any wrongdoing. However, it has agreed to pay out $15 in cash to every member of the class, in addition to providing each person a year of identity theft protection services.
Anyone who used its website and patient portal between Jan. 1, 2019, and Nov. 30, 2022, may submit a claim. The health system also agreed to stop using advertising tools on its website for two years.
The terms are still subject to final approval by a judge. A hearing has been scheduled for Nov. 7.
A website for the settlement has been established for patients to file claims. It can be found by clicking here.
Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.