Northwell Health, one of the largest healthcare systems in New York, has reached a settlement over allegations that it embedded Meta Pixel and Google Analytics tracking code on its website, including its FollowMyHealth patient portal and appointment booking pages. The lawsuit, Kaplan v. Northwell Health, Inc., Case No. 520763/2025, filed in New York State Supreme Court, Kings County, claims that these tracking technologies transmitted patients’ personally identifiable information and protected health information to third parties like Meta and Google without patient consent.
Northwell Health denies all claims of fault, wrongdoing, and liability, and maintains it would have prevailed on its motion to dismiss had the case proceeded further. Under the proposed settlement, patients who logged into the FollowMyHealth portal or booked appointments on Northwell’s website between January 1, 2020 and December 31, 2023 may be eligible for a $15.00 cash payment plus a 12-month subscription to a privacy monitoring service. A broader class of Northwell patients during a slightly longer period can receive the privacy monitoring subscription alone. The claim form submission deadline is April 20, 2026, and the final fairness hearing is set for April 21, 2026.
Table of Contents
- What Are the Pixel Tracking Allegations Against Northwell Health and What Does the Company Deny?
- Who Qualifies for the Northwell Health Pixel Settlement and What Are the Class Definitions?
- How Meta Pixel and Google Analytics Tracking Works on Healthcare Websites
- How to File a Claim for the Northwell Health Pixel Tracking Settlement
- What the Privacy Monitoring Service Covers and Its Limitations
- The Legal Claims and What They Mean for Patients
- What This Settlement Signals for Healthcare Privacy Going Forward
- Frequently Asked Questions
What Are the Pixel Tracking Allegations Against Northwell Health and What Does the Company Deny?
The core allegation in this case is straightforward: northwell Health placed Meta pixel and Google Analytics code on pages where patients entered sensitive health information, and those tools sent data to Facebook’s parent company and Google. According to the lawsuit, the transmitted data included information about patients’ past, present, or future health conditions, including the type and date of medical appointments. For example, if a patient logged into the FollowMyHealth portal to schedule a cardiology appointment, the tracking pixels allegedly could have relayed that specific detail to Meta or Google’s advertising infrastructure. The legal claims range from breach of fiduciary duty and confidentiality to violations of the Electronic Communications Privacy Act and New York’s consumer protection laws against deceptive acts and practices. Northwell Health’s position is unambiguous: the company denies all claims of fault, wrongdoing, and liability, and disagrees with every contention raised by the plaintiffs. Before the parties entered settlement discussions, Northwell had filed a motion to dismiss the case and believes it would have won that motion.
This is worth understanding because a settlement is not an admission of guilt. Many companies choose to settle litigation because the cost and uncertainty of prolonged court proceedings outweigh the expense of a settlement, even when they believe they have a strong defense. The fact that Northwell agreed to settle does not mean a court ever found the company liable for anything. Compared to other pixel tracking healthcare settlements that have emerged across the country in recent years, the Northwell case follows a familiar pattern. Hospitals and health systems used widely available analytics tools that were standard across industries, but the application of those tools on pages containing health information raised legal questions that did not exist when the technology was first deployed. The difference here is scale: Northwell Health operates 21 hospitals and over 900 outpatient facilities, meaning the potential class of affected patients is substantial.
Who Qualifies for the Northwell Health Pixel Settlement and What Are the Class Definitions?
The settlement defines two distinct subclasses with different eligibility criteria and benefits. Subclass 1 includes patients who logged into the FollowMyHealth patient portal between January 1, 2020 and December 31, 2023, or who booked an appointment through Northwell’s website during that same period. These individuals had the most direct interaction with the pages alleged to have contained tracking pixels. Subclass 2 covers all other Northwell Health patients between January 1, 2020 and July 25, 2024, who are not included in Subclass 1. This broader class captures patients who may have visited other parts of the Northwell website during an extended timeframe. The distinction matters because the benefits differ significantly. Subclass 1 members are eligible for a $15.00 cash payment plus a 12-month subscription to a privacy monitoring service.
Subclass 2 members are eligible only for the privacy monitoring subscription with no cash component. If you were a Northwell patient during the relevant period but never used the patient portal or booked appointments online, you likely fall into Subclass 2. However, if you are uncertain which subclass you belong to, filing a claim and letting the settlement administrator make that determination is the safer approach. Do not assume you are excluded simply because you cannot remember whether you used the portal. One limitation to be aware of: the class period for Subclass 1 ends on December 31, 2023, while Subclass 2 extends to July 25, 2024. If your only interaction with Northwell’s website occurred in the first half of 2024 and you did not use the patient portal or booking system, you would fall into Subclass 2 rather than Subclass 1. The dates are precise and matter for determining your eligibility and potential benefits.
How Meta Pixel and Google Analytics Tracking Works on Healthcare Websites
To understand why this lawsuit exists, it helps to know what Meta Pixel and Google Analytics actually do. Meta Pixel is a snippet of JavaScript code that website operators embed on their pages. When a visitor loads a page containing the pixel, it sends data back to Meta, including the page URL, actions the user takes, and sometimes form field data. Google Analytics operates similarly, collecting information about user behavior to help website operators understand traffic patterns. Both tools are used by millions of websites and are not inherently problematic. The issue arises when they are placed on pages where users enter protected health information. Consider a concrete example: a patient visits Northwell’s website, navigates to the appointment booking page, and selects a specialty like oncology or psychiatry.
If Meta Pixel was active on that page, the URL and potentially the specialty selection could be transmitted to Meta. That data, combined with the user’s Facebook identity through browser cookies, could theoretically link a real person to a specific medical specialty. This is the kind of data transmission the lawsuit alleges occurred. Whether it actually resulted in any harm to individual patients is a separate question, and one that Northwell disputes entirely. This is not a problem unique to Northwell. Dozens of hospitals and health systems across the country have faced similar lawsuits after investigations revealed pixel tracking on patient-facing pages. A widely cited 2022 investigation found that many major hospital websites contained Meta Pixel code, including on pages where patients entered health information. The healthcare industry’s response has generally been to remove these tracking tools from sensitive pages, but the legal fallout from their prior use continues.
How to File a Claim for the Northwell Health Pixel Tracking Settlement
If you believe you qualify, the process is handled through the official settlement website at nwpixelsettlement.com. You will need to submit a claim form before the April 20, 2026 deadline. The site provides the claim form along with detailed instructions about what information you need to provide. Generally, these forms require basic identifying information such as your name, address, and some way to verify that you were a Northwell patient during the class period.
The tradeoff with any class action settlement is straightforward: by submitting a claim, you receive the settlement benefits but give up the right to sue Northwell individually over the same allegations. If you believe your damages from potential pixel tracking far exceed $15 and a privacy monitoring subscription, you have the option to opt out of the settlement by the March 23, 2026 deadline and pursue your own legal action. However, individual lawsuits are expensive, time-consuming, and uncertain. For most class members, the settlement benefits, while modest, represent a guaranteed outcome compared to the cost and risk of independent litigation. If you wish to object to the settlement terms without opting out, you must also do so by March 23, 2026.
What the Privacy Monitoring Service Covers and Its Limitations
Both subclasses are eligible for a 12-month subscription to a privacy monitoring service, which is the primary benefit for Subclass 2 members and an additional benefit for Subclass 1. These services typically monitor for signs that your personal information is being misused, such as unauthorized credit inquiries, dark web exposure of your data, or unusual account activity. The specific provider and features of the monitoring service offered through this settlement will be detailed on the official settlement website. There is an important limitation to understand: privacy monitoring does not prevent data misuse. It alerts you after something has potentially gone wrong. If your health information was transmitted to third parties through tracking pixels, a monitoring service will not undo that transmission or remove that data from Meta or Google’s systems.
The monitoring service is a forward-looking protective measure, not a remedy for past data exposure. Additionally, 12 months of coverage is a relatively short window. If your information was compromised, the risk does not expire after a year. You may want to consider continuing with a monitoring service at your own expense after the settlement-provided subscription ends, or at minimum remain vigilant about reviewing your accounts and credit reports going forward. Another consideration: if you already have identity theft protection or credit monitoring through another breach settlement, your employer, or a personal subscription, the added value of a second monitoring service is limited. These services largely overlap in function, and having two does not necessarily provide meaningfully better protection than having one.
The Legal Claims and What They Mean for Patients
The lawsuit asserts several legal theories, including breach of fiduciary duty and confidentiality, breach of implied contract, unjust enrichment, negligence, invasion of privacy under New York Civil Rights Law, violations of New York’s consumer protection statute prohibiting deceptive acts and practices, and violations of the Electronic Communications Privacy Act. Each of these claims approaches the same underlying conduct from a different legal angle. For example, the breach of fiduciary duty claim argues that healthcare providers owe patients a heightened duty of confidentiality, and that allowing tracking pixels to transmit health data breached that duty. The ECPA claim focuses on the federal prohibition against intercepting electronic communications without consent.
For individual patients, the practical significance is that these legal theories support the settlement’s existence. You do not need to prove any specific claim to receive benefits. If you are a class member and file a valid claim, you are entitled to the benefits regardless of which legal theory would have prevailed at trial. The breadth of claims filed is typical in privacy litigation and reflects the plaintiffs’ attorneys’ strategy to ensure at least some legal basis survived any motion to dismiss, which is precisely the motion Northwell had filed before settlement discussions began.
What This Settlement Signals for Healthcare Privacy Going Forward
The Northwell Health settlement is part of a broader wave of litigation forcing the healthcare industry to reckon with how standard web analytics tools interact with patient privacy obligations. Hospitals operate websites that serve dual purposes: they are marketing tools aimed at the general public and functional platforms where patients manage their care. The tension between those two roles is at the heart of these pixel tracking cases. Going forward, healthcare systems are increasingly segregating their marketing analytics from patient-facing pages, implementing consent management platforms, and conducting audits of third-party code on their websites.
For patients, the takeaway extends beyond this single settlement. If you use any healthcare provider’s online portal, it is reasonable to ask what tracking technologies are in place and whether your data is being shared with third parties. The legal landscape is still evolving, and while settlements like this one provide some measure of accountability, they also highlight the gap between existing privacy laws and the realities of modern web technology. The final fairness hearing for this settlement is scheduled for April 21, 2026, at 9:30 a.m. ET at the Supreme Court of the State of New York, Kings County Courthouse, 360 Adams Street, Brooklyn, New York.
Frequently Asked Questions
How do I know if I am part of the Northwell Health Pixel Tracking Settlement?
If you were a patient of Northwell Health between January 1, 2020 and July 25, 2024, you may be a class member. If you specifically used the FollowMyHealth patient portal or booked appointments on Northwell’s website between January 1, 2020 and December 31, 2023, you fall into Subclass 1 with higher benefits. Visit nwpixelsettlement.com to check your eligibility.
How much money will I receive from the Northwell Health settlement?
Subclass 1 members are eligible for a $15.00 cash payment plus a 12-month privacy monitoring subscription. Subclass 2 members receive only the 12-month privacy monitoring subscription with no cash payment. The subclass you belong to depends on how you interacted with Northwell’s website during the class period.
What is the deadline to file a claim?
The claim form submission deadline is April 20, 2026. The opt-out and objection deadline is earlier, on March 23, 2026. The final fairness hearing is scheduled for April 21, 2026 at the Kings County Courthouse in Brooklyn, New York.
Does Northwell Health admit it did anything wrong?
No. Northwell Health explicitly denies all claims of fault, wrongdoing, and liability. The company filed a motion to dismiss the case and believes it would have won. The settlement is not an admission of guilt. Both parties chose to resolve the matter through negotiation rather than continued litigation.
Should I opt out of the settlement?
For most class members, opting out is not advisable unless you believe your individual damages are significant enough to justify the expense and uncertainty of a separate lawsuit. The settlement provides guaranteed benefits with no out-of-pocket cost. If you opt out, you preserve your right to sue independently but give up the settlement benefits.
What kind of data was allegedly shared through the tracking pixels?
According to the lawsuit, the Meta Pixel and Google Analytics code on Northwell’s website allegedly transmitted personally identifiable information and protected health information to Meta and Google. This reportedly included information about patients’ past, present, or future health conditions, as well as the type and date of medical appointments.
You Might Also Like
- Capital Health Data Breach Settlement: What The Allegations Say And What The Company Denies
- SiriusXM Robocall And Telemarketing Settlement: What The Allegations Say And What The Company Denies
- Northwell Health Pixel Tracking Settlement: Who Gets Credit Monitoring And For How Long