If you were a Northwell Health patient between January 2020 and July 2024, you are likely eligible for 12 months of privacy monitoring through Dashlane as part of the Northwell Health Pixel Tracking Settlement. Whether you also receive a $15 cash payment depends on one thing: did you log into or book appointments through Northwell’s FollowMyHealth patient portal during a specific window? Portal users get both the cash and the monitoring. Everyone else gets the monitoring alone. The settlement, formally known as Kaplan v. Northwell Health, Inc.
(Case No. 520763/2025, New York State Supreme Court, Kings County), resolves allegations that Northwell embedded Meta Pixel and Google Analytics tracking code on its website. These tools reportedly transmitted protected health information — including the types of medical consultations patients scheduled, the dates of those appointments, and health conditions searched or discussed — to third-party companies like Meta and Google, linked back to individuals through their IP addresses. For someone who searched Northwell’s site for information about a sensitive condition and then booked an appointment through the portal, that browsing activity may have been shared without their knowledge or consent.
Table of Contents
- Who Gets Privacy Monitoring in the Northwell Health Pixel Tracking Settlement and for How Long?
- What Does Dashlane Privacy Monitoring Actually Cover Versus Traditional Credit Monitoring?
- How Did Northwell Health’s Pixel Tracking Expose Patient Information?
- How to File a Claim Before the April 20, 2026 Deadline
- Why the Opt-Out and Objection Deadlines Deserve Careful Attention
- How This Settlement Compares to Other Healthcare Pixel Tracking Cases
- What This Means for Patient Privacy Going Forward
- Frequently Asked Questions
Who Gets Privacy Monitoring in the Northwell Health Pixel Tracking Settlement and for How Long?
The settlement divides affected patients into two subclasses, each with different benefits. Subclass 1 covers patients who logged into northwell‘s FollowMyHealth patient portal or booked appointments through the portal between January 1, 2020 and December 31, 2023. If you fall into this group, you receive a $15 cash payment plus 12 months of Dashlane privacy monitoring. Subclass 2 covers all other Northwell Health patients during a broader window — January 1, 2020 through July 25, 2024 — who were not portal users during the Subclass 1 period. These individuals receive 12 months of privacy monitoring only, with no cash component. The distinction matters because the portal users’ exposure was arguably more direct.
When you log into a patient portal, the tracking pixels could capture authenticated session data tied to a known individual, not just an anonymous IP address browsing the public website. That tighter link between identity and health information is likely why the settlement treats portal users as having suffered a more concrete harm. However, if you used the portal only after December 31, 2023, you would fall into Subclass 2 rather than Subclass 1, even though your portal data may have been exposed in a similar way. It is worth noting that both subclasses receive the same duration of monitoring — 12 months. There is no tiered monitoring where portal users get longer coverage. The only difference is the $15 payment. For context, $15 is modest even by class action standards, but it reflects the reality that pixel tracking cases involve informational harm rather than direct financial theft.
What Does Dashlane Privacy Monitoring Actually Cover Versus Traditional Credit Monitoring?
One detail that trips people up is the type of monitoring being offered. The settlement provides privacy monitoring through Dashlane, not traditional credit monitoring from Equifax, Experian, or TransUnion. This is an important distinction. Traditional credit monitoring watches for new accounts, hard inquiries, and changes to your credit report — the kind of activity you would expect after a Social Security number or financial account gets stolen. Dashlane’s privacy monitoring does something different. It scans dark web data collections and leaked databases for your exposed personal information.
Specifically, the Dashlane service monitors up to five email addresses and checks whether your passwords, bank account numbers, Social Security numbers, credit card numbers, phone numbers, or IP addresses appear in known data breaches or dark web marketplaces. If something surfaces, you receive an alert so you can take action — changing passwords, freezing accounts, or contacting your bank. However, if your primary concern is that someone will open a fraudulent credit card in your name because of this pixel tracking, Dashlane’s monitoring is not designed to catch that. It will not flag a new account opened at a bank you have never used. For that level of protection, you would need to place a credit freeze with the three major bureaus yourself, which is free under federal law. The settlement’s monitoring is better suited to the actual risk here: that fragments of your health-related browsing data, tied to your identity, could end up aggregated and sold in ways you never authorized.
How Did Northwell Health’s Pixel Tracking Expose Patient Information?
The mechanism behind this settlement is one that has affected dozens of hospital systems across the country, not just Northwell. When a healthcare website installs Meta Pixel or Google Analytics, those tools collect data about every page a visitor views, every button they click, and every form they start filling out. On a retail website, this captures shopping behavior. On a hospital website, it captures health behavior. If you visited Northwell’s site, searched for “oncology appointments,” clicked through to a specific doctor’s page, and then started scheduling a visit, that entire sequence could be transmitted to Meta or Google’s servers.
The critical problem is that this data was linked to identifiable individuals through IP addresses and, for logged-in portal users, potentially through authenticated sessions. A patient who searched for mental health services, substance abuse treatment, or HIV testing on Northwell’s website may have had that activity sent to advertising platforms — platforms whose entire business model is building profiles on individuals. The lawsuit alleges this happened without patients’ informed consent and in violation of their privacy rights. Northwell is one of the largest health systems in New York, operating 21 hospitals and over 850 outpatient facilities. The scale of potential exposure is significant. If you visited any Northwell-affiliated website during the class period and interacted with pages related to your care, your data may have been collected regardless of whether you realized tracking tools were present.
How to File a Claim Before the April 20, 2026 Deadline
Filing a claim requires submitting a claim form either online or by mail through the official settlement website at [nwpixelsettlement.com](https://www.nwpixelsettlement.com/) before April 20, 2026. The process is straightforward, but the timing matters. If you miss the deadline, you forfeit both the cash payment (for Subclass 1 members) and the privacy monitoring enrollment. One thing to weigh: filing a claim means you stay in the settlement and release your legal claims against Northwell related to the pixel tracking. If you believe your damages exceed what the settlement offers — say, you have evidence that your sensitive health information was specifically misused as a result of the tracking — you may want to consult an attorney about opting out and pursuing an individual claim. The opt-out deadline is March 23, 2026, which comes almost a full month before the claims deadline.
You cannot do both. If you opt out, you get nothing from the settlement but preserve your right to sue independently. If you file a claim, you accept the settlement terms. For most class members, filing the claim is the practical choice. Individual pixel tracking lawsuits are expensive to litigate, the damages are difficult to quantify, and the $15 plus monitoring (or monitoring alone) is guaranteed if the settlement receives final approval. The final fairness hearing is scheduled for April 21, 2026, at 9:30 a.m. ET at the Supreme Court of New York, Kings County, 360 Adams Street, Brooklyn, NY.
Why the Opt-Out and Objection Deadlines Deserve Careful Attention
The March 23, 2026 opt-out deadline is not just a formality. Once it passes, you are bound by the settlement’s terms whether you file a claim or not. If you do nothing — no claim, no opt-out — you lose the benefits and still release your legal claims. This is the worst possible outcome, and it happens to a large percentage of class members in every settlement. Objections follow the same March 23, 2026 deadline. If you believe the settlement is unfair — perhaps the $15 payment is too low, or the monitoring duration should be longer — you can file an objection with the court while still remaining in the class. Objecting does not mean you lose your benefits.
It means you are asking the judge to modify the terms or reject the settlement before giving final approval. This is a different path from opting out. Opting out removes you entirely. Objecting keeps you in but puts your concerns on record. One limitation to be aware of: if the court approves the settlement over your objection, you are still bound by the terms. You do not get a second chance to opt out after the hearing. The only way to fully preserve your independent legal options is to opt out before March 23, 2026.
How This Settlement Compares to Other Healthcare Pixel Tracking Cases
Northwell is far from the only health system facing this type of litigation. Hospitals including Advocate Aurora Health, Novant Health, and WakeMed have all faced lawsuits over pixel tracking. In the Advocate Aurora case, the health system disclosed that tracking pixels on its patient portal may have transmitted data for roughly 3 million patients.
These cases collectively reflect a pattern across the healthcare industry where marketing tools were deployed on patient-facing websites without adequate safeguards. What makes the Northwell settlement notable is its two-subclass structure that distinguishes between portal users and general patients. Some other healthcare pixel settlements have offered flat per-person payments without differentiating based on the type of website interaction. The Northwell approach at least acknowledges that logging into a patient portal creates a qualitatively different privacy exposure than browsing a public-facing site, even if both scenarios involved improper tracking.
What This Means for Patient Privacy Going Forward
The wave of pixel tracking lawsuits has already changed how hospitals manage their websites. Many health systems have removed Meta Pixel and similar tools from patient-facing pages, and the Department of Health and Human Services issued guidance in 2022 clarifying that tracking technologies on healthcare websites can implicate HIPAA when they collect individually identifiable health information. Settlements like this one reinforce the financial consequences of ignoring that guidance.
For patients, the broader takeaway is that health-related web browsing carries privacy risks that most people do not think about. Even after this settlement, other healthcare websites may still use tracking tools that transmit your activity to third parties. Using a browser’s private or incognito mode, employing tracker-blocking extensions, or accessing healthcare portals through a VPN can reduce — though not eliminate — this kind of exposure.
Frequently Asked Questions
Do I need to prove that my data was actually tracked to file a claim?
No. If you were a Northwell Health patient during the class period (January 1, 2020 through July 25, 2024), you are eligible to file a claim. You do not need to demonstrate that your specific browsing data was captured by tracking pixels.
What is the difference between Subclass 1 and Subclass 2?
Subclass 1 includes patients who logged into or booked appointments through Northwell’s FollowMyHealth patient portal between January 1, 2020 and December 31, 2023. They receive $15 plus 12 months of privacy monitoring. Subclass 2 includes all other Northwell patients during the broader January 2020 through July 2024 window, and they receive 12 months of privacy monitoring only.
Is the Dashlane monitoring the same as credit monitoring from Equifax or Experian?
No. Dashlane provides dark web monitoring that scans for your compromised passwords, bank account numbers, Social Security numbers, credit card numbers, phone numbers, and IP addresses in leaked databases. It does not monitor your credit report for new accounts or inquiries. If you want credit monitoring, you can place a free credit freeze with each of the three major bureaus independently.
Can I opt out and still file a claim?
No. If you opt out by March 23, 2026, you leave the settlement entirely and preserve your right to sue Northwell individually, but you receive no settlement benefits. If you want the monitoring and cash payment, you must stay in the class and file a claim by April 20, 2026.
How many email addresses does the Dashlane monitoring cover?
The settlement’s Dashlane privacy monitoring covers up to five email addresses per enrolled class member.
When is the final fairness hearing?
The hearing is scheduled for April 21, 2026 at 9:30 a.m. ET at the Supreme Court of New York, Kings County, located at 360 Adams Street, Brooklyn, NY.
You Might Also Like
- Capital Health Data Breach Settlement: Who Gets Credit Monitoring And For How Long
- SiriusXM Robocall And Telemarketing Settlement: Who Gets Credit Monitoring And For How Long
- 23andMe Customer Data Security Breach Settlement: Who Gets Credit Monitoring And For How Long