Steve Alder writes:
Novant Health has agreed to settle a class action lawsuit that stemmed from its use of tracking pixels on its MyChart patient portal. The pixel code on the patient portal collected the personally identifiable information of users with the goals of “improving access to care through virtual visits and to provide increased accessibility to counter the limitations of in-person care,” however the information collected was also transferred to third-party technology companies that were not authorized to receive the data.
The North Carolina Health System was the first healthcare provider to report a pixel-related HIPAA violation to the HHS Office for Civil Rights (OCR).
Read more at HIPAA Journal.
The problem of tracking pixels was first revealed publicly by The Markup in June 2022. Novant was one of the hospital systems that The Markup reported on specifically in that piece. Novant’s disclosure to HHS was in August 2022. Since then, HHS published guidance in December of 2022, and other entities have also self-reported trackers.
But it is not just HHS OCR and class action lawyers who have been pursuing entities over this. Last month, NYS Attorney General James secured $300,000 from NewYork-Presbyterian Hospital over the trackers issue.