Mount Sinai Settles Web Trackers Privacy Claim for $5.3M

Healthcare Organizations Using Web Trackers Are Facing Fines

At a Glance 

  • $5.3M Settlement: Mount Sinai agreed to settle claims its web trackers shared patient data with Facebook; it denies wrongdoing. 
  • Who’s Affected: Covers 1.3M MyChart users between Oct. 2020–Oct. 2023. 
  • Bigger Picture: Part of a growing wave of lawsuits and regulatory scrutiny over healthcare web tracking tools. 
  • Healthcare Organizations Must Be Aware of Web Tracking: There must be a clear understanding of what data is being collected and where it is transmitted. 

Web Tracking Privacy Claim Proves Costly for NYC Health System 

Mount Sinai Health System in New York City has agreed to pay nearly $5.3 million to settle a proposed class-action lawsuit related to its use of online tracking tools. 

The lawsuit alleged that Mount Sinai’s MyChart patient portal and main website shared patient data with Facebook through embedded tracking technologies without the knowledge or consent of patients. 

Mount Sinai has denied any wrongdoing and maintains that no medical information was disclosed. However, plaintiffs claimed that the hospital’s use of Facebook Pixel and Conversions API transmitted personally identifiable information (PII) and potentially sensitive health data, violating federal and state privacy laws. 

Who’s Included in the Settlement? 

According to court documents, the settlement class in the litigation against Mount Sinai consists of more than 1.3 million MyChart patient portal account holders who logged into their accounts between Oct. 27, 2020, and Oct. 27, 2023. 

Under the preliminary agreement: 

  • Eligible class members who file valid claims will receive a share of the remaining fund after legal costs. 
  • Attorneys’ fees are capped at 35% of the settlement fund (about $1.8 million). 
  • Three lead plaintiffs are each set to receive $2,500 service awards. 
  • A final approval hearing is scheduled for Nov. 3. 

Growing Scrutiny of Tracking Tools in Healthcare 

The Mount Sinai case is the latest in a wave of lawsuits targeting healthcare providers and app developers for using online tracking tools. 

  • In July, BJC Health System in St. Louis agreed to pay up to $9.25 million to settle a proposed class action lawsuit also alleging that its use of online tracking tools in its patient portals sent sensitive patient information to third-party firms without patients’ knowledge or consent 
  • In August, Flo Health, a consumer fertility-tracking mobile app maker, also agreed to settle a federal class action lawsuit that alleged the California-based company shared the sensitive data of millions of users without their consent with Google, Meta, and other firms. 

 

These cases highlight a growing concern: many healthcare organizations may be unaware that web trackers embedded in their portals and apps are quietly capturing and transmitting sensitive information. Read more about The Hidden Cost of Undisclosed Tracking Pixels: Lost Trust, Big Fines. 

Key Actions for Healthcare Organizations Using Web Tracking 

  1. Scan and identify all active tracking pixels and scripts. 
  2. Disable/remove trackers until data use is clearly understood. 
  3. Involve cross-functional teams (marketing, IT, compliance, risk) in oversight. 
  4. Confirm vendor agreements (BAAs) or use de-identification tools if BAAs aren’t available. 
  5. Include trackers in risk analyses and maintain an updated inventory. 
  6. Set policies and obtain consent where tracking is used; check state laws. 
  7. Train staff and regularly monitor tracking tools. 

 

The Mount Sinai settlement emphasizes the increasing legal, regulatory, and reputational risks that healthcare organizations face when using web tracking technologies without adequate oversight. As regulators and courts continue to scrutinize the practice, providers and app developers should take proactive steps to evaluate their tracking tools, strengthen privacy safeguards, and ensure patients’ trust. 

Get Tailored Advice on Managing Web Trackers

Our experts at PrivaPlan can review your healthcare website, identify risky tracking tools, and guide you toward safe, compliant solutions. Call us today to schedule your web tracker review 1-877-218-7707.

Related Posts

Access PrivaPlan Toolkit

Access CMA-PrivaPlan Toolkit

Stay Ahead of Privacy & Security Compliance

Sign Up for Our Newsletter!

Don’t miss the latest updates, tips, and best practices in privacy and security compliance! Join our email newsletter for:

  • Exclusive Insights: Gain access to vital news and expert insights from PrivaPlan experts.
  • Practical Tips: Learn actionable strategies to protect data privacy & enforce data security.

Sign up now and elevate your compliance game!

A Compliance First Guide focused on AI & the HIPAA Security Rule

Ensuring HIPAA Compliance in Generative AI Systems

Our new practical guide offers actionable strategies for establishing an AI system while focusing on the HIPAA Security Rule framework. It's built to help you:

Learn about Compliance!

Subscribe now for up-to-date information about privacy & security compliance! You’ll receive emails regarding news about compliance & alerts for new blog posts.