By Steve Levine · Updated July 2, 2026 · 8 min read
The Meta Pixel (formerly the Facebook Pixel) is a snippet of JavaScript tracking code that website owners embed on their pages. Each time a visitor loads a page or takes an action, the pixel sends that event to Meta — often with the page URL, button text, form information, and cookies (like the c_user Facebook login cookie and the _fbp browser cookie) that can tie the activity to a specific person. Because hospitals and other websites allegedly let the pixel transmit sensitive information — including patient-portal activity — without visitor consent, the pixel sits at the center of one of the largest privacy-litigation waves in the country, and it has produced a steady stream of pro rata cash settlements for website and portal users.
The Meta Pixel (formerly the Facebook Pixel) is a piece of JavaScript tracking code that website owners install on their pages. When a visitor loads a page or takes an action — clicking a button, submitting a form, adding an item to a cart — the pixel sends that event to Meta, often together with the page URL and cookies that can identify the visitor's Facebook account. Meta uses the data for ad targeting and measurement; the website owner uses it for analytics and advertising.
A wave of class actions alleges that hospitals and health systems embedded the Meta Pixel on their public websites and inside password-protected patient portals such as MyChart, and that the pixel transmitted patient status, appointment details, provider searches, and other health-related browsing data to Meta without patient consent. These are allegations that the defendants have generally disputed; many of the cases have settled without any admission of wrongdoing.
Common claims include the federal Wiretap Act (ECPA) for intercepting communications, the California Invasion of Privacy Act (CIPA) § 631, the Video Privacy Protection Act (VPPA) where video-viewing data was shared, state wiretap and consumer-protection statutes, and common-law theories such as breach of medical confidentiality, invasion of privacy, and unjust enrichment. HIPAA itself does not allow private lawsuits, but plaintiffs argue it helps define a healthcare provider's duty of confidentiality.
Most healthcare pixel settlements create a common fund that is divided pro rata among class members who file valid claims — typically patients who used the defendant's website or patient portal during a defined period. Payouts vary widely with the fund size and the number of claims. Many of these settlements require an identifier from the mailed or emailed notice to file, and the defendants settle without admitting wrongdoing.
In December 2022, the U.S. Department of Health and Human Services' Office for Civil Rights issued guidance warning that HIPAA-regulated entities generally may not use tracking technologies like the Meta Pixel in ways that disclose protected health information to third parties without authorization. In June 2024, a federal court in Texas vacated part of the guidance as it applied to certain visits to public-facing webpages. The bulletin is agency guidance, not a statute, but it is frequently cited in pixel litigation.
Free settlement alerts
Join thousands of readers who get the latest class action settlements you may qualify for — delivered straight to your inbox.