Something went wrong somewhere between a hospital visit and a social media targeted advertisement. That’s basically the story behind the $1.8 million Atrium Health settlement, which, depending on your perspective, is either a small but significant accountability moment or a reminder of how murky digital privacy has become in American healthcare.
In order to settle a class action lawsuit alleging that the healthcare network incorporated tracking pixels into its website, including, for a while, its patient portal, the Charlotte-Mecklenburg Hospital Authority, which operates under the Atrium Health name, reached a settlement. The lawsuit claims that those pixels sent patients’ private and health-related data to Google and Meta without the patients’ knowledge or consent.
On May 22, 2026, the settlement was granted preliminary court approval. Any American citizen who had a MyAtriumHealth or MyCarolinas patient portal account between January 1, 2015, and April 10, 2024 is covered by the $1.8 million total fund. That’s almost ten years of possible exposure.
Two groups of eligible patients are created by the payout structure. Group 1 members who actively accessed or used their portal accounts between 2015 and July 2019 receive a pro rata share of $1.5 million after administrative and legal fees. Patients in Group 2, who had an account during the larger 2015–2024 window but weren’t active users earlier, are eligible to receive up to $10 from a $300,000 pool. Obviously, it’s not money that can change your life. However, in this case, the concept is more important than the sum of money.

It’s important to remember that Atrium Health has previously dealt with intense legal pressure. Josh Stein, the attorney general of North Carolina, reached a separate settlement with the health system in 2018 over antitrust issues. Specifically, Atrium had been entering into contracts with insurers that prevented price transparency and kept patients in the dark about less expensive care options. Atrium was compelled to completely renounce those pricing agreements as a result of that settlement. There is a discernible pattern of a sizable institution pushing the boundaries of what authorities and courts will permit in two distinct cases from two different eras.
The tracking pixels themselves are not new, and many large websites use them for advertising and analytics. The context is what makes their presence on a patient portal unique and important from a legal standpoint. When a patient logs into a healthcare portal to send a message to their doctor or review test results, they have a legitimate expectation that the session will be private. Because health information has a different weight than, say, browsing history on a retail website, the Health Insurance Portability and Accountability Act was created.
It’s unclear if Atrium fully understood the legal distinction when it used these tools. It seems that during those years, a lot of healthcare systems nationwide made similar assumptions about third-party tracking tools, failing to fully take into account how HIPAA applies in digital environments. This type of lawsuit is not unique to Atrium. However, it’s one of the bigger settlements to come out of this specific litigation wave.
The deadline for patients wishing to submit a claim is September 28, 2026. Claims may be mailed to the settlement administrator at Kroll Settlement Administration in New York or submitted online at the official settlement website, AtriumHealthPixelSettlement.com, using the class member ID mentioned in the notice. September 30, 2026 is the date of the final court approval hearing.
The number of patients who will eventually file and whether the settlement will result in any long-term adjustments to Atrium’s or other major health systems’ digital tracking practices are still unknown. However, the case raises an important question: what does patient privacy mean in 2026 if a hospital can’t keep your data out of an advertising algorithm?

