There is something quietly unsettling about learning that a hospital may have shared your health data with an advertising company. Not a breach in the dramatic, headline-grabbing sense — no ransomware, no hackers in hoodies. A tiny bit of code that is integrated into a patient portal and performs its intended function of gathering and sending data. That’s the core of what the Atrium Health pixel settlement is about, and it’s worth understanding before the claim deadline passes.
The Charlotte-Mecklenburg Hospital Authority, operating as Atrium Health, has agreed to pay $1.8 million to resolve a class action lawsuit. According to the lawsuit, Atrium Health installed pixel tracking technology on its website and, for a while, within its patient portal. This technology allegedly sent personal and health-related data to Meta and Google, among other third parties. As part of the settlement, Atrium Health has not acknowledged any misconduct.
The affected window is wide. A class member may be anyone who currently resides in the United States and had a MyAtriumHealth or MyCarolinas patient portal account at any time between January 1, 2015, and April 10, 2024. That’s nearly a decade of potential exposure — which, depending on how many valid claims are submitted, could mean a modest payment or something closer to nothing for most people.

It is important to note that the settlement divides eligible claimants into two groups. Patients who actually accessed and utilized their portal between January 1, 2015, and July 31, 2019 are included in Group 1. After deducting legal fees, administrative expenses, and service awards to class representatives, these individuals are entitled to a proportionate share of the net settlement fund. Group 2 applies to those who had an account during the broader period but didn’t use it during those earlier years — and their payout is capped at $10, with the total for that group not exceeding $300,000. Payments are further reduced if an excessive number of claims are filed in that second group.
It’s not a lucky break. Nobody is leaving this with money that could change their lives. However, the case is part of a more widespread and genuinely alarming trend in American healthcare, where pixel tracking subtly became commonplace before anyone really questioned whether hospitals were subject to different regulations than, say, a retail website. At the time, it made sense for healthcare systems to use the same analytics infrastructure as all other industries. What they may have underestimated was the sensitivity of the environment they were deploying it in.
Atrium Health isn’t alone in facing this kind of scrutiny. Duke University Health System recently agreed to a $3.74 million settlement over similar pixel-related claims. Allina Health System is currently managing a $12.5 million settlement of its own. Although the specifics of each case vary, the fundamental issue remains the same: patients who used health portals to make appointments, view test results, or communicate with their physicians had good reason to think that communication remained private.
Whether pixels in a patient portal technically violate HIPAA remains something courts and regulators are still sorting through. To be honest, it’s not entirely clear where the law stands on this. But the settlements keep coming, which suggests that even without a clear legal ruling, there’s enough uncertainty — and enough potential liability — to make resolution more attractive than litigation.
For current or former Atrium Health patients, the practical steps are simple. Claims may be mailed to the Kroll Settlement Administration in New York or submitted online at the official settlement website. September 28, 2026 is the deadline. Those who want to opt out of the settlement and preserve their right to sue independently must do so by August 31, 2026.
It’s worth taking ten minutes to check whether you qualify. Not because the payment is substantial, but rather because taking part is, at the very least, an admission that patient privacy matters and that there ought to be some sort of accountability when it is violated, even covertly.

