A Chicago and Tampa Bay dermatology practice has agreed to settle claims that website tracking tools transmitted patient information to third parties without consent, in one of the first pixel-related settlements to follow a wave of regulatory warnings.

 

What happened

Derick Dermatology, a dermatology practice with locations in Chicago, Illinois, and Tampa Bay, Florida, has agreed to pay up to $1 million to settle a class action lawsuit over its use of pixels, cookies, and tracking analytics on its website. According to the settlement notice, the lawsuit, Jeffries v. Derick Dermatology PLLC, was filed in Broward County, Florida, and alleged that the tracking tools disclosed website users' personal information to third parties without their knowledge or consent. The claims deadline is July 21, 2026, and the final approval hearing is scheduled for August 17, 2026. Derick Dermatology denies all wrongdoing.

 

Going deeper

The lawsuit asserted violations of the Federal Wiretap Act alongside breach of fiduciary duty, invasion of privacy, breach of implied contract, unjust enrichment, and negligence. The Federal Wiretap Act claim is significant as it treats the interception of communications by third-party tracking tools as an unauthorized wiretap rather than simply a privacy policy failure, a legal theory that plaintiffs' attorneys have deployed in healthcare pixel litigation since 2023. Derick Dermatology's website, like those of most healthcare providers, likely used pixels to track appointment requests, service page visits, and user navigation data that, when combined with the practice's identity as a dermatology clinic, can infer health conditions and treatment interests. The settlement does not require Derick Dermatology to confirm what specific data was shared, with whom, or over what period.

 

What was said

In the official settlement notice, Derick Dermatology stated it "denied and continues to deny any wrongdoing, and that they committed, or threatened or attempted to commit, any wrongful act or violation of law or duty alleged in the action," but agreed to settle to avoid the costs, disruption, and risks of continued litigation.

 

In the know

The Derick Dermatology settlement arrives weeks after a peer-reviewed Rutgers University study published in PNAS Nexus confirmed that hospitals using third-party tracking pixels were 46 percent more likely to experience a data breach than those that did not. According to HealthTechSecurity, the Rutgers study analyzed 12 years of data from 1,201 hospitals and found 66 percent used third-party pixels, the same technology at the center of the Derick Dermatology settlement. Pixel-related litigation across healthcare has generated dozens of lawsuits and settlements since 2022, when HHS warned that tracking pixels transmitting protected health information to third parties without a business associate agreement likely violates HIPAA.

 

The big picture

A $1 million settlement over website tracking tools that were standard practice in healthcare marketing proves how quickly the legal situation around digital analytics has shifted. Practices that deployed Meta Pixel, Google Analytics, or similar tools on patient-facing websites before 2022 did so without anticipating HIPAA implications, because those tools had been routine across industries for years. The regulatory warnings, class action wave, and now settlements like Derick Dermatology's have turned that assumption into documented liability. For dermatology practices specifically, the exposure is heightened because their websites frequently include condition-specific pages for treatments that patients would not want shared with advertisers, such as acne, psoriasis, rosacea, and skin cancer screening, making the inferred health information particularly sensitive. Organizations that have not yet audited their websites for active third-party tracking tools face the same exposure Derick Dermatology settled for, at a scale that grows with the size of their web traffic.

 

FAQs

What is the Federal Wiretap Act, and why does it apply to website tracking pixels?

The Federal Wiretap Act prohibits the intentional interception of electronic communications. Plaintiffs in pixel litigation argue that tracking tools embedded in healthcare websites intercept the content of users' communications, including what pages they visit and what health information they enter and transmit that content to third parties in real time, which constitutes an illegal wiretap under the statute.

 

What should a dermatology or specialty practice do if it still has tracking pixels on its website?

Conduct an immediate audit of all active third-party scripts on patient-facing web pages, identify which vendors are receiving data and whether business associate agreements are in place, and remove or replace any pixels transmitting PHI to parties without a compliant BAA. The Rutgers study's finding that first-party pixels carry no significant breach relationship suggests the analytics function can be preserved by switching to first-party implementations that keep data within the organization's own systems.

 

Does this settlement create a legal precedent for other healthcare pixel cases?

Settlements do not create binding legal precedent in the way court rulings do. However, the consistent pattern of healthcare pixel cases settling rather than going to trial and settling at meaningful dollar amounts signals to the plaintiff's bar that these cases have value and to the defense bar that contesting them through trial is expensive and risky.

 

Which types of healthcare organizations are most exposed to pixel tracking litigation?

Any organization with a patient-facing website that uses third-party analytics tools on pages where visitors could indicate health conditions, schedule appointments, or enter personal information faces exposure. Specialty practices whose website content is inherently condition-specific, such as dermatology, oncology, mental health, reproductive health, and addiction treatment, carry a higher litigation risk because the inferred health information is more sensitive.