Willis-Knighton settles lawsuit over website tracking tools

A Louisiana health system will pay out and change digital practices to resolve claims it improperly shared visitor data with tech platforms.

What happened

Willis-Knighton Medical Center has agreed to settle a class action lawsuit alleging that its use of web tracking technologies led to unauthorized disclosures of user data to companies like Google and Facebook. The lawsuit, consolidated under Jacqueline Horton, et al. v. Willis-Knighton Medical Center, was filed in the 10th Judicial District Court in Natchitoches Parish, Louisiana.

The complaint focused on pixels and tracking tools embedded on Willis-Knighton’s website and patient portal. These tools allegedly collected personally identifiable information (PII) and transmitted it to third parties without proper authorization, potentially violating HIPAA.

Going deeper

While commonly used across industries, tracking tools can capture sensitive visitor information when applied to healthcare websites. One study cited in the case found that over 99% of hospital websites included such tools. The class action alleged that Willis-Knighton's use of these technologies enabled unauthorized third-party data access.

Willis-Knighton has denied any wrongdoing and maintains that no medical information was shared with Facebook or Google. However, the health system opted to settle in order to avoid protracted litigation and uncertain trial outcomes. Willis-Knighton agreed to suspend use of 16 specific tracking and analytics tools - including Google Ads, Meta, TikTok, and TheTradeDesk, for two years after final settlement approval.

What was said

The health system’s statement stated that the decision to settle did not reflect an admission of liability. Instead, it cited the financial and operational costs of litigation as the reason for the resolution. The court has scheduled a final approval hearing for January 22, 2026. Individuals must file claims by December 18, 2025, and objections or exclusions must be submitted by November 18, 2025.

The big picture

According to Bloomberg Law, “the fear of costly litigation and enforcement actions by federal regulators has led most health-care providers to remove tracking software from their password-protected patient portals,” resulting in a loss of valuable engagement and marketing data.

In 2021, over 98% of US hospitals and health systems used tracking pixels, but that number dropped to 55% in 2024 and just 30% in 2025, according to Jenny Bristow, CEO of Hedy & Hopp, which analyzed hundreds of provider websites. The number of providers that removed all pixels also more than doubled in a year, from 12% in 2024 to 28% in 2025. As privacy attorney Mark H. Francis noted, “providers are paying a lot more attention to what tools they are using and how the tools are implemented,” showing that settlements like Willis-Knighton’s are part of a nationwide retreat from third-party tracking amid tightening legal and regulatory scrutiny.

FAQs

Why are web tracking tools creating legal exposure for healthcare providers?

Tracking technologies can collect identifiers tied to patient portal activity, online appointment requests, or browsing tied to health conditions. When these identifiers are sent to third-party platforms, providers face HIPAA, state privacy, and wiretapping claims regardless of their marketing intent.

What makes healthcare websites uniquely vulnerable compared to other industries?

Healthcare sites often combine public-facing content with portal logins, scheduling tools, symptom checkers, and intake workflows. Pixels placed on these pages can inadvertently capture PHI signals, making compliance risks far higher than on standard commercial websites.

What operational failures typically lead to lawsuits over tracking technologies?

Class actions frequently point to a lack of tool vetting, absence of documented governance, insufficient audits of website scripts, and failure to limit third-party data transmissions. Providers without a defined digital-tracking policy face stronger claims of negligence.

How should providers evaluate their current digital marketing stack?

Compliance and IT teams should jointly review all pixels, tags, analytics suites, and marketing platforms across every web property. Providers should verify what data each tool collects, whether it passes identifiers externally, and whether any tool requires removal, reconfiguration, or a BAA.

What lessons can healthcare organizations draw from the Willis-Knighton settlement?

Health systems should assume that pixels and analytics tools will be scrutinized in litigation. A disciplined governance model, routine code scans, server-side analytics, and limits on third-party tracking can greatly reduce risk and demonstrate responsible oversight.