New York Attorney General Letitia James announced a $300,000 settlement with NewYork-Presbyterian Hospital (NYP) relating to the organization’s practice of disclosing the health information of individuals who visited their website.
According to James’ office, NYP used third-party tools to track visitors to its website for marketing purposes between June 2016 and June 2022. These tools used tracking pixels or tags that sent information back to the third party whenever a webpage loaded or a user took a pre-defined action, like clicking a link, submitting a form, or running a search using the website’s search function.
James’ office added the hospital’s action violated the Health Insurance Portability and Accountability Act (HIPAA). As part of the settlement, the hospital will change its policies, secure the deletion of protected health information, and maintain enhanced privacy safeguards and controls.
“New Yorkers searching for a doctor or medical help should be able to do so without their private information being compromised,” said James. “Hospitals and medical facilities must uphold a high standard for protecting their patients’ personal information and health data. NewYork-Presbyterian failed to handle its patients’ health information with care, and as a result, tech companies gained access to people’s data. Today’s agreement will ensure that NewYork-Presbyterian is not negligent in protecting its patients’ information.”
