Mass General to settle lawsuit over patient cookies

A Massachusetts judge has granted preliminary approval for a class-action settlement based on a hospital's cookie practices. 

In the case, the plaintiffs (John Doe and Jane Doe) filed a lawsuit alleging Mass General Brigham Incorporated (and its partners) used web analytics tools to track their behavior on its website domains. The plaintiffs allege Mass General deployed cookies and pixels on their publicly accessible websites, such as www.massgeneral.org or www.brighamandwomens.org, to gather information about them and then sold that information to third parties. The plaintiffs say they never gave the hospital their consent to use tracking tools. 

Mass General and its subsidiaries deny the allegations. They don't believe the plaintiffs "have sustained any damages or injuries due to the use of third-party website analytics tools, cookies, pixels and related technologies on the general and publicly accessible Informational Websites," according to a brief. The defendants "maintain that they were prepared to defend vigorously this lawsuit." 

But in September 2021, Judge Brian Davis approved a preliminary settlement for $18.4 million. The money will fund payments to class members, as well as attorneys' and administrative fees. 

As a refresher for us non-lawyers, a settlement doesn't mean the defendant admits guilt. But they generally agree to the settlement to avoid the costliness of a trial.

Those eligible to join the settlement class must have been the defendants' patients and have visited their public information websites. There are 38 healthcare entities listed, including Brigham and Womeen's Hospital, Dara-Farber Cancer Institute and Wentworth-Douglass Hospital. 

On a website built specifically for potential claimants of the Mass General settlement, Angeion, a "settlement administrator," sent notice to those who may be eligible. They have until Dec. 15 to file a claim. 

The site, macookiesettlement.com, notes the plaintiffs did not allege a data breach, ransomware attack or that their medical records were disclosed. There is no immediate risk of identity theft, for example. 

The final approval hearing for the settlement is slated for Jan. 18, 2022.