Recently, the United States District Court in the Southern District of Texas granted summary judgment for the defendant hospital in Sweat v. Houston Methodist Hospital, No. 4:24-cv-00775 (S.D. Tex. 9/22/25). The court had previously dismissed the plaintiffs’ claim for invasion of privacy. The motion for summary judgment concentrated on the plaintiffs’ claims that Houston Methodist Hospital (HMH) violated the federal Wiretap Act.

The plaintiffs alleged that HMH utilized pixel technology, specifically the Facebook tracking Pixel on the public-facing part of its website. According to the summary judgment ruling, “fully one-third of the nation’s top 100 hospitals did so.” HMH used the Pixel “to learn if its outreach campaigns were accomplishing its goal of attracting people to its website and taking further ‘intent’ actions, such as clicking a button on the site indicating that the person was going to schedule an appointment.” The Pixel captured IP addresses of those accessing the website.

The plaintiffs alleged that the use of Meta Pixel was a violation of the federal Wiretap Act. The Wiretap Act requires a plaintiff to show that the defendant “(1) intentionally (2) intercepted…(3) the contents of (4) an electronic communication, (5) using a device.”  An exception to the Act is that no liability will lie against a person who is a part of the communications unless “such communication is intercepted for the purpose of committing any criminal or tortious act in violation of the Constitution or laws of the United States or of any State,” which is referred to as the crime-tort exception.

In entering judgment for HMH, the court held that the plaintiffs were unable to show that HMH used the Meta Pixel “for the purpose of committing any criminal or tortious act.” The plaintiffs alleged that HMH violated the criminal provisions of HIPAA because it knowingly disclosed identifiable health information. However, the judge found that HMH “did not act with the ‘purpose of committing any criminal or tortious act’ that would trigger the crime-tort exception to the Wiretap Act.” The judge further found that the evidence did not show that HMH acted with the purpose of violating HIPAA as the evidence showed that HMH did not knowingly disclose individually identifiable health information and that its only purpose of using the Meta Pixel was for digital marketing and outreach.

The order further noted that “disclosure of what was not known to be personally identifiable health information, but instead believed to be aggregate data, for a commercial purpose, is not a crime or a tort. It cannot trigger the crime-tort exception, which requires the purpose of committing a criminal or tortious ‘act.’”

For those of you who have been following these cases closely, I point you to insightful language in the decision that provides an analysis of the complicated HIPAA arguments in this increasingly common litigation. The judge noted: 

In addition to the splintered approaches to the crime-tort exception in the context of HIPAA discussed above, courts have also had difficulty determining what kinds of pleading allegations suffice to show that a defendant disclosed individually identifiable health information in violation of HIPAA. See, e.g. Castillo v. Costco Wholesale Corp., No. 2:23-cv-01548, 2024 WL 4785136, at *6–*7 (W.D. Wash. Nov. 14, 2024). Moreover, the question of what constitutes individually identifiable health information has gotten even more complicated with the recent decision in Am. Hospital Ass’n v. Becerra vacating a guidance from the Department of Health and Human Services adding to the term’s definition. 738 F. Supp. 3d 780, 803 (N.D. Tex. 2024). The treacherous terrain is even further evidenced by the recent access given to the Department of Government Efficiency to Social Security information, which includes health information. See Soc. Sec. Admin. v. Am. Fed’n of State, Cnty., and Mun. Emps., 605 U.S. —-, 145 S. Ct. 1626 (2025) (reversing an en banc Fourth Circuit Court of Appeals ruling that had enjoined the Social Security Administration from granting Department of Government Efficiency personnel access to certain personally identifiable information).

The national caselaw in pixel litigation is evolving. This decision provides a good analysis of the facts around hospitals’ use of pixel technology and whether the use of pixels for digital marketing and outreach is a violation of the federal Wiretap Act.