HSCGP Settlement: What Patients Need to Know About the Website Privacy Class Action

If you used a healthcare patient portal managed by HSCGP, LLC between August 1, 2021, and June 30, 2023, your personal health information may have been shared with third parties — including Facebook and Google — without your knowledge or consent. A class action settlement in Doe v. HSCGP, LLC, Case No. 23C2513, resolved these claims with a $38 cash payment to each eligible class member. This article explains what the HSCGP settlement covers, who qualified, what the settlement amount was, and what this case means for patient privacy rights going forward.

What Is the HSCGP Settlement?

The HSCGP settlement is a class action resolution reached in the case Doe v. HSCGP, LLC, filed in the Fifth Circuit Court for Davidson County, Tennessee. HSCGP, LLC is a Delaware-based company and subsidiary of LifePoint Health that manages websites — including patient portals — for a network of hospitals and healthcare providers across the United States.

The lawsuit alleged that HSCGP embedded tracking technologies, most notably the Meta Pixel and Google Analytics, into the patient portal websites it managed. These tools allegedly collected patients' personally identifiable information (PII) and protected health information (PHI) — such as names, appointment types, and provider details — and transmitted that data to third parties like Meta (Facebook) and Google without patient knowledge or consent. Plaintiffs argued this violated federal and state privacy laws, including HIPAA and the Tennessee Consumer Protection Act.

HSCGP denied all wrongdoing but agreed to settle to avoid the expense and uncertainty of continued litigation. The settlement received preliminary court approval on November 26, 2024, and was granted final approval by the court at a hearing on March 19, 2025.

What Was the HSCGP Settlement Amount?

Each eligible class member who submitted a valid claim received a flat cash payment of $38. Unlike many class action settlements where per-claimant payouts are subject to pro rata reduction based on total claims filed, the HSCGP settlement amount of $38 per person was fixed — every approved claimant received the same payment regardless of how many total claims were submitted.

The total settlement fund size was not publicly disclosed. However, HSCGP agreed to pay all approved claims, administrative and notice costs, and court-approved attorneys' fees to class counsel. Attorneys representing plaintiffs included lawyers from Stranch, Jennings & Garvey PLLC, Cohen & Malad LLP, and Milberg Coleman Bryson Phillips Grossman PLLC.

In addition to the cash payment, HSCGP agreed to modify its use of tracking technologies going forward to bring its practices into compliance with applicable privacy regulations.

Who Was Eligible for the HSCGP Settlement?

The settlement class included all United States residents who accessed the patient portal of any company whose website was managed by HSCGP, LLC between August 1, 2021, and June 30, 2023. The "Serviced Companies" whose patient portals were covered by the settlement included a range of hospitals and healthcare facilities. Among those listed in the settlement documents were:

1. Castleview Hospital, LLC
2. Clinch Valley Medical Center, Inc.
3. Essent PRMC, L.P.
4. PHC-Elko, Inc.
5. PHC-Fort Mohave, Inc.
6. PHC-Las Cruces, Inc.
7. PHC-Los Alamos, Inc.
8. RCHP-Sierra Vista, Inc.

Class members who received a postcard notice were required to provide the unique Class Member ID included on that notice when submitting a claim. The claim deadline was May 19, 2025. That deadline has now passed.

Key Dates in the HSCGP Settlement

What Laws Did the HSCGP Case Allege Were Violated?

The plaintiffs in the HSCGP case argued that the use of tracking pixels on healthcare patient portals violated several legal frameworks designed to protect consumer and patient privacy.

HIPAA (Health Insurance Portability and Accountability Act). HIPAA, enforced by the U.S. Department of Health and Human Services, prohibits covered entities and their business associates from disclosing protected health information without patient authorization. The lawsuit alleged that HSCGP's transmission of patient portal data to Meta and Google via tracking tools constituted an unauthorized disclosure of PHI.

Tennessee Consumer Protection Act. This state law prohibits unfair or deceptive business practices. Plaintiffs argued that embedding data-harvesting technologies on patient portals — without disclosing this practice to patients — constituted a deceptive trade practice under Tennessee law.

The HSCGP case is part of a broader wave of healthcare privacy litigation following a 2022 guidance update from the HHS Office for Civil Rights clarifying that the use of tracking technologies on HIPAA-regulated websites may constitute a disclosure of PHI in violation of federal law.

What Did HSCGP Agree to Change?

Beyond the cash payment to class members, HSCGP agreed as part of the settlement to modify its use of third-party tracking technologies to comply with applicable privacy regulations. This forward-looking injunctive relief is significant: it requires HSCGP to change the way it operates its managed healthcare websites, not simply pay a fine and continue the same practices.

This type of remedial commitment — pairing monetary compensation with operational changes — has become increasingly common in healthcare privacy settlements as courts and regulators push companies to implement systemic fixes rather than treating settlements as a cost of doing business.

What This Case Means for Patient Privacy Rights

The HSCGP settlement is part of a significant and growing body of litigation targeting healthcare organizations for their use of third-party web tracking tools on patient-facing digital platforms. The core legal theory — that embedding Meta Pixel or similar technologies on a HIPAA-regulated website creates an unauthorized disclosure of protected health information — has been tested in multiple federal and state courts since 2022.

Patients interacting with hospital websites, patient portals, and telehealth platforms often assume their health information is protected by HIPAA. What this litigation has revealed is that the technical infrastructure of these websites frequently contains advertising and analytics tools that were not designed with HIPAA compliance in mind. When a patient logs into a portal to schedule an appointment or view lab results, tracking tools may capture and transmit that activity to third-party advertising platforms in real time.

For patients who believe their health data has been compromised through similar practices on other healthcare websites, consulting a privacy attorney can help clarify what legal options may be available.

Frequently Asked Questions

What is the HSCGP settlement?

The HSCGP settlement is a class action resolution in Doe v. HSCGP, LLC (Case No. 23C2513), filed in the Fifth Circuit Court for Davidson County, Tennessee. It resolves claims that HSCGP, LLC used tracking technologies including Meta Pixel on patient portal websites, transmitting patients' personal health information to third parties like Facebook and Google without consent.

What was the HSCGP settlement amount?

The HSCGP settlement amount was $38 per eligible class member. This flat payment was not subject to pro rata reduction — every approved claimant received the same $38 regardless of how many total claims were filed. The total fund size was not publicly disclosed.

Who qualified for the HSCGP settlement?

U.S. residents who accessed the patient portal of any healthcare company whose website was managed by HSCGP, LLC between August 1, 2021, and June 30, 2023 were eligible to participate in the settlement class.

Has the HSCGP settlement been finally approved?

Yes. The settlement received final court approval at the hearing scheduled for March 19, 2025. The settlement administrator's website — hscgpsettlement.com — confirms that the Order Granting Final Approval has been filed with the court.

Is the HSCGP settlement claim deadline still open?

No. The claim form deadline was May 19, 2025, and that deadline has passed. Class members who did not submit a timely claim are no longer eligible to receive a payment from this settlement.

When will HSCGP settlement payments be sent?

Per the settlement terms, payments are to be distributed approximately 160 days after final approval, provided any appeals process is resolved. Based on the March 19, 2025 final approval date, payments were estimated to go out around August 2025. Check hscgpsettlement.com for current status updates.

What is HSCGP, LLC?

HSCGP, LLC is a Delaware-based limited liability company and subsidiary of LifePoint Health. It provides website management services for a network of hospitals and healthcare providers, including the patient portal platforms at the center of this litigation.

What is the Meta Pixel and why does it matter in this case?

The Meta Pixel is a piece of JavaScript code developed by Meta (Facebook) that website operators embed to track visitor behavior for advertising purposes. In healthcare contexts, the concern is that when a patient logs into a portal to view medical records or schedule an appointment, the Pixel may capture and transmit details of that session — including health-related data — to Meta's servers, potentially without HIPAA-compliant authorization.

Did HSCGP admit wrongdoing in the settlement?

No. HSCGP denied all claims in the lawsuit and maintained it did nothing wrong. The settlement was reached to avoid the continued expense and uncertainty of litigation. A settlement does not constitute an admission of liability.

What privacy laws were alleged to have been violated in the HSCGP case?

The lawsuit alleged violations of HIPAA, which protects patient health information, and the Tennessee Consumer Protection Act, which prohibits unfair or deceptive business practices. The plaintiffs argued that HSCGP's use of tracking technologies on patient portals without patient consent violated both statutes.

Can I still take legal action if I missed the HSCGP settlement deadline?

Class members who did not opt out of the settlement before the February 10, 2025 deadline gave up their individual right to sue HSCGP over the claims resolved in this case. If you believe your health data has been compromised through similar practices on other platforms or by other healthcare operators, you may still have independent legal options. A privacy attorney can evaluate your specific situation.

This content is for general informational purposes only, is not legal advice, and does not create an attorney-client relationship. Always consult a qualified attorney about your specific legal situation.

The HSCGP settlement illustrates a growing legal risk for healthcare website operators that deploy third-party tracking tools without implementing HIPAA-compliant safeguards. For patients, it is a reminder that personal health information shared through digital platforms may not always stay private. If you have questions about a healthcare data privacy matter or believe your protected health information has been mishandled, get matched with a qualified privacy attorney through AttorneyReview.com.