In a recent decision by the United States District Court for the Northern District of Illinois, Judge Georgia N. Alexakis narrowed and struck class claims alleging that the University of Chicago Medical Center’s use of pixel technology violated the Electronic Communications Privacy Act (ECPA).

The plaintiff, Sophia Hartley, asserted on behalf of a putative class that UCMC violated the ECPA by deploying pixels on its website. Under ECPA’s party exception, one party’s consent is a complete defense unless the alleged interception had a “criminal or tortious” purpose. 18 U.S.C. § 2511(2)(d).  Because UCMC was a party to any communications on its website, the plaintiff argued that these communications were intercepted for the purpose of violating the Health Insurance Portability and Accountability Act (HIPAA).

While the court denied UCMC’s motion to dismiss, it substantially narrowed plaintiff’s claims. In particular, the court concluded that the plaintiff had failed to allege any disclosure of individually identifiable health information based on the plaintiff’s “visit to UCMC’s ‘find-a-physician’ webpage” and webpages she visited “related to her medical providers, conditions, and treatments.” The court explained that “merely browsing and searching UCMC’s website does not convey individually identifiable information.” The court concluded that the plaintiff failed to allege sufficient facts showing that UCMC disclosed information about any specific “providers, treatments, and conditions” that might give rise to a HIPAA violation.

The court also granted UCMC’s request to strike plaintiff’s class allegations. The court concluded that, by advancing claims on behalf of a putative class, the plaintiff had breached UCMC’s terms of service, which included a class-action waiver. The plaintiff agreed to the terms of service when she used UCMC’s website. In light of the plaintiff’s breach of the class-action waiver provision, the court struck the plaintiff’s class allegations from the complaint.