A member of Kaiser Permanente, an integrated managed care consortium headquartered in Oakland, California, has asked a federal judge in Seattle to certify nationwide classes and California subclasses in a privacy lawsuit against Microsoft and Qualtrics over tracking technologies allegedly embedded in Kaiser’s website and patient portal. The plaintiff, identified as Jane Doe, claims that Microsoft’s Universal Event Tracking tool and Qualtrics’ website technologies secretly collected sensitive information from Kaiser members as they scheduled appointments, reviewed test results, searched health topics, and managed care through Kaiser’s online services.
The proposed classes would cover current and former Kaiser members whose health information or other private data was allegedly collected by Microsoft and Qualtrics without their knowledge or consent. The plaintiff is pursuing claims for invasion of privacy and intrusion upon seclusion, along with California-specific claims under the California Invasion of Privacy Act (CIPA) and Unfair Competition Law. In seeking class certification, she argues that the alleged collection practices were common across Kaiser’s website and treated users’ data in the same way, making the case appropriate for class-wide resolution.
The case is another reminder that litigation over pixels, tags, SDKs, and other website tracking tools in healthcare settings remains very active. Although the court previously narrowed the suit by dismissing certain claims, it allowed core privacy theories to proceed. The next major question is whether the plaintiff can show that the alleged data collection practices are sufficiently uniform across Kaiser users to support class treatment. For healthcare organizations and their vendors, the case underscores the importance of understanding exactly what third-party code collects, where that data goes, and whether the organization has a defensible basis for using those tools in patient-facing digital environments.