ADVERTISEMENT
GoodRx to Pay $1.5 Million Civil Penalty for Sharing Consumer Health Data
The Federal Trade Commission (FTC), with help from the Department of Justice, has taken action against the telehealth and prescription drug discount provider GoodRx for failing to notify consumers about unauthorized disclosures of personal health information.
The complaint alleged that GoodRx violated the Health Breach Notification Rule by:
- sharing personal health information with Facebook, Google, and others;
- using personal health information to target ads to users;
- failing to limit third-party use of sensitive data;
- misrepresenting its HIPAA compliance; and
- failing to implement policies to protect personal health information.
This is the first time an action has been filed under the Health Breach Notification Rule.
GoodRx and the FTC have reached a settlement which must be approved by the federal court. As part of the settlement, GoodRx will pay a $1.5 million civil penalty and is prohibited from engaging in deceptive marketing practices. The company will be permanently prohibited from disclosing personal health information to third parties for advertising purposes, and must obtain consent from users before sharing health information for purposes other than advertising.
In a statement, the FTC’s Commissioner Christine S. Wilson said that she would have supported a higher monetary penalty and criticized GoodRx’s failure to alert consumers that their data had been shared.
“Having received notice,” wrote Wilson, “consumers then could decide whether the benefit of using GoodRx services like obtaining prescription discount coupons or using the platform for telehealth appointments is worth the price of having psychiatric diagnoses, prescription information, and other intimate health data disseminated to third parties.”
Disclaimer: The views and opinions expressed are those of the author(s) and do not necessarily reflect the official policy or position of the Population Health Learning Network or HMP Global, their employees, and affiliates. Any content provided by our bloggers or authors are of their opinion and are not intended to malign any religion, ethnic group, club, association, organization, company, individual, or anyone or anything.