The Federal Commerce Fee on Wednesday alleged drug-cost and telehealth platform GoodRx shared customers’ private well being data with third events like Google and Fb.
In line with the FTC’s criticism, GoodRx offered details about its customers’ prescription drugs and well being circumstances for promoting functions, like focusing on customers with health-related advertisements on Fb primarily based on medicine that they had beforehand bought.
The company additionally mentioned GoodRx allowed third events to make use of that knowledge for their very own inside functions, misrepresented its HIPAA compliance and did not set insurance policies on the way it ought to shield its customers’ private well being data.
GoodRx agreed to pay a $1.5 million effective to settle the case, however admitted no wrongdoing. Along with the cost, the FTC mentioned its proposed courtroom order would completely prohibit GoodRx from sharing well being knowledge for advertisements, require person consent earlier than sharing data with third events for different functions, direct third events to delete beforehand shared knowledge, restrict how lengthy GoodRx can preserve affected person data and power the corporate to place a privateness safety plan in place.
In a press release, the digital well being firm mentioned that the settlement was associated to an previous problem it had addressed. It mentioned, “[T]he necessities detailed within the settlement may have no materials impression on our enterprise or on our present or future operations.”
This marks the primary time the company has introduced an enforcement motion beneath the Well being Breach Notification Rule, which requires entities like apps and related gadgets to report unauthorized sharing or breaches of customers’ private well being knowledge.
“Digital well being firms and cellular apps mustn’t money in on shopper’s extraordinarily delicate and personally identifiable well being data,” Samuel Levine, director of the FTC’s Bureau of Shopper Safety, mentioned in a press release. “The FTC is serving discover that it’ll use all of its authorized authority to guard American customers’ delicate knowledge from misuse and unlawful exploitation.”
THE LARGER TREND
The company’s actions in opposition to GoodRx come as privateness consultants increase considerations in regards to the well being knowledge shared with apps and wearables.
After the Dobbs choice that overturned Roe v. Wade got here down final 12 months, some argued that non-public knowledge may very well be used in opposition to individuals who might have sought an abortion. In August, the FTC sued knowledge dealer Kochava for promoting location knowledge that may very well be used to trace customers, particularly to delicate locations like abortion clinics or addiction-recovery facilities.
Interval-tracking app Flo, which added an “nameless mode” after the Dobbs choice, settled with the FTC in 2021 over a criticism alleging it had shared delicate person knowledge with third-party advertising and marketing and analytics providers from Fb, Google and others.
Late final 12 months, ten state attorneys normal despatched a letter to Apple urging the tech big so as to add new protections for reproductive well being knowledge contained in third-party apps hosted on the App Retailer.
