GoodRx facing $1.5M fine over improper sharing of health data
By 
Kyle Brasseur2023-02-01T18:02:00
GoodRx Holdings agreed to pay $1.5 million as part of a settlement reached with the Federal Trade Commission (FTC) addressing allegations the telemedicine and prescription drug discount provider shared personal health data with third parties for advertising purposes.
GoodRx must overhaul its user consent and data retention practices as conditions of the agreement announced Wednesday by the FTC. The agency’s proposed order, which it hailed as being the first of its kind, was filed by the Department of Justice and must be approved by a federal court before taking effect.
GoodRx was faulted for misrepresenting its compliance with the Health Insurance Portability and Accountability Act (HIPAA) in addition to allegedly monetizing personal health data by sharing the information with advertising platforms including Facebook and Google.
Related articles
-
News BriefFTC, HHS warn hospitals over use of online tracking tech
The Federal Trade Commission and Department of Health and Human Services sent letters to approximately 130 hospital systems and telehealth providers regarding potential patient privacy violations and security risks stemming from online tracking technologies.
-
News BriefFTC warns businesses to risk assess uses of biometric technologies
Businesses that make false or unsubstantiated claims regarding facial recognition and other biometric technologies could face enforcement from the Federal Trade Commission, the agency warned in a policy statement.
-
News BriefFTC proposes BetterHelp pay $7.8M for sharing health data
The Federal Trade Commission proposed requiring online counseling service BetterHelp to pay $7.8 million as part of a settlement addressing charges it shared clients’ personal health data with Facebook, Snapchat, and other third parties for advertising purposes.
More from Regulatory Enforcement
-
ArticleLarge wound care practice pays $45M, agrees to monitoring
One of the largest wound care practices in the nation and its founder have agreed to pay $45 million and be subjected to third-party monitoring, to settle allegations that the business intentionally overbilled Medicare by priming its electronic medical records system to do so.
-
News BriefSEC dismisses SolarWinds case tied to 2020 cyberattack
The dismissal of charges against SolarWinds for alleged cybersecurity lapses related to a 2020 Russian cyberattack in 2020 are the latest in a continuing pattern of leniency for corporations by the Trump administration.
-
PremiumPart Two: FCPA cases closed by DOJ, SEC since January
Since the start of the Trump Administration, the Department of Justice has been winding down a number of Foreign Corrupt Practices Act investigations with little public attention. This second article further explores how and why these FCPA matters have been closed.