The proposed order bars digital health platform GoodRX from sharing consumers’ health information for advertising and fines the firm $1.5 million for not reporting its unauthorized disclosure of the data to Facebook, Google and other companies, the FTC said in a Wednesday (Feb. 1) press release.
“Digital health companies and mobile apps should not cash in on consumers’ extremely sensitive and personally identifiable health information,” FTC Bureau of Consumer Protection Director Samuel Levine said in the release. “The FTC is serving notice that it will use all of its legal authority to protect American consumers’ sensitive data from misuse and illegal exploitation.”
The Health Breach Notification Rule requires vendors of personal health records and other entities to notify customers, the FTC and occasionally the media when data is acquired without customer permission.
GoodRX said in a Wednesday blog post that it does not agree with the allegations, admits no wrongdoing and entered into the settlement to avoid protracted litigation.
It also said in the post that Facebook tracking pixels are widely used, that no medical records were shared and that the settlement with the FTC will not require any significant changes to its current practices or products.
“While we had used vendor technologies to advertise in a way that we believe was compliant with all applicable regulations and that remains common practice among many health, consumer and government websites, we are proud that we took action to be an industry leader on privacy practices,” GoodRX said in the post. “We are glad to put this matter behind us so we can continue focusing on being a trusted source for Americans to find affordable and convenient healthcare.”