Since 2017, GoodRx has helped millions of people find deals on prescription drugs via an app and website. But what its customers may not have known is that the Santa Monica-based health company had also been sharing information about their prescriptions and illnesses with third parties such as Google and Facebook for advertising purposes.
Last week, the Federal Trade Commission fined GoodRx $1.5 million for violating customers’ privacy by failing to notify them about how their data were being used. This is the first time the FTC has used a law known as the Health Breach Notification Rule, which is designed to hold accountable for data privacy protections the companies that aren’t covered by the Health Insurance Portability and Accountability Act, the federal health privacy law known as HIPAA.
Good. The enforcement action is a warning to other tech firms at a time of growth in the industry. Increasingly consumers are using apps and wearable devices to monitor their health, and they should know exactly how their personal information is being used.
