The Federal Trade Commission (FTC) has announced a first-of-its-kind enforcement action against a major healthcare company.
The company, GoodRX, has agreed to a settlement with the FTC, resulting in the United States Department of Justice filing a complaint seeking a permanent injunction and penalties against GoodRx, as part of that settlement agreement.
This is the first time the FTC has taken such action under its Health Breach Notification Rule.
GoodRx is an American healthcare company operating on a telemedicine format. This company is one of many dedicated to alleviating the national epidemic of obesity, one of the largest health problems facing the nation.
GoodRx allegedly shared personal healthcare information about customers with online advertisement entities like Facebook, Google, and other companies without notifying its patrons.
“Digital health companies and mobile apps should not cash in on consumers’ extremely sensitive and personally identifiable health information,” said Samuel Levine, director of the FTC’s Bureau of Consumer Protection, according to a statement by the FTC. “The FTC is serving notice that it will use all of its legal authority to protect American consumers’ sensitive data from misuse and illegal exploitation,” he continued.
GoodRx will pay a $1.5 million civil penalty for violating the rule. The company has agreed to do so, but the order must be approved by a federal court before going into effect.
In addition to this fine, the order would also permanently ban GoodRx from disclosing health data to advertisers and require the company to have a patron’s consent before disclosing data for any reason.
In a statement, GoodRx said, “The FTC focuses on an old issue that was proactively addressed almost three years ago, before the FTC inquiry began. We do not agree with the FTC’s allegations and we admit no wrongdoing. Entering into the settlement allows us to avoid the time and expense of protracted litigation.”
The company further said, “We believe that the requirements detailed in the settlement will have no material impact on our business or on our current or future operations. In fact, almost three years ago, before the FTC reached out to us, we proactively made updates consistent with our commitment to being at the forefront of safeguarding users’ privacy.”
