The Federal Commerce Fee on Wednesday alleged drug-cost and telehealth platform GoodRx shared customers’ private well being info with third events like Google and Fb.

In response to the FTC’s complaint, GoodRx offered details about its customers’ prescription medicines and well being circumstances for promoting functions, like focusing on customers with health-related adverts on Fb primarily based on medication they’d beforehand bought. 

The company additionally stated GoodRx allowed third events to make use of that knowledge for their very own inside functions, misrepresented its HIPAA compliance and didn’t set insurance policies on the way it ought to shield its customers’ private well being info. 

GoodRx agreed to pay a $1.5 million wonderful to settle the case, however admitted no wrongdoing. Along with the cost, the FTC stated its proposed courtroom order would completely prohibit GoodRx from sharing well being knowledge for adverts, require person consent earlier than sharing info with third events for different functions, direct third events to delete beforehand shared knowledge, restrict how lengthy GoodRx can hold affected person info and drive the corporate to place a privateness safety plan in place.

In an announcement, the digital well being firm stated that the settlement was associated to an outdated situation it had addressed. It stated, “[T]he necessities detailed within the settlement could have no materials affect on our enterprise or on our present or future operations.”

This marks the primary time the company has introduced an enforcement motion underneath the Health Breach Notification Rule, which requires entities like apps and linked gadgets to report unauthorized sharing or breaches of customers’ private well being knowledge.

“Digital well being firms and cellular apps shouldn’t money in on shopper’s extraordinarily delicate and personally identifiable well being info,” Samuel Levine, director of the FTC’s Bureau of Client Safety, stated in an announcement. “The FTC is serving discover that it’ll use all of its authorized authority to guard American customers’ delicate knowledge from misuse and unlawful exploitation.”

THE LARGER TREND

The company’s actions in opposition to GoodRx come as privateness consultants increase considerations concerning the well being knowledge shared with apps and wearables. 

After the Dobbs choice that overturned Roe v. Wade got here down final 12 months, some argued that non-public knowledge might be used in opposition to individuals who might have sought an abortion. In August, the FTC sued data broker Kochava for promoting location knowledge that might be used to trace customers, particularly to delicate locations like abortion clinics or addiction-recovery facilities.

Interval-tracking app Flo, which added an “anonymous mode” after the Dobbs choice, settled with the FTC in 2021 over a criticism alleging it had shared delicate person knowledge with third-party advertising and marketing and analytics companies from Fb, Google and others.

Late final 12 months, ten state attorneys normal sent a letter to Apple urging the tech big so as to add new protections for reproductive well being knowledge contained in third-party apps hosted on the App Retailer.