Samuel A.A. Levine, Director, Bureau of Consumer Protection, Federal Trade Commission condemned GoodRx's practice of sharing customer health information for advertising purposes without authorization. File Photo by Anna Moneymaker/UPI | License Photo
Feb. 1 (UPI) -- The Federal Trade Commission proposed an order to come down on GoodRx for sharing customer health data for advertising purposes.
GoodRx agreed to pay a $1.5 million fine for sharing health information with Facebook, Google, Criteo and other companies from at least 2017 through 2019, a press release by the FTC said.
Under the order, filed by the Justice Department on behalf of the FTC, GoodRx is banned from sharing health data with other third parties for the purpose of advertising.
"Digital health companies and mobile apps should not cash in on consumers' extremely sensitive and personally identifiable health information," said Samuel Levine, director of the FTC's Bureau of Consumer Protection. "The FTC is serving notice that it will use all of its legal authority to protect American consumers' sensitive data from misuse and illegal exploitation."
According to the press release, this is the first time such an order has been proposed under the Health Breach Notification Rule, which was enacted in 2009. The rule requires entities with access to personal health records to notify patients and customers, or in some cases the media, if there is a data breach.
The FTC alleges GoodRx did not notify customers that their data, including a list of customers who used certain medications such as heart and blood pressure medications, was being shared without authorization.
The release also alleges that GoodRx misrepresented its compliance with the Health Insurance Portability and Accountability Act by displaying a seal indicating it was in compliance and customer health information was kept confidential.
Moving forward, GoodRx is required to ask for consent before sharing health information, the FTC said.
"Based on the economic literature, I am confident that a sizable percentage of consumers would have foregone the benefits of using GoodRx's coupons and other services had they known about the company's sieve-like data practices, an indicator that the company's ill-gotten gains almost certainly constitute a large multiple of the $1.5 million civil penalty," Wilson said.