Discounter GoodRX for prescription drugs has been accused by the Federal Trade Commission of neglecting to inform customers of such disclosures to Facebook, Google, and other corporations that they were sharing sensitive health data. GoodRx will no longer be permitted to disclose the sensitive health information of its users with advertising.
According to a complaint made by the Federal Trade Commission, GoodRx exchanged details about its users’ medical problems and prescription medications with advertising companies. This went against both GoodRx’s own information-sharing policies and a federal regulation requiring businesses that track health information to notify customers of data breaches.
In a first-of-its-kind proposed order, GoodRx will pay a $1.5 million civil fine under the proposed order for failing to disclose its improper sharing of customer health data to Facebook, Google, and other businesses.
GoodRx resolved the lawsuit without making a wrongdoing admission.
“Digital health companies and mobile apps should not cash in on consumers’ extremely sensitive and personally identifiable health information,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “The FTC is serving notice that it will use all of its legal authority to protect American consumers’ sensitive data from misuse and illegal exploitation.”
California-based GoodRx operates a digital health platform that offers prescription drug discounts, telehealth visits, and other health services. The company collects personal and health information about its users, including information from users themselves and from pharmacy benefit managers confirming when a consumer purchases a medication using a GoodRx coupon. Since January 2017, more than 55 million consumers have visited or used GoodRx’s website or mobile apps.
GoodRx violated the FTC Act for the following reasons:
Failed to Limit Third-Party Use of Personal Health Information
Misrepresented its HIPAA Compliance
Shared Personal Health Information with Facebook, Google, Criteo, and Others
Used Personal Health Information to Target its Users with Ads
Failed to Limit Third-Party Use of Personal Health Information
Misrepresented its HIPAA Compliance
Failed to Implement Policies to Protect Personal Health Information
According to the National Institute of Biotechnology Information health care breaches have doubled since 2014.
Even if free credit monitoring services are provided to you, they won’t likely be sufficient. You might be eligible for far more compensation for your troubles. A lawyer can assist you in obtaining compensation for your economic losses, the time you spent addressing the data breach, and other damages. If you see that your information was breached and it affected your credit, or other ways the data was used, it’s best to consult a lawyer.
After Medical Identity Theft: What to Do
File a Police Report:
It is imperative to register a police report even if it seems unlikely that law enforcement would be able to apprehend the offender. You will be given a report number that will later prove that medical identity theft occurred.
Report a Concern to the Federal Trade Commission
You can report medical identity theft to the FTC online or by calling 877-438-4338.
Tell Your Insurer
Inform your insurance company of the fraud and inquire as to whether they have a special procedure in place for such circumstances. Inform the U.S. Department of Health and Human Services Officer or Inspector General of the attack if it is Medicare-related (online) or call 800-447-8477.
Celebrity News Update— Premier Jewelry designer and manufacturer fashion house ParisJewelry.com has started manufacturing a new custom line of celebrity jewelry designs with 30% Off and Free Shipping. Replenish Your Body- Refilter Your Health with OrganicGreek.com Vitamin Bottles, Slim Tea, Vitamins and Herbs. Become a WebFans Creator and Influencer.
