Santa Monica-based GoodRx leaked user health data to Facebook and Google, FTC says

0

By Natasha Singer | The New York Times

Millions of Americans have used GoodRx, a Santa Monica-based drug discount app, to search for lower prices on prescriptions like antidepressants, HIV medications and treatments for sexually transmitted diseases at their local drugstores.

But U.S. regulators say the app’s coupons and convenience came at a high cost for users: wrongful disclosure of their intimate health information.

On Wednesday, the Federal Trade Commission accused the app’s developer, GoodRx Holdings, of sharing sensitive personal data about users’ prescription medications and illnesses with companies like Facebook and Google without authorization.

The company’s information-sharing practices, the agency said, violated a federal rule requiring health apps and fitness trackers that collect personal health details to notify consumers of data breaches.

While GoodRx agreed to settle the case, it said it disagreed with the agency’s allegations and admitted no wrongdoing.

The crackdown on GoodRx comes at a moment of heightened concern over the leaking of sensitive health information, particularly in states that have banned or severely limited abortions. And it underscores the FTC’s intensifying efforts to push digital health services to beef up their user privacy and security protections.

The FTC’s case against GoodRx could upend widespread user-profiling and ad-targeting practices in the multibillion-dollar digital health industry, and it puts companies on notice that regulators intend to curb the nearly unfettered trade in consumers’ health details.

Over the last two decades, startups and giant tech companies have introduced a range of fitness devices, smartwatches and fertility apps. But unlike a person’s blood test results and other patient information collected by doctors and hospitals — which is protected by a federal law, the Health Insurance Portability and Accountability Act, known as HIPAA — there are few legal protections that specifically cover personal health details, like the names of drugs or diseases, that tens of millions of consumers enter into apps or search for online.

In 2019, GoodRx uploaded the contact information of users who had bought certain medications, like blood pressure pills, to Facebook so that the drug discount app could identify its users’ social media profiles, the FTC said in a legal complaint. GoodRx then employed the personal information to target users with ads for medications on Facebook and Instagram, the agency said.

Those data disclosures, the agency said, flouted public promises the company had made to “never provide advertisers any information that reveals a personal health condition.”

If a judge approves the proposed federal settlement order, GoodRx would be permanently barred from sharing users’ health information for advertising purposes. To settle the case, the company also agreed to pay a $1.5 million civil penalty for violating the health breach notification rule.

GoodRx said in a statement that user privacy was one of its most important priorities. The company added that the settlement with the agency focused on issues that GoodRx resolved three years ago, before the FTC inquiry began.

Stay connected with us on social media platform for instant update click here to join our  Twitter, & Facebook

We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

For all the latest  Business News Click Here 

Read original article here

Denial of responsibility! Rapidtelecast.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
Leave a comment