NEW: FTC files court order against GoodRx for failing to notify users it shared their personal, identifiable health data with Facebook, Google. aims to permanently ban the company from sharing such information for ads.
Conversation
Replying to
notably, this is the first time the FTC has taken action under the Health Breach Notification Rule, which requires companies to notify users when their health data is improperly shared.
1
2
3
so what health data did GoodRx share with Google, Facebook, etc.? individually identifiable data on users' prescription medications and health conditions, per the complaint.
1
4
3
"In August 2019, GoodRx compiled lists of users who'd purchased medications for heart disease and high blood pressure and uploaded their email addresses, phone #s and mobile advertising IDs to Facebook so it could identify their profiles." GoodRx used that to target users w/ ads.
1
5
7
just in: GoodRx admits no wrongdoing; says settlement "focuses on an old issue that was proactively addressed almost 3 years ago."
1
1
1
more on the original story that found GoodRx sharing data with Facebook and Google from 2020 by
1
1
4
Replying to
For context the FTC Health Breach Notification rule requires PHR vendors to notify people when their identifiable personal health information is shared without their authorization
The rule applies to entities that are not HIPAA-covered
ecfr.gov/current/title-
1
1
