Lexology February 2, 2023
Covington & Burling LLP

On February 1, the Federal Trade Commission (“FTC”) announced its first-ever enforcement action under its Health Breach Notification Rule (“HBNR”) against digital health platform GoodRx Holdings Inc. (“GoodRx”) for failing to notify consumers and others of its unauthorized disclosures of consumers’ personal health information to third-party advertisers. According to the proposed order, GoodRx will pay a $1.5 million civil penalty and be prohibited from sharing users’ sensitive health data with third-party advertisers in order to resolve the FTC’s complaint.

This announcement marks the first instance in which the FTC has sought enforcement under the HBNR, which was promulgated in 2009 under the Health Information Technology for Economic and Clinical Health (“HITECH”) Act, and comes just sixteen months after the FTC...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

Continue Reading

 
Topics: Govt Agencies, Health IT, HIPAA, Patient / Consumer, Provider, Technology
Related Articles:
Not 1, Not 2, but 6 Settlements
HIPAA Security Rule: Big Changes May Be Coming for Covered Entities & Business Associates
Perceived industry compliance failures prompt stringent proposed HIPAA Security Rule
Proposed Changes to the HIPAA Security Rule Will Have a Significant Impact on the Health Care Sector
HHS’ Proposed HIPAA Changes Are a Step in the Right Direction, But Some Providers May Struggle to Comply

Share This Article