Lexology March 14, 2023
Day Pitney LLP

On February 1, the Federal Trade Commission (FTC) reached a settlement with digital health platform GoodRx for sharing users’ personal health information (PHI) with third parties without properly disclosing its data practices or obtaining users’ affirmative consent, as well as for failing to maintain adequate policies or procedures to protect users’ PHI. This is the FTC’s first-ever enforcement action under the Health Breach Notification Rule, which requires vendors of personal health records (PHRs) and certain PHR-related entities to notify consumers, the FTC and sometimes the media about discovery of certain data breaches.

The FTC’s Complaint

GoodRx operates a telemedicine platform and a mobile app that track prescription drug prices in the United States and provide drug coupons for discounts on...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

Continue Reading

 
Topics: Digital Health, Govt Agencies, Healthcare System, Privacy / Security, Technology
Related Articles:
Privacy concerns mount as Elon Musk's Grok takes on health data
DHS intros framework for AI safety and security, in healthcare and elsewhere
Why Modern Developers Must Master The Balance Of Privacy And Functionality In Mobile Apps
Navigating Security and Privacy Challenges in Healthcare IT: A Strategic Approach
Balancing Personalized Targeting with Protecting Consumer Privacy

Share This Article