Lexology March 14, 2023
Day Pitney LLP

On February 1, the Federal Trade Commission (FTC) reached a settlement with digital health platform GoodRx for sharing users’ personal health information (PHI) with third parties without properly disclosing its data practices or obtaining users’ affirmative consent, as well as for failing to maintain adequate policies or procedures to protect users’ PHI. This is the FTC’s first-ever enforcement action under the Health Breach Notification Rule, which requires vendors of personal health records (PHRs) and certain PHR-related entities to notify consumers, the FTC and sometimes the media about discovery of certain data breaches.

The FTC’s Complaint

GoodRx operates a telemedicine platform and a mobile app that track prescription drug prices in the United States and provide drug coupons for discounts on...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

Continue Reading

 
Topics: Digital Health, Govt Agencies, Healthcare System, Privacy / Security, Technology
Related Articles:
More FTC Privacy Action
OCR finalizes rule prohibiting certain reproductive health care disclosures
Biden administration finalizes abortion privacy protections
Developing a Secure Internet-based Network of Trusted Data
Artificial Intelligence Highlights from FTC’s 2024 PrivacyCon

Share This Article