The US Federal Trade Commission has announced it reached an agreement with GoodRx over the company’s violation of its 2009 health breach notification rule. GoodRx has agreed to pay $1.5 million in fines, if approved by a federal court. The company lied to users about the privacy of their health data while secretly sharing it for advertising purposes.
According to Ruth Reader, “The 2009 economic stimulus law directed the FTC to create a rule in collaboration with the Department of Health and Human Services to protect health data not governed by HHS or HIPAA, which sets privacy rules for medical providers. The resulting data breach rule states that any entity not covered by HIPAA that collects personally identifiable health information must tell consumers when there’s been a breach of their data or face action from the FTC.”
To read more, click here.
(Source: Politico, February 2nd, 2023)