REGULATORY NEWS - AMERICAS FEBRUARY 1, 202311:21
By Reuters Staff
WASHINGTON, Feb 1 (Reuters) - U.S. healthcare firm GoodRx Holdings has agreed to pay $1.5 million to settle allegations that it failed to notify customers that it shared personal health information with Alphabet’s Google, Meta’s Facebook and others, the Federal Trade Commission said on Wednesday.
Under the terms of the settlement, GoodRx will be barred from sharing user health data with other companies to use for advertising.
“Digital health companies and mobile apps should not cash in on consumer’s extremely sensitive and personally identifiable health information,” said Samuel Levine, director of the FTC’s Bureau of Consumer Protection, in a statement.
GoodRx, which had more than 55 million people use its website or app in the past six years, is a platform that offers drug discounts while collecting health information from users and their pharmacy benefit managers.
The settlement is the first under the FTC’s Health Breach Notification Rule, the agency said.
GoodRx promised users it would never share health information with advertisers but gave information to Google, Facebook, Criteo and others, the agency said in their complaint.
Under the settlement, the company is also required to put limits on how long it keeps personal and health information, and to publicly post the retention schedule, the agency said. (Reporting by Diane Bartz; Editing by Josie Kao)
Our Standards: The Thomson Reuters Trust Principles.
More information visit https://www.justice.gov/opa/pr/digital-healthcare-platform-ordered-pay-civil-penalties-and-take-corrective-action
With privacy concerns on the rise, companies handling personal data must prioritize cybersecurity measures. Utilizing solutions like mdr security services can help organizations continuously monitor and respond to potential threats, ensuring compliance with privacy laws and safeguarding customer data. Implementing robust cyber security monitoring is not just a legal obligation - it's a key step in maintaining trust and security in the healthcare industry.
The recent settlement by GoodRx highlights just how critical it is for companies handling sensitive health data to prioritize privacy and security. As data breaches become more frequent, organizations should consider investing in cybersecurity professional services to safeguard against such vulnerabilities. These services provide tailored security measures, helping companies ensure compliance with privacy regulations and protect user data effectively. In today's digital age, robust cybersecurity is no longer optional - it's a necessity.