In another “is anyone surprised?” moment, we find out from Axios  that GoodRx has been fined $1.5 million by the FTC for sharing health data with Google and Facebook. What kind of health data? OUR health data. YOUR health data. Your “personal, identifiable health data” including information about your prescription medicines and health conditions.
Axios reports that “In August 2019, GoodRx compiled lists of users who’d purchased medications for heart disease and high blood pressure and uploaded their email addresses, phone numbers and mobile advertising IDs to Facebook so it could identify their profiles.”
The $1.5 million fine comes out of the “Health Breach Notification Rule” that requires companies to notify users when their health data is infringed upon. GoodRx is also banned from using health information for ads.
The company took user health info to target them with ads on Facebook and Instagram. They also shared the data with third parties including Facebook, Google, Criteo, Branch and Twilio. In addition, they misrepresented that they were HIPAA compliant.
So GoodRx is accused of sharing the health data with third parties without notifying their users. A LOT of users.
Since 2017, there have been more than 55 million people who have visited the GoodRx website and mobile app which allows consumers to compare drug prices and get free coupons. Users can also track their personal health data through the company.
The GoodRx spokesperson says, as expected, “We admit no wrongdoing.”
The FTC hopes that this fine has a “significant impact on the marketplace” but I won’t hold my breath.
Just like Democrats, companies will do what they do until they are caught.
The order against GoodRx says that they have to direct third parties to delete the consumer health data shared with them.
LOL. Good luck with that happening.
GoodRx might actually tell them to do so but I doubt they will comply unless a lawsuit or the threat of a fine ensues.
We can all take heed though because the FTC has put the third parties on notice that they are “in receipt of data that was illegally collected” so I am sure that the social media companies will do the right thing with much expedience – as they always do.