The Federal Trade Commission (FTC) reported a crackdown on the prescription drug coupon site GoodRx. The legal action is one of what is likely to be an increasing number of fines issued to telehealth companies profiting from sharing consumers’ health data with advertisers, among other infractions. Under its health Breach Notification, the FTC took enforcement action, imposing a $1.5 million civil penalty against GoodRx.
The FTC press release published on February 1 explained that GoodRx operates a California-based digital health platform making prescription drug discounts, telehealth visits, and other health services available to consumers. It collects personal and health information about its users from users and pharmacy benefit managers who confirm when a consumer purchases a medication using a GoodRx coupon. More than 55 million consumers have visited or used GoodRx’s website or mobile apps since January 2017.
The FTC’s Complaint Against GoodRx
that investigation In addition to “deceptively” promising users that it would never share personal health information (PHI), GoodRx repeatedly failed to notify consumers and others of its unauthorized sharing of consumer health data to Facebook, Google, Criteo, and other companies, including third parties such as Branch and Twilio.
More specifically, GoodRx is also being accused of the following:
Used Personal Health Information to Target Users with GoodRx Ads. The FTC claims that users’ personal health information was monetized by GoodRx in a process that involved sharing user data with advertisers behind the scenes to target those same users with personalized health and medication-specific advertisements on their Facebook and Instagram pages. The example given by the FTC website states:
For example, in August 2019, GoodRx compiled lists of its users who had purchased particular medications such as those used to treat heart disease and blood pressure, and uploaded their email addresses, phone numbers, and mobile advertising IDs to Facebook so it…