Skip to content

Corruption Ledger

The Public Ledger of Corruption

  • About
  • Corruption
    • corporate
    • government
    • leaks
    • misinformation
    • privacy and surveillance
    • protest and unrest
  • War
  • Sanctions
    • Sanctions News
    • Global Sanctions Feed
    • European Sanctions Feed
    • Canadian Sanctions Feed
    • US Sanctions Feed
  • Regions
    • Asias
    • Europe
    • Oceania
    • Middle East
    • US & Canada
    • World
  • Enforcement Actions
  • Economy
    • Crypto
  • Video
  • Freedom of Speech / Press
  • Toggle search form
  • Russia says jet scrambled as US B-52 bombers fly over Baltic Sea international conflict
  • Railroad reluctant to say who OK’d chemical burn after Ohio derailment corporate corruption
  • Scientists insist on continuing search for toxics in East Palestine corporate corruption
  • US announces sanctions on Iran drone procurement network _enforcement
  • Putin and Xi sign two documents in Moscow economy
  • JP Morgan, Deutsche Bank to face lawsuit over Epstein ties banks
  • Zuckerberg, Meta sued for failing to address sex trafficking, child exploitation corporate corruption
  • Top aide of Canadian PM Trudeau will testify in parliament on Chinese election meddling corporate corruption

GoodRx to Pay $1.5 Million in First Ever FTC Health Breach Notification Rule Enforcement Action

Posted on February 3, 2023March 8, 2023 By CorruptionLedger No Comments on GoodRx to Pay $1.5 Million in First Ever FTC Health Breach Notification Rule Enforcement Action

On February 1, 2023, the Federal Trade Commission announced that it entered into a proposed order with GoodRx, a telehealth and prescription drug discount provider, for violations of the FTC’s Health Breach Notification Rule stemming from GoodRx’s unauthorized disclosures of consumers’ personal health information to third party advertisers and other companies. This is the first enforcement action taken under the FTC’s Health Breach Notification Rule, which was issued in 2009.

The FTC’s Health Breach Notification Rule defines a “breach of security” as “acquisition of [unsecured PHR identifiable health information] without the authorization of the individual.” In its 2021 Statement of the Commission on Breaches by Health Apps and Other Connected Devices, the FTC reminded entities offering services covered by the Health Breach Notification Rule that “a ‘breach’ is not limited to cybersecurity intrusions or nefarious behavior. Incidents of unauthorized access, including sharing of covered information without an individual’s authorization, triggers notification obligations under the Rule.”

The complaint against GoodRx, filed by the Department of Justice on behalf of the FTC in the U.S. District Court for the Northern District of California, alleges that GoodRx violated the Health Breach Notification Rule by failing to notify consumers, the FTC, and the media about the company’s unauthorized disclosures of consumer’s health information to third party advertising companies and advertising platforms including Facebook, Google, and Criteo, and other third parties including Branch and Twilio. The alleged disclosures were unauthorized because GoodRx promised that it would never share personal health information with advertisers or other third parties. Notably, GoodRx never provided notice of these types of disclosures to customers, or obtained their consent thereto.

In addition to allegations related to GoodRx’s advertising and data sharing practices, the FTC also alleged that GoodRx violated the FTC Act by misrepresenting its HIPAA compliance by displaying a seal on its telehealth homepage that falsely suggested it complied with the law, and by failing to implement “sufficient formal, written, or standard privacy or data sharing policies or compliance programs.”

In addition to the $1.5 million penalty, the proposed order would:

  • Prohibit GoodRx from engaging in such marketing practices;
  • Require GoodRx to notify affected individuals of the unauthorized disclosures;
  • Require GoodRx to instruct recipients of the health information to delete it;
  • Require GoodRx to maintain a comprehensive privacy program;
  • Require GoodRx to undergo a privacy assessment by a third party auditor;
  • Require GoodRx to report certain security incidents to the FTC within 30 days of discovery; and
  • Require GoodRx to submit to compliance reporting, recordkeeping and compliance monitoring requirements.
corporate corruption, health, Region US & Canada, Regions, regulatory, regulatory compliance, surveillance & privacy Tags:regulatory and enforcement, regulatory-compliance

Post navigation

Previous Post: Former Arkansas State Senator Sentenced for Bribery and Tax Fraud
Next Post: Olympic snowboarders sue coach, USOPC and ski federation over alleged abuse

See also

  • The Federal Reserve Acts on BSA Failures Related to PPP Loan Fraud corporate corruption
  • Silicon Valley Bank execs, parent company sued after collapse banks
  • Chinese foreign minister warns of conflict unless U.S. changes course -AP + Corruption Ledger #RealityCheck corporate corruption
  • Pfizer and BioNTech Push Hard on Omicron-Specific Vaccine While Fending Off Lawsuits health
  • FTX Founder Indicted for Fraud, Money Laundering, and Campaign Finance Offenses corporate corruption
  • Owners of sanctioned Russian bank to offload stakes – FT corporate corruption

You must log in to post a comment.

  • Railroad reluctant to say who OK’d chemical burn after Ohio derailment
  • Scientists insist on continuing search for toxics in East Palestine
  • Top aide of Canadian PM Trudeau will testify in parliament on Chinese election meddling
  • Zuckerberg, Meta sued for failing to address sex trafficking, child exploitation
  • Norfolk Southern: Independent group finds toxic chemicals that Ohio EPA didn’t – Ohio train derailment (East Palestine)
  • JP Morgan, Deutsche Bank to face lawsuit over Epstein ties
  • Putin announces readiness to switch to the Chinese Yuan currency in foreign trade
  • Putin and Xi sign two documents in Moscow
  • US announces sanctions on Iran drone procurement network
  • Russia says jet scrambled as US B-52 bombers fly over Baltic Sea
Rumble Video

Corruption Ledger Follow

The Public ▇▇▇ Ledger of ▇▇▇ Corruption. https://t.co/wkobrEotQR

5amResearch
Corruption Ledger @5amresearch ·
10 Feb

News Coverage of the September 2022 #NordStream Pipeline Attack https://corruptionledger.com/news-coverage-of-the-september-2022-nord-stream-pipeline-attack/ via @5amResearch

Reply on Twitter 1623868066818928641 Retweet on Twitter 1623868066818928641 Like on Twitter 1623868066818928641
Corruption Ledger @5amresearch ·
10 Feb

Mia Jankowicz of Business Insider calls Pulitzer prize-winning journalist Seymore Harsh a "discredited journalist." #NordStream

Reply on Twitter 1623857264086974464 Retweet on Twitter 1623857264086974464 Like on Twitter 1623857264086974464 1
Corruption Ledger @5amresearch ·
9 Feb

#Kraken to Discontinue Unregistered Offer and Sale of Crypto Asset Staking-As-A-Service Program and Pay $30 Million to Settle SEC Charges
https://www.sec.gov/news/press-release/2023-25

Reply on Twitter 1623815305452560384 Retweet on Twitter 1623815305452560384 Like on Twitter 1623815305452560384
Corruption Ledger @5amresearch ·
9 Feb

SpaceX: Ukraine breaching agreement, weaponizing Starlink https://en.mdn.tv/71FW

Reply on Twitter 1623685510496505860 Retweet on Twitter 1623685510496505860 Like on Twitter 1623685510496505860
Load More

–

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Copyright © 2022 Corruption Ledger. This web site contains no ads.