Skip to content
  • .home
  • .business & economy
  • .tech
  • .ledger of lies

Corruption Ledger

The Public Ledger of Corruption

  • about
  • .corruption
    • banks
    • censorship
    • corporate
    • environment
    • government
    • health
    • journalism
    • misinformation
  • .crime
    • child victims
    • tech crime
    • dimwit crimes
    • financial crime
    • killings
    • shootings
  • .international conflict
    • Israel-Palestine
    • Nordstream
    • Russia vs. West
    • war news
    • war machines
  • .privacy & surveillance
  • .leaks
    • all leaks
    • Wikileaks
  • .regions
    • All Regions
    • Africas
    • North Americas
      • All
      • Canada
      • U.S.
    • Asias
    • Europe
    • Middle East
    • Oceania
  • Toggle search form
  • Polish minister launches bill to extradite Ukrainian Nazi WW2 veteran Hunka from Canada All News
  • Poland: Ukraine is drowning and therefore dangerous All News
  • This China trade war isn’t about semiconductors: Straits Times Business & Economy
  • Airbus Hacker Threatens to Sell US, Europe Military Intel on Dark Web All News
  • Intel-linked UK official pushing censorship of Russell Brand -The Grayzone _enforcement
  • Australia Signs $210 Million Underwater Tracking Contract All News
  • TransUnion denies it was hacked, links leaked data to 3rd party All News
  • 400,000 calls made to Japanese Embassy in China over radioactive water All News

GoodRx to Pay $1.5 Million in First Ever FTC Health Breach Notification Rule Enforcement Action

Posted on February 3, 2023May 26, 2023 By CorruptionLedger No Comments on GoodRx to Pay $1.5 Million in First Ever FTC Health Breach Notification Rule Enforcement Action

On February 1, 2023, the Federal Trade Commission announced that it entered into a proposed order with GoodRx, a telehealth and prescription drug discount provider, for violations of the FTC’s Health Breach Notification Rule stemming from GoodRx’s unauthorized disclosures of consumers’ personal health information to third party advertisers and other companies. This is the first enforcement action taken under the FTC’s Health Breach Notification Rule, which was issued in 2009.

The FTC’s Health Breach Notification Rule defines a “breach of security” as “acquisition of [unsecured PHR identifiable health information] without the authorization of the individual.” In its 2021 Statement of the Commission on Breaches by Health Apps and Other Connected Devices, the FTC reminded entities offering services covered by the Health Breach Notification Rule that “a ‘breach’ is not limited to cybersecurity intrusions or nefarious behavior. Incidents of unauthorized access, including sharing of covered information without an individual’s authorization, triggers notification obligations under the Rule.”

The complaint against GoodRx, filed by the Department of Justice on behalf of the FTC in the U.S. District Court for the Northern District of California, alleges that GoodRx violated the Health Breach Notification Rule by failing to notify consumers, the FTC, and the media about the company’s unauthorized disclosures of consumer’s health information to third party advertising companies and advertising platforms including Facebook, Google, and Criteo, and other third parties including Branch and Twilio. The alleged disclosures were unauthorized because GoodRx promised that it would never share personal health information with advertisers or other third parties. Notably, GoodRx never provided notice of these types of disclosures to customers, or obtained their consent thereto.

In addition to allegations related to GoodRx’s advertising and data sharing practices, the FTC also alleged that GoodRx violated the FTC Act by misrepresenting its HIPAA compliance by displaying a seal on its telehealth homepage that falsely suggested it complied with the law, and by failing to implement “sufficient formal, written, or standard privacy or data sharing policies or compliance programs.”

In addition to the $1.5 million penalty, the proposed order would:

  • Prohibit GoodRx from engaging in such marketing practices;
  • Require GoodRx to notify affected individuals of the unauthorized disclosures;
  • Require GoodRx to instruct recipients of the health information to delete it;
  • Require GoodRx to maintain a comprehensive privacy program;
  • Require GoodRx to undergo a privacy assessment by a third party auditor;
  • Require GoodRx to report certain security incidents to the FTC within 30 days of discovery; and
  • Require GoodRx to submit to compliance reporting, recordkeeping and compliance monitoring requirements.

Related

Compliance Regulation, corporate corruption, health, Regulatory News, Surveillance & Privacy Tags:All Regions, Corruption, Region Americas, Region US, regulatory and enforcement, regulatory-compliance

Post navigation

Previous Post: Former Arkansas State Senator Sentenced for Bribery and Tax Fraud
Next Post: Olympic snowboarders sue coach, USOPC and ski federation over alleged abuse

You must log in to post a comment.

Wall of Shame

  • Censorship & Access to Information
  • Environmental Collapse
  • Journalism
  • In Court
  • Enforcement
  • Free Speech: What’s it good for?

Recent

  • Polish minister launches bill to extradite Ukrainian Nazi WW2 veteran Hunka from Canada
  • Poland: Ukraine is drowning and therefore dangerous
  • This China trade war isn’t about semiconductors: Straits Times
  • Airbus Hacker Threatens to Sell US, Europe Military Intel on Dark Web
  • Intel-linked UK official pushing censorship of Russell Brand -The Grayzone
  • Australia Signs $210 Million Underwater Tracking Contract
  • TransUnion denies it was hacked, links leaked data to 3rd party
  • 400,000 calls made to Japanese Embassy in China over radioactive water
  • Tornado at Pfizer plant accentuates US drug shortage issues
  • UK intelligence spun 2013 Syria chemical attack, leaked docs show
About CL
Shootings | Air Force and Aerospace
Rumble Video from CL
  • Florida’s Lakeland Regional Medical Center Agrees to Pay $4 Million to Settle Common Law Allegations for Impermissible Medicaid Donations corporate corruption
  • US / 39 entities sanctioned – ‘shadow banking’ for Iran _enforcement
  • Kremlin comments on WSJ correspondent arrest Aerospace
  • US / SEC sues Coinbase and Binance, files motion to freeze Binance assets _enforcement
  • US announces criminal cases involving flow of technology, information to Russia, China and Iran Crime
  • Nancy Pelosi has arrived in Taiwan, China says she is “playing with fire” All News

Copyright © 2022 Corruption Ledger. This web site contains no ads.