FTC Alleges GoodRx Shared Consumer’s Health Info With Facebook, Google

In an environment where privacy experts are raising concerns about the health data shared with apps and wearables, the Federal Trade Commission is alleging drug-cost and telehealth platform GoodRx shared consumers’ personal health information to tech companies like Facebook, Google and other third parties.

It is the first time the FTC has enforced its 2009 Health Breach Notification Rule, which requires companies that collect and share consumers’ health information to notify those consumers. 

According to the FTC, GoodRx allegedly compiled lists of users purchasing medication and uploaded their email addresses, phone numbers and mobile advertising IDs to Facebook in August 2019 so it could identify their profiles. GoodRx then allegedly used that information to target these users with health-related advertisements on Facebook and Instagram. 

The Department of Justice, on behalf of the FTC, filed a complaint and proposed an order for permanent injunction against the company on 1st February. Under the order, GoodRx would be prohibited from sharing health information with third parties and be fined $1.5 million. The order requires the approval of the U.S. District Court for the Northern District of California.   

While GoodRx has agreed to pay a $1.5 million fine to settle the case to “avoid the time and expense of protracted litigation”, it does not agree with the FTC’s allegations and it admits no wrongdoing, as per the company’s statement. GoodRx claims that the usage of the Facebook Javascript tracking pixel is common among consumer, healthcare and government websites. The information shared was not medical information but IP addresses and webpage URL information related to looking at content.

FTC also alleged that GoodRx shared data with Google, Criteo, Twilio and Branch. The proposed order requires third parties that received GoodRx’s data to delete it. But no details were provided on how the agency might enforce such directives. 

The FTC has also alleged that GoodRx misrepresented its compliance with the Health Insurance Portability and Accountability Act of 1996 to consumers using its telehealth platform. The company sold its backend virtual technology to Wheel Health, a virtual health platform and provider network, for $19.5 million in cash in November 2022. 

Will this move by the FTC serve as a warning shot to other digital health companies that share personal health data with third parties? That is yet to be seen.

Join the HealthXL Meeting on ‘Why is now a good time for Digital Health-MedTech Partnerships?’ on 8th February. Click here to Request to Join.