In this episode of There Ain’t No Such Thing as a Free Lunch…
If you’re among the estimated 55 million Americans who use the prescription discount app GoodRx, have you ever wondered how the app’s developer makes money? Unless you subscribe to GoodRx Gold, which promises “deeper discounts” on prescriptions for a $10 monthly fee, the standard app is free.
So, is GoodRX simply a “Good Samaritan”? Nope, not even close — nor should it be. But it does seem that fair and full disclosure should be provided, particularly when it comes to users’ personal health data.
As reported by the New York Times, the Federal Trade Commission (FTC) on Wednesday accused developer GoodRx Holdings of sharing sensitive personal health data on millions of users’ medications and illnesses, with hypocritical social media companies like Facebook and Google, without authorization.
According to the FTC, GoodRx broke a federal law requiring fitness trackers and health apps to alert users when their data is compromised. Despite the company agreeing to settle the case, it has refuted the accusations and insisted that it has made no admission of guilt.
Incidentally, why settle if you’re innocent of charges–other than bad publicity?
And what about HIPAA, the federal Health Insurance Portability and Accountability Act? Unlike data gathered by doctors and hospitals, the personal health information entered into apps or searched online is not covered by HIPAA, which raises the obvious question: Why not?
Here’s more, via the NY Times:
The crackdown on GoodRx comes at a moment of heightened concern over the leaking of sensitive health information, particularly in states that have banned or severely limited abortions. And it underscores the F.T.C.’s intensifying efforts to push digital health services to beef up their user privacy and security protections.
The F.T.C.’s case against GoodRx could upend widespread user-profiling and ad-targeting practices in the multibillion-dollar digital health industry, and it puts companies on notice that regulators intend to curb the nearly unfettered trade in consumers’ health details.
[…]
From 2017 to 2020, GoodRx uploaded the contact information of users who had bought certain medications, like birth control or erectile dysfunction pills, to Facebook so that the drug discount app could identify its users’ social media profiles, the F.T.C. said in a legal complaint.
The information in that last paragraph is good to know, huh?
According to the complaint, GoodRx also targeted users who looked up information on sexually transmitted diseases on “HeyDoctor,” the company’s telemedicine service, with ads for the site’s STD testing services. Those data disclosures, FTC regulators said, flew in the face of public promises the company made to “never provide advertisers any information that reveals a personal health condition.”
Oops.
Under the proposed settlement, which must be approved by a federal judge, GoodRx would be permanently prohibited from disclosing users’ health information for marketing purposes and would pay a $1.5 million fine for breaking the law requiring the protection of personal health data. health breach notification. The FTC’s Health Breach Notification Rule states:
The Rule requires vendors of personal health records and related entities to notify consumers following a breach involving unsecured information. In addition, if a service provider to one of these entities has a breach, it must notify the entity, which in turn must notify consumers. The Final Rule also specifies the timing, method, and content of notification, and in the case of certain breaches involving 500 or more people, requires notice to the media.
If my hunches are correct, the GoodRx revelation may be the tip of the iceberg in exposing the multibillion-dollar digital healthcare industry’s targeting of the personal health information of users. As I said at the top, there ain’t no such thing as a free lunch, gang. Except for “free” Democrat handouts, of course.
Join the conversation as a VIP Member