GoodRx prospects who sometimes obtain emails about prescription drug offers and refill reminders from the corporate noticed one thing very completely different of their inboxes this week.
GoodRX despatched a discover to customers detailing allegations from the Federal Commerce Fee that the corporate shared delicate well being knowledge with third events for promoting functions with out prospects’ permission.
“This data included particulars about drug and well being circumstances individuals searched and their prescription medicines,” the corporate wrote within the discover e-mailed to prospects and posted on its web site. “We shared this data with third events, together with Fb. In some circumstances, GoodRx used the data to focus on individuals with health-related advertisements.”
The alert comes a month after the FTC introduced a proper settlement with the digital well being platform and issued a “first-of-its-kind proposed order” prohibiting the corporate from sharing well being knowledge from its prospects with different firms for promoting.
GoodRx has beforehand denied wrongdoing. “We don’t agree with the FTC’s allegations and we admit no wrongdoing,” the corporate wrote in February. “Coming into into the settlement permits us to keep away from the time and expense of protracted litigation.”
GoodRX, accessible on-line and by way of a cell app, gives telehealth visits and prescription drug coupons to customers, however the FTC alleges its privateness practices have been “not so good.”
The corporate mentioned the timing of this week’s communication was specified within the FTC settlement.
Nonetheless, the discover appeared to catch some prospects off guard. Customers took to social media to voice concern concerning the e-mail, with some questioning how a lot cash the agency may need constructed from their well being knowledge and others swearing off utilizing the service.
Along with paying a $1.5 million civil penalty, the corporate has agreed to an order mandating different steps, together with demanding third events delete client well being knowledge and making a “complete privateness program.”