US financial watchdog orders $1.5M fine in first action under health privacy law News
EmilianDanaila / Pixabay
US financial watchdog orders $1.5M fine in first action under health privacy law

The US Federal Trade Commission (FTC) Wednesday announced a $1.5 million civil penalty against digital healthcare company GoodRx for its failure “to notify consumers and others of its unauthorized disclosures of consumers’ personal health information to Facebook, Google, and other companies” in violation the FTC’s Health Breach Notification Rule (HBNR) (18 CFR § 318and 15 U.S.C. § 45(a)(1).

The fine is the FTC’s first action under its HBNR. The HBNR requires businesses and non-profits “not covered by HIPAA to notify their customers, the FTC, and, in some cases, the media, if there’s a breach of unsecured, individually identifiable health information.” The FTC’s Policy Statement indicates that makers of health apps and connected devices, such as GoodRx, must comply with the HBNR.

The FTC voted 4-0 in favor of referring its complaint and stipulated final order to the US Department of Justice (DOJ) for filing. The FTC’s complaint alleges that “GoodRx violated the FTC Act by sharing sensitive personal health information for years with advertising companies and platforms—contrary to its privacy promises—and failed to report these unauthorized disclosures as required by the” HBNR. Despite GoodRx’s promises to its users not to share their personal information, including personal health information, with advertisers or third parties, GoodRx repeatedly violated those promises over a four-year period and shared “extremely intimate and sensitive details about GoodRx users” related to users’ physical health, mental health, and their other personal information.

FTC Commissioner Christine S. Wilson issued a concurring statement in which she stated that “[t]oday’s settlement marks the first enforcement matter in which the FTC has invoked the HBNR.” Additionally, Samuel LevineDirector of the FTC’s Bureau of Consumer Protection, stated:
Digital health companies and mobile apps should not cash in on consumers’ extremely sensitive and personally identifiable health information. The FTC is serving notice that it will use all of its legal authority to protect American consumers’ sensitive data from misuse and illegal exploitation.
GoodRx released its own statement regarding its FTC settlement in which  GoodRx stated its disagreement with the FTC’s allegations and admitted no wrongdoing. GoodRx emphasized its “commitment to being at the forefront of safeguarding users’ privacy” and conveyed that it “[e]nter[ed] into the settlement to avoid the time and expense of protracted litigation.”
THIS DAY @ LAW

Charles Manson sentenced to death

On April 19, 1971, Charles Manson was sentenced to death for ordering the murders of Sharon Tate and others. The sentence was then commuted to life after the Supreme Court of California overturned the death penalty in 1972. Learn more about the trial of Charles Manson from the University of Missouri - Kansas City School of Law.

The Beatles signed 10-year partnership

On April 19, 1967, John, Paul, George and Ringo - aka "The Beatles" - signed a partnership deed agreeing that the group would continue for a (further) period of ten years. When The Beatles split up prematurely in 1970, Paul applied to have the partnership terminated and a receiver appointed.

Read a legal analysis of Paul McCartney’s 1970 lawsuit against John, George and Ringo.

More This Day @ Law...