WASHINGTON (Reuters) -U.S. healthcare firm GoodRx Holdings has agreed to pay $1.5 million to settle allegations that it failed to notify customers that it shared personal health information with Alphabet’s Google, Meta’s Facebook and others, the Federal Trade Commission said on Wednesday.
Under the terms of the settlement, GoodRx will be barred from sharing user health data with other companies to use for advertising.
“Digital health companies and mobile apps should not cash in on consumer’s extremely sensitive and personally identifiable health information,” said Samuel Levine, director of the FTC’s Bureau of Consumer Protection, in a statement.
GoodRx, which had more than 55 million people use its website or app in the past six years, is a platform that offers drug discounts while collecting health information from users and their pharmacy benefit managers.
GoodRx promised users it would never share health information with advertisers but gave information to Google, Facebook, Criteo and others, the agency said in their complaint.
GoodRx said in a statement the issue in the settlement was resolved three years ago before the agency began its probe.
“We do not agree with the FTC’s allegations and we admit no wrongdoing. Entering into the settlement allows us to avoid the time and expense of protracted litigation,” the company said in a statement.
The settlement is the first under the FTC’s Health Breach Notification Rule, the agency said.
Under the settlement, the company is also required to put limits on how long it keeps personal and health information, and to publicly post the retention schedule, the agency said.
(Reporting by Diane Bartz; Editing by Josie Kao)