FTC’S First Health Breach Notification Rule Enforcement Action Includes $1.5 Million Penalty Against Digital Health Platform

This Bulletin is brought to you by AHLA’s Health Information and Technology Practice Group.

March 14, 2023

Jennifer Kreick , Haynes and Boone LLP
Tim Newman , Haynes and Boone LLP
Maseo Brown , Haynes and Boone LLP

Share this:

Digital health companies and mobile apps not covered by the Health Insurance Portability and Accountability Act (HIPAA) are on alert after the Federal Trade Commission (FTC) announced its first enforcement action under its Health Breach Notification Rule (HBNR). The action was against GoodRx Holdings, Inc. (GoodRx), a digital health platform that offers prescription drug discounts, telehealth visits, and other health services. The stipulated order entered by the court on February 17, 2023, requires GoodRx to pay a $1.5 million penalty, notify users that their information was disclosed, and permanently prohibits GoodRx from disclosing user health information for advertising purposes, among other requirements.

FTC’S First Health Breach Notification Rule Enforcement Action Includes $1.5 Million Penalty Against Digital Health Platform

This Bulletin is brought to you by AHLA’s Health Information and Technology Practice Group.

ARTICLE TAGS

You must be logged in to access this content.

Cookie Consent

FTC’S First Health Breach Notification Rule Enforcement Action Includes $1.5 Million Penalty Against Digital Health Platform

This Bulletin is brought to you by AHLA’s Health Information and Technology Practice Group.

ARTICLE TAGS

You must be logged in to access this content.