Skip to Main Content

March 14, 2023    

FTC’S First Health Breach Notification Rule Enforcement Action Includes $1.5 Million Penalty Against Digital Health Platform

This Bulletin is brought to you by AHLA’s Health Information and Technology Practice Group.
  • March 14, 2023
  • Jennifer Kreick , Haynes and Boone LLP
  • Tim Newman , Haynes and Boone LLP
  • Maseo Brown , Haynes and Boone LLP

Digital health companies and mobile apps not covered by the Health Insurance Portability and Accountability Act (HIPAA) are on alert after the Federal Trade Commission (FTC) announced its first enforcement action under its Health Breach Notification Rule (HBNR). The action was against GoodRx Holdings, Inc. (GoodRx), a digital health platform that offers prescription drug discounts, telehealth visits, and other health services. The stipulated order entered by the court on February 17, 2023, requires GoodRx to pay a $1.5 million penalty, notify users that their information was disclosed, and permanently prohibits GoodRx from disclosing user health information for advertising purposes, among other requirements.


You must be logged in to access this content.