Health Tech: $11M for Answers (for now)

yesterday’s crackdown The federal regulator’s review of GoodRx underscores the FTC’s growing efforts to protect consumers’ digital health privacy under the leadership of activist Chair Lina Khan.

Why it matters: The proposed order could have broad implications for the health tech industry, where ad targeting practices — especially among direct-to-consumer businesses — are nearly ubiquitous.

Catch up on: The order marks two firsts for the FTC:

1. The first use of its health breach notification rule, which requires health apps to notify users that their information has been breached.
2. This is the first time it has sought an order expressly barring companies from using consumer health data for ad targeting.

context: Startups and big tech companies collect reams of personal data on fertility, exercise, health and prescriptions that aren’t as expressly protected as other data covered by HIPAA.

enlarge: Specifically, the FTC complaint alleges that GoodRx shared personally identifiable data about users’ prescription drugs and health conditions with Google and Facebook.

• The complaint also alleges that GoodRx targeted users of its telehealth service, HeyDoctor, who searched for ads about STDs online and placed ads for STD testing services.
• The complaint describes such conduct as deceptive and unauthorized, which could have wide-ranging implications for an industry where such conduct is prevalent.

Yes, but: GoodRx agreed to settle the case on Wednesday, but said it disagreed with the agency’s allegations and did not admit any wrongdoing.

flashback: While the FTC has intensified its crackdown on medtech companies with similar actions in recent years, the GoodRx order goes further than previous cases and seeks to bar the company from future ad targeting.

• In 2021, for example, the U.S. Federal Trade Commission found that fertility-tracking app developer Flo shared menstrual cycle and pregnancy data with Google and Facebook, even though as part of a settlement Flo agreed to seek user consent before sharing such information, However, such behavior is not expressly prohibited.

the other side: FTC Commissioner Christine S. Wilson said in a statement released with the court order that the settlement falls short in that it “does not hold senior executives accountable and does not modify GoodRx’s core business model.” .”

• “I would support greater civil penalties,” Wilson wrote, noting the company’s previous market valuation of $18 billion, adding, “I believe the company is being paid for keeping quiet about its despicable privacy practices.” LippFone – well in excess of the $1.5 million fine”