Maintain Tight Control Over Patient Data—or Prepare to Pay a Hefty Price

There are countless ethical and legal reasons to ensure confidential patient data remain confidential. When private information becomes available to the general public, cyber terrorists or criminals, or prospective employers the consequences are grave for patients and damaging to the healthcare institution’s reputation. Now we’re getting a good sense of just how severe legal and monetary judgements can be for organizations found to have committed health data privacy violations. The Federal Trade Commission imposed a $1.5 million fine on GoodRx for failing to disclose to consumers that they provided personal health information to Facebook and Google, among other companies. According to a release from the FTC, this is the first time such an enforcement action has been taken under the Health Breach Notification Rule. Surely, it won’t be the last.