Staff Posts

How well do Pharmacy Prescription Coupon Companies Actually Protect Your Data?

Prescription coupon apps, like GoodRx or WellRx, provide patients with digital coupons to save money on prescription medications. But how well are they protecting your personal data?

Aditi Ramesh
Aditi Ramesh,
Jun 06, 2024

Prescription coupon apps, like GoodRx or WellRx, provide patients with digital coupons to save money on prescription medications. But how well are they protecting your personal data? You might expect that as they handle sensitive data about prescriptions, which are directly linked to medical records, that they might be subject to HIPAA privacy rules, but they are not. Generally, HIPAA is meant to  assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care but does not apply in all cases.

In the context of a post-Roe world, how could their weak privacy policies impact someone seeking birth control or abortion medication in an era where decisions around reproductive health care are being criminalized? While companies like GoodRx don’t cover the leading abortion medication Mifepristone, they do cover Misoprostol and birth control medications. We have reason to be concerned about their data sharing policies – last year, the FTC filed an enforcement action against GoodRx for failing to report its unauthorized disclosure of consumer health data to Facebook, Google, and other companies. Current U.S. privacy regulations – or the lack thereof – allow many companies to legally collect, share, and sell — in other words, broker — access to Americans’ health data.

We looked at three different coupon companies – GoodRx, WellRx, and SingleCare – to understand how they handle consumer data. Turns out, they are blatantly collecting and selling consumers’ personal information.

Most pharmacy coupon companies collect and share your data with third parties. GoodRx, for example, shares information with a variety of third party services such as data warehouses, cloud computing providers, and credit card and payment processors, but they don’t specify for which purposes they share data with these third-parties. They also collect a range of personal data – from commercial information like purchase and usage history, to “insurance information, demographic information, interest information” and personal identifiers. They use this data for a variety of purposes – from personal communications with users to “to advertise and market to you on websites, mobile applications, and third-party platforms.”

This data is also shared to enforce “legal rights.” WellRx’s policy states that they may “comply with a valid legal process, such as a subpoena, court order, or search warrant, or where there is a lawful request.” This is especially concerning in light of situations where a patient may be seeking abortion medication from an out-of-state pharmacy, and purchasing decisions are surveilled by law enforcement seeking to prosecute people seeking an abortion.

Sensitive data is also subject to targeted advertising. Pharmacy coupon companies collect hoards of sensitive personal information – from credit card information, to purchase history, to addresses. All of this information can be used to track and target users, serving them false or misleading advertising based on their prescription purchase histories. Some companies, like RxSaver (GoodRx) do not use your personal info for targeted ads, others like GoodRx explicitly share data with third parties for these purposes: using “technology from Google, Facebook, and others, to help us track, segment, and analyze usage of the Services, and to help us or those companies serve more targeted advertising on the Services and across the Internet.”

Information is aggregated and collected from other Third Parties. Some companies, like GoodRx, receive information from a range of other third parties about you – through referral links, healthcare professionals, health insurance plans, etc. They combine all of this data, creating dangerous profiles about individuals, which can paint a comprehensive picture about a person’s reproductive choices. 

These companies are part of the surveillance advertising ecosystem. They profit from the collection and monetization of sensitive personal data – a practice that has myriad harms for consumers but is especially worrying in a post-Roe era when abortion has become criminalized. In some places, like Texas,  private citizens can even pursue legal action if they have evidence of an abortion occuring. With anti-choice extremists threatening health care workers – and even abortion patients – the surveillance advertising business model provides a dangerous digital trail of evidence, data which should be private and protected. Much can and should be done to close this loophole, which is why Accountable Tech has called to ban surveillance advertising. 

More Staff Posts

10 Moments for Aaron Sorkin to Include in the Potential Sequel to The Social Network
Zach Praiss
Zach Praiss,
May 01, 2024

As Sorkin is rumored to be working on a new movie about Facebook, I wanted to share 10 moments he should include.

How Big Tech’s Big Price Hikes Surpass Inflation
Zach Praiss
Zach Praiss,
Mar 22, 2024

A quick assessment of some of Big Tech’s price hikes over the past few years on their major products reveals a pattern of rising prices for consumers above the rate of inflation.

What’s up with Facebook Messenger’s end-to-end encryption?
Kaili Lambe
Kaili Lambe,
Mar 04, 2024

In December, Meta promised to soon roll out end-to-end encryption by default for all chats in Messenger and on Facebook, but three months later we’re wondering when the change will hit our accounts.

Join the fight to rein in Big Tech.

Big Tech companies are some of the most powerful and profitable companies in history, presenting new threats to the safety of communities and the health of democracy. We’re taking them on through legislation, regulation and direct advocacy.