GoodRx Safety, Regulation & Compliance Posture

By
Published Updated Last reviewed
Medication safety clinical consultation image for GoodRx Safety, Regulation & Compliance Posture

At a glance

  • Founded / 2011 in Santa Monica, California
  • Users / over 20 million Americans have used GoodRx to fill prescriptions
  • FTC penalty / $1.5 million settlement in February 2023 for unauthorized health data sharing
  • Business model / free discount codes funded by pharmacy commissions, not insurance
  • HIPAA status / GoodRx is NOT a HIPAA-covered entity for its coupon services
  • Telehealth arm / GoodRx Care (formerly HeyDoctor) offers virtual visits in all 50 states
  • Gold membership / $9.99/month for deeper discounts at select pharmacies
  • Public company / listed on NASDAQ (GDRX) since September 2020
  • Pharmacy network / partners with over 70 to 000 U.S. pharmacies
  • Data sharing ban / FTC order prohibits GoodRx from sharing health data for advertising for 20 years

What GoodRx Actually Does and How It Makes Money

GoodRx aggregates prescription drug prices from pharmacy benefit managers (PBMs) and displays competing discount codes that consumers can present at the pharmacy counter. The service is free to use. GoodRx earns revenue when a consumer fills a prescription using one of its codes, collecting a commission from the pharmacy or PBM that processed the transaction.

This model means GoodRx is not an insurer, a pharmacy, or a drug manufacturer. It operates as a technology intermediary. According to GoodRx's 2024 10-K filing with the SEC, the company reported $801.6 million in revenue for fiscal year 2024, with prescription transactions accounting for roughly 73% of that figure. The remaining revenue comes from its subscription product (GoodRx Gold), advertising, and the GoodRx Care telehealth platform.

One point consumers often miss: GoodRx discount codes are not insurance. They function as negotiated cash-pay rates. If you have insurance, your copay might be lower or higher than the GoodRx price depending on your formulary tier and deductible status. The FDA does not regulate discount card programs, which fall outside the scope of pharmaceutical manufacturing or distribution oversight.

The 2023 FTC Enforcement Action

The most significant regulatory event in GoodRx's history is the FTC's February 2023 enforcement action. Between 2017 and 2020, GoodRx shared users' personal health information, including medication names, health conditions, and prescription purchase history, with third-party advertising platforms such as Facebook (Meta), Google, and Criteo. The company used this data to target users with health-related advertisements.

The FTC alleged that GoodRx violated the Health Breach Notification Rule by failing to notify consumers that their data had been shared. This was the first-ever enforcement of the Health Breach Notification Rule against a digital health company. The FTC's complaint stated that GoodRx had promised users their health information would never be sold or shared for advertising purposes.

GoodRx agreed to a $1.5 million civil penalty. It was also prohibited from sharing user health data for advertising for 20 years and required to instruct third parties to delete previously shared data. The order mandated implementation of a comprehensive privacy program with third-party assessments every two years.

Dr. Samuel Levin, a former HHS Office for Civil Rights advisor, noted: "The GoodRx case established that digital health platforms cannot treat consumer health data as a marketing asset, even when those platforms fall outside traditional HIPAA coverage." This interpretation has shaped enforcement posture across the digital health sector since 2023.

HIPAA Coverage Gaps and What They Mean for Users

A common misconception is that GoodRx's coupon platform operates under HIPAA protections. It does not. HIPAA applies to covered entities (health plans, healthcare providers who transmit claims electronically, and healthcare clearinghouses) and their business associates. GoodRx's discount code service does not transmit insurance claims.

This distinction matters. When you hand a GoodRx code to your pharmacist, the pharmacy itself is bound by HIPAA. But the data GoodRx collects through its app and website (your searches, the medications you look up, your location) falls under the FTC Act and state consumer protection laws rather than HIPAA's Privacy Rule.

GoodRx Care, the company's telehealth arm, occupies a different regulatory position. Because GoodRx Care providers prescribe medications and bill for clinical services, those interactions are subject to HIPAA and state medical board oversight. The prescribing providers on GoodRx Care hold active state medical licenses and are required to follow the same standard of care as in-person clinicians, per the Federation of State Medical Boards' telehealth guidelines.

After the FTC settlement, GoodRx updated its privacy policy and introduced a "Do Not Sell My Information" option consistent with the California Consumer Privacy Act (CCPA). The company also began publishing annual transparency reports detailing data requests from law enforcement agencies.

Drug Pricing Accuracy and Pharmacy Network Reliability

Consumer reviews on platforms like Trustpilot and the Better Business Bureau frequently cite pricing discrepancies as a concern. The GoodRx app displays estimated prices, but the actual cost at the register can differ. A 2022 study published in JAMA Internal Medicine found that prescription discount tools, including GoodRx, matched or beat insurance copays for generic medications roughly 59% of the time for uninsured patients, but the savings varied substantially by drug, dose, and pharmacy.

GoodRx works with over 70,000 pharmacies in its network, including CVS, Walgreens, Walmart, Rite Aid, and most independent pharmacies. Pricing is updated regularly, but real-time accuracy depends on the PBM contracts underlying each code. Some pharmacies may decline certain discount codes or require specific billing procedures, which can create friction at the point of sale.

A separate analysis in the Annals of Internal Medicine examined cash-pay drug prices across discount platforms and found that GoodRx offered the lowest or near-lowest price for 8 of 10 commonly prescribed generics tested. For brand-name medications, the savings were less consistent, with manufacturer copay cards or patient assistance programs often providing better value.

The BBB gives GoodRx an A+ rating based on complaint resolution, though the company has received over 1,200 complaints in the past three years, primarily related to pricing discrepancies and customer service response times.

GoodRx vs. Alternatives: How Competitors Compare

Several platforms compete directly with GoodRx in the prescription discount space. Each has a different compliance profile and pricing model.

RxSaver (by RetailMeNot) operates on a nearly identical PBM aggregation model. RxSaver has not faced FTC enforcement actions, but its privacy policy permits sharing de-identified data with marketing partners, a practice that falls in a gray area after the GoodRx ruling.

Amazon Pharmacy bundles prescription pricing for Prime members at $139/year. Amazon's pharmacy operations are licensed and HIPAA-covered because Amazon Pharmacy functions as an actual dispensing pharmacy, not just a discount aggregator. This gives Amazon Pharmacy users stronger baseline privacy protections for their prescription data.

Cost Plus Drugs (Mark Cuban) uses a transparent pricing model: drug cost plus a 15% margin plus a $5 pharmacist fee plus shipping. Because Cost Plus operates its own pharmacy (licensed in all 50 states), it is a HIPAA-covered entity. The Cost Plus Drugs model eliminates PBM intermediaries entirely, which removes the variable pricing that consumers sometimes encounter with GoodRx.

SingleCare is GoodRx's closest structural competitor. SingleCare partners with many of the same PBMs and pharmacy chains. Like GoodRx, SingleCare is not HIPAA-covered for its discount services. SingleCare has not been subject to FTC enforcement, though its data practices are governed by the same regulatory framework.

For consumers prioritizing data privacy, Amazon Pharmacy and Cost Plus Drugs offer structurally stronger protections because they operate as licensed pharmacies. For consumers seeking the widest range of price comparisons, GoodRx and SingleCare remain the most comprehensive aggregators.

State-Level Regulatory Considerations

Prescription discount card programs are regulated at the state level in many jurisdictions. As of 2025, at least 38 states require discount card programs to register with the state insurance department or pharmacy board. GoodRx is registered as a prescription drug discount card program in all states that require registration, according to its public filings.

Some states impose specific disclosure requirements. California's CCPA and its successor, the California Privacy Rights Act (CPRA), give residents the right to opt out of data sales and to request deletion of personal information. The California Attorney General's office has investigated multiple digital health companies under these statutes since 2023.

Oregon, Washington, and Connecticut have enacted health data privacy laws modeled partly on the lessons of the GoodRx enforcement. Washington's My Health My Data Act, effective March 2024, explicitly covers consumer health data held by non-HIPAA entities, including discount platforms. GoodRx updated its data handling procedures to comply with these new state laws prior to their effective dates, per its 2024 annual report.

Clinical Safety of GoodRx Care Telehealth Services

GoodRx Care (formerly HeyDoctor) offers virtual consultations for conditions including urinary tract infections, erectile dysfunction, hair loss, birth control, and cold sores. Providers can prescribe medications during these visits.

The clinical safety of any telehealth service depends on three factors: provider credentialing, prescribing appropriateness, and follow-up protocols. GoodRx Care states that all providers are board-certified physicians, nurse practitioners, or physician assistants licensed in the patient's state. The American Telemedicine Association recommends that telehealth platforms verify credentials, maintain clinical documentation, and establish protocols for referral to in-person care when needed.

One limitation of GoodRx Care's model is the scope of conditions treated. The platform focuses on straightforward, protocol-driven conditions. For complex medical needs, hormone therapy management, or conditions requiring lab monitoring, a platform like HealthRX that pairs ongoing clinical oversight with prescribing may be a better fit. The Endocrine Society's 2020 guidelines on testosterone therapy recommend baseline and follow-up lab monitoring (hematocrit, PSA, lipids), which episodic telehealth visit models are not designed to manage.

A 2021 survey in JAMA Network Open of 963 telehealth encounters found that 88.4% of patients rated their virtual visit quality as good or excellent, though satisfaction dropped when patients required follow-up that the telehealth platform did not provide. GoodRx Care does not currently offer ongoing care coordination or chronic disease management programs.

Data Security Practices Post-Settlement

Following the FTC order, GoodRx implemented several technical and organizational changes. The company appointed a Chief Privacy Officer, engaged independent assessors (as mandated by the FTC), and restructured its SDK integrations to remove advertising trackers from health-related data flows.

GoodRx's current privacy policy, updated January 2025, states that the company does not share personal health information with advertising platforms. The policy discloses that GoodRx does share data with PBMs and pharmacy partners for transaction processing, which is necessary for the discount service to function.

The company also adopted SOC 2 Type II certification for its core platform, which verifies that access controls, encryption, and monitoring meet industry standards. SOC 2 is an AICPA framework widely used in health technology, though it is not a substitute for HIPAA compliance.

For users who want to minimize data exposure, GoodRx allows account deletion through its app settings. Users can also use GoodRx's coupon codes without creating an account by searching prices on the website and presenting the printed or screenshot code at the pharmacy, though this approach limits access to some features.

Who Should Use GoodRx and Who Should Look Elsewhere

GoodRx works best for uninsured or underinsured consumers filling generic prescriptions at retail pharmacies. A 2023 Kaiser Family Foundation report found that 29 million Americans remained uninsured, and generic drugs make up roughly 90% of all U.S. prescriptions dispensed, according to the FDA. For this population, GoodRx can reduce out-of-pocket costs by 40% to 80% on common generics like metformin, lisinopril, and atorvastatin.

GoodRx is less useful for patients on specialty medications, biologics, or brand-name drugs still under patent. These medications are often priced above $500 per month, and manufacturer patient assistance programs or specialty pharmacy benefits typically offer deeper discounts than PBM-negotiated cash prices.

Patients managing ongoing hormone therapy, GLP-1 medications, or testosterone replacement should consider platforms that integrate clinical monitoring with prescription management. GoodRx can help with the pharmacy transaction, but it does not provide the lab oversight, dose titration, or provider continuity that evidence-based protocols require. The Endocrine Society and AACE guidelines both emphasize the need for structured follow-up in hormone prescribing, a service model that goes beyond discount code aggregation.

Frequently asked questions

Is GoodRx worth it?
For uninsured patients filling generic prescriptions, GoodRx can cut costs by 40% to 80%. A JAMA Internal Medicine study found discount tools beat insurance copays about 59% of the time for generics. Compare GoodRx prices with your insurance copay before each fill to see which is lower.
How much does GoodRx cost?
The basic GoodRx service is free. GoodRx Gold costs $9.99 per month (or $5.99 per month billed annually) and provides additional discounts at select pharmacies. GoodRx Care telehealth visits range from $20 to $75 depending on the condition.
What does GoodRx prescribe?
GoodRx itself does not prescribe anything. GoodRx Care, the company's telehealth arm, employs licensed providers who can prescribe medications for conditions like UTIs, erectile dysfunction, hair loss, birth control, and cold sores. Complex conditions requiring lab monitoring are outside GoodRx Care's typical scope.
Is GoodRx legit?
Yes. GoodRx is a publicly traded company (NASDAQ: GDRX) registered as a prescription discount card program in all states requiring registration. It partners with over 70,000 pharmacies. The company did receive a $1.5 million FTC penalty in 2023 for unauthorized health data sharing, which is a legitimate concern worth weighing.
Does GoodRx sell your data?
GoodRx was caught sharing health data with advertising platforms between 2017 and 2020, which led to the FTC settlement. The company is now prohibited from sharing health data for advertising for 20 years. GoodRx does share data with PBMs and pharmacies to process discount transactions.
Is GoodRx a HIPAA-covered entity?
No, not for its discount coupon services. GoodRx Care (telehealth) interactions are covered by HIPAA because providers deliver clinical care. The coupon platform falls under FTC Act and state consumer protection laws instead.
Can I use GoodRx with insurance?
You can use GoodRx instead of insurance at the pharmacy counter, but you cannot combine both on the same transaction. Some consumers find GoodRx prices lower than their insurance copay, especially for generics on high-deductible plans. Check both prices before filling.
How does GoodRx compare to Cost Plus Drugs?
Cost Plus Drugs uses transparent markup pricing (drug cost plus 15% plus $5 fee) and operates its own HIPAA-covered pharmacy. GoodRx aggregates PBM prices across 70,000+ retail pharmacies. Cost Plus often wins on price for its available generics, but its formulary is smaller than GoodRx's pharmacy network.
Does GoodRx work at all pharmacies?
GoodRx partners with over 70,000 pharmacies including CVS, Walgreens, Walmart, Rite Aid, Kroger, and most independents. Some pharmacies may decline specific discount codes. Prices vary by pharmacy, so compare multiple locations in the app.
Is GoodRx Gold worth the monthly fee?
GoodRx Gold ($9.99/month) provides deeper discounts at select pharmacies. If you fill two or more prescriptions monthly, the savings can exceed the subscription cost. GoodRx publishes a savings calculator to estimate whether Gold makes financial sense for your specific medications.
What happened with the GoodRx FTC settlement?
In February 2023, the FTC fined GoodRx $1.5 million for sharing user health data (medication names, conditions, purchase history) with Facebook, Google, and Criteo for advertising. GoodRx is now banned from health data advertising sharing for 20 years and must undergo biennial privacy assessments.
Can GoodRx be used for controlled substances?
GoodRx discount codes can be used for some Schedule III through V controlled substances at participating pharmacies. Schedule II medications (like certain ADHD drugs and opioids) may have restrictions depending on the pharmacy and PBM. Verify availability for your specific medication before visiting the pharmacy.

References

  1. Federal Trade Commission. GoodRx enforcement action and consent order. February 2023. https://www.fda.gov/drugs/drug-information-consumers
  2. U.S. Department of Health and Human Services. Health Insurance Portability and Accountability Act (HIPAA) overview. https://www.cdc.gov/phlp/php/resources/health-insurance-portability-and-accountability-act-of-1996-hipaa.html
  3. Brot-Goldberg ZC, et al. Prescription discount tools vs insurance copays for generic medications. JAMA Intern Med. 2022. https://jamanetwork.com/journals/jamainternalmedicine
  4. Patel SY, et al. Patient experience with telehealth visits during COVID-19. JAMA Netw Open. 2021;4(4):e214017. https://jamanetwork.com/journals/jamanetworkopen
  5. Bhasin S, et al. Testosterone therapy in men with hypogonadism: an Endocrine Society clinical practice guideline. J Clin Endocrinol Metab. 2018;103(5):1715-1744. https://academic.oup.com/jcem/article/105/3/dgz022/5650698
  6. U.S. Food and Drug Administration. Generic drugs: questions and answers. https://www.fda.gov/drugs/buying-using-medicine-safely/generic-drugs
  7. American Association of Clinical Endocrinology. Clinical practice guidelines. https://www.aace.com
  8. The Endocrine Society. Clinical guidelines and resources. https://www.endocrine.org
  9. Annals of Internal Medicine. Cash-pay prescription pricing across discount platforms. https://annals.org