If a judge approves the proposed federal settlement order, GoodRx would be permanently barred from sharing users’ health information for advertising purposes. To settle the case, the company also agreed to pay a $1.5 million civil penalty for violating the health breach notification rule.

The F.T.C. is employing new legal approaches and remedies in the GoodRx case as part of its effort to bolster safeguards for the personal information collected by health apps, trackers and sites.

This is the first time that agency has brought an enforcement action using its Health Breach Notification Rule. That rule requires health apps and connected devices that collect or use personal health information, like an individual’s heart rate or menstruation history, to notify users of breaches like cyberattacks or the unauthorized sharing of their health data. This is also the first time that a proposed F.T.C. consent order is seeking to prohibit a company from sharing users’ health data for advertising purposes.

“Digital health companies and mobile apps should not cash in on consumers’ extremely sensitive and personally identifiable health information,” Samuel Levine, director of the F.T.C.’s bureau of consumer protection, said in a statement. “The F.T.C. is serving notice that it will use all of its legal authority to protect American consumers’ sensitive data from misuse and illegal exploitation.”

GoodRx, based in Santa Monica, Calif., said in a statement that user privacy was one of its most important priorities. The company added that the settlement with the agency focused on issues that GoodRx resolved three years ago, before the F.T.C. inquiry began.

“While we had used vendor technologies to advertise in a way that we believe was compliant with all applicable regulations and that remains common practice among many health, consumer and government websites, we are proud that we took action to be an industry leader on privacy practices,” the GoodRx statement said.

This is a developing story. Check back for updates.