HealthEngine medical appointment booking app sharing clients’ personal information with lawyers
Health Minister Greg Hunt has ordered an “urgent review” of Australia’s largest online doctor’s appointment booking service, HealthEngine.
The ABC reported earlier that the HealthEngine app had routed hundreds of private medical information from users to law firms seeking clients for personal injury claims.
A spokesperson for Mr Hunt said the government had tasked the Information Commissioner and the Australian Digital Health Agency to investigate the matter.
Key points:
- HealthEngine has boasted to advertisers that it can tailor advertising to patient symptoms
- Australian startup says it only shares information with users’ consent
- But if a patient wishes to use the app, he or she does not have the option of opting out of the fine print regarding disclosure of information to third parties.
The Perth-based startup, which is partly owned by Telstra and SevenWest Media and has 1.5 million monthly users and 15 million annual users, has also touted access to medical conditions and patient symptoms for campaigns targeted advertising.
The CBA has obtained secret documents from plaintiff law giant Slater and Gordon which reveal that HealthEngine passed a daily list of potential clients to the company, based on their personal health information, as part of a “pilot of reference partnership “last year.
HealthEngine asks users to include details about their symptoms and medical conditions, including whether they have suffered an injury at work or a traffic accident, as part of the process of booking appointments with general practitioners, dentists, physiotherapists, optometrists and other physicians.
The documents reveal that HealthEngine passed details of an average of 200 clients per month to Slater and Gordon between March and August of last year.
A total of 40 became clients of Slater and Gordon, resulting in legal fees estimated at $ 500,000.
HealthEngine and Slater and Gordon both declined interview requests and did not respond directly to questions.
HealthEngine said in a statement that the company uses advertising to “deliver relevant and timely information from our many advertising partners to our users.”
The startup said it shares users’ personal information with third parties if they consent.
“HealthEngine does not provide any personal information to third parties without the express consent of the user concerned or under the circumstances described in our privacy policy,” the statement read.
The company insisted that the policy is clearly obvious to users through a simple pop-up form in the app.
HeathEngine also has a data sharing agreement with the federal government’s My Health Record digital medical record system.
However, the company said it was unable to directly access patient data held by My Health Record or the Australian Digital Health Agency.
How does HealthEngine obtain user consent?
Users of the application are asked to specify the type of appointment, where they have the possibility to choose whether they have had a car accident or if they have suffered an accident at work or not.
The company’s privacy policy makes no mention of sharing information with third parties for marketing purposes.
However, a separate “collection statement”, which users must agree to in order to use the service and confirm their reservation, states that HealthEngine shares personal information with a range of third parties.
“If you consent, we may also provide your personal information to providers of other products and services that may be of interest to you, such as private health insurance comparison services, financial credit providers for cosmetic and dental procedures. and legal service providers, “the collection statement read.
In an updated statement from HealthEngine after the publication of this article, the CEO of the company, Dr Marcus Tan, said, âHealthEngine does not have any referral agreements in place with any marketing agencies or consulting firms. lawyers â.
However, Dr Tan admitted that the company provided information to the lawyers, but declined to say when they ended the deal.
âUnder previous agreements, HealthEngine provided referrals to law firms, but only with the express consent of the user,â he said.
HealthEngine boasts that it can tailor advertising to patient symptoms
The ABC also got a HealthEngine marketing presentation that promises to allow advertisers to target users for products based on their “age, type of appointment … zip code, symptom and type of reservation.”
âAdvertisers have the ability to leverage and direct communication towards the patients’ [symptom]-related problems or to convey a brand message before seeing the general practitioner â, indicates the presentation.
This is not the first time that HealthEngine’s practices have been called into question.
Earlier this month, Fairfax revealed that the company falsified negative patient reviews of doctors to make them appear positive.
The company has since apologized and removed the reviews from its service.
“Intrusive” and “persistent”
A user of the HealthEngine app, Sharon *, was called by a call center shortly after making an appointment with a general practitioner through the app.
She had used the app for years, but it was the first time that she had chosen the âwork accidentâ option as the reason for her appointment.
The person on the phone said she was with a law firm and wanted to know if she would consider filing a complaint for her injuries, sustained while on a work trip off-site.
âThey wanted to know if I had sought advice from a personal injury lawyer – and I said no,â Sharon said.
âThey wanted to know why and started talking about the stadium numbers that I might be entitled to.
Sharon, who is on a do-not-call registry, said she saw no indication while using the app that her contact details might be provided to a third-party law firm.
âI had no idea that putting anything in HealthEngine would go beyond the healthcare professional I had made an appointment with. ”
Sharon ultimately cut the appeal short, but said others could easily be forced to take legal action through this system.
âYou choose people at a vulnerable time,â she said.
âWhen you say to someone, ‘Do you understand how much money you could make with this? “A lot of people would start to think about it.”
Slater and Gordon used HealthEngine referrals via a third party
HealthEngine was one of several companies that referred clients to Slater and Gordon as part of a pilot project last year.
On Sunday, the ABC revealed that Slater and Gordon were using an outside direct marketing firm to find new clients, despite top lawyers at the firm warning that the practice was unethical and possibly illegal.
The secret documents say the firm obtained the HeathEngine referrals through Sydney-based law firm Bannister Law, which had a referral contract with HealthEngine.
The documents indicate that Slater and Gordon did not pay a fee for referrals during the pilot phase, however, he expected Bannister Law to charge for referrals in the future.
Bannister Law declined to comment.
*The name has been changed
Do you know more about this story? Send an email to [email protected]