HealthEngine medical appointment booking app sharing clients’ personal information with lawyers


Health Minister Greg Hunt has ordered an “urgent review” of Australia’s largest online doctor’s appointment booking service, HealthEngine.

The ABC reported earlier that the HealthEngine app had routed hundreds of private medical information from users to law firms seeking clients for personal injury claims.

A spokesperson for Mr Hunt said the government had tasked the Information Commissioner and the Australian Digital Health Agency to investigate the matter.

The Perth-based startup, which is partly owned by Telstra and SevenWest Media and has 1.5 million monthly users and 15 million annual users, has also touted access to medical conditions and patient symptoms for campaigns targeted advertising.

The CBA has obtained secret documents from plaintiff law giant Slater and Gordon which reveal that HealthEngine passed a daily list of potential clients to the company, based on their personal health information, as part of a “pilot of reference partnership “last year.

HealthEngine asks users to include details about their symptoms and medical conditions, including whether they have suffered an injury at work or a traffic accident, as part of the process of booking appointments with general practitioners, dentists, physiotherapists, optometrists and other physicians.

The documents reveal that HealthEngine passed details of an average of 200 clients per month to Slater and Gordon between March and August of last year.

A negative review on the HealthEngine app page complaining about contacting personal injury lawyers. This was listed two years ago, before Slater and Gordon’s pilot program, so it’s probably another law firm.(Provided: Apple App Store)

A total of 40 became clients of Slater and Gordon, resulting in legal fees estimated at $ 500,000.

HealthEngine and Slater and Gordon both declined interview requests and did not respond directly to questions.

HealthEngine said in a statement that the company uses advertising to “deliver relevant and timely information from our many advertising partners to our users.”

The startup said it shares users’ personal information with third parties if they consent.

“HealthEngine does not provide any personal information to third parties without the express consent of the user concerned or under the circumstances described in our privacy policy,” the statement read.

The company insisted that the policy is clearly obvious to users through a simple pop-up form in the app.

HeathEngine also has a data sharing agreement with the federal government’s My Health Record digital medical record system.

However, the company said it was unable to directly access patient data held by My Health Record or the Australian Digital Health Agency.

How does HealthEngine obtain user consent?

Users of the application are asked to specify the type of appointment, where they have the possibility to choose whether they have had a car accident or if they have suffered an accident at work or not.

The company’s privacy policy makes no mention of sharing information with third parties for marketing purposes.

However, a separate “collection statement”, which users must agree to in order to use the service and confirm their reservation, states that HealthEngine shares personal information with a range of third parties.

Screenshot of the booking application.
The link to the receipt appears twice in the application: when you register and in the sixth step of the reservation process.(ABC News)
A screenshot of the HealthEngine collection statement.
HealthEngine’s collection statement reveals that the company discloses information to health insurance brokers, attorneys, and funding providers for dental and cosmetic procedures.(Provided: HealthEngine)

“If you consent, we may also provide your personal information to providers of other products and services that may be of interest to you, such as private health insurance comparison services, financial credit providers for cosmetic and dental procedures. and legal service providers, “the collection statement read.

In an updated statement from HealthEngine after the publication of this article, the CEO of the company, Dr Marcus Tan, said, “HealthEngine does not have any referral agreements in place with any marketing agencies or consulting firms. lawyers ”.

However, Dr Tan admitted that the company provided information to the lawyers, but declined to say when they ended the deal.

“Under previous agreements, HealthEngine provided referrals to law firms, but only with the express consent of the user,” he said.

HealthEngine boasts that it can tailor advertising to patient symptoms

The ABC also got a HealthEngine marketing presentation that promises to allow advertisers to target users for products based on their “age, type of appointment … zip code, symptom and type of reservation.”

A man talks to the camera.
HealthEngine CEO Dr Marcus Tan said “the trust of our users is important to us” after a review scandal.(Provided: HealthEngine)

“Advertisers have the ability to leverage and direct communication towards the patients’ [symptom]-related problems or to convey a brand message before seeing the general practitioner ”, indicates the presentation.

This is not the first time that HealthEngine’s practices have been called into question.

Earlier this month, Fairfax revealed that the company falsified negative patient reviews of doctors to make them appear positive.

The company has since apologized and removed the reviews from its service.

“Intrusive” and “persistent”

A woman with gray hair and a gray sweater looks at the phone in her hand.
Sharon * received an unsolicited call from a call center shortly after using the HealthEngine app.(ABC News: Jeremy Story Carter)

A user of the HealthEngine app, Sharon *, was called by a call center shortly after making an appointment with a general practitioner through the app.

She had used the app for years, but it was the first time that she had chosen the “work accident” option as the reason for her appointment.

The person on the phone said she was with a law firm and wanted to know if she would consider filing a complaint for her injuries, sustained while on a work trip off-site.

“They wanted to know if I had sought advice from a personal injury lawyer – and I said no,” Sharon said.

“They wanted to know why and started talking about the stadium numbers that I might be entitled to.

Sharon, who is on a do-not-call registry, said she saw no indication while using the app that her contact details might be provided to a third-party law firm.

“I had no idea that putting anything in HealthEngine would go beyond the healthcare professional I had made an appointment with. ”

Sharon ultimately cut the appeal short, but said others could easily be forced to take legal action through this system.

“You choose people at a vulnerable time,” she said.

“When you say to someone, ‘Do you understand how much money you could make with this? “A lot of people would start to think about it.”

Slater and Gordon used HealthEngine referrals via a third party

HealthEngine was one of several companies that referred clients to Slater and Gordon as part of a pilot project last year.

On Sunday, the ABC revealed that Slater and Gordon were using an outside direct marketing firm to find new clients, despite top lawyers at the firm warning that the practice was unethical and possibly illegal.

In front of a health engine office
HealthEngine has recruited thousands of doctors across Australia.(Provided: HealthEngine)

The secret documents say the firm obtained the HeathEngine referrals through Sydney-based law firm Bannister Law, which had a referral contract with HealthEngine.

The documents indicate that Slater and Gordon did not pay a fee for referrals during the pilot phase, however, he expected Bannister Law to charge for referrals in the future.

Bannister Law declined to comment.

*The name has been changed

Do you know more about this story? Send an email to [email protected]