Medical Booking App Facing Million-Dollar Fines for Selling Patient Data
HealthEngine, Australia’s largest medical appointment booking application is now locked in a legal brawl after an ABC investigation found that it was selling patient information to third-parties, particularly law firms.
The Australian Competition and Consumer Commission (ACCC) has launched a legal case against HealthEngine in the Federal Court, alleging the Perth-based company mislead and deceived customers as to how their data would be used.
“In June last year, the ABC revealed HealthEngine was passing on users’ personal information to law firms seeking clients for personal injury claims” the ABC’s Pat McGrath writes.
“The details of the deal were contained in secret internal Slater and Gordon documents that revealed HealthEngine was sending the firm a daily list of prospective clients as part of a pilot program in 2017.”
ACCC chairman, Rod Sims has released a statement stating that “patients were mislead into thinking their information would stay with HealthEngine but, instead, their information was sold off to insurance brokers.”
The ACCC has not confirmed how much money was earned from the unethical arrangement, but has said that names, phone numbers, dates of birth, email addresses and reportedly details surrounding a user’s health were passed on to insurance brokers.
“HealthEngine had also boasted to advertisers that it could target users based on their symptoms and medical conditions,” according to the ABC.
“We allege that HealthEngine refused to publish negative reviews and altered feedback to remove negative aspects, or to embellish it, before publishing reviews,” the ACCC’s Mr Sims said.
To make their the case in the Federal Court, the ACCC provided one example of feedback originally stating that “the practice is good just disappointed with health engine. I will call the clinic next time instead of booking online,” which was changed to “The practice is good.”
One HealthEngine user wrote a review on Apple’s App store that “within 60 seconds of making a booking with this service, I receive a second email spamming me and suggesting that as I’d entered ‘personal injury’... they could provide me with a lawyer,” they wrote.
According to reports, HealthEngine is facing a fine of up to $1.1-million for each breach of the law, while the ACCC is yet to confirm just how many breaches it will allege against HealthEngine.
Marcus Tan, HealthEngine’s chief executive has released a statement saying the company has made changes to its business model. “These changes were made before HealthEngine was formally advised of any ACCC investigation,” he said.
“HealthEngine is confident that no adverse health outcomes were created and that personal information was not shared with referral partners unless the individual had expressly requested to be contacted.”
HealthEngine faces separate investigations from the Office of the Australian Information Commissioner and the Australian Digital Health Agency.