Jun 242018
 June 24, 2018  Posted by  Breaches, Business, Featured News, Healthcare, Non-U.S.

Pat McGrath reports:

Australia’s biggest online doctor’s appointment booking service, HealthEngine, has funnelled hundreds of users’ private medical information to law firms seeking clients for personal injury claims.

Key points:

  • HealthEngine has boasted to advertisers it can tailor advertising to patients’ symptoms
  • The Australian startup says it only shares information with users’ consent
  • But if a patient wants to use the app, there is no opportunity to opt-out of the fine print about giving information to third parties

The Perth-based startup, which is part-owned by Telstra and SevenWest Media and boasts 1.5 million monthly and 15 million annual users, has also been touting access to patients’ medical conditions and symptoms for targeted advertising campaigns.

The ABC has obtained secret documents from plaintiff law giant Slater and Gordon that reveal HealthEngine was passing on a daily list of prospective clients to the firm, based on their personal medical information, as part of a “referral partnership pilot” last year.

Read more on ABC.

h/t, @NZprivacy

UPDATE:  HealthEngine has responded to the ABC story. I am going to include their entire statement (h/t, @Asher_Wolf):

HealthEngine is Australia’s largest online health marketplace and we put thousands of patients in contact with health professionals across Australia every day.

We respect the privacy of our users and appreciate the trust they place in us.

I would like to reassure users that HealthEngine does not provide any personal information to third parties without the express consent of the affected user or in those circumstances described in our privacy policy.

We do have referral arrangements in place with a range of industry partners including government, not for profit, medical research, private health insurance and other health service providers on a strictly opt-in basis.

These referrals do not occur without the express consent of the user.

Contrary to the ABC report’s suggestion, consent to these referrals is not hidden in our policies but obtained through a simple pop-up form at the time of booking (see below) or provided verbally to a HealthEngine consultant. Consent to these referrals is entirely voluntary and opt-in, and we do not provide any personal information for the purposes of a referral without this consent.

These referral services are provided as a value-add to our users who opt-in to the service, in order to help them access services they request at relevant stages of their health journey.

Users are able to continue to use our booking services even if they do not provide their express consent to being contacted by a referral partner through the pop-up form.

HealthEngine has no referral arrangements in place with marketing agencies or law firms.

Under previous arrangements, HealthEngine provided referrals to law firms but only with the express consent of the user. Our referral partnerships remain constantly under review to ensure patient feedback is taken on board and patients are getting access to the services they request.

I want to make it clear that HealthEngine is unable to access patient data held by My Health Record or the Australian Digital Health Agency.

Media contact:
[email protected]


Dr. Marcus Tan
Founder, CEO & Medical Director

Sorry, the comment form is closed at this time.