CNET también está disponible en español.

Ir a español

Don't show this again

Security

GP booking service HealthEngine accused of sharing patient data with law firm

HealthEngine allegedly funnelled patient information to law firm Slater and Gordon as part of a pilot referral program.

healthy

HealthEngine

HealthEngine, Australia's largest online GP booking service, has come under fire from the ABC after it was revealed that patient data had been handed to a third-party law firm.

On Monday, The ABC claimed to have obtained documents that demonstrate the service was passing user's medical information on to law firm Slater and Gordon daily "as part of a "referral partnership pilot" between March and August 2017.

HealthEngine, which is co-owned by Seven West Media and Telstra, collects an abundance of personal information used in booking a doctor's or specialist appointment when users sign up, including date of birth, contact details and medication information. When booking, users are also asked to include symptoms and any relevant information regarding workplace injury or accidents.

The ABC suggests this information was then funnelled to Slater and Gordon as part of the referral pilot, with "an average of 200 clients a month" being handed to the firm. A spokesperson for Slater and Gordon told CNET that it had "acted and continues to act in accordance with all its legal and ethical obligations regarding its marketing activities" but "are not prepared to disclose or discuss the commercial relationships we have with other parties and provide confidential and commercially sensitive information."

HealthEngine CEO and founder, Dr. Marcus Tan, confirmed in a post to the website that "HealthEngine provided referrals to law firms" under a previous referral arrangement "but only with the express consent of the user."

That consent comes in the form of accepting the service's terms and conditions, which include a "collection notice" detailing the information that HealthEngine may collect and provide to third parties.

The collection notice reads as follows:

"HealthEngine may disclose your personal information, for secondary purposes, to third party service providers who support our business activities. If you consent, we may also provide your personal information to providers of other products and services which may be of interest to you, such as private health insurance comparison services, providers of finance credit for cosmetic and dental procedures, and providers of legal services."

Dr. Tan formally responded to the claims earlier Monday, stating "consent to these referrals is not hidden in our policies but obtained through a simple pop-up form at the time of booking or provided verbally to a HealthEngine consultant." He also clarified that HealthEngine no longer has "referral arrangements in place with marketing agencies or law firms."

According to the post, consent is entirely opt-in. Users are still able to use the service if they do not wish to opt-in to third-party referrals by choosing not to log in with a user account.  

However, the ABC note that when using the mobile app, users cannot opt-out and must agree to the terms laid out in the collection notice if they wish to continue.

HealthEngine declined a request for further comment.

It has been a horror month for HealthEngine, with Fairfax revealing on June 8 that the service had deliberately edited over half of the patient reviews received. In some cases, reviews were doctored to such an extent that they no longer reflected the patient's opinion.

First published Jun. 25 4:48 p.m. AEST

Update, Jun. 26 at 8:08 a.m. AEST: Added comment from HealthEngine and Slater and Gordon

Fight the Power: Take a look at who's transforming the way we think about energy. 

Logging Out: Welcome to the crossroads of online life and the afterlife.