ACCC takes HealthEngine to court over misusing patient data

HealthEngine allegedly sold patient data to insurance brokers and manipulated reviews of health practices.

The Australian Competition and Consumer Commission (ACCC) has commenced court proceedings at Federal Court against online health booking platform HealthEngine for sharing patient data with insurance brokers, and manipulating patient reviews and ratings.

The consumer watchdog claimed that from 30 April 2014 to 30 June 2018, HealthEngine, which describes itself as Australia's largest online health marketplace, sold information of over 135,000 patients -- including names, phone numbers, email addresses, and data of birth -- to private health insurance brokers, without informing patients about it. 

"Patients were misled into thinking their information would stay with HealthEngine but, instead, their information was sold off to insurance brokers," ACCC chairman Rod Sims said. 

Read: How a companion robot can help children with chronic illness (TechRepublic)

ACCC also alleges that between 31 March 2015 to 1 March 2018 HealthEngine, which is funded by Telstra and Seven West Media, did not publish negative reviews, or altered them, and removed any negative aspects before publishing.

For instance, if less than 80% of patients answered "yes" to the rating questions for a health practice, HealthEngine allegedly did not publish the results and instead published that there was no rating for that health practice, according to a notice document the ACCC filed to the Federal Court. 

"We will argue that HealthEngine disregarded around 17,000 reviews, and altered around 3,000 in the relevant time period," Sims said. 

"The ACCC considers that the alleged conduct by HealthEngine is particularly egregious because patients would have visited doctors at their time of need based on manipulated reviews that did not accurately reflect the experience of other patients."

As part of court proceedings, the ACCC is seeking for the Federal Court to issue penalties, declarations, corrective notices, and an order for HealthEngine to review its compliance program. 

The ACCC said it also wants the court to order HealthEngine to contact affected users and provide details of how they can regain control of their personal information.

In response to the court proceedings, HealthEngine CEO and founder Marcus Tan has apologised, blaming the company's growth for a lack of oversight. 

"We sincerely apologise if that has meant we have not always met the high expectations of us," he said. 

"HealthEngine is confident that no adverse health outcomes were created and that personal information was not shared with referral partners unless the individual had expressly requested to be contacted.

"We are working hard to rebuild the trust we've lost with patients and practices. Our mission to enable better healthcare experiences and outcomes remains at the heart of everything we do."

This is not the first time that HealthEngine has been under fire for sharing user medical information. Last year, the healthcare appointment booking engine reportedly shared patient data with law firms that used the information for targeting advertising. 

UpGuard has just uncovered an exposed database belonging to Australia-based company Neoclinical containing information on over 37,000 Australia and New Zealand active clinical trial participants. 

The database included collections for different entity types involved in connecting users to clinical trials, such as the accounts of organisations running the trials and information on the "users" themselves seeking entry to those trials.

Updated 12.35pm AEST, 8 August 2019: Included statement from HealthEngine.

Related Coverage

Fitbit cuts Q3, 2019 outlook based on weak Versa Lite demand

Fitbit had some positives in the second quarter, but demand for Versa Lite, a budget smartwatch, wasn't one of them.

Sure, Apple Watch saved my life. But it could do so much more

I should be extremely grateful for this technology -- and I am. But I know these devices have more potential.

Amazon Alexa given new NHS health advice role: But what about patient privacy?

The NHS says the move will help patients and ease the burden on doctors - but campaigners label it "a data protection disaster waiting to happen".

Half marathon training with the Polar Vantage V: Detailed plans, reports, and coaching lead to solid results

Several months ago I started training for my half marathon with a Polar Vantage V and Polar training plan. The plan guided me to a successful race, although conditions outside of Polar's control prevented me from achieving a PR.

Destination cloud: How healthcare organizations are future-proofing strategy and operations

Healthcare digital business leaders are rising to these technology challenges amid cybersecurity threats we've never seen in healthcare.