Modern Australian
Men's Weekly

.

HealthEngine may be in breach of privacy law in sharing patient data

  • Written by Paul Maluga, Sessional Academic, Solicitor, Macquarie University
HealthEngine may be in breach of privacy law in sharing patient data

This week it was reported an online medical appointment service, HealthEngine, was sharing patients’ private information with a firm of solicitors specialising in personal injury claims.

As reported, HealthEngine, which boasts 15 million annual users, requested details of the patent’s symptoms and medical conditions as part of their booking process. It then passed this information to law firm Slater and Gordon at an average rate of 200 patients per month. This was called a “referral partnership pilot” program, and operated between March and August of 2017.

HealthEngine denies sharing this information without patient consent, stating consent was provided by way of a “simple pop up”. Despite the company’s best efforts, HealthEngine continues to face queries regarding their treatment of patient information.

On the face of it, it appears several Australian Privacy Principles may have been breached.

Read more: What should Australian companies be doing right now to protect our privacy

Did patients provide informed consent?

HealthEngine assures visitors to their website the collection of information is done strictly by consent, and it has provided disclosures of the use of collected information.

For instance, in its Privacy Policy, HealthEngine notes information may be disclosed to third parties “but only for the purpose of providing goods and services to [HealthEngine]”.

HealthEngine also notes disclosure may be made to:

other persons notified to you at the time we collect your personal information, who you give consent to, or to whom we are authorised or required by law to make such disclosure.

In their “Collection Notice” - one of three policies to which patients must agree, HealthEngine further states it may disclose personal information to “third party providers who may be of interest to the patient”, including health insurance comparison providers, finance companies for credit for cosmetic or dental procedures, and providers of legal services.

This appears to contradict their Privacy Policy, which is itself bound by the Australian Privacy Principles.

Read more: Questions still need answering in Australia's largest health data breach

The Australian Privacy Principles

The Australian Privacy Principles specify requirements regarding how organisations collect and use patient information. These include how and in what circumstances information is shared with third parties. The principles specify all information collected by HealthEngine must be reasonably necessary for the provision of services.

And they must not collect information unless there is consent, the information is necessary for the function of the organisation, or there’s a “permitted health situation”, which means the information must be necessary to provide services to the patient.

Click-wraps and bundled consent

A type of agreement HealthEngine uses to ensure patients using their services agree to the terms and conditions, called the “click-wrap”, involves the patient clicking through the booking process and thereby agreeing to the terms and conditions, links to which are provided.

So the patient is agreeing to three separate sets of agreements (called the “bundled consent”) — the Terms of Use, the Privacy Policy, and the Collection Notice — in the one action. This also means agreeing to secondary use of patient information and the provision of direct marketing, as found in the Collection Notice.

The privacy principles broadly prohibit direct marketing unless there is informed consent. And they require the patient to be provided with a simple way to opt out of direct marketing. HealthEngine assures patients they’re under “no obligation” to provide their information, though accepting these bundled terms is necessary to complete the booking and there is no option to opt out.

Informed consent requires the individual to be able to have a genuine ability to provide or withhold consent. This means having informed knowledge of the impact of their decision. It’s evident that with contradictory policies, bundled consent, and potentially misleading terms, a patient could not make a truly informed decision of the impact of their choice to use HealthEngine as the provider of this service.

Read more: When data privacy goes missing, will the regulators hear it cry?

Where to from here?

Laws that ought to protect individuals online do exist, but the potential for harm online is neither immediate nor always evident. So, as an immediate recourse to online threats, people need to take greater care with personal information online and ensure they seek recourse when issues arise. This requires being better informed about both the law and and individual’s rights and responsibilities online.

The Australian government also needs to take individual privacy and personal information protection more seriously and crack down on violators.

The establishment of the Office of the eSafety Commissioner was a positive move forward, but effective cuts to funding to the Office of the Australian Information Commissioner has the potential to hinder progress.

Authors: Paul Maluga, Sessional Academic, Solicitor, Macquarie University

Read more http://theconversation.com/healthengine-may-be-in-breach-of-privacy-law-in-sharing-patient-data-98942

Refurbished iPads Are Better Than New Ones (Here's Why)

Image by rawpixel.com on Freepik Apple's refurbished iPad program has quietly become one of the best deals in tech. While everyone obsesses over the ...

Your Guide to Finding the Right GP: What Perth City Doctors Offer Today

Choosing a General Practitioner (GP) is one of the most important health decisions you’ll make. Luckily, Perth’s vibrant CBD now hosts a new ge...

Why Every Mining Operation Needs a Robust Safety Management System

Mining is one of the backbones of the Australian economy, particularly in Western Australia. Back in 2019-20, mining contributed 10.4% of Australia...

Australian Classic Literature Enjoys Resurgence

Welcome back to the good old days of storytelling! As the modern world becomes increasingly more demanding, returning to childhood favourites offers...

How to Choose the Right Lawyers in Sydney for Your Situation

When faced with a legal issue, selecting the right legal representation can make all the difference. Whether you're dealing with a personal injury, ...

Building a Governance Model for Headless Content Management at Scale

Image by pch.vector on Freepik There's never been a better time to implement a headless content management system (CMS) to gain the flexibility and ...

Understanding Trade Insurance: Essential Protection for Businesses

Image by Drazen Zigic on Freepik In the current economic environment, trade insurance is an important element for companies trading both locally an...

Choosing the Right Timber for External Cladding

Timber cladding is one of those finishes that pulls double duty: it makes a building look warm and welcoming, and it quietly shields the frame from ...

Top Services Offered by Diesel Mechanics in Brisbane

Keeping a diesel vehicle running at its best takes more than the occasional oil change. When you invest in regular specialist care, you protect the ...

Top 5 Benefits of Hiring Professional House Removalists

Moving day should feel like the start of a new adventure, not the end of your patience. Yet once the settlement papers are signed and the champagne ...

Navigating the Digital Landscape: Managed IT Solutions and IT Services in Townsville

As technology advances at an unprecedented pace, companies must adapt to embrace the transformation ahead. With an evolving technology landscape, mana...

Types of Catering You Should Consider for Your Next Event

Choosing the right type of catering service can elevate your event from ordinary to unforgettable. Whether it’s an elegant wedding, corporate func...

Understanding the Benefits of Split System Installation for Your Home

Climate control is essential to maintaining comfort in your home, especially during the extreme temperatures that many regions face. Whether you’r...

Best Aluminium Window Sliding Designs for Natural Light and Airflow

Bringing natural light and airflow into a space is one of the most efficient ways to create a healthy and comfortable home. In Sydney and across Aus...

Maximising Operational Efficiency: Electric Winch Hire Australia and Hydraulic Power Pack Hire Solutions

Image by jcomp on Freepik From urban construction sites and remote mining operations to coastal maritime facilities, specialised equipment solutio...

Navigating the System: Your Guide to Support Finding Work with a Disability Around Melbourne

Image by freepik Finding the right job can be a challenge for anyone, but it can feel particularly daunting when you're also navigating life with a ...

Say Goodbye to Draughts and Hello to Savings: Your Guide to Perth Window Replacement

Image by prostooleh on Freepik Are your windows looking worse for wear? Are you paying a hefty power bill due to sneaky draughts and poor insulation...

How to Choose the Right Horse Trailer for Your Riding Needs

Many horse owners travel long distances for riding lessons, competitions, or to move horses between properties. Having a safe and reliable trailer i...