Modern Australian
Men's Weekly

.

HealthEngine may be in breach of privacy law in sharing patient data

  • Written by Paul Maluga, Sessional Academic, Solicitor, Macquarie University
HealthEngine may be in breach of privacy law in sharing patient data

This week it was reported an online medical appointment service, HealthEngine, was sharing patients’ private information with a firm of solicitors specialising in personal injury claims.

As reported, HealthEngine, which boasts 15 million annual users, requested details of the patent’s symptoms and medical conditions as part of their booking process. It then passed this information to law firm Slater and Gordon at an average rate of 200 patients per month. This was called a “referral partnership pilot” program, and operated between March and August of 2017.

HealthEngine denies sharing this information without patient consent, stating consent was provided by way of a “simple pop up”. Despite the company’s best efforts, HealthEngine continues to face queries regarding their treatment of patient information.

On the face of it, it appears several Australian Privacy Principles may have been breached.

Read more: What should Australian companies be doing right now to protect our privacy

Did patients provide informed consent?

HealthEngine assures visitors to their website the collection of information is done strictly by consent, and it has provided disclosures of the use of collected information.

For instance, in its Privacy Policy, HealthEngine notes information may be disclosed to third parties “but only for the purpose of providing goods and services to [HealthEngine]”.

HealthEngine also notes disclosure may be made to:

other persons notified to you at the time we collect your personal information, who you give consent to, or to whom we are authorised or required by law to make such disclosure.

In their “Collection Notice” - one of three policies to which patients must agree, HealthEngine further states it may disclose personal information to “third party providers who may be of interest to the patient”, including health insurance comparison providers, finance companies for credit for cosmetic or dental procedures, and providers of legal services.

This appears to contradict their Privacy Policy, which is itself bound by the Australian Privacy Principles.

Read more: Questions still need answering in Australia's largest health data breach

The Australian Privacy Principles

The Australian Privacy Principles specify requirements regarding how organisations collect and use patient information. These include how and in what circumstances information is shared with third parties. The principles specify all information collected by HealthEngine must be reasonably necessary for the provision of services.

And they must not collect information unless there is consent, the information is necessary for the function of the organisation, or there’s a “permitted health situation”, which means the information must be necessary to provide services to the patient.

Click-wraps and bundled consent

A type of agreement HealthEngine uses to ensure patients using their services agree to the terms and conditions, called the “click-wrap”, involves the patient clicking through the booking process and thereby agreeing to the terms and conditions, links to which are provided.

So the patient is agreeing to three separate sets of agreements (called the “bundled consent”) — the Terms of Use, the Privacy Policy, and the Collection Notice — in the one action. This also means agreeing to secondary use of patient information and the provision of direct marketing, as found in the Collection Notice.

The privacy principles broadly prohibit direct marketing unless there is informed consent. And they require the patient to be provided with a simple way to opt out of direct marketing. HealthEngine assures patients they’re under “no obligation” to provide their information, though accepting these bundled terms is necessary to complete the booking and there is no option to opt out.

Informed consent requires the individual to be able to have a genuine ability to provide or withhold consent. This means having informed knowledge of the impact of their decision. It’s evident that with contradictory policies, bundled consent, and potentially misleading terms, a patient could not make a truly informed decision of the impact of their choice to use HealthEngine as the provider of this service.

Read more: When data privacy goes missing, will the regulators hear it cry?

Where to from here?

Laws that ought to protect individuals online do exist, but the potential for harm online is neither immediate nor always evident. So, as an immediate recourse to online threats, people need to take greater care with personal information online and ensure they seek recourse when issues arise. This requires being better informed about both the law and and individual’s rights and responsibilities online.

The Australian government also needs to take individual privacy and personal information protection more seriously and crack down on violators.

The establishment of the Office of the eSafety Commissioner was a positive move forward, but effective cuts to funding to the Office of the Australian Information Commissioner has the potential to hinder progress.

Authors: Paul Maluga, Sessional Academic, Solicitor, Macquarie University

Read more http://theconversation.com/healthengine-may-be-in-breach-of-privacy-law-in-sharing-patient-data-98942

How To Keep Vase Flowers Fresh Through Australia’s Coldest Months

Winter flowers develop slowly, which gives them stronger structure and longer vase life Heat from indoor environments is the biggest threat to th...

Artificial Intelligence is Powering the Growth of Australian Telehealth Services

Many Australians have traditionally experienced difficulties in accessing timely and quality healthcare, especially those who live in rural or remot...

Powering Shepparton’s Businesses: Expert Commercial Electrical Services You Can Count On

When it comes to running a successful business, having reliable, compliant, and efficient electrical systems is non-negotiable. From small retail ou...

Maximise Efficiency: Cleaner Solar Panels for Optimal Performance

Solar panels are a smart investment in energy efficiency, sustainability, and long-term savings—especially here in Cairns, where the tropical sun ...

7 Common Air Conditioner Issues in Melbourne – And How to Fix Them

Image by freepik Living in Melbourne, we all know how unpredictable the weather can be. One moment it’s cold and windy, the next it’s a scorchin...

Powering Palm QLD with Reliable Electrical Solutions

Image by pvproductions on Freepik When it comes to finding a trustworthy electrician Palm QLD locals can count on, the team at East Coast Sparkies s...

The Smart Way to Grow Online: SEO Management Sydney Businesses Can Rely On

If you’re a Sydney-based business owner, you already know the digital space is crowded. But with the right strategy, you don’t need to shout the...

What Your Car Says About You: The Personality Behind the Vehicle

You can tell a lot about someone by the car they drive—or at least, that’s what people think. True Blue Mobile Mechanics reckon the car says a l...

The Confidence Curve: Why Boudoir Photography Is the Empowerment Trend You Didn’t Know You Needed

Boudoir photography has been quietly taking over social feeds, Pinterest boards, and personal milestones—and for good reason. It’s not just abou...

Understanding Level 2 Electricians: Why Sydney Residents Need Licenced Experts for Complex Electrical Work

When it comes to electrical work around the home or business, not all electricians are created equal. In Sydney, particularly when you're dealing wi...

Retirement Anchored in Model Boat Building for Waterford’s Doug Unsold

WATERFORD — When Doug Unsold sees his ship come in, it’s usually one he’s crafted with his own hands. The 67-year-old retiree from Waterford ...

The Science Behind Alarm Clocks and Your Circadian Rhythm

Waking up on time isn’t just about setting an alarm—it’s about working with your body, not against it. At the heart of every restful night and...

How to Use Plants to Create a Calming Atmosphere in Your Home

In today’s fast-paced world, cultivating a calm, soothing environment at home has never been more important. Whether you live in a busy urban apar...

How Maths Tutoring Can Help Students Master Maths

Mathematics can be a daunting subject for many students, often causing stress and frustration. However, maths tutoring has proven to be an effective...

Refurbished iPads Are Better Than New Ones (Here's Why)

Image by rawpixel.com on Freepik Apple's refurbished iPad program has quietly become one of the best deals in tech. While everyone obsesses over the ...

Your Guide to Finding the Right GP: What Perth City Doctors Offer Today

Choosing a General Practitioner (GP) is one of the most important health decisions you’ll make. Luckily, Perth’s vibrant CBD now hosts a new ge...

Why Every Mining Operation Needs a Robust Safety Management System

Mining is one of the backbones of the Australian economy, particularly in Western Australia. Back in 2019-20, mining contributed 10.4% of Australia...

Australian Classic Literature Enjoys Resurgence

Welcome back to the good old days of storytelling! As the modern world becomes increasingly more demanding, returning to childhood favourites offers...