Modern Australian
Men's Weekly

.

HealthEngine may be in breach of privacy law in sharing patient data

  • Written by Paul Maluga, Sessional Academic, Solicitor, Macquarie University
HealthEngine may be in breach of privacy law in sharing patient data

This week it was reported an online medical appointment service, HealthEngine, was sharing patients’ private information with a firm of solicitors specialising in personal injury claims.

As reported, HealthEngine, which boasts 15 million annual users, requested details of the patent’s symptoms and medical conditions as part of their booking process. It then passed this information to law firm Slater and Gordon at an average rate of 200 patients per month. This was called a “referral partnership pilot” program, and operated between March and August of 2017.

HealthEngine denies sharing this information without patient consent, stating consent was provided by way of a “simple pop up”. Despite the company’s best efforts, HealthEngine continues to face queries regarding their treatment of patient information.

On the face of it, it appears several Australian Privacy Principles may have been breached.

Read more: What should Australian companies be doing right now to protect our privacy

Did patients provide informed consent?

HealthEngine assures visitors to their website the collection of information is done strictly by consent, and it has provided disclosures of the use of collected information.

For instance, in its Privacy Policy, HealthEngine notes information may be disclosed to third parties “but only for the purpose of providing goods and services to [HealthEngine]”.

HealthEngine also notes disclosure may be made to:

other persons notified to you at the time we collect your personal information, who you give consent to, or to whom we are authorised or required by law to make such disclosure.

In their “Collection Notice” - one of three policies to which patients must agree, HealthEngine further states it may disclose personal information to “third party providers who may be of interest to the patient”, including health insurance comparison providers, finance companies for credit for cosmetic or dental procedures, and providers of legal services.

This appears to contradict their Privacy Policy, which is itself bound by the Australian Privacy Principles.

Read more: Questions still need answering in Australia's largest health data breach

The Australian Privacy Principles

The Australian Privacy Principles specify requirements regarding how organisations collect and use patient information. These include how and in what circumstances information is shared with third parties. The principles specify all information collected by HealthEngine must be reasonably necessary for the provision of services.

And they must not collect information unless there is consent, the information is necessary for the function of the organisation, or there’s a “permitted health situation”, which means the information must be necessary to provide services to the patient.

Click-wraps and bundled consent

A type of agreement HealthEngine uses to ensure patients using their services agree to the terms and conditions, called the “click-wrap”, involves the patient clicking through the booking process and thereby agreeing to the terms and conditions, links to which are provided.

So the patient is agreeing to three separate sets of agreements (called the “bundled consent”) — the Terms of Use, the Privacy Policy, and the Collection Notice — in the one action. This also means agreeing to secondary use of patient information and the provision of direct marketing, as found in the Collection Notice.

The privacy principles broadly prohibit direct marketing unless there is informed consent. And they require the patient to be provided with a simple way to opt out of direct marketing. HealthEngine assures patients they’re under “no obligation” to provide their information, though accepting these bundled terms is necessary to complete the booking and there is no option to opt out.

Informed consent requires the individual to be able to have a genuine ability to provide or withhold consent. This means having informed knowledge of the impact of their decision. It’s evident that with contradictory policies, bundled consent, and potentially misleading terms, a patient could not make a truly informed decision of the impact of their choice to use HealthEngine as the provider of this service.

Read more: When data privacy goes missing, will the regulators hear it cry?

Where to from here?

Laws that ought to protect individuals online do exist, but the potential for harm online is neither immediate nor always evident. So, as an immediate recourse to online threats, people need to take greater care with personal information online and ensure they seek recourse when issues arise. This requires being better informed about both the law and and individual’s rights and responsibilities online.

The Australian government also needs to take individual privacy and personal information protection more seriously and crack down on violators.

The establishment of the Office of the eSafety Commissioner was a positive move forward, but effective cuts to funding to the Office of the Australian Information Commissioner has the potential to hinder progress.

Authors: Paul Maluga, Sessional Academic, Solicitor, Macquarie University

Read more http://theconversation.com/healthengine-may-be-in-breach-of-privacy-law-in-sharing-patient-data-98942

The Value of Professional Rubbish Removal Services

From everyday waste to bulky items like furniture and appliances, finding the right way to dispose of rubbish is not always straightforward. This is...

Why Ugly Websites Sometimes Outperform Beautiful Ones

In the digital age, we're constantly told that first impressions matter, and nowhere does this seem more apparent than in web design. However, a cur...

TPD Claims & Super: What Does It All Mean?

Many Australians hear the term "TPD" in relation to their superannuation and feel completely lost. If you're scratching your head, wondering what it...

What Does Breastfeeding Feel Like? A Guide for New Moms

Frequently, numerous new mothers wonder, "What does breastfeeding feel like?" The feeling is different for each individual - a few describe it as a ...

Best Nail Care Routine for Frequent Nail Polish Wearers

For many people, nail polish is more than a beauty statement – it’s part of their everyday routine. Whether you love bold colours, chic neutrals...

Reinventing Research: How E-Libraries Are Changing Education Forever

A New Chapter for Learning For centuries libraries stood as temples of knowledge filled with shelves that smelled of dust and paper. Today the same...

Psychologists Explore Gestalt Vs Schema Therapy for PTSD Treatment

Recent research has revealed that in 2022, 1 in 9 Australians experienced post-traumatic stress disorder (PTSD). For some, this can significantly im...

Beyond Sunscreen: Building a Sun-Smart Culture in Modern Australia

Australia’s sun-soaked lifestyle is a defining part of its national identity. From beaches and sports fields to weekend barbecues and bushwalks, t...

What is Power BI & Why Should Your Business Use It?

In today's data-driven world, businesses are constantly searching for ways to gain a competitive edge. One tool that has emerged as a game-changer i...

From Service to Strength: How Aussie Veterans Are Rebuilding Their Lives with Everyday Support

Life after military service can bring new challenges. From physical limitations to mental health hurdles, many Australian veterans find everyday hou...

The Best Times of Year to Buy a Caravan

If you're shopping for caravans for sale, timing matters almost as much as the layout and features you desire. The calendar shapes price, stock and ...

The Growing Demand for Smart Living Through Home Automation

Technology has reshaped how we communicate, work, and travel—but now, it’s also changing the way we live at home. The rise of home automation i...

Beyond Clicks and Likes: Why Many Small Businesses in Australia Still Aren’t Leveraging Digital Marketing in 2025

Introduction In 2025, online marketing has become the driving force behind business growth for companies of all sizes. Yet, despite its proven effect...

Lighting Shop Perth: Your Comprehensive Guide to Choosing the Right Lighting Solutions

Lighting is a fundamental element in defining the ambiance, functionality, and aesthetic appeal of any space. Whether you are renovating your home, ...

Private Booze Cruisers – The New Must-Have Toy for Cashed Up Millennials

Did you hear that your 30s are the new 20s? We’ve finally rocked up that adult money and now it’s time to play with it. I was going for a walk ...

Grinding & Jaw Soreness: Signs You Might Need Night Guards and How We Protect Enamel

Waking with a tight jaw, tender muscles, or a dull temple headache is more than a bad night’s sleep. Many Australians grind or clench their teeth ...

Circular Interior Design: Furnishing with Salvaged & Reclaimed Materials

Circular interior design is gradually making its way from niche circles into mainstream Australian homes. At its core, this approach revolves around...

Invisible Braces vs Traditional Braces: Which Is Best for Adults?

Straightening teeth as an adult is common in Australia, and the options are better than ever. The two main choices are clear aligners, also called i...