Popular medical appointment booking service HealthEngine has drawn flack for reportedly sharing patients' personal information with a third-party law firm. The ABC obtained documents that showed Perth-based HealthEngine was sharing users' medical information with law firm Slater and Gordon on a daily basis "part of a 'referral partnership pilot' between March and August 2017."
HealthEngine is co-owned by Seven West Media and Telstra. As part of its booking service, HealthEngine requires users to provide personal information when they sign up such date of birth, contact details and medication details. However, when booking an appointment, they are also required to include details of any medical conditions such as symptoms, whether they suffered a workplace injury or have been in a traffic accident.
The ABC reports this data was then shared with Slater and Gordon as part of the referral pilot at "an average of 200 clients a month." A total of 40 referrals reportedly became Slater and Gordon clients, earning the law firm about $500,000 of legal fees.
Although HealthEngine stated that consent is opt-in and can choose not to opt for third-party referrals by choosing not to log in with a user account. The service does not allow users to opt-out of having their information shared with third parties.
The ABC further reported that mobile users cannot must agree and opt-in to the terms laid out in order to continue.
HealthEngine CEO and founder Dr. Marcus Tan confirmed that the company does have referral arrangements with multiple industry partners including "government, not for profit, medical research, private health insurance and other health service providers on a strictly opt-in basis." It also stated that these referrals do no occur without users' express consent.
HealthEngine confirmed it provided referrals to law firms "under previous arrangements", but only with users' "express consent".
Tan added the referral services are "constantly under review" and are "provided as a value-add to our users who opt-in to the service, in order to help them access services they request at relevant stages of their health journey."
Slater and Gordon told 9 News that it "acted and continues to act in accordance with all its legal and ethical obligations regarding its marketing activities."
The news comes just weeks after Fairfax reported that 53% of the 47,900 "positive" patient reviews received had been deliberately edited by the company. In some instances, the reviews had been edited to the extent that they no longer reflected the patient's original opinion.
"Negative feedback is not published but rather passed on confidentially and directly to the clinic completely unmoderated to help health practices improve moving forward," HealthEngine said in a statement at the time. "We email all patients about their reviews being published and alert them to having possibly been moderated according to our guidelines.
"User trust is paramount to us at HealthEngine and we are conducting an internal and external review of the HealthEngine Practice Recognition System to ensure clarity, compliance, and best practice regarding the way in which we review and publish patient comments."
HealthEngine has since apologized for the issue and removed the reviews.