HealthEngine fined for sharing patient data without consent and skewing its reviews
HealthEngine Pty Ltd has been ordered by the Federal Court to pay AU$2.9 million in penalties, following allegations it shared patient information and skewed its reviews.
The Federal Court found the Perth-based company engaged in misleading conduct in relation to the sharing of patient personal information to private health insurance brokers and published misleading patient reviews and ratings.
HealthEngine provides a booking system for patients and an online health care directory that lists over 70,000 health practices and practitioners in Australia. The directory allows patients to search for and book appointments with health practitioners.
The company that describes itself as Australia’s largest online health marketplace admitted that, between 30 April 2014 and 30 June 2018, it gave non-clinical personal information such as names, dates of birth, phone numbers, and email addresses of over 135,000 patients to third party private health insurance brokers without adequately disclosing this to consumers.
Such arrangements with private health insurance brokers saw HealthEngine pocket over AU$1.8 million.
In addition to the near AU$3 million fine, HealthEngine was also ordered to contact affected consumers and provide details of how they could “regain control of their personal information”.
“These penalties and other orders should serve as an important reminder to all businesses that if they are not upfront with how they will use consumers’ data, they risk breaching the Australian Consumer Law,” Australian Competition and Consumer Commission (ACCC) chair Rod Sims said on Thursday
“The ACCC is very concerned about the potential for consumer harm from the use or misuse of consumer data.”
The ACCC began investigating HealthEngine in July 2018 and launched legal proceedings in August 2019, alleging the company was sharing consumer information with insurance brokers.
In June 2018, it was reported that HealthEngine shared personal information with law firm Slater and Gordon, who was seeking clients for personal injury claims. It is believed the “referral partnership pilot” saw the startup give the law firm details of 200 clients a month, on average, between March and August 2017.
According to the ABC, 40 HealthEngine users became Slater and Gordon clients.
The reports of the ill use of customer data followed claims that HealthEngine was skewing its own reviews.
In mid-2018, it was reported that 53% of the 47,900 “positive” patient reviews on HealthEngine had been edited in some way, with many flipped to appear as positive customer feedback.
“Negative feedback is not published but rather passed on confidentially and directly to the clinic completely unmoderated to help health practices improve moving forward,” HealthEngine CEO and founder Dr Marcus Tan said in a statement the company issued at the time.
“We email all patients about their reviews being published and alert them to having possibly been moderated according to our guidelines.”
The ACCC on Thursday said HealthEngine admitted that between 31 March 2015 and 1 March 2018, it did not publish around 17,000 reviews and edited around 3,000 reviews to remove negative aspects, or to embellish them.
HealthEngine also admitted that it misrepresented to consumers the reasons why it did not publish a rating for some health or medical practices.
“The ACCC was particularly concerned about HealthEngine’s misleading conduct in connection with reviews it published, because patients may have visited medical practices based on manipulated reviews that did not accurately reflect other patients’ experiences,” Sims said.
The review feature was pulled in June 2018.
HealthEngine admitted liability and made joint submissions with the ACCC to the Federal Court. The company will also pay a contribution to the ACCC’s legal costs, the watchdog said.