CMO

HealthEngine apologies after being fined $2.9m for sharing consumer data

Health appointment booking provider admits errors were made as it's fined for breaching Australian Consumer Law and for sharing data of 135,000 customers

HealthEngine has apologised to consumers for the conditions surrounding it disclosing personal data after being fined $2.9 million for misleading reviews and patient referrals by the Australian Federal Court.

The health appointment booking engine was taken to court by the Australian Competition and Consumer Commission (ACCC) for breaches of Australian Consumer Law after providing the non-clinical personal details of more than 135,000 patients to third-party health insurance brokers. The misleading conduct allegations related to two historical services – the Practice Recognition System and private health insurance comparison services – and took place between 2014 and 2018.

As a result of these actions, HealthEngine earned more than $1.8 million from such brokers during the period. HealthEngine provides a booking system for patients and an online health care directory that lists more than 70,000 health practices and practitioners in Australia. Up until June 2018, consumers could also access reviews from patients about the quality and services of health practitioners, which the provider has been found to have manipulated.

In Federal Court proceedings, HealthEngine was ordered to pay $2.9 million as a financial penalty, notify affected consumers and commission an annual, independent review of its Australian Consumer Law compliance program for the next three years. 

In a statement, HealthEngine welcomed conclusion of legal proceedings, apologising for the lack of clarity around how personal information would be used around health insurance comparisons.

“We did not make it sufficiently clear on the booking form that a third party, not HealthEngine, would be contacting them regarding the comparison and that we would be passing on consumer details for that to occur. This was an error and HealthEngine apologises for it,” the statement read. It noted the services had subsequently been discontinued or overhauled two years ago.

“HealthEngine is confident that no adverse health outcomes were created by these issues and no clinical data was shared with any private health insurance comparison service.”

HealthEngine co-founder and CEO, Marcus Tan, stressed the business had never sold user databases to third parties. But he acknowledged a lack of clarity around how information was to be used by third parties.

“When the ACCC commenced proceedings against HealthEngine nearly a year ago, we acknowledged that our rapid early growth had sometimes outpaced our systems and processes and we sincerely apologised that we had not always met the high expectations of the community and our customers. That apology still stands,” he stated.

“Good intentions do not excuse poor execution and this process has given us a greater understanding of our operational shortcomings, which we’ve addressed.”

Tan said the only time HealthEngine provided clinical information to third parties is to a consumer’s nominated healthcare provider to deliver the healthcare services requested by that consumer. 

“We made mistakes at the time with respect to two services we offered – the Practice Recognition System and private health insurance comparison services – and we apologise for those mistakes,” he continued.

“We want to thank our users and practice customers for their ongoing support and continued use of our services.”

In joint submissions, HealthEngine stated the ACCC acknowledged contraventions did not relate to medical or clinical matters. Both parties also noted HealthEngine co-operated with the ACCC throughout the investigation.

“These penalties and other orders should serve as an important reminder to all businesses that if they are not upfront with how they will use consumers’ data, they risk breaching the Australian Consumer Law,” ACCC chair, Rod Sims, said. “The ACCC is very concerned about the potential for consumer harm from the use or misuse of consumer data.”

HealthEngine also admitted that between 31 March 2015 and 1 March 2018, it did not publish about 17,000 reviews and edited about 3000 reviews to remove negative aspects, or to embellish them. HealthEngine also admitted it misrepresented to consumers the reasons why it did not publish a rating for some health or medical practices.

“The ACCC was particularly concerned about HealthEngine’s misleading conduct in connection with reviews it published, because patients may have visited medical practices based on manipulated reviews that did not accurately reflect other patients’ experiences,” Sims said.

Follow CMO on Twitter: @CMOAustralia, take part in the CMO conversation on LinkedIn: CMO ANZ, follow our regular updates via CMO Australia's Linkedin company page, or join us on Facebook: https://www.facebook.com/CMOAustralia