Australia’s consumer watchdog is suing the country’s largest health services booking platform, HealthEngine, alleging it secretly sold the data of 135,000 patients to insurance brokers and doctored patients’ reviews to improve the appearance of practices.
HealthEngine has blamed the practice on rapid growth that creating outdated processes and systems which have since been “either discontinued or significantly overhauled”. It argues it had patients’ permission to share data with partners.
The online health platform, which has received millions in funding and is part owned by Telstra and SevenWest Media, is used by over one million patients each month. Similar to other platform models, users do not pay to use the service. Instead health practices pay HealthEngine to to facilitate bookings, including fees for new patients booked through the platform.
The ACCC this week began Federal Court proceedings claiming Health Engine manipulated tens of thousands of patient reviews over a three year period, by embellishing positive reviews and editing or refusing to publish negative ones.
The reviews HealthEngine chose not to publish or heavily edit included negative feedback but also warnings from patients about hidden fees, poor accessibility, and frequent delays, according to ACCC court documents.
In one instance, a patient said, “The practice is good just disappointed with health engine. I will call the clinic next time instead of booking online.” HealthEngine edited the review, publishing only: “The practice is good.”
In others, HealthEngine omitted the majority of reviews, publishing only single sentences of positive prior experiences, which were only provided by patients as context for how bad the provider had become.
“The ACCC considers that the alleged conduct by HealthEngine is particularly egregious because patients would have visited doctors at their time of need based on manipulated reviews that did not accurately reflect the experience of other patients,” ACCC Chair Rod Sims said.
In a statement, HealthEngine said the services in question were overhauled a year ago.
“HealthEngine recognises that our rapid growth over the years has sometimes outpaced our systems and processes and we sincerely apologise if that has meant we have not always met the high expectations of us.”
Between 2014 and 2018, the company also provided patient’s personal information to at least nine private health insurance brokers in return for a fee without adequate disclosing to patients that this would occur, according to the ACCC.
Court documents say the information included “the patient’s name, phone number, email address, date or year of birth, appointment time, type of health care practice the patient had made a booking with (e.g. GP, chiropractic or dentistry), and/or whether or not the patient had private health insurance (and if so, the provider).”
HealthEngine collected this information each time a patient booked an appointment, including a question on if a patient had private insurance and, regardless of the answer, if they wished to receive information on private health insurance comparison and assessment services.
If patients answered yes HealthEngine sent their personal information to insurance brokers in exchange for a fee, but the company was not clear about the fee or who would be providing the services, according to the ACCC.
“HealthEngine used language in this question that indicated HealthEngine would provide the Health Insurance-Related Services (when it did not) and did not adequately disclose that if the patient answered ‘yes’, their personal information would be sent to one of the insurance brokers, or that HealthEngine would receive a payment for doing so,” public court documents say.
The ACCC says HealthEngine sold data like this for around 135,000 patients. It is unclear how much money this generated as that information is redacted in the court documents.
“We also allege that patients were misled into thinking their information would stay with HealthEngine but, instead, their information was sold off to insurance brokers,” Sims said.
“Issues of transparency and adequate disclosure when digital platforms collect and use consumer data is one of the top priorities at the ACCC.
“Businesses who are not upfront with how they will use consumer data may risk breaching the Australian Consumer Law and face action from the ACCC.”
A HealthEngine statement says the company is “confident that no adverse health outcomes were created and that personal information was not shared with referral partners unless the individual had expressly requested to be contacted”.
HealthEngine is facing a fine of $1.1 million for each breach of the law, but it remains unclear how many breaches the ACCC will allege.