News

Multi-Million-Dollar Fine for Medical Booking App After Selling Patient Data

Giulio Saggin
Giulio Saggin
Tuesday, 28 November 2023

A multi-million dollar fine is on the cards for Australia's biggest medical appointment booking app, HealthEngine, after it was found to be selling patient data to insurance brokers.

The Australian Competition and Consumer Commission (ACCC) has launched legal action against HealthEngine in the Federal Court, accusing it of misleading and deceptive conduct.

The ACCC is accusing the company of forwarding the data - including names, phone numbers, dates of birth and email addresses - of around 135,000 patients to insurance brokers for payment. Just how much money the company earned from these dealings has not been disclosed.

"Patients were misled into thinking their information would stay with HealthEngine but, instead, (it) was sold off," the ACCC said in a statement.

The ACCC also claims that between March 31, 2015, and March 1, 2018, HealthEngine "manipulated the patient reviews it published, and misrepresented to consumers why HealthEngine did not publish a rating for some health practices. (It) disregarded around 17,000 reviews, and altered around 3,000 in the relevant time period."

The ACCC alleges that one patient submitted the review:

"The practice is good just disappointed with health engine. I will call the clinic next time instead of booking online."

But when it appeared, it was allegedly changed to:

"The practice is good."

Each breach brings with it a AU$1.1 million fine and the ACCC is yet to decide how many breaches it will pursue. The total fine, which may reach into the many millions, will prove a financial burden for HealthEngine after it posted a $13 million dollar loss for the 2017-18 financial year.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203