Western Australian start-up HealthEngine removed about 17,000 reviews from its platform and sold sensitive patient data to insurance brokers in a “particularly egregious” case, the competition watchdog has alleged.
HealthEngine is Australia’s self-proclaimed largest online health marketplace and is used by over one million consumers each month. It provides a platform allowing users to book medical appointments along with an online health directory listing more than 70,000 health practices and practitioners.
Up until June last year, users could also view and post reviews about the quality and services of the health practitioners listed on the platform.
The Australian Competition and Consumer Commission (ACCC) has instituted proceedings in the Federal Court against the online health appointment booking platform for “misleading and deceptive conduct relating to the sharing of consumer information with insurance brokers and the publishing of patient reviews and ratings”.
The ACCC has claimed that HealthEngine disregarded about 17,000 reviews submitted on its platform, and altered a further 3,000 between March 2015 and March 2018.
“We allege that HealthEngine refused to publish negative reviews and altered feedback to remove negative aspects, or to embellish it, before publishing the reviews,” ACCC chair Rod Sims said.
“The ACCC considers that the alleged conduct by HealthEngine is particularly egregious because patients would have visited doctors at their time of need based on manipulated reviews that did not accurately reflect the experience of other patients.”
The case will also centre on allegations HealthEngine gave information including names, phone numbers, email addresses and date of birth of over 135,000 patients to private health insurance brokers for a fee “without adequately disclosing to consumers it would do so”.
“We also allege that patients were misled into thinking their information would stay with HealthEngine but, instead, their information was sold off to insurance brokers,” Sims said.
The ACCC is seeking penalties, declarations, corrective notices and an order for HealthEngine to review its compliance program, along with an order from the court requiring the company to contact the impacted consumers and provide information on how they can regain control of their data.
HealthEngine’s manipulation of reviews posted on its platform was first revealed by the Sydney Morning Herald last year, with revelations that more than half of the 50,000 customer reviews of GPs on the website having been changed in some way.
In a statement, HealthEngine chief executive and founder Marcus Tan said the company had “either discontinued or significantly overhauled” the services involved in the court case before the ACCC initiated its investigation.
“HealthEngine recognises that our rapid growth over the years has sometimes outpaced our systems and processes and we sincerely apologise if that has meant we have not always met the high expectations of us,” Tan said.
“HealthEngine is confident that no adverse health outcomes were created and that personal information was not shared with referral parties unless the individual had expressly requested to be contacted.
“We are working hard to rebuild the trust we’ve lost with patients and practices. Our mission to enable better healthcare experiences and outcomes remains at the heart of everything we do.”
The case comes just weeks after the ACCC tabled its much-anticipated report into digital platforms, calling on the Privacy Act to be strengthened, especially for consent and notification requirements.
“The issues of transparency and adequate disclosure when digital platforms collect and use consumer data is one of the top priorities at the ACCC,” Sims said.
“Businesses who are not upfront with how they will use consumer data may risk breaching the Australian Consumer Law and face action from the ACCC. One of our recommendations from the Digital Platforms inquiry is that obtaining consent for different purposes of data collection, use or disclosure must not be bundled.”