HealthEngine, an organisation that is promoted as Australia’s largest medical booking website, is being accused of deceptive conduct by “doctoring” thousands of patient reviews about GP clinics on its website. 

The ACCC is currently taking legal action against HealthEngine after it emerged last year they were not acting in the best interests of patients. 

I’ve discussed these concerns with HealthEngine before, and now the ACCC is also accusing HealthEngine of selling the personal information of around 135,000 patients to health insurance brokers so they could solicit them for business. Ouch!

Where Did it Go Wrong For HealthEngine?

The HealthEngine platform was designed to make it easy for patients to book an appointment. From all accounts, the early responses to HealthEngine were positive. However, they entered into murky water when they started to allow patients to leave reviews.

In its Statement of Claim the Commission said about 70,000 health practices and practitioners, including specialist and allied health providers, were listed on the HealthEngine online directory.

It has emerged that reviews were being embellished by the company before being posted to make them more positive. The ACCC is accusing HealthEngine of deliberately misleading patients by giving them a “false impression about the quality of health practices that could be accessed” through the website.

Between March 2015 and March 2018, 128,000 patients submitted reviews about their experiences with the practices they had attended. Around 50,000 were “selectively published”, according to the Commission, while others were ditched because they were deemed too negative. 

Below is an example:

The real review:
“I love the practice and have never had a bad experience with any of the doctors but this one made me rip the Fixomull Stretch bandage off my own infected sore, told me to go home and wash it and bandage it again with something different.
She was very uncaring. It wasn’t hurting much before that but it is now! “

What was published:
“I love the practice and have never had a bad experience with any of the doctors.”

The ACCC is taking action against HealthEngine for mis-leading behaviour.

While this review “selection” process is not uncommon, as I’m sure we have all, at some point, questioned the reviews we see listed on all sorts of different websites, the ACCC is claiming HealthEngine’s conduct had the effect of manipulating important health care decisions made by consumers. 

Doctoring of online reviews is not new and there have been previous action taken against companies and businesses attempting to “orchestrate” their online reviews.

Perhaps from a moral standpoint, while we might be able to turn a blind eye to doctoring of hotel reviews (for example), taking advantage of patients in that same way poses more significant risks and impacts.

It failed to disclose important information about the quality of the services other patients had reported experiencing with health practices listed … which meant that consumers may have chosen a healthcare provider they would otherwise not have chosen.”

Selling of Patient Data?!

The Commission has also taken aim at HealthEngine for allegedly misleading patients about the use of their personal information. It claims the company sold personal information of 135,000 patients to nine different health insurance brokers between April 2014 and June 2018.

The personal information disclosed included patient’s names, email addresses, phone numbers, and date of birth.

The outcome of the submission by the ACCC is yet to be determined and remain a “watch this space”.

What Should I Do:

If you are still using HealthEngine for your practice, you may wish to reconsider whether it is the best platform for your patients to be booking their appointments.

Whilst the ACCC is not making claim against any of the medical practices listed on the online directory, I recommend staying clear of any platform or system that has been known to compromise patient data. 

While HealthEngine has made claims that patients knew their data was being on-sold to third party service providers, as we all know, many people don’t take the time to read the fine print. This is in part the basis of the ACCC’s claim, that patients were not adequately made aware of what was happening to their personal information. The ACCC has stated in it’s claim:

“Businesses who are not upfront with how they will use consumer data may risk breaching the Australian Consumer Law and face action from the ACCC.”

As such this is a timely reminder for all to be always vigilant in how and where you use patient data. Having an up to date Privacy Policy on display in your practice or clinic is critical.

Another concern, from a legal perspective, is that once you engage a third party provider to manage your data, you lose control over the data.  Whilst none of the clinics are being blamed for the situation, the uptake of the platform and the resulting fallout from its use, potentially highlights the gap in how data is being stored, used and managed, what patients rights are and the law.

As I’ve mentioned before businesses need to be incredibly vigilant when it comes to data, one mis-step can result in catastrophic results. 

Not sure if your data management and/ or Privacy Policy stacks up?

Contact us BELOW for a complimentary assessment.

You can read the ACCC submissions here: