News

Healthcare booking sites must be transparent about use of patient data: RACGP


Doug Hendrie


25/06/2018 3:38:06 PM

Australia’s largest medical appointment booking site HealthEngine is in the news over sharing its clients’ information with law firms.

While he appreciates the value of such sites, eHealth expert Dr Nathan Pinskier says the use of medical data is particularly sensitive.
While he appreciates the value of such sites, eHealth expert Dr Nathan Pinskier says the use of medical data is particularly sensitive.

Hundreds of users of the medical appointment booking site HealthEngine have reportedly had medical data sent to law firms that wanted new clients for personal injury suits.
 
This latest story comes after news that HealthEngine was editing patient reviews to make them more positive.
 
Chair of the RACGP Expert Committee – eHealth and Practice Systems (REC–eHPS) Dr Nathan Pinskier said that while the college recognises the value of online appointment services represent to patients and practices, it cautions that the use of medical data is particularly sensitive.  
 
‘Health information is often sensitive and people are rightly more protective of it than other types of personal information,’ he said. ‘It is crucial that these services are completely clear and transparent about how users’ information may be used beyond its initial purpose.  
 
‘If health information is passed on or used in other ways, services should be required to seek explicit permission from users.
 
‘If people are not comfortable using an online appointment booking service, [they should] utilise alternative methods to booking appointments, such as a phone call to their practice.’
 
Chair of the RACGP Expert Committee – Quality Care (REC–QC) Dr Evan Ackermann told newsGP that users should be careful with their health data.
 
‘Be aware of the many ways that organisations can use your health data for commercial reasons,’ he said.
 
Users signing up for HealthEngine must consent to the company’s privacy policy and a separate collection statement. The collection statement is clear that HealthEngine shares personal information with third parties, including private health insurance comparison services, providers of loans for cosmetic and dental services, and legal service providers.
 
In a statement, founder Dr Marcus Tan said HealthEngine did not provide any personal information to third parties without the express consent of the affected user.
‘We do have referral arrangements in place with a range of industry partners including government, not-for-profit, medical research, private health insurance and other health service providers on a strictly opt-in basis,’ he said. ‘These referrals do not occur without the express consent of the user.
 
‘Contrary to the ABC report’s suggestion, consent to these referrals is not hidden in our policies but obtained through a simple pop-up form at the time of booking or provided verbally to a HealthEngine consultant.
 
‘Consent to these referrals is entirely voluntary and opt-in, and we do not provide any personal information for the purposes of a referral without this consent.’
 
‘Users are able to continue to use our booking services even if they do not provide their express consent to being contacted by a referral partner through the pop-up form.’
 
Dr Tan said that HealthEngine has no current referral arrangements in place with law firms or marketing agencies.
 
‘Under previous arrangements, HealthEngine provided referrals to law firms but only with the express consent of the user,’ he said in the statement.
 
Dr Tan founded the start-up in 2010, with more than a million patients booking appointments through the site every month.



ehealth health data healthengine medical appointments



Dr Peter Strickland   26/06/2018 11:51:59 AM

This whole fiasco is the very reason that the RACGP do NOT support e-Health initiatives by the Australian Govt Health Dept. Almost certainly there is going to be breaches of secure patient information, and confusion between patients' information. Just think about the surnames Smith, Brown, Taylor etc. and all the common first names like John, Mary, James and Emily or Susan, and DOBs close to one another, or the same year. Incorrect information is going to be transmitted from hospitals to GPs, GPs to specialists etc, and the information will NOT be able to be corrected, or stored wrongly in computer patient records. Keep patient records secure and correctable in my opinion, and do NOT go for e-Health records in any way whatsoever as is planned.


Dr Brian Morton   26/06/2018 6:32:19 PM

This privacy breach has probably set back patient IT enrolment with practices for more years. My view is that no intrusion into the Practice patient relationship should occur at this level. Do it separately on the Practice website but registering for online booking or other “in-house” services should mimic for example that of registering and using banking services.


Comments



 Security code