Monday, June 25, 2018

HealthEngine Seems To Be In A Great Deal More Trouble All Of A Sudden.

This appeared a few hours ago:

Medical appointment booking app HealthEngine sharing clients' personal information with lawyers

By Pat McGrath, ABC Investigations
June 25, 2018
Australia's biggest online doctor's appointment booking service, HealthEngine, has funnelled hundreds of users' private medical information to law firms seeking clients for personal injury claims.

Key points:

  • HealthEngine has boasted to advertisers it can tailor advertising to patients' symptoms
  • The Australian startup says it only shares information with users' consent
  • But if a patient wants to use the app, there is no opportunity to opt-out of the fine print about giving information to third parties
The Perth-based startup, which is part-owned by Telstra and SevenWest Media and boasts 1.5 million monthly and 15 million annual users, has also been touting access to patients' medical conditions and symptoms for targeted advertising campaigns.
The ABC has obtained secret documents from plaintiff law giant Slater and Gordon that reveal HealthEngine was passing on a daily list of prospective clients to the firm, based on their personal medical information, as part of a "referral partnership pilot" last year.
HealthEngine asks users to include details of their symptoms and medical conditions, including whether they have suffered a workplace injury or been in a traffic accident, as part of the process of booking appointments with GPs, dentists, physiotherapists, optometrists and other medical practitioners.
The documents reveal HealthEngine passed on details of an average of 200 clients a month to Slater and Gordon between March and August last year.
Lots more here:
If you know more here you go:
Do you know more about this story? Email investigations@abc.net.au
There is some commentary here:

HealthEngine should be ashamed and we, its users, must hold it accountable

First editing patient feedback and now selling private information to legal firms - these are shocking breaches of integrity
Mon 25 Jun 2018 11.35 AEST Last modified on Mon 25 Jun 2018 11.47 AEST
Although family doctors are an anchor for many patients, my patient had a terrible experience with his when he was diagnosed with advanced cancer. The doctor and the patient were of a similar age, both with young children. The doctor was said to be completely unsettled by his patient’s predicament. “His body language was uncomfortable, and he finally mumbled that I was going to die anyway and there was nothing they could do. I felt shattered.” The patient and his wife went home to make funeral arrangements until a nurse convinced him to at least attend his oncology appointment.

7 comments:

  1. Here's an extract from the ABC report

    "HeathEngine also has a data-sharing arrangement with the Federal Government's My Health Record digital medical record system.

    However, the company said it was unable to directly access patient data held by My Health Record or the Australian Digital Health Agency."

    I have no idea what the first paragraph menas, however the second one doesn't mean Health Engine can't get at a patient's myhr data.

    The government’s My Health Record data is designed to be downloaded to a GP's system but is then invisible to any of the controls or audit trails of the My Health Record system. Data in a GP's system is then available to be downloaded to apps such as Health Engine, given the consent of the patient.

    Consent in the big issue.

    The government will be registering, without their explicit consent, Australians who do not have a My Health Record or who do not opt out. The consent Health Engine requests is not explicit nor is the use that Health Engine may make of that data clear and/or fully xplained.

    Without proper consent, trust will continue to be eroded when it comes to patients' health data.

    And repeating an oft quoted observation: If you are not paying for the product, you are the product.

    ReplyDelete
  2. Health Engine has repeatedly claimed on Twitter today, "please be assured that HealthEngine is unable to access patient data held by My Health Record or the Australian Digital Health Agency."

    Unfortunately for them this is what it says on
    https://www.myhealthrecord.gov.au/for-you-your-family/howtos/view-my-record-using-app

    "HealthEngine also securely connects with your My Health Record, allowing you to view your important health information such as allergies, current conditions, and medications, and pathology/imaging reports."

    Trust. What trust?

    ReplyDelete
  3. There is an interesting development an ABC news update just drew my attention to

    Medical appointment booking app HealthEngine sharing clients' personal information with lawyers

    Health Minister Greg Hunt has ordered an "urgent review" of Australia's biggest online doctor appointment booking service, HealthEngine.

    The ABC earlier reported that the HealthEngine app has funnelled hundreds of users' private medical information to law firms seeking clients for personal injury claims.

    A spokesperson for Mr Hunt said the Government had requested the information commissioner and Australian Digital Health Agency to investigate the issue.

    This is a similar pattern as to care.data when I was living in the UK. Some people cannot help themselves I guess

    ReplyDelete
  4. If this is true, then this is beyond shocking behaviour especially a law firm who must know they are testing the governments resolve. Or is this a cheap way to communicate Opt out?

    It does raise a question regarding the processes and procedures, checks etc done on organisations with apps to the MyHR. How many others are misusing patient information for profit?

    ReplyDelete
  5. Health Engine are a commercial ( and venture capital backed) organisation. They are only taking advantage of an oppertunity. The Minister is at fault, he allowed this free-for-all scenario to take place. It has been evident from the start ADHA has little discipline or robust skills to ensure safe seamless and secure systems are in place. This is no doubt this first of many to surface.

    ReplyDelete
  6. Just summing up the trusted nature of the information we are being given about some of the players in the health data environment operating at the moment:

    https://www.myhealthrecord.gov.au/disclaimer

    ”…the Australia Digital Health Agency does not guarantee, and accepts no legal liability whatsoever arising from or connected to, the accuracy, reliability, currency or completeness of any material contained on this website or on any linked site.

    The Australian Digital Health Agency recommends that users exercise their own skill and care with respect to their use of this website and that users carefully evaluate the accuracy, currency, completeness and relevance of the material on the website for their purposes.

    The information provided in this website is not legal advice and this website is not a substitute for independent professional advice and users should obtain any appropriate professional advice relevant to their particular circumstances.”


    https://www.digitalhealth.gov.au/website-terms-of-use

    Under Opinions and Recommendations

    “In relying on or otherwise using any opinions or recommendations, you:

    - must make your own independent assessment of the appropriateness of those opinions or recommendations in light of your own particular circumstances;

    - must not rely on the Agency in deciding whether or not to follow those opinions or recommendations; and

    - should seek your own professional advice or exercise your own judgement in respect of any decision to rely on those opinions or recommendations.”


    https://healthengine.com.au/terms.php

    Limitation of Liability

    7.1 While H.E. takes all reasonable care to include accurate and up-to-date information on the Website, the information provided should not be relied upon as being error free or accurate and H.E. makes no representation or warranty as to the timeliness, accuracy, suitability or completeness of any information, content, services, materials and products provided on or via the Website, nor does it accept any responsibility arising in any way for errors or omissions.

    7.2 As far as lawfully possible, H.E. accepts no liability or responsibility for the actions or omissions of any users of the Website in relation to the content contained herein.

    ReplyDelete
  7. A consequence of "new streamlined processes"? Seems in a haste to be seen to be needed those overseeing the governments ehealth records system are permitting use of information that goes against what the public are being told.

    ReplyDelete