Tuesday, July 03, 2018

I Was Sent An Interesting Press Release By Health Engine A Few Days Ago. Spin To The Max!

Here is what it said:
MEDIA ALERT 
29 JUNE 2018

HealthEngine takes data privacy concerns on board, affirms commitment to best outcomes for patients

Dr Marcus Tan, founder and CEO of HealthEngine, has written to HealthEngine practices and health industry peak bodies to put the record straight and reassure them with respect to recent media reports about HealthEngine’s management of user data.
Dr Tan said: “These reports have created the incorrect impression that the health and personal information of HealthEngine users is being widely shared with third parties without their knowledge. This simply is not true.”
As the operator of an online health marketplace, HealthEngine believes that users benefit from having the choice to receive relevant and timely information about certain products and services. Users may elect to have their details provided to third parties for referral purposes by an express opt-in or verbal consent.  
These value-added services aim to be helpful for users along their healthcare journey.
HealthEngine has referral and advertising arrangements in place with a range of industry partners, including government, not for profit, medical research, private health insurance and other health service providers.
Referrals do not occur without the express consent of the user.
Users can still use HealthEngine’s booking services without agreeing to be referred to a third-party service provider.
“We at HealthEngine are devastated by the developments of recent weeks because we feel our mission of a connected healthcare ecosystem that empowers the world’s best care experiences and the cause of digital health in Australia as a whole has been set back,” Dr Tan said.
“We are passionate about improving the healthcare system and the role digital health can play in revolutionising the access and experience of healthcare, which ultimately leads to better health outcomes.
“As we have grown to serve millions of Australians every year and help them get better access to healthcare, we have invested heavily to scale our systems, people and processes to accommodate our growth and recognise the impact we now have.
“This is a large responsibility and one we don’t treat lightly nor take for granted.”
Dr Tan said: “Nevertheless, we acknowledge that, despite being well intentioned and trying to innovate in health care, recent media coverage has damaged the trust we have built up over many years with our users, customers and industry partners.
“Health care is a sensitive area and we have heard the feedback we have received from our customers and users that they are concerned about data privacy.”
In order to restore the public’s confidence in HealthEngine’s management of user information, HealthEngine has decided to make substantial changes to its business model around advertising and referrals.
HealthEngine is finalising the arrangements underpinning these changes and is on track to make an announcement within the next week.
Moving forward, HealthEngine will continue to consult with its users, customers, industry partners and relevant regulators to deliver better health outcomes.
Dr Tan said: “We sincerely hope that by taking the steps we are about to take and by being open to more feedback and learning that we can regain that trust and continue to have the opportunity to deliver value to the healthcare sector and millions of our users in better ways than we have done before.”
ENDS
For media queries, please contact:
Carina Tan-Van Baren
0414 236 791
press@healthengine.com.au 
Cannings Purple
Level 1, Brookfield Place Tower 2
123 St Georges Terrace
Perth WA 6000
----- End Release.
Talk about monstrous obfuscatory spin. They should have just said “we goofed, took you for granted, we are very sorry and we will stop it!”
Why a release talking about steps you are about to take to remedy such a severe lack of trust that the very existence of HealthEngine is imperiled?
Personally I would dump the spinners from Cannings Purple and just come out and say that all sharing of client information of any type other than with the relevant receiving practices is now over and that our business from now on will be fee for service / ethical advertising based.
Doing that just may permit survival. Anything less and it will all be over. The game has changed for all online service providers big time in the last year or so. HealthEngine needs to catch up!
David.

PS. Just after this release arrived we also have this appear:

HealthEngine reveals data breach

By on

Patient feedback information 'may' have been accessed.

HealthEngine has revealed a data breach in which 59,600 pieces of patient feedback “may have been improperly accessed”.
The company, which acts as an online booking engine for medical practices, said it had notified those affected as well as the Office of the Australian Information Commissioner.
It blamed the breach on “an error in the way” its website operated, saying that information “ordinarily not visible to users on the site” was accidentally exposed in the webpage’s code.
Of the 59,600 pieces of feedback, 75 contained identifying information about a site user.
However, the company said no usernames or passwords were impacted and “no action is required to be taken by users of the site”.
“HealthEngine has worked around the clock to investigate how the information was improperly obtained, what patients might have been affected, and the steps required to further address the matter,” CEO Dr Marcus Tan said in a statement.

More here:

https://www.itnews.com.au/news/healthengine-reveals-data-breach-496175

Not a good look.

D.

5 comments:

  1. As a long-time user of HealthEngine- this amuses me

    As we have grown to serve millions of Australians every year and help them get better access to healthcare,

    What a lot of toss, all it provides is an ability not to use the telephone part of my smartphone. Having dumped HealthEngine and used the phone instead I have to admit the experience of saying hello to someone was medicine in itself.

    ReplyDelete
  2. An update on my questions to Health Engine.

    I kept asking if Health Engine can see data in GP systems that has been downloaded from myhr. Health Engine repeated this:

    "HealthEngine is unable to access patient data held by My Health Record or the Australian Digital Health Agency"

    So I sent this Tweet

    "I'll rephrase my question:

    Your privacy policy says you "collect information from health professionals re (patient's) requested health services".

    What patient data held by GPs can you see? All, some, none?"

    After 3 days, no answer at all, not even their mantra.

    BTW, this is a more complete extract from theie privacy policy:

    "If you use our HealthEngine Chat App, we may collect your personal information such as your full name, email address and mobile phone number. We also have access to and may collect other information (including your health information), regardless of form, shared between you and your health professional while using the HealthEngine Chat App.

    If you are a health professional using our online directory or referral services for healthcare recruitment services, we will collect information about you and your practice (for the online directory) and you and your occupation and qualifications including information contained in your CV (for the healthcare recruitment services).

    We may also collect your medicare details and number, pension/health care card/DVA and/or private health insurance membership details, to assist with the above services (for example, to facilitate your booking of appointments with health professionals, and to help confirm your identity for our services including our prescription management service.

    Usually we collect your personal information directly from you. HealthEngine may collect your personal information from you in various ways, including via telephone, our website, our mobile app, and email.

    We may also collect information from third parties, such as:

    * family members, legal guardian/s and/or a person you have authorised to provide your personal information to us;

    * health professionals and their practices (often via their practice management software systems), in relation to the management of appointments you have made, your requested health services, and the associated fees, including fees in connection with the HealthEngine Chat App; and

    * doctors and/or pharmacists, if you choose to use our prescription management service and choose to have us obtain such information directly from the systems of your doctors and/or pharmacists."

    ReplyDelete
  3. What patient information does ADHA hold or have access to that HealthEngine make mention of? What exactly is ADHA doing behind iron curtains? Wonder what the HealthEngine CEO knows that we do not?

    ReplyDelete
  4. IMHO, all the focus is on the wrong part of the health data ecosystem.

    The real centre of the data environment is the GP clinical system.

    That is where most of the data is (yes, interoperability would help getting at more data easier; myhr doesn't deliver interoperability).

    GP data is the most up-to-date (but could still be wrong),

    GP data is more complete, although there could be several GPs involved in caring for a patient over time, (something that interoperability may help but it's not a technical problem),

    The data is far more useful for research (more of it, and potentially in context),

    The data is held locally to point of care (which is preferable to a centralised system in times of high use/single point of failure)

    GPs would not have to curate and manage two health record systems, the one system could be used for multiple purposes.

    Patients could be given access to summary information, or, for those who need it and can make use of it, more comprehensive access. This could be done through a portal to the GP system or via an app that also provided other functionality such as appointments prescription renewals. This area needs some tightening up in terms of regulations but the whole area of medical devices/apps need updating. The US FDA is looking into this, Australia needs to follow.

    Similarly specialists could have access to that part of the GP system that is relevant to their interests.

    In times of A&E/emergency access to the GP's system is much more useful and reliable than myhr.

    Most of all, from the perspective of privacy of patients and GPs), the data isn't given to the government.

    If this architecture were implemented the result would be a virtual national medical data system of far more use and with less effort required by GPs and other health providers to operate.

    Any supposed benefits that ADHA might come up with in its myhr test bed projects would also be achievable from this architecture, along with many that myhr could not deliver. Ever. At much less cost. At much less risk.

    Unfortunately, ADHA is operating on spin and persuasion. Logic and reality are playing little part in their efforts to co-opt the Australian public.

    It's interesting watching Twitter at the moment. Apart from those with a vested interest and who have swallowed the Kool-Aid, most of the reactions among those who have heard of myhr is profoundly negative. And that's well before the opt-out period starts.

    IMHO, the opinions of those who read and contribute to this blog, and ADHA's spin and propaganda, are going to be overwhelmed by the average Australian. They've seen this sort of thing before, the Cambridge Analytica events are still fresh in their minds along with Robodebt and censusfail.

    It is highly likely they will react in the same way. The Australia Card nearly brought the Hawke government down. They managed to scrape back in but quietly dropped the proposal.

    Oh, and GPs are still not impressed.

    As of 10:30am this morning 135 (77%) of respondents to the MJA Insight poll disagree or strongly disagree with the statement "My Health Record will improve patient outcomes".

    19 (11%) agree or strongly agree.

    The opposition to myhr is not an objection to the benefits that can accrue from better management and use of health data, just the government's inept "solution" and huge privacy and other risks.

    ReplyDelete
  5. July 04, 2018 9:48 PM - What patient information does ADHA hold or have access to that HealthEngine make mention of?

    That is a fair question, one we may never know. The ADHA is to investergate? I wonder if they are independent enough and free from conflict of interest?

    The HealthEngine situation is a very serious matter, one that I believe is not be taken seriously enough. Perhaps these service provides should be treated the same as healthcare providers? What would happen to a GP if discovered sharing patient information without proper consent

    ReplyDelete