The Australian Medical Association says it would support an investigation by the Office of the Australian Information Commissioner (OAIC) into the privacy practices of HealthEngine.
HealthEngine has come under fire following an ABC investigation that found the company had referred the details of some its registered users on to law firms.
The company says that it has always obtained individuals’ consent before passing on data to third parties.
“The AMA is concerned about any irregularities or threats related to patient privacy, patient consent, the AMA Code of Ethics, and medical ethics more broadly,” the AMA’s president, Dr Tony Bartone, said in a statement.
“We also have concerns about anything that could diminish community trust in the medical profession and any actions that may undermine public confidence in embracing electronic health initiatives, which the AMA strongly supports.
“There is also the serious matter of the potential of third parties to profit from having access to confidential and private patient information.”
The AMA head said that the association was also concerned about “other apps, websites, and services, currently being promoted by commercial entities and health sector bodies, which raise similar questions about privacy and ethics”.
HealthEngine has rejected claims that it breached its users’ privacy, announcing today that it had written to health industry peak bodies and medical practices that use its booking service to “put the record straight”
The company’s founder and CEO, Dr Marcus Tan, said that media reports “have created the incorrect impression that the health and personal information of HealthEngine users is being widely shared with third parties without their knowledge.”
“This simply is not true,” he said.
User’s must expressly opt-in or give verbal consent before their details are passed on to third parties, the company said.
The company said that its booking services can be used without an individual agreeing to share their information.
Booking an appointment requires agreeing to HealthEngine’s collection statement, which states: “HealthEngine may disclose your personal information, for secondary purposes, to third party service providers who support our business activities. If you consent, we may also provide your personal information to providers of other products and services which may be of interest to you, such as private health insurance comparison services, providers of finance credit for cosmetic and dental procedures, and providers of legal services.”
“HealthEngine has referral and advertising arrangements in place with a range of industry partners, including government, not for profit, medical research, private health insurance and other health service providers,” a HealthEngine statement said.
HealthEngine said that it would “make substantial changes to its business model around advertising and referrals”. It is currently finalising those changes and expects to make an announcement “within the next week”.
“Moving forward, HealthEngine will continue to consult with its users, customers, industry partners and relevant regulators to deliver better health outcomes,” the company said.