OAIC Told to Investigate HealthEngine’s Sharing Client Data with Lawyers
The Office of the Australian Information Commissioner (OAIC) received instructions to investigate HealthEngine’s practice of sharing clients’ personal information with lawyers.
According to the Australian Broadcasting Corporation (ABC), a spokesperson for Australia’s health minister Gregory Andrew Hunt confirmed that that OAIC and the Australian Digital Health Agency had both received instructions to look into the data-sharing procedures of HealthEngine.
Australia’s largest online doctor appointment booking service, HealthEngine asks users to provide details of their symptoms and medical condition when looking to see a general practitioner or other medical professional. It also requests users whether they acquired their medical condition through a workplace injury. The service then in some circumstances passes this data on to Slater and Gordon, an Australian personal injury compensation law firm which may then follow up with patients about the possibility of initiating legal action.
ABC’s reporting revealed that Slater and Gordon received information on 200 HealthEngine clients a month between March and August in 2017. 40 of those clients became clients with the law firm, representing a total of $500,000 in legal fees.
Sharon was one of the people whom Slater and Gordon contacted. She shared her experience with ABC:
They wanted to ascertain whether I had sought advice from a personal injury lawyer — and I said no. They wanted to know why, and started to talk about ball park figures that I might be entitled to. It was quite intrusive — but they were very persistent. I had no idea that by putting anything in HealthEngine it would go any further than the medical professional I was making the appointment with.
In its privacy policy, HealthEngine explained it does retain the right to disclose information with third-party service providers including lawyers “but only for the purpose of providing goods or services to us. (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/latest-security-news/oaic-told-to-investigate-healthengines-sharing-client-data-with-lawyers/