HealthEngine Promise statement (Screenshot: Asha McLean/ZDNet)
The healthcare appointment booking company that earlier this month came under fire for skewing its reviews[1] has reportedly been sharing user medical information, with law firms using the information for targeting advertising.
As reported by the ABC[2], Perth-based HealthEngine was reportedly sharing personal information with law firm Slater and Gordon, who was seeking clients for personal injury claims. It is believed the "referral partnership pilot" saw the startup give the law firm details on an average of 200 clients a month between March and August 2017.
According to the ABC, 40 HealthEngine users became Slater and Gordon clients.
As part of its booking service, the startup, funded by Telstra and Seven West Media[3], requires users to input details of their medical conditions, including whether they have suffered a workplace injury or been in a traffic accident.
This information is then shared with a third party, as detailed briefly in the agreement fine print.
"Our Promise: Your privacy is important to us. HealthEngine will not provide your personal information to a third party without your express consent except as required or permitted by law, or in those circumstances described in our privacy policy," the company says on its website home page.
In its privacy policy, HealthEngine says it collects information such as name, date of birth, address, email address, phone number, gender, GPS location, marital status, occupation, cultural background, allergies, advance health directive, type of appointment booked, reason for booking, private health insurance fund and membership number, Medicare information, and user's photograph. HealthEngine does not allow users to opt-out of having their information shared with third parties.
The policy