Ethical dilemma: GP booking startup HealthEngine found to be sharing user data with law firms


HealthEngine co-founder and chief executive Dr. Marcus Tan

After recently been found to be sanitising user reviews of Australian GPs, doctor booking startup HealthEngine is in hot water once again, this time over allegedly passing on user information to law firms seeking clients for personal injury claims.

According to the ABC, documents from massive law firm Slater and Gordon allegedly reveal HealthEngine was passing on lists of prospective clients daily as part of a “referral partnership pilot”.

As part of the HealthEngine online booking service, customers are required to fill in an array of personal details and details about their injury or condition, including if the injury was sustained in the workplace.

The ABC alleges the documents show that details from around 200 potential clients were passed on to Slater and Gordon by HealthEngine, and out of those, 40 became clients of the law firm, garnering an estimated $500,000 in legal fees for the company.

However, when registering for an appointment through HealthEngine, customers are notified that in doing so, they agree to a series of terms and conditions and HealthEngine’s “Collection Notice”. This notice tells users the service “may disclose your personal information, for secondary purposes, to third party service providers who support our business activities”.

These service providers include private health insurance comparison services, credit providers for cosmetic or dental solutions, and legal firms. Users are not provided with the option of ‘opting out’ from providing their data, however, with the company stating it “may be unable to provide you with our online booking services” if customers do not provide their personal information.

This is the latest bout of controversy for the Perth-based startup, which was found to be sanitising user reviews earlier this month. As part of a Fairfax investigation, more than 50% of ‘positive’ reviews on the HealthEngine website were allegedly found to be modified to be more positive.

At the time, HealthEngine founder and chief executive Marcus Tan apologised but defended the system as beneficial for both patients and doctors.

HealthEngine raised a $26.7 million Series C funding round in April last year and is backed by numerous high-profile investors, including Sequoia India and the founders of Lux Group.

Transparency and trust essential

Speaking to SmartCompany, sales expert and founder of Barrett, Sue Barrett, believes HealthEngine should have been more transparent about what customers were signing up to.

Rather than just stating the types of services the data would be shared with, she believes the business should have “explicitly stated” what providers the information was going to be given to. She also takes issue with the use of what she calls “woolly” language, arguing that businesses should firmly state one way or other if customer data will be shared, rather than just say it “may” be.

“As a consumer, I want it made clear to me that I will get calls from these specific businesses, so then I’m fully aware and not surprised or shocked when it happens,” she says.

Barrett also criticised the practice of some businesses of not giving users the ability to ‘opt out’. She says customers should own their own data, and not have it brokered “unwittingly”.

However, when it comes to the action of prospecting clients, Barrett says there’s nothing wrong with businesses doing so, as long as they’re going about it in an ethical fashion.

“There’s nothing wrong with prospecting, I have no issue with that. It’s more about the intention behind it,” she says.

“In the healthcare and childcare sector, there’s a real moral dilemma about how people are using this sort of data, and how it can potentially be used to prey on people who are vulnerable.”

For businesses, Barrett is resolute: be careful about the way you use customer data if you want to be considered a trustworthy business.

“Trust is the heartbeat of business. If a business wants to be considered an honourable company to do business with, they can’t use these sort of strategies,” she says.

In a statement, a Slater and Gordon spokesperson said the firm is “committed to creating mechanisms for Australians to access justice”, and is confident the marketing is in line with legal ethical standards.

“Slater and Gordon has acted and continues to act in accordance with all its legal and ethical obligations regarding its marketing activities,” the spokesperson said.

“Our board and management uphold the highest ethical standards in meeting the firm’s legal obligations.”

SmartCompany contacted HealthEngine but did not receive a response prior to publication. However, in a statement on the company’s website, co-founder Marcus Tan said: “HealthEngine does not provide any personal information to third parties without the express consent of the affected user or in those circumstances described in our privacy policy”.

NOW READ: Fake competitor reviews causing “stress and trouble” for over one third of Australian business


Notify of
Newest Most Voted
Inline Feedbacks
View all comments
3 years ago

Surely the actions of HealthEngine violate the National Privacy Principles? The requirements for businesses in the health industry (however ancillary) must be higher than for an average retail chain or a business like Choice product reviews. Someone should throw the proverbial book at these guys. A fine equalling their Series C funding should make the point nicely.

As for the law firms, they should know better. The fact that they are willing to walk the grey regions of the regulations does not boost public confidence regarding the existence of a high level of integrity and ethics.

Rights to privacy are set aside as the almighty dollar wins… again.

3 years ago

It is not just an ethical dilemma it is also a legal breach involving misleading and deceptive conduct. The reference to sharing data was purposely hidden in ancillary hyperlink text in the full knowledge that people rarely click the links let alone actually read what is in them. The business would be fully aware that people value their privacy and do not agree to that type of sharing if given a choice – which they were not. Further the business would have calculated that being upfront truthful and honest with people would have destroyed their business model built on referral fees. Then there are the unethical law firms. Did they fully disclose to the clients that they became a client via a hidden referral fee agreement or arrangement with this business or other intermediaries that had the referral arrangement with healthengine. My guess is they did not.

SmartCompany Plus

Sign in

To connect a sign in method the email must match the one on your SmartCompany Plus account.
Or use your email
Forgot your password?

Want some assistance?

Contact us on: or call the hotline: +61 (03) 8623 9900.