Medical Booking Service Given Million Dollar Fine for Disclosing Client's Information and Amending Reviews
Search for a doctor… Search for an appointment… Find a time and click 'Book'. Seems pretty simple, doesn't it? Well turns out it's rather complicated, and if you can manage to create a system which has over 100,000 medical practitioners actively using it while syncing with the doctors' calendars you have yourself quite a profitable business. But for some, that isn't enough.
WHAT ARE YOU TALKING ABOUT?
The Federal Court handed down its judgment in Australian Competition and Consumer Commission v HealthEngine Pty Ltd  FCA 1203 and their message was clear, unless you tell someone what you plan on doing with their personal information, you cannot do anything.
WHAT DID THEY DO?
The case dealt with Health Engine, a nationally used online doctor-booking service, that had been disclosing the non-medical history of its customers to insurance companies and had been making a profit doing so. It was estimated that this was to the tune of $1.8 million. How they did, it was a survey would be presented to the customer after booking their appointment which asked a few questions regarding their medical history, if the customer selected an option that they would be open to talking about medical insurance, their details were instantly sent to an insurer. The customers were never informed that their circumstances were sent. This occurred over 135,000 times over roughly four years.
As well as allowing an individual to book an appointment with their doctor, Health Engine allowed an individual to rate their doctor as well. For the three years that Health Engine offered this service, approximately 47,000 reviews were submitted to the website. The court found (by Health Engine's admission) that nearly 53% of reviews submitted to the site were amended in some way either to remove negative aspects or to embellish positive ones, with approximate 17,000 reviews being refused publication. This led to the reviews of certain doctors being higher than they should have been resulting in customers of Health Engine being led into making bookings with doctors that they might not have otherwise booked if the original ratings were uploaded.
The Federal Court ordered Health Engine to pay $2.9 million in fines for engaging in misleading and deceptive conduct.
It was also ordered by the Court that Health Engine contact "all Patients whose Personal Information was provided to an Insurance Broker" and inform them of who was sent their personal information and instructions on how to delete this information.
They were also ordered to conduct an annual review of its Australian Consumer Law compliance program for the next three years and to pay for the ACCC's costs for the proceedings.
WHAT CAN WE TAKE AWAY FROM THIS?
The ACCC Chair Rod Sims stated, "Businesses who are not upfront with how they will use consumer data may risk breaching the Australian Consumer Law and face action from the ACCC." It is becoming apparent in countries like Australia and the USA that the handling of personal information is an ever increasingly critical subject.
Further, websites that allow users to publish reviews must not amend those reviews or withhold them simply to prevent the rating system from being impacted. If negative reviews are withheld, then this should be reflected in the website's documents as well.