HealthEngine, one of Australia’s largest online health marketplaces, has admitted to engaging in misleading and deceptive conduct following proceedings being initiated against it by the Australian Competition and Consumer Commission (ACCC) before the Federal Court of Australia (Court).
In August 2019, the ACCC commenced proceedings against HealthEngine alleging that, in the course of carrying out its business, HealthEngine engaged in misleading and deceptive conduct which breached the Australian Consumer Law (ACL).
The Court handed down Judgment on 20 August 2020. The Judgment was relatively short in circumstances where, during the course of the proceedings, HealthEngine admitted that it contravened the ACL as follows:
- Implementing a practice of not publishing negative patient reviews on its website and editing patient feedback (Review Conduct);
- Representing to consumers that it had not received sufficient feedback from patients to enable HealthEngine to calculate and publish a practice rating for the relevant participating Health Practices (Ratings Conduct);
- Creating a more positive or favourable impression on patients as a result of engaging in the Review Conduct and the Ratings Conduct; and
- Publishing patient reviews which had been edited to remove negative comments and / or suggestions for improvement, or to embellish them so that they appeared more positive.
In relation to the admissions above, the Court held that HealthEngine had engaged in conduct which was misleading or deceptive, or likely to mislead or deceive, in contravention of section 18 of the ACL, and had contravened section 29(1) of the ACL by making false or misleading representations that the services were of a particular standard, quality, value or grade.
Further, HealthEngine admitted that it collected non-clinical personal information of patients who used HealthEngine and provided that non-clinical personal information to third party private health insurance brokers without adequately disclosing this to patients. The Court also held that this amounted to conduct which was misleading or deceptive, or likely to mislead or deceive, and conduct that would mislead the public as to the nature, characteristics and / or suitability for the purpose of services provided by HealthEngine.
Given the admissions made by HealthEngine, and the fact that the parties reached agreement as to the Orders the Court should make, the purpose of the proceedings before the Court involved assessing the appropriateness of those proposed Orders and whether alternative Orders should be made.
The Court ordered that HealthEngine must:
- Pay $2.9 million in penalties to the Commonwealth of Australia for engaging in misleading conduct which will be paid in four instalments over the course of two years;
- Arrange for an annual review of its existing ACL compliance program for a period of three years;
- Contact all patients whose personal information was provided to a private health insurance broker; and
- Pay the ACCC’s costs of $50,000 for the proceedings.
What is the impact of the Judgment?
Following the Judgment, the ACCC made it very clear that it is ‘very concerned about the potential for consumer harm from the use or misuse of consumer data‘ and the Judgment served as ‘an important reminder to all businesses that if they are not upfront with how they will use consumers’ data, they risk breaching the Australian Consumer Law.‘
The outcome of these proceedings have the potential to impact health practitioners and practices who appear on HealthEngine as well as patients who have used HealthEngine in the past, particularly if the personal information of those patients was provided to private health insurance brokers. Those patients can expect to receive a letter directly from HealthEngine, noting the wording of the letter has been approved by the Court.
The Judgment is an important and timely reminder for all health practitioners and practices about the importance of ensuring they are completely open and transparent with patients about the use of patient information, do not engage in misleading or deceptive conduct relating to the use and disclosure of patient information and are aware of their privacy obligations when it comes to disclosing patient information. This includes ensuring that Privacy Policies, Consent Forms and Data Breach Response Plans are up to date to not only be open and transparent but also comply with legislative requirements.
This article was written by Karen Keogh, Partner and Patricia Marinovic, Senior Associate.