Media Release: Doctors, Lawyers, and Privacy Experts Denounce HealthEngine Sharing Patient Health Data With Non-GPs


EFA, Future Wise and APF today denounced the actions of HealthEngine and its doctor appointment booking system which has been sharing patient data with law firms, marketers, and other entities with the flimsiest pretense of patient consent.

“If this ethically dubious behaviour is technically legal, then Australia’s privacy legislation must be changed,” said Justin Warren, Electronic Frontiers Australia board member.

“People have made it clear time and time again that information about their health is extremely personal and private and they expect it to be kept secure, not shared with all and sundry,” he said. “I cannot understand how any doctor would allow their patients’ trust to be abused in this way.”

Dr Trent Yarwood, health spokesperson for Future Wise and a medical specialist, said “Making access to healthcare easier for people is critical. However, practice managers and healthcare professionals must understand the privacy implications of how they do this.”

“Too many services are set up with the primary aim of selling personal data to advertisers, and providing ‘convenient’ services to people purely as a hook to get this data,” he concluded.

The original ABC report noted that “HealthEngine also has a data-sharing arrangement with the Federal Government’s My Health Record (MyHR) digital medical record system.” The precise nature of this data-sharing arrangement must be made public immediately. The government is making MyHR mandatory, save for a short once-only opt-out period, and the public must know what our health data is going to be used for if we are to have confidence in this system.

Kat Lane, vice chair of Australian Privacy Foundation, said “Data in the government’s MyHR can be downloaded to a GP system and is then freely available—no controls, no audit trail—including potentially to apps such as HealthEngine, without proper informed consent. This is a warning about serious issues of transparency and consent with such apps and MyHR.”

The law must be changed to provide robust privacy protections for all Australians, such as by finally giving us the right to sue for breach of privacy, requiring explicit consent for each disclosure of medical or health data to a third party, and proper auditing of record-access that is visible to the patient. The current system is too easy to bypass for unscrupulous operators looking to make a fast buck.

Download the media release:

Doctors, Lawyers, and Privacy Experts Denounce HealthEngine Sharing Patient Health Data With Non-GPs Joint Response to HealthEngine Data Sharing

About EFA

Electronic Frontiers Australia is the premier voice for digital rights in Australia. Established in 1994, EFA is independently funded by members and donations. For more information about EFA, see

About Future Wise

Future Wise is an independent policy and advocacy organisation, focusing on technology, health, and education; and is a strong voice for digital privacy in Australia. Further information about Future Wise is available at their website:

About APF

The Australian Privacy Foundation is the primary association dedicated to protecting the privacy rights of Australians. The Foundation aims to focus public attention on emerging issues which pose a threat to the freedom and privacy of Australians. For additional information about APF see

For Electronic Frontiers Australia
Twitter: @efa_oz
Phone: Justin Warren – 0412 668 526

For Future Wise
Twitter: @FutureWiseAU
Phone: Trent Yarwood – 0403 819 234

For Australian Privacy Foundation
Twitter: @apf_oz
Kat Lane – 0447 620 694
Bernard Robertson-Dunn – 0411 157 113