Reading time: 6 minutes

In early August 2019, the Australian Competition and Consumer Commission (ACCC) took HealthEngine to Court for allegedly misusing patient data and manipulating reviews. The ACCC is the regulatory body that enforces consumer protection laws and takes action against businesses who engage in misleading and anti-competitive conduct.  

HealthEngine admitted misconduct, and on 20 August 2020, the ACCC ordered them to:

  • pay a $2.9 million fine;
  • submit to ongoing independent reviews of its consumer law compliance plan; 
  • contact affected users to explain what had happened and assist them in regaining control of their personal information; and
  • pay the ACCC’s costs for bringing the proceedings.  

This article will explain the key lessons from the HealthEngine decision so that you do not make the same mistakes for your business.

Who is HealthEngine?

HealthEngine is a well-known online platform that allows users to make bookings with health practices and practitioners. It also allows them to leave reviews about their experiences receiving those services.

The online platform has considerable reach, and is supposedly used by over one million consumers a month and provides those users with access to over 70,000 health practices and practitioners.

Previously, users of HealthEngine were able to access reviews provided by other users about the quality and service that they received. Where available, they have now limited to an indication of the percentage of users that would recommend the service. This percentage is based on the number of reviews received by HealthEngine.

What Was the Issue?

There were three key issues that the ACCC called out.

They claimed that HealthEngine had:

  1. manipulated the reviews of users that is published on the platform; 
  2. misrepresented to users why a rating was not published for some health practices; and
  3. disclosed the personal information of users of the platform to health insurance brokers for a fee without making this sufficiently clear to those users.

What Misconduct Did the ACCC Find?

In relation to the manipulation of reviews, HealthEngine admitted that over almost three years, approximately:

  • 17,000 reviews were not published; and
  • 3,000 reviews were edited by adding improvements or removing the parts that were negative. 

This and the misrepresentation as to why a rating was not published, were considered issues by the ACCC because users may have visited certain health practices and practitioners based on reviews that did not accurately reflect the users’ experiences. 

On the disclosure of information, HealthEngine admitted that over a period of almost four years, it earnt more than $1.8 million by giving the non-clinical personal information of over 135,000 users to health insurance brokers. This information included:

  • names;
  • dates of birth;
  • phone numbers; and
  • email addresses.

The ACCC’s concern here was that this disclosure happened without HealthEngine properly informing users that they would use their information in this way. This made it a misuse or use of data that could result in consumer harm.  

What Does the Decision Mean for You?

This HealthEngine decision serves as a reminder that if you allow users to make and view other users’ reviews, you should be careful about how you manage and present these reviews. This includes where your business is an online marketplace, and the reviews are about services other than your own.

For example, these reviews may be about third-party services which are listed on your platform.

It is also a warning from the ACCC that misuse of information is not just a privacy issue. It is also a consumer law issue that the ACCC is actively pursuing with very tough consequences for wrongdoers. This is in line with the ACCC’s Digital Platforms Inquiry, which recommended introducing certain General Data Protection Regulation (GDPR) principles into Australian privacy law. These include stronger notification requirements when businesses collect personal data.

Tips for Managing Online Reviews

The ACCC has a lot of useful information on its website about how to manage online reviews. Key points include that you should:

  • ensure the reviews are genuine;
  • make it clear to viewers what reviews are (and are not) visible;
  • avoid editing reviews in any way that may be deceptive or misleading;
  • restrict people from leaving a review for services they have not used or that they have not used recently (for example, within the last month or so); 
  • encourage reviewers to be honest, specific and factual in their reviews; and
  • ensure that reviewers reveal any biases (for example, if they are receiving payment to provide the review).

Tips for Avoiding Misuse of Data

Find out whether you are an Australian Privacy Principle (APP) entity. An APP entity is any sole trader, partnership, trust, company or unincorporated association that has:

If you are an APP entity, you must make sure that you are compliant with Australian privacy laws (including the Australian Privacy Principles).

Even where you are not an APP entity, it is good practice to:

  • be upfront and clear about what personal information you are collecting;
  • how you are collecting the information; and
  • what you will do with this personal information.

This is also a great way to gain the trust of your customers.

An easy way to achieve this transparency is through a privacy policy. Alternatively, when collecting any personal information, you could provide a notice to the person you are doing so. Here, you need to outline: 

  • why you are collecting the information; and 
  • what you are planning on doing with it.

If you have a privacy policy, you should review it to make sure that it is clear, accurate and up to date. Where a privacy policy is not clear, accurate or up to date, there is a risk that it could be misleading.

Key Takeaways

A huge fine for HealthEngine shows that the ACCC is serious about making the misuse of information a consumer law issue, and preventing consumers from misleading conduct. If you have any questions or would like to know more about whether your business is compliant, get in touch with LegalVision’s IT lawyers on 1300 544 755 or fill out the form on this page.


How Franchisors Can Avoid Misleading and Deceptive Conduct

Wednesday 18 May | 11:00 - 11:45am

Ensure your franchise is not accused of misleading and deceptive conduct. Register for our free webinar today.
Register Now

New Kid on the Blockchain: Understanding the Proposed Laws for Crypto, NFT and Blockchain Projects

Wednesday 25 May | 10:00 - 10:45am

If you operate in the crypto space, ensure you understand the Federal Government’s proposed licensing and regulation changes. Register today for our free webinar.
Register Now

How to Expand Your Business Into a Franchise

Thursday 26 May | 11:00 - 11:45am

Drive rapid growth in your business by turning it into a franchise. To learn how, join our free webinar. Register today.
Register Now

Day in Court: What Happens When Your Business Goes to Court

Thursday 2 June | 11:00 - 11:45am

If your business is going to court, then you need to understand the process. Our free webinar will explain.
Register Now

How to Manage a Construction Dispute

Thursday 9 June | 11:00 - 11:45am

Protect your construction firm from disputes. To understand how, join our free webinar.
Register Now

Startup Financing: Venture Debt 101

Thursday 23 June | 11:00 - 11:45am

Learn how venture debt can help take your startup to the next level. Register for our free webinar today.
Register Now

About LegalVision: LegalVision is a commercial law firm that provides businesses with affordable and ongoing legal assistance through our industry-first membership.

By becoming a member, you'll have an experienced legal team ready to answer your questions, draft and review your contracts, and resolve your disputes. All the legal assistance your business needs, for a low monthly fee.

Learn more about our membership

Need Legal Help? Submit an Enquiry

If you would like to get in touch with our team and learn more about how our membership can help your business, fill out the form below.

Our Awards

  • 2020 Innovation Award 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Award 2020 Employer of Choice Winner – Australasian Lawyer
  • 2020 Financial Times Award 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review
  • 2021 Law Firm of the Year Award 2021 Law Firm of the Year - Australasian Law Awards
  • 2019 Most Innovative Firm - Australasian Lawyer