In response to recent public outrage over HealthEngine’s management of patient data, MyHealth1st has reassured its customers, partners and shareholders that its platform operates appropriately.
In an announcement to the Australian Stock Exchange, Directors of 1st Group, which has developed MyHealth1st, stated that they are “pleased to advise and confirm that 1st Group has always had in place, and rigorously manages, well established, lawful and ethical policies and controls that respect patients’ privacy and data via its MyHealth1st platform”.
at no times should a patient’s consult details EVER be disclosed to anyone except the healthcare service provider whom they are seeing
Need to Protect Vulnerable Users
Klaus Bartosch, Managing Director and CEO at 1stGroup Ltd said, “People booking through our MyHealth1st platform do so because they are either worried or ill, and as such, are more vulnerable, so we really must be very sensitive to this. It is therefore paramount that we protect the interests and data of all parties, and it is this sensitivity that has shaped our privacy, data collection policies and business model.
“Clear, explicit and specific informed consent, ensuring complete transparency, is what patients and all online consumers expect when their information might be shared with a third party. This isn’t only a legal requirement, it is also an ethical one. And at no times should a patient’s consult details EVER be disclosed to anyone except the healthcare service provider whom they are seeing.”
Third Party Campaigns
Referring to a recent contact lens education campaign, sponsored by a pharmaceutical organisation, Mr. Bartosch said, practices had to opt in to the program and information was not shared with the sponsor. “The basic principle of the program was to encourage the patient to discuss the option of contact lenses during their consult with the optometrist. The program engaged patients prior, during and post their appointments. Brand choice was led entirely by the clinical recommendation of the optometrist… At no time did our platform share ANY patient personal details with a third party.”
Mr. Bartosch said, “At 1stGroup we have always been careful to develop our MyHealth1st platform and business model to ensure that we align ourselves with the interests of patients and the healthcare providers who adopt our solutions. We also operate our platform to the highest available security standards, a necessary overhead for any serious online business.
“As a company we continue to develop our online health content in response to our customers’ needs and navigate carefully how patients are engaged through our platform. We see this as a natural and sensible business opportunity and one that when executed properly, should drive excellent healthcare outcomes for all stakeholders, especially patients.”
HealthEngine Making Changes
“The policy expressly states that we can use information to communicate with users about products and services of HealthEngine,” Dr. Tan told ISMG. “From time to time, like many other organisations, we conduct customer research to enable us to better understand our users and the goods and services we provide. This has previously involved conducting research into pricing for certain health services.”
In a statement on HealthEngine’s website, Dr. Tan announced a number of major changes to its business model, which include ceasing its third party referral service; publication of user comments (which were part of its practice recognition system), and third party online banner advertising from 31 July 2018. He said further changes would be made to provide users with greater visibility of the way the service uses personal information. Additionally, Dr. Tan said an advisory group would be established “to work closely with health providers, consumer peak bodies and regulators to ensure our future products and services are informed by consulting more widely”.
Dr. Tan said, “These haven’t been easy decisions to make. But they’re the best decisions for our patients and our customers”.
Changes to Data Breach Notification Laws
Australia has recently tightened its legislation surrounding the protection of consumer data. In February this year, the Australian Privacy and Information Commissioner, Timothy Pilgrim welcomed the passage of the Privacy Amendment (Notifiable Data Breaches) Bill (2016). This bill requires government agencies and all businesses, and not-for-profit organisations with an annual turnover more than AU$3 million to notify any individuals affected by a data breach that is likely to result in serious harm. The Office of the Australian Information Commissioner (OAIC) must also be notified within 30 days of the breach occurring. Failures to comply with the NDB scheme can attract fines up to $2.1 million.