• Advertise
  • About us
  • Terms and Conditions
  • Contact us
Thursday, July 10, 2025
Australian Times News
  • News
    • Weather
    • Sport
    • Technology
    • Business & Finance
      • Currency Zone
    • Lotto Results
      • The Lott
  • Lifestyle
    • Entertainment
    • Horoscopes
    • Health & Wellness
    • Recipes
  • Travel
  • Expat Life
  • Move to Australia
No Result
View All Result
  • News
    • Weather
    • Sport
    • Technology
    • Business & Finance
      • Currency Zone
    • Lotto Results
      • The Lott
  • Lifestyle
    • Entertainment
    • Horoscopes
    • Health & Wellness
    • Recipes
  • Travel
  • Expat Life
  • Move to Australia
No Result
View All Result
Australian Times News
No Result
View All Result
Home News

How safe are your data when you book a COVID vaccine?

The Australian government has appointed the commercial company HealthEngine to establish a national booking system for COVID-19 vaccinations.

The Conversation by The Conversation
17-04-2021 09:17
in News
Photo by Christian Wiediger on Unsplash

Photo by Christian Wiediger on Unsplash

Joan Henderson, University of Sydney and Kerin Robinson, La Trobe University

The Australian government has appointed the commercial company HealthEngine to establish a national booking system for COVID-19 vaccinations.

Selected through a Department of Health limited select tender process, the platform is being used by vaccine providers who don’t have their own booking system.

However, HealthEngine has a track record of mishandling confidential patient information.

Previous problems

In 2019 the Australian Competition and Consumer Commission took HealthEngine to court for allegedly skewing reviews and ratings of medical practices on its platform and selling more than 135,000 patients’ details to private health insurance brokers.

The Federal Court fined HealthEngine A$2.9 million in August 2020, just eight months ago.

Department of Health associate secretary Caroline Edwards told a Senate hearing the issues were “historical in nature, weren’t intentional and did not involve the sharing of clinical or medical related information”.

AlsoRead...

The Broker who says ‘Yes’ when Banks say NO

The Broker who says ‘Yes’ when Banks say NO

8 July 2025
Leading with Trust: Why Quality still wins in the AI Era

Leading with Trust: Why Quality still wins in the AI Era

5 June 2025

How might the alleged misconduct, which earned HealthEngine A$1.8 million, be considered “historical in nature” and “not intentional”?

Edwards added that HealthEngine had strengthened its privacy and security processes, following recommendations in the ACCC’s digital platforms inquiry report. Regarding the new contract, she said:

[…] the data available to HealthEngine through what it’s been contracted to do does not include any clinical information or any personal information over what’s required for people to book.

That’s somewhat reassuring, considering the larger amount of information usually requested from patients booking an appointment (as per HealthEngine’s current Privacy Policy).

The list of personal information HealthEngine may collect from patients booking an appointment with a health professional. Screenshot

Importantly, HealthEngine then owns this information. This raises an important question: why is so much personal information requested just to book an ordinary appointment?

A need for accessible information

While using HealthEngine to book a vaccination is not mandatory, individual practices will determine whether patients can make appointments over the phone, are directed to use HealthEngine’s platform, or another existing platform.

Personal details currently requested through HealthEngine’s vaccination booking system are:

HealthEngine’s Privacy Policy for COVID-19 vaccination bookings. screenshot

This list is substantially shorter than the one concerning non-COVID related bookings. That said, there’s still more information being gathered than would be required for the sole purpose of arranging a patient’s vaccination.

What is the justification for this system to collect data about patients’ non-COVID medical and health services, or the pages they visit?

A representative from the Department of Health told The Conversation that all patient data collected through the COVID vaccination booking system was owned by the department, not HealthEngine. But what need would the department have to collect web analytics data about what sites a patient visits?

An underlying administrative principle of any medical appointment platform is that it should collect the minimum amount of data needed to fulfil its purpose.

Also, HealthEngine’s website reveals the company has, appropriately, created an additional privacy policy for its COVID-19 vaccination booking platform. However, this is currently embedded within its pre-existing policy. Therefore it’s unlikely many people will find, let alone read it.

For transparency, the policy should be easy to find, clearly labelled and presented as distinct from HealthEngine’s regular policies. A standalone page would be feasible, given the value of the contract is more than A$3.8 million.

What protections are in place?

Since the pandemic began, concerns have been raised regarding the lack of clear information and data privacy protection afforded to patients by commercial organisations.

Luckily, there are safeguards in place to regulate how patient data are handled. The privacy of data generated through health-care provision (such as in general practices, hospitals, community health centres and pharmacies) is protected under state and territory or Commonwealth laws.

Data reported (on a compulsory basis) by vaccinating clinicians to the Australian Immunisation Register fall within the confines of the Australian Immunisation Register Act 2015 and its February 2021 amendment.


Also, data collected through the Department of Health’s vaccination registration system are legally protected under the Privacy Act 1988, as are data collected via HealthEngine’s government-approved COVID-19 vaccination booking system.

But there’s still a lack of clarity regarding what patients are being asked to consent to, the amount of information collected and how it’s handled. It’s a critical legal and ethical requirement patients have the right to consent to the use of their personal information.

If the privacy policy of a booking system is unclear, this presents risk for patients who have challenges with the English language, literacy, or are potentially distracted by pain or anxiety while making an appointment. Shutterstock

Gaps in our knowledge

As health information managers, we had further questions regarding the government’s decision to appoint HealthEngine as a national COVID-19 vaccination booking provider. The Conversation put these questions to HealthEngine, which forwarded them to the Department of Health. They were as follows.

  1. Is there justification for the rushed outsourcing of the national appointment platform, given the number of vaccine recipients whose data will be collected?
  2. How did the department’s “limited select tender” process ensure equity?
  3. Who will own data collected via HealthEngine’s optional national booking system?
  4. What rights will the “owner” of the data have to give third-party access via the sharing or selling of data?
  5. What information will vaccine recipients be given on their right to not use HealthEngine’s COVID-19 vaccination booking system (or any appointment booking system) if they’re uncomfortable providing personal information to a commercial entity?
  6. How will these individuals be reassured they may still receive a vaccine, should they not wish to use the system?

In response, a department representative provided information already available online here, here, here and here. They gave no clarification about how patients might be guided if they’re directed to the HealthEngine platform but don’t want to use it.

They advised the data collected by HealthEngine:

can not be used for secondary purposes, and can only be disclosed to third-party entities as described in HealthEngine’s tailored Privacy Policy and Collection Notice, as well as the department’s Privacy Notice.

But according to HealthEngine’s privacy policy, this means patient data could still be provided to other health professionals a patient selects, and de-identified information given to the Department of Health. The policy states HealthEngine may also disclose patients’ personal information to:

  • third-party IT and software providers such as Adobe Analytics
  • professional advisers such as lawyers and auditors, for the purpose of providing goods or services to HealthEngine
  • courts, tribunals and law enforcement, as required by law or to defend HealthEngine’s legal rights and
  • others parties, as consented to by the patient, or as required by law.

Ideally, the answers to our questions would have helped shed light on the extent to which patient privacy was considered in the government’s decision. But inconsistencies between what is presented in the privacy policies and the Department of Health’s response have not clarified this.


Joan Henderson, Senior Research Fellow (Hon). Editor, Health Information Management Journal (HIMJ), University of Sydney and Kerin Robinson, Adjunct Associate Professor, La Trobe University

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Tags: SB001
DMCA.com Protection Status

SUBSCRIBE to our NEWSLETTER

[mc4wp_form id=”2384248″]

Don't Miss

The Broker who says ‘Yes’ when Banks say NO

by Pauline Torongo
8 July 2025
The Broker who says ‘Yes’ when Banks say NO
Business & Finance

When faced with constant loan rejection or last-minute withdrawals of support, Trelos Finance stands out as a solution.

Read more

Common Mistakes When Buying a Telescope — And How to Avoid Them

by Fazila Olla-Logday
1 July 2025
Common Mistakes When Buying a Telescope
Technology

You’ve spent hours scrolling through telescope specs online, dazzled by features and grand promises. The excitement builds—until your newly arrived...

Read more

From Portugal to Bali: Where Aussies Should Go for Your Next Coastal Holiday

by Fazila Olla-Logday
20 June 2025
Source: Flickr
Travel

Aussies, here is a guide to where you should go for your next coastal holiday.

Read more

Leading with Trust: Why Quality still wins in the AI Era

by Pauline Torongo
5 June 2025
Leading with Trust: Why Quality still wins in the AI Era
Business & Finance

If you're leading a software team today, you've likely noticed the shift: faster feature rollouts, routine automation, and AI taking...

Read more

How to Save on Airport Parking: Budget Tips Every Traveller Should Know

by Fazila Olla-Logday
3 June 2025
How to Save on Airport Parking
Travel

Saving money on airport parking can be a challenge,but here are some budget friendly tips to help you navigate.

Read more

Why Australian Investors are Betting on the Aviation Maverick Louis Belanger-Martin

by Pauline Torongo
28 May 2025
Why Australian Investors are Betting on the Aviation Maverick Louis Belanger-Martin
Business & Finance

Bélanger-Martin’s ambitions stretch beyond redefining inflight comfort—they’re rooted in resurrecting the romance of supersonic travel with a modern twist.

Read more

Why a Gluten Free Hamper is simply the Best Gift for a Coeliac

by Fazila Olla-Logday
22 May 2025
Gluten Free Hamper
at

Buying a thoughtful gift can be tricky at the best of times, but when someone has dietary restrictions like coeliac...

Read more
Load More

Copyright © Blue Sky Publications Ltd. All Rights Reserved.
australiantimes.co.uk is a division of Blue Sky Publications Ltd. Reproduction without permission prohibited. DMCA.com Protection Status

  • About us
  • Write for Us
  • Advertise
  • Contact us
  • T&Cs, Privacy and GDPR
No Result
View All Result
  • News
    • Weather
    • Sport
    • Technology
    • Business & Finance
      • Currency Zone
    • Lotto Results
      • The Lott
  • Lifestyle
    • Entertainment
    • Horoscopes
    • Health & Wellness
    • Recipes
  • Travel
  • Expat Life
  • Move to Australia

Copyright © Blue Sky Publications Ltd. All Rights Reserved.
australiantimes.co.uk is a division of Blue Sky Publications Ltd. Reproduction without permission prohibited. DMCA.com Protection Status