Protecting patient privacy
At Healthengine, we recognise that your health information is sensitive.
We’re focused on providing the highest levels of security and privacy to protect your data. That’s why we’ve based our approach to privacy on the pillars of protection, trust and transparency.
Explore the ways we’re increasing your account security and what we’re doing to protect you and your data. Plus keep in mind that Healthengine earned ISO 27001 Certification for Information Management Security Systems in October 2022. This is the global standard for information security.
HealthEngine's Privacy Pillars
Guiding how we approach privacy at Healthengine
Protection
What you can, and should, expect from us
We’re constantly working to improve our security measures and processes, and take data security into consideration with everything we do.
Protecting your privacy is our top priority, which is why our security measures are under constant review to ensure they remain comprehensive, relevant and as responsive as possible.
Trust
Know exactly what information we collect, what it’s used for, and why
If you book an appointment on HealthEngine whilst being logged into your account, you can see which practices your information is sent to, and when. This information is available in your Data & Privacy settings.
A full copy of our terms of use, privacy policy, and collection notice can be accessed at anytime.
Transparency
Understanding the privacy features we have in place.
Every HealthEngine product includes a privacy summary, explaining how any data you provide will be collected, used, and disclosed.
Look out for this icon whenever you use one of our products. An easy-to-understand explanation of the privacy attributes is available simply by clicking on the icon.
Personal privacy
We’re passionate about keeping your personal information exactly that. HealthEngine is bound by the Australian Privacy Principles under the Privacy Act 1988 (Cth), and is committed to ensuring compliance with those requirements. But our commitment doesn’t stop there.
We have a a dedicated Privacy Officer who is responsible for handling internal and external privacy enquiries, complaints, and access and correction requests, and compulsory staff training and assessments. HealthEngine also undertakes privacy impact assessments for business projects and decisions that involve handling of personal information (such as implementing new technologies) to allow HealthEngine to identify, assess and manage privacy risks across the business, including personal information security risks.
You can rest assured knowing everyone at HealthEngine is committed to protecting and respecting your privacy.
HealthEngine Patient FAQ
What data does Healthengine collect?
We only collect personal information that is reasonably necessary to provide you with the services you have elected to receive. This includes information such as your name, contact details, gender and marital status and basic medical information (allergies, medications and emergency contact details).
When you use the Healthengine platform, we also collect some technical information such as IP addresses, login data and cookies to provide you with an optimal experience.
You can see more information on the data we collect and how we use it by reading our Privacy Policy and Collection Notice
How does Healthengine use my data?
We use your personal information for the primary purpose for which it was collected, to provide the services you have elected to receive.
We may also use your personal information for secondary purposes, such as where:
You have provided your express consent for us to do so
It might reasonably expected for us to do so, for example, auditing or using de-identified and aggregated personal information to identify insights into the Australian health care sector.
It is required or authorised by law or court order.
When you book an appointment on HealthEngine while logged into your account, you can see which practices your information is sent to and when, via your Data & Privacy settings in your account.
You can be assured that everyone at Healthengine is committed to protecting and respecting your privacy.
How does Healthengine store my data?
Healthengine takes its responsibility for handling personal information seriously, and we have put measures in place to maintain the integrity of personal information and provide full transparency on our conduct. Healthengine is bound by the Australian Privacy Principles under the Privacy Act 1988 (Cth), and is committed to ensuring compliance with those requirements.
When providing its services, Healthengine minimises the amount of data transmitted between our servers and a healthcare provider’s practice management software (PMS). Data is always transmitted using Transport Level Security on an as-needed basis. Sensitive data is encrypted at rest, within the database.
Does Healthengine sell my data to third parties?
Healthengine does not sell user databases to third parties, please refer to “How does Healthengine use my data” for more information.
How is Healthengine and My Health Record connected?
Healthengine has access to My Health Record as a View Only Portal operator, the lowest level of access to MHR as possible. Accordingly, HealthEngine is permitted to operate an electronic interface that facilitates access to the system and cannot view, copy, store or record any data. Healthengine does not have any arrangement or agreement in place in which Healthengine provides user data to My Health Record.
How do I delete my account and remove my personal information from Healthengine?
A user who wishes to have their account and personal information deleted must send a request to the Healthengine Privacy Officer at privacyofficer@healthengine.com.au. The user must provide certain details to confirm their identity.
Once we have verified that the identity of the individual, we will then action the request.