Protecting patient privacy
At HealthEngine, we recognise that your health information is sensitive.
Explore the ways we’re increasing your account security and what we’re doing to protect you and your data.
HealthEngine's Privacy Pillars
Guiding how we approach privacy at HealthEngine
What you can, and should, expect from us
We’re constantly working to improve our security measures and processes, and take data security into consideration with everything we do.
Protecting your privacy is our top priority, which is why our security measures are under constant review to ensure they remain comprehensive, relevant and as responsive as possible.
Know exactly what information we collect, what it’s used for, and why
If you book an appointment on HealthEngine whilst being logged into your account, you can see which practices your information is sent to, and when. This information is available in your Data & Privacy settings.
Understanding the privacy features we have in place.
Every HealthEngine product includes a privacy summary, explaining how any data you provide will be collected, used, and disclosed.
We’re passionate about keeping your personal information exactly that. HealthEngine is bound by the Australian Privacy Principles under the Privacy Act 1988 (Cth), and is committed to ensuring compliance with those requirements. But our commitment doesn’t stop there.
We have a a dedicated Privacy Officer who is responsible for handling internal and external privacy enquiries, complaints, and access and correction requests, and compulsory staff training and assessments. HealthEngine also undertakes privacy impact assessments for business projects and decisions that involve handling of personal information (such as implementing new technologies) to allow HealthEngine to identify, assess and manage privacy risks across the business, including personal information security risks.
You can rest assured knowing everyone at HealthEngine is committed to protecting and respecting your privacy.
HealthEngine Patient FAQ
We only collect personal information that is reasonably necessary to provide you with the services you have elected to receive. This includes information such as your name, contact details, gender and marital status and basic medical information (allergies, medications and emergency contact details).
When you use the HealthEngine platform, we also collect some technical information such as IP addresses, login data and cookies to provide you with an optimal experience.
We use your personal information for the primary purpose for which it was collected, to provide the services you have elected to receive.
We may also use your personal information for secondary purposes, such as where:
You have provided your express consent for us to do so
It might reasonably expected for us to do so, for example, auditing or using de-identified and aggregated personal information to identify insights into the Australian health care sector.
It is required or authorised by law or court order.
When you book an appointment on HealthEngine while logged into your account, you can see which practices your information is sent to and when, via your Data & Privacy settings in your account.
You can be assured that everyone at HealthEngine is committed to protecting and respecting your privacy.
HealthEngine takes its responsibility for handling personal information seriously, and we have put measures in place to maintain the integrity of personal information and provide full transparency on our conduct. HealthEngine is bound by the Australian Privacy Principles under the Privacy Act 1988 (Cth), and is committed to ensuring compliance with those requirements.
When providing its services, HealthEngine minimises the amount of data transmitted between our servers and a healthcare provider’s practice management software (PMS). Data is always transmitted using Transport Level Security on an as-needed basis. Sensitive data is encrypted at rest, within the database.
HealthEngine does not sell user databases to third parties, please refer to “How does HealthEngine use my data” for more information.
HealthEngine has access to My Health Record as a View Only Portal operator, the lowest level of access to MHR as possible. Accordingly, HealthEngine is permitted to operate an electronic interface that facilitates access to the system and cannot view, copy, store or record any data. HealthEngine does not have any arrangement or agreement in place in which HealthEngine provides user data to My Health Record.
A user who wishes to have their account and personal information deleted must send a request to the HealthEngine Privacy Officer at firstname.lastname@example.org. The user must provide certain details to confirm their identity.
Once we have verified that the identity of the individual, we will then action the request.