HealthEngine Practice FAQs

How does HealthEngine interact with our practice management software?

The HealthEngine appointment connector, which is deployed alongside your PMS, facilitates the exchange of information between your practice and HealthEngine. Use of the appointment connector complies with HealthEngine’s obligations owed under the Privacy Act and as an Australian Privacy Principle entity, and adheres to ADHA operating standards.

How do you ensure data is transferred securely?

HealthEngine takes its responsibility for handling personal information seriously, and we have put measures in place to maintain the integrity of personal information and provide full transparency on our conduct. HealthEngine is bound by the Australian Privacy Principles under the Privacy Act 1988 (Cth) and is committed to ensuring compliance with those requirements.

HealthEngine minimises the amount of data transmitted between our servers and your practice management software (PMS). Data is always transmitted using Transport Level Security (TLS) standards on an as-needed basis. Sensitive data is encrypted at rest, within the database.

Are you collecting data from the PMS regarding non-HealthEngine registered patients?

HealthEngine will only access personal information of non-registered individuals where it has been directed to by the practice customer. In these circumstances, HealthEngine is effectively acting as a messaging gateway. The information enabling the communication to be sent on behalf of the practice customer remains at all times under the effective control of the practice customer. Accordingly, there is no “disclosure” of personal information by the practice customer to HealthEngine.

How does HealthEngine store my patients’ data?

HealthEngine takes its responsibility for handling personal information seriously, and we have put measures in place to maintain the integrity of personal information and provide full transparency on our conduct. HealthEngine is bound by the Australian Privacy Principles under the Privacy Act 1988 (Cth), and is committed to ensuring compliance with those requirements.

When providing its services, HealthEngine minimises the amount of data transmitted between our servers and your practice management software (PMS). Data is always transmitted using Transport Level Security on an as-needed basis. Sensitive data is encrypted at rest, within the database.

How does HealthEngine use patient data?

We use the patients’ personal information for the primary purpose for which it was collected, to provide the services your patient elected to receive.

We may also use the patients’ personal information for secondary purposes, such as where:

The patient has provided express consent for us to do so.

It might reasonably expected for us to do so, for example, auditing or using de-identified and aggregated personal information to identify insights into the Australian healthcare sector.

It is required by law or court order.

When your patients book an appointment through HealthEngine while logged into their account, they can see which practices their information is sent to and when, via the Data & Privacy settings in their account.

You can be assured that everyone at HealthEngine is committed to protecting and respecting your patients’ privacy.

Does HealthEngine sell my patients’ data to third parties?

HealthEngine never has, and never will, sell user databases to third parties. We respect the privacy of our users and appreciate the trust they place in us. Please refer to “How does HealthEngine use patient data” for more information

How safe is my patients’ data from a breach?

HealthEngine prevents the compromise of personal information of both our users and staff by implementing business-tailored, industry-standard security controls and following best practice security advice. We also maximise security by minimising the amount of data transmitted between our servers and your PMS.

Data is always transmitted securely over an encrypted channel (TLS encryption in transit), with sensitive data always encrypted at rest, within the database. We conduct regular penetration testing and security reviews and adhere to Australian Digital Health Agency operating standards.