EOFY Sale · Save up to $750 off your legals · Ends 30 June

Claim offer
Selected cases

Federal Court of Australia · [2020] FCA 1203

ACCC v HealthEngine

A Federal Court case about misleading platform conduct involving patient data, insurance referrals and online reviews.

Federal Court of Australia20 Aug 2020

Plain-English explainers, not legal advice. Check the linked official source before you rely on a specific section, and get advice for your situation.

Get legal help

Start here

Quick read

  • Data-sharing and review systems need to be designed honestly.
  • A Federal Court case about misleading platform conduct involving patient data, insurance referrals and online reviews.

Use this to check

  • Referral arrangements involving customer data need clear disclosure.
  • Reviews and ratings must not be edited or filtered in a misleading way.
  • Privacy, product and consumer law risks often overlap in digital platforms.

Decision snapshot

  1. 1

    What happened

    • HealthEngine operated an online health booking platform.
    • The ACCC case concerned two connected practices: giving non-clinical patient information to private health insurance brokers without adequate disclosure, and publishing patient reviews in a way that created a misleading impression.
    • HealthEngine admitted that information from more than 135,000 patients was provided to brokers during the relevant period.
  2. 2

    What the court had to decide

    • The Court had to deal with admitted misleading conduct connected to insurance referral disclosures and patient review practices.
    • The practical question was whether HealthEngine's platform gave users an accurate impression of how their information and reviews were being used.
  3. 3

    What the court decided

    • The Federal Court ordered HealthEngine to pay $2.9 million in penalties and make corrective orders, including contacting affected consumers.
    • The decision became a practical warning that consumer law can bite where data disclosure and review practices are not transparent.

Practical impact

Practical read

  • Data-sharing and review systems need to be designed honestly.
  • A privacy disclosure problem can also become misleading conduct where users are not clearly told how their information or reviews will be used.

Useful next steps

  • Referral arrangements involving customer data need clear disclosure.
  • Reviews and ratings must not be edited or filtered in a misleading way.
  • Privacy, product and consumer law risks often overlap in digital platforms.
  • Map every data-sharing arrangement that creates referral or commission revenue.
  • Make consent and disclosure copy specific enough for ordinary users.

Practical read

HealthEngine is a data product case, not just a health-sector case. The platform collected information in the course of helping people book appointments, then used parts of the user journey for insurance referral arrangements and public reviews. The legal problem was that users were not given the clear picture they needed.

For startups and marketplaces, the lesson is direct: consent flows, referral revenue, reviews and ratings are legal features. They need product design, plain-language copy and operational controls, not a privacy policy sitting alone in the footer.

Checks to run

Key points

  • Map every data-sharing arrangement that creates referral or commission revenue.
  • Make consent and disclosure copy specific enough for ordinary users.
  • Do not suppress, rewrite or selectively publish reviews in a misleading way.
  • Review product flows and privacy wording together before launch.

Key takeaways

  • Referral arrangements involving customer data need clear disclosure.
  • Reviews and ratings must not be edited or filtered in a misleading way.
  • Privacy, product and consumer law risks often overlap in digital platforms.

Related topics

Privacy & DataConsumer Law & Trading

How Sprintlaw can help

Privacy PolicyWebsite Terms and Conditions