Medical centres forcing patients to share their personal data

A recent investigation from CHOICE has uncovered a chain of medical centres is charging more to patients who won’t sign up to its rewards program. From the article:

  • A chain of medical clinics in NSW, Qld and Vic will only bulk-bill patients who sign up to their app and rewards program
  • Patients of the Our Medical clinics are outraged at being forced to choose between signing up or being out of pocket
  • Our Medical’s online privacy policies are broad, vague and allow the sharing of data with ‘third parties’

Read the full story:

What do you think of this practice?


Choice is onto a new tilt. Sign up for the rewards program or pay. Just good old fashioned capitalism finding ever more ways to invoice (or sell information) for a dollar?


From the Choice article.

‘Ethically outrageous’

Melbourne University Professor of Law and co-director of the Centre for AI and Digital Ethics, Jeannie Paterson, says while the practice of charging patients more money for refusing to sign up to an app and share their data was likely not illegal, it was “ethically outrageous”.

She says the policy’s statement that it will share data with third parties is “ridiculously unclear and undefined”, and that using patients data for research and marketing were not what one would expect when signing up for a medical service.

It is hard to say if this belongs with threads on privacy or here, or perhaps a new one “Legal but ethically outrageous”. Who is more to blame the operators or the governments whose foot dragging on privacy legislation allows this kind of thing?


I’ve had concerns arising from medical services which now usually rely on third parties for practice management and customer facing IT. HotDoc is one such third party enterprise consumers will have encountered.

The Guardian report opens up another (unwelcome) level of concern and risk. It’s suggested there is a question of ethics surrounding the approach taken by the business. Has there been any comment from the RACGP or the Australian Medical Board?

1 Like

I use Hotdoc quite happily, and I don’t think I have been on-sold.

Whether we are happy or not HotDoc and their competitors are a third party. It’s been a requirement of several practices we are familiar with to complete an online registration. This has included personal and medical details. I’ve noted for one practice, even when booking over the phone they use their selected third party provider to manage your booking and issue a reminder SMS. One is a participant regardless.

It’s possible all is OK. It relies on including the third party in your circle of trust, and the party not abusing the privilege or exposing your details. Note booking platforms can offer to locate various types of medical services in your area if you ask. Hence a benign request can reveal more about your needs. A booking platform will hold in their history a record of every appointment they have made for you.


Shouldn’t be too hard for the Federal government to stomp on this practice given that the whole system is created by the government in the first place i.e. they set the terms and conditions.

Has anyone asked the Federal government for that?

What does a patient do who does not have a mobile phone? or has a mobile phone that is a dumbphone (can’t run apps)? or has an older mobile phone that is a smartphone but not compatible with current apps?

It would seem likely that those patients who most need bulk billing would be over-represented in the groups to which the previous paragraph applies.

However “forced to use app” and “forced to share personal data” are two overlapping but distinct problems.


Has a smart phone,

In principle how is that any different to the many other transactions we can only or most conveniently do online?

Could we add the risks of support expiring too soon on some lower cost mobile devices, owner understanding of update needs and the risks not universal?

  1. Whether you book a restaurant online or book by phoning them up … you pay the same amount for each dish.

  2. This goes beyond merely “doing something online” because seemingly the patient is being “forced” to “consent” to sharing personal data.

  3. Medical services may be considered to be essential services and in some cases it may be “life or death”. So the leverage that the service provider has is considerably greater to “force” “consent” as compared with, say, a restaurant.

“online” though is not the same as “via an app”. The latter is significantly more intrusive, whereas booking online may not be intrusive at all in and of itself.

And what about when they get hacked?

Depending on one’s technical literacy. It might be worthwhile explaining why that makes a difference if at all? I prefer to use a browser and will login to use a web menu option, rather than an App. I do use some service Apps including that of my energy provider. Call me old fashioned.

1 Like

The information they have for me is limited to the absolute minimum for the appointments to be made and notified. I will never store my payment information there. but it is an option for the unwise. However, there are so many ways for personal info to get out there… I think, unless a person wants to close themselves off from the net entirely, there are no absolutely certain ways to stop it happening.

1 Like

This is true, and my understanding is that a lot of medical information is stored ‘in the cloud’ by central software service providers (I don’t think the linked provider holds clinical records, but have not really reviewed what it offers). This leaves me a little worried about what happens when the provider inevitably gets hacked.

1 Like

That’s true but that doesn’t mean we should ever make it easy for them.


We do what we can, given our own particular circumstances and needs.

1 Like

It doesnt, but I think that records can be transferred from one Practice to another without resorting to Australia Post. I think Genie ( operated much the same way, though I see they have been subsumed by another company so all bets are off. I know of medical practices in Newcastle using these softwares and they trust them…

That is our understanding that they don’t keep medical records but facilitate the transfer from a past practitioner to a new practitioner. We have done such a change in the past month and is what was indicated when completing the HotDoc process. It is worth noting that our new practitioner is waiting for some records to be emailed through. It is my understanding They are emailed (or possibly posted) and not sent through HotDocs.

I expect they keep some personal details such as name, address, previous practitioner details and Medicare card number as these are used to verify the patient records to be transferred. Such details would be kept on their system and shared with both the old and new practioners.

The other function our new practitioner uses if HotDocs is for appointment bookings. We haven’t had experience with this function in the past but will in the future. Booking appointment times is possibly some other data held by HotDocs.

1 Like

Nobody is being forced to share their personal data any more than they would be if going to any other clinic. Is there any justification for the misleading wording used in this heading?

The topic is originally about being coerced into a rewards program to receive bulk billing at one clinic chain. Rewards programs are data collection exercises as much as they are rewards programs because data/information/profiling can be valuable to the marketing industry.

Hotdoc and apps got introduced to the discussion mid-stream. Thus the topic is not misleading, even though the discussion did what many do.


I did not join Hot Doc for the reason that they might pass on the info. I went to a nearby medical centre for my usual 6 monthly blood tests. I have always had two at the same time to save having to have two different needles. 1 for the specialist and 1 for the GP, with different tests. At my last visit to the Medical Centre I was told that they had been advised by MediCare, that they were only allowed to do one test per day, so I had to go back another day. I phoned up another medical centre and they told me that they had never heard of it. I thought at the time it was a furfy at the time, and that proved it. They seem to think we are stupid people. I guess they only want to be able to charge twice. I won’t be going back to the medical centre again for blood tests. How can we trust them?