HealthEngine, a Telstra-backed online appointment-booking service, has been sharing medical information with personal-injury law firm Slater and Gordon, according to an ABC report.

The information has reportedly been used for targeted advertising, seeking clients for personal injury claims. The news has brought strong condemnation from Electronic Frontiers Australia and other groups with an interest in privacy issues, who fear HealthEngine may also have a data sharing arrangement with the Government’s MyHR medical records system.

According to the ABC, the Slater and Gordon “referral partnership pilot” saw HealthEngine give the law firm details of around 200 clients a month between March and August last year.

The broadcaster said that 40 HealthEngine users ultimately became Slater and Gordon clients – though it’s not known if they have won their cases.

HealthEngine is reportedly part-funded by Telstra and Seven West Media.

The company maintains that it only passed on the details of users who had consented to their information being shared with “a third party”.

“Consent to these referrals is not hidden in our policies but obtained through a simple pop-up form during the booking process or provided verbally to a HealthEngine consultant,” HealthEngine has stated.

It added: “We do not provide any personal information for the purposes of a referral without this consent.”

Nonetheless the news of HealthEngine’s actions have brought strong denunciation by Electronic Frontiers Australia and others, who noted that the ABC report said that HealthEngine also has a data-sharing arrangement with the Federal Government’s My Health Record (MyHR) digital media record system.

“The precise nature of this data-sharing arrangement must be made public immediately,” said EFA last night.

“The Government is making MyHR mandatory, except for a short once-only opt-out period, and the public must know what our heath data is going to be used for if we are to have confidence in this system.”

Added Kat Lane, vice chair of the Australian Privacy Foundation: “Data on the Government’s MyHR can be downloaded to a GP system and is then freely available – no controls, no audit trail – including potentially to apps such as HealthEngine.”