Clarification: HealthShare’s consultation tool does not pass any patient data on to third parties without permission.
HealthShare rang us up pretty quickly after we published our top 10 spine-chilling privacy clauses to point out something that was perfectly reasonable to point out: while a lot of the clauses we published related to how loose a lot of healthcare providers were being with their data in terms of third party use, BetterConsult do not hold (for long) or pass any patient data on to any third parties, unless expressly permissioned.
According to Rami Weiss, Healthshare’s cofounde,, the group deletes any patient data they collect within 72 hours of collecting it (unless a patient permissions them to use it for other purposes) so they don’t have to worry about the sort of toxic problems holding onto that sort of data can cause a company later down the track.
We actually hadn’t suggested anywhere in the story that they did pass on their data to third parties, but we agree it’s reasonable distinction to be making clear, given the context of most of the rest of the list.
Here is the relevant clause in their policy which points this out.
For the avoidance of doubt, BetterConsult will not send, transfer or disclose any Personal Information about Patients or Practitioners to third parties (beyond those required to perform the Services) unless the Patient or Practitioner has provided their express consent. BetterConsult will also promptly delete identifying Patient and Practitioner information associated with each pre-consultation questionnaire at a scheduled time after the Practitioner has completed their consultation with the Patient.
“Not only are we legally committing to not passing on personal information to third parties but we are also committing to deleting the personal information after the doctor has finished their consult with their patient,” Mr Weiss said.
“This is night and day different from all these other companies [TMR] listed and especially in light of the recent data breaches we are very happy we have pursued this approach,” he said.
The clauses we published from BetterConsult weren’t actually from their privacy policy but from their “Terms of Use” for patients.
BetterConsult assists in optimising patient engagements by getting a lot of information into the hands of a doctor before a consult even starts. Given the pressure on GP practices, every bit of optimisation counts these days, so it’s not a bad idea.
The inclusion of the “terms of use” clause was meant to be making a different point about data protection to the one being made by all the examples of loose third-party clauses.
That was that the detailed data generated by the platform was being passed into unaudited often very poorly protected and usually on-prem software instances in GP practices.
In some ways it might be better if HealthShare didn’t wash their hands of the data created by BetterConsult but protected it in a much more secure cloud instance for their practice clients to access when needed, but doing this of course, would risk the problem of a hack on a grand scale at some point with HealthConsult holding all the liability.
In fairness to Healthshare, there are a lot of other software products that do what they do – generate more detailed patient data and hand it off into the GP patient management system. Just check out the integrations list for Best Practice and Medical Director.
Healthshare argued that if you couldn’t really trust most GP installations to protect their data adequately – they have too in their business model – then how could you do anything with data at this level.
It’s a very good and important question, a whole other story and pretty much the point we were awkwardly trying to get across.
Not withstanding, BetterConsult’s “terms of use” clauses aren’t on par with the other ones we published in our “spine chilling” list so we have cut them from it.
