A government health app that processes your doctor visits and prescriptions was also collecting your race and ethnicity. The Google Play listing says so plainly. Why does claiming a Medicare rebate require knowing your racial background? Combined with your health claim history, this creates a profile linking race to medical conditions — held by a government agency that saw a 330% increase in data breaches. The Google Play listing says the Medicare app "doesn't share user data." But Services Australia admits using Google Analytics — which sends your page visits to Google in the US. When you check your doctor visits, prescription claims, or health service history, Google gets to see which pages you navigate. Your health service interaction patterns are flowing through the infrastructure of the world's largest advertising company. But sure, they "don't share data.".
What they claim: The Google Play listing categorises the app's data collection as: "App interactions" collected for "Analytics" purposes.
What we found: In a health claims app, "app interactions" collected for analytics means every tap, scroll, and navigation through your Medicare claims history — which doctors you viewed, which claims you checked, how long you spent on prescription records — is tracked and analysed. This is health-adjacent behavioural data being collected in a health context. Combined with the "no deletion" policy, this interaction history persists indefinitely with no user control.
What they claim: Services Australia states "this app doesn't share user data with other companies or organisations" according to the Google Play listing.
What we found: Services Australia admits it "uses Google Analytics to collect details about the pages you visit and your device" within the Medicare app. Google Analytics sends data to Google's servers in the United States. When you check which doctors you have visited, which claims you have made, or which prescriptions have been processed, that navigation pattern flows through Google's infrastructure. A health claims app is feeding interaction data to the world's largest advertising company.
What they claim: Services Australia says "you decide if you set up a Medicare online account" and "what information you give through the app," implying user control over their data.
What we found: According to the Google Play data safety listing, "the developer doesn't provide a way for you to request that your data be deleted." An app that collects health claims data, personal information, race and ethnicity, and processes it through Google Analytics provides zero mechanism for data deletion. The app was retired in November 2025, meaning years of health interaction data sits in Services Australia systems with no deletion pathway ever provided.
What they claim: Services Australia states the Express Plus Medicare app only collects information necessary "to process and manage claims or provide services or payments."
What we found: The Google Play data safety listing for Express Plus Medicare declares the app collects "Race and ethnicity" data for "App functionality and Account management." A health claims app collecting racial and ethnic data — combined with health claim history — creates a sensitive profile linking race to health conditions. This data category has no obvious necessity for processing Medicare rebates.
What they claim: Services Australia positions the Medicare app as a tool for Australians to conveniently "manage Medicare business online, 24 hours a day, 7 days a week."
What we found: The privacy notice states Services Australia "may use your personal information with automated decision-making systems and tools to help provide services." In the context of a health claims app, this means algorithms may be making decisions about your Medicare claims, eligibility, or service access using your health data, personal information, and potentially your race and ethnicity data — all with minimal transparency about what decisions are automated and what criteria are used.