Australia's biggest medical appointment booking app HealthEngine is facing multi-million-dollar penalties after an ABC investigation exposed its practice of funnelling patient information to law firms.

The Australian Competition and Consumer Commission has launched legal action against the Perth-based company in the Federal Court, accusing it of misleading and deceptive conduct.

In June last year, the ABC revealed HealthEngine was passing on users' personal information to law firms seeking clients for personal injury claims.

The details of the deal were contained in secret internal Slater and Gordon documents that revealed HealthEngine was sending the firm a daily list of prospective clients at part of a pilot program in 2017.

A negative review on HealthEngine's app page complaining about contact from personal injury lawyers. ( Supplied: Apple App Store )

The ACCC has also accused the company of passing the personal information of approximately 135,000 patients to insurance brokers in exchange for payments.

"Patients were misled into thinking their information would stay with HealthEngine but, instead, their information was sold off to insurance brokers," ACCC chairman Rod Sims said in a statement.

The information sold included names, phone numbers, dates of birth and email addresses.

The ACCC has not said how much money the company earned form the arrangement.

The ABC revealed last year that HealthEngine had also boasted to advertisers that it could target users based on their symptoms and medical conditions.

HealthEngine has also been accused of misleading consumers by manipulating users' reviews of medical practices.

Do you know more? Please use this form to get in contact with the ABC Investigations team, or if you require more secure communication, please choose an option on the confidential tips page

Please to get in contact with the ABC Investigations team, or if you require more secure communication, please choose an Text message Pat McGrath using the Signal app +61 436 369 072 No system is 100 per cent secure, but the Signal app can be used to protect your identity by using end-to-end encryption. Please read the terms and conditions of the app to work out if it is the best method of communication for you.

"We allege that HealthEngine refused to publish negative reviews and altered feedback to remove negative aspects, or to embellish it, before publishing the reviews," Mr Sims said.

Among a range of examples, the ACCC alleges that one patient review was initially submitted as:

"The practice is good just disappointed with health engine. I will call the clinic next time instead of booking online."

But when that review was made public, it was allegedly changed to simply read:

"The practice is good."

HealthEngine is facing a fine of $1.1 million for each breach of the law, but the ACCC has yet to determine how many breaches it will allege.

In a statement, HealthEngine chief executive Marcus Tan said the company has made significant changes to its business model.

"These changes were made before HealthEngine was formally advised of any ACCC investigation," he said.

"HealthEngine is confident that no adverse health outcomes were created and that personal information was not shared with referral partners unless the individual had expressly requested to be contacted."

A fine in the millions of dollars would be a huge financial impost for the company, which posted a $13 million dollar loss in the 2017-18 financial year.

HealthEngine, which is part-owned by Seven West Media and Telstra, is yet to file its accounts for last financial year.

The legal proceedings come as the company faces separate investigations by the Office of the Australian Information Commissioner and the Australian Digital Health Agency.