Iceland, Sweden, Norway and the UK provide case studies of where initiatives have raised public outcry because of a failure to fully comprehend social expectations about the use of health data online. Our theory is that when data collected for health reasons is used in other contexts, or data collected for other purposes is used in the context of healthcare, a boundary is breached. This challenges the contextual integrity of the data (that is, considering the specific values and expectations linked to data collected for a particular reason and how they change if the reason or situation for collecting data changes), and thus may threaten public trust.  The research team will conduct  an international empirical study to understand what privacy and data protection oversight and governance mechanisms people would like to have in place when their medical information is used for multiple research purposes.

In the 21st century, successful healthcare delivery and medical research are increasingly dependent on the collection and distribution of information through digital and electronic means, including computerised health records that are accessed and distributed through online platforms mobile applications among other avenues. The ability to move data in this way brings benefits for healthcare, research, and society, but introduces new risks associated with the misuse or improper access of data. Researchers in Sweden, Iceland, Norway and the UK are working together to investigate these issues and explore public attitudes in the project titled ‘Governance of health data in Cyber Space’.

We propose that when data collected for health reasons is used in other contexts, or when data is collected for other purposes and is used in the context of healthcare, it crosses a boundary. Ensuring that the laws surrounding data use are acting in the interest of society requires an in-depth investigation about whether the current laws, regulations and policies appropriately protect data from misuse when it crosses boundaries, and what needs to change.

For this it is important to open up a dialogue with the public so that we can understand what they perceive the risks and benefits to be when they volunteer information in different circumstances, how they expect their data to be used, in what situations they would choose to deny data access, and how those factors shape decision making. The central aim of this project is to develop recommendations aimed at ensuring that the exchange of data in cyberspace meets social expectations regarding the security and privacy of health data, while enabling the benefits this data could bring to society. We will be running focus groups and an online survey with people from different areas of society to discuss the use of data in different situations, with the hope of identifying social expectations about the use of health data digitally.