Skip to main content

Trust and ethical data handling in the healthcare context


Current practices for regulating the processing of personal data are oriented principally towards notions of governance, risk management, and regulatory compliance - based on data protection laws that have, in some jurisdictions, been in place for decades. Despite this framework, individuals are likely to encounter uses of their personal data which, while legal, may appear to lack fairness or legitimacy. Such uses may lead us to conclude that third parties are failing to take due account of our wishes and preferences. An organisation’s handling of personal data might fall short of our expectations in a number of ways, such as through over collection, insufficient care, unexpected or unwelcome use, or excessive sharing. For data controllers, greater focus on ethics (beyond legal compliance), might align them more closely with the expectations of their users and customers. Ethics has been core to the practice of medicine at least since the formulation of the Hippocratic oath [1], but the digital era introduces new risks which require ethical responses. Guidance for data controllers should be based on a clear understanding of digital privacy and its complexities, so that abstract notions of trust and ethics can be transformed into applicable principles and practical measures, while reflecting the diverse stakeholder motivations and interests. This article explores the trust-related factors and challenges that arise from the digital and online processing of personal data, particularly in the context of healthcare. The article proposes ethical principles, and approaches and resources for putting those principles into practice.

This is a preview of subscription content, access via your institution.


  1. A reference to Donald Rumsfeld’s epistemological taxonomy, in a 2002 briefing.

  2. For the purposes of this paper, by “data controller” I mean an entity which collects and uses (personal) data in ways covered by data protection legislation; by “data subject” I mean an individual to whom personal data relates (I use “subject” in the grammatical sense, rather than in the sense of subordination to the data controller).

  3. An analogous example: Blackmailers threaten to delete organisations’ data unless ransom is paid.

  4. An illustrative but far from exhaustive sample of privacy violations and resulting harms, from a relatively privacy-conscious province.


  1. North M. On "Greek Medicine - The Hippocratic Oath" U.S. National Library of Medicine, 02 July 2012. 2012. Accessed 19 June 2017.

  2. Albanesius C. On 2013. Accessed 16 Dec 2016.

  3. Komando K. On 2014. Accessed 16 Dec 2016.

  4. Raiche R. On 2015. Accessed 16 Dec 2016.

  5. Hope C. On 2007. Accessed 16 Dec 2016.

  6. Kende M. Global internet report. 2016. Accessed 16 Dec 2016.

  7. Hill K. On 2012. Accessed 16 Dec 2016.

  8. Singer S. In 2012. Accessed 16 Dec 2016.

  9. McCullagh M. In 2013. Accessed 16 Dec 2016.

  10. Nissenbaum H. Privacy as contextual integrity. Wash Law Rev 2004.

  11. Author. Four Ethical Issues In Online Trust. Internet Society. 2014.

  12. Christl W, Spiekermann S. Networks of control. 2016.

  13. Lee R, Carlisle A. Detection of falls using accelerometers and mobile phone technology. 2011.

  14. Yoshida T et al. Gait analysis for detecting a leg accident with an accelerometer. 2006.

  15. Rumsfeld D. US Department of defense news briefing transcript. 2002. Accessed 19 June 2017.

  16. Hasselbalch G, Tranberg P. Data ethics, the new competitive advantage. Libris, Copenhagen; 2016.

  17. Ramesh R. NHS disregards patient requests to opt out of sharing medical records. 2015. Accessed 20 Dec 2016.

  18. Cavoukian A. Privacy by design - applying the 7 foundational principles. 2011. Accessed 19 Dec 2016.

  19. CNBC. 2016. Hackers blackmail US Police Departments Accessed 1 Oct 2016.

  20. Ontario Star. Hospital privacy violations go unreported. 2015. Accessed 1 Oct 2016.

  21. Helsinki Declaration. World medical association. 1964. Accessed 1 Oct 2016.

  22. Mitscherlich, A., & Mielke, F. Doctors of infamy: The story of the Nazi medical crimes. New York: Henry Schuman; 1949.

  23. Belmont. US Dept of Health and Human Services, The Belmont Report. 1978.

  24. Menlo. US Dept of Homeland Security, The Menlo Report - Ethical Principles Guiding Information and Communication Technology Research. 2012.

  25. Narayanan A, Shmatikov V. Robust de-anonymization of large sparse datasets. 2006. Accessed 1 Oct 2016.

  26. Dwork C, Roth A. The algorithmic foundations of differential privacy. Foundations and Trends in Theoretical Computer Science. 2014;9(3–4):211–407.

    MathSciNet  MATH  Google Scholar 

  27. Spiekermann S. Ethical IT. Innovation: Auerbach; 2016.

    Google Scholar 

  28. Dennedy M. The privacy Engineer's manifesto. Springer; 2014.

  29. Cavoukian A. Twitter. 2016.

  30. Warren S, Brandeis L. Harvard Law Review. 1890. Accessed 1 Oct 2016.

  31. Cooley T. A treatise on the law of torts. Chicago: Callahan & Co.; 1888.

    Google Scholar 

  32. European Commission. Directive 95/46 Article 1, and Preamble para. 2. 1995.

  33. Internet Society. Why privacy matters. 2017.

  34. Kobie N. Why the cookies law wasn't fully baked. 2015. Accessed 20 Dec 2016.

  35. Doliner M. Safari invalid certificate handling sucks. 2016. Accessed 20 Dec 2016.

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Robin Wilton.

Ethics declarations

Conflict of interest

The author declares no conflict of interest.


There is no funding source for this article.

Ethical approval

This article does not contain any data, or other information from studies or experimentation, with the involvement of human or animal subjects.

Informed consent

Not Applicable.

Additional information

This article is part of the Topical Collection on Privacy and Security of Medical Information

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Wilton, R. Trust and ethical data handling in the healthcare context. Health Technol. 7, 569–578 (2017).

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI:


  • Trust
  • Ethics
  • Personal data
  • Healthcare data
  • Ethical data handling