Authored article

Talking with citizens about expectations for data sharing and privacy

We asked a citizen's jury to tell us what uses of confidential patient information it's reasonable to expect. Today we publish the jury's findings and reflect on what they told us.

Citizens' jury deliberating

In January this year, 17 members of the public gathered in Manchester for a 3-day citizens’ jury, which was jointly commissioned by the National Data Guardian (NDG) and Connected Health Cities. The jury was run by Citizens’ Juries c.i.c. working in partnership the Jefferson Center (Community Interest Company). The objective was to explore when people would normally expect their confidential patient information to be used and shared and when they would expect it to be kept private. Today the report of that jury is published.

The individuals in the group came from a variety of backgrounds. They did not know each other beforehand or come with any specific expertise in the use of health and care data. Over 3 days they discussed and debated the issues, on many points reaching consensus, but on others respectfully agreeing to differ.

As well as considering a number of scenarios and whether it would be reasonable to expect data sharing in these, the jury also produced reasoning for their decisions. Importantly they told us not only whether they expected information to be shared or kept private, but also why.

This article provides some background to the project and some initial reflections on what we have learned. The NDG and her panel next intend to produce a further piece of work outlining their further steps on this issue.


The key theme that the jury was asked to consider was ‘reasonable expectations’. This is a concept which has become a touchstone in the common law of confidentiality over recent years. A number of court decisions have used it as a yardstick to judge cases where there is a dispute about whether information about an individual should have been shared or kept private. For example, in 2008 the author JK Rowling won a landmark privacy case in court, with the judge ruling against the publication of unauthorised photography of her children, citing reasonable expectations as the measure:

If a child of parents who are not in the public eye could reasonably expect not to have photographs of him published in the media, so too should the child of a famous parent.

In this and other cases, the courts have used the ‘reasonable expectations’ test to consider whether an individual would have expected information to be kept private in a particular circumstance. The concept can also be used to think about what people might reasonably expect to be actively shared.

The concept of ‘reasonable expectations’ developed by the courts resonates with the principle that there should be no surprises to an individual about how their data has been used. Living up to both, the concept of reasonable expectations requires the health and care system to communicate to patients and service users about data use, to engage in an honest and ongoing conversation and to respect their privacy and choices. The increased emphasis on transparency in the new data protection legislation that was enacted to support the GDPR makes this more important than ever.

The concept of reasonable expectations has therefore emerged as important in work that the National Data Guardian and her panel have been undertaking to examine the circumstances under which health and care data can be legitimately shared, particularly on the basis of implied rather than explicit consent. It has become established practice within the NHS that where direct care is being delivered, identifiable data may be shared to support this care on the basis of implied consent with those with whom the patient has a legitimate relationship.

For example, when a GP refers a patient to a hospital surgeon for a knee operation, the referral will include medical details about the individual patient. She does not need to spell this out to the patient; it is reasonable to believe her patient understands this and has consented to it by agreeing to the referral. Likewise, a nurse caring for a patient in a hospital does not need to seek consent for updating the next nurse on duty about how the patient has been, what medication they have had etc when he finishes his shift. Indeed, it would seem unnecessary and frustrating to the patient if they had to keep agreeing to this kind of information sharing.

There is guidance concerning implied consent provided in the Information Governance Review published in 2013 and in other guidance, such as the General Medical Council’s Confidentiality: good practice in handling patient information. However, the NDG has found uncertainty across the health and care profession around what is permissible under implied consent. Implied consent as a concept is coming under strain as people struggle to navigate decisions about whether it can be used as a legal basis to share information. New technologies and models of care have heightened this issue, and there are concerns that this could lead to patient information being used in ways that would surprise patients and therefore threaten trust.

The NDG held 2 seminars in 2017 in conjunction with Sheffield Solutions to explore how health and care professionals may share personal data in line with patients’ reasonable expectations. Lawyers, ethicists and health and care professionals came together to discuss the approaches to ensuring patient data to support direct care is shared on an appropriate legal basis.

The seminars confirmed that health and care professionals did indeed perceive challenges around the use of implied consent as a legal basis for sharing data to support care. Many of those present believed that the legal concept of ‘reasonable expectations’ might help to deal with the challenges to this.

The seminars looked at whether reasonable expectations could be progressed as a legal basis in their own right (i.e. instead of implied consent), or whether they should be progressed as a facet of implied consent, with more emphasis laid on the importance of reasonable expectations in professional guidance and practice. There were mixed views, but the proposition with the most support was that both of these options should continue to be explored.

Through all this work, the NDG’s approach has been on looking at the concept of ‘reasonable expectations’ through the eyes of the patient. The importance of understanding and respecting the wishes and views of people who entrust information in confidence to those providing them with care, makes their expectations the right touchstone for these considerations. This is why the NDG was very pleased to work with Connected Health Cities on a citizens’ jury.

Why a citizens’ jury?

The NDG joined forces with Connected Health Cities to run a citizens’ jury to explore the concept of reasonable expectations. Connected Health Cities uses the information and technology that already exists in the health and social care system in a trustworthy way, to improve health and ensure services are more integrated. Its aims, therefore, are consistent with the concept of reasonable expectations.

We thought that conducting a citizens’ jury was the right approach to take for this public engagement exercise, as it would allow us to speak meaningfully with a cross-section of the public for several days to cover the subject in great depth and reach conclusions. Citizens’ juries are based on the premise that, given time, opportunity, support, and resources, members of the public are capable of arriving at decisions about complex matters.

What the jury told us

Over the 3 days, different information sharing scenarios (described in the report) were put to the jury, who were asked to decide whether it was reasonable for a patient to expect sharing, or to expect privacy in that data-sharing scenario.

The scenarios and questions were designed to replicate the reasonable expectation test that a court might apply when considering whether there had been a breach of common law. In a court that would be whether ‘an average person of normal sensibilities’ would have a reasonable expectation that the information they have provided would be kept private and not shared – not necessarily whether they would expect sharing in the sense of anticipating every aspect and detail of the data sharing. But rather whether, given the circumstances of the situation, they found the sharing of data both surprising and unacceptably so.

The jury was asked to consider the uses of the data relating to a fictional patient we called Anita. Anita initially goes to the GP with an eye problem. The scenarios follow her and her data through various parts of the health and care system and at each point the jury was asked whether Anita would have reasonably expected privacy or sharing. She was our ‘average person of normal sensibilities’ and the jury was asked to consider the scenarios from her perspective.

Today we publish the jury findings. It was interesting to note that a majority of the jury said data-sharing would be reasonably expected in all but one of the scenarios (where Anita’s GP encounters her husband and discusses her case), although the numbers expecting sharing or privacy did vary across the scenarios.

The jurors were very supportive of data-sharing with implied consent for routine, direct care scenarios such as:

  • a GP sending referral data to a hospital
  • a hospital doctor looking at the referral to triage
  • a social worker accessing information about the hospital referral before his appointment with the patient
  • the patient’s case being discussed by a multi-disciplinary team in order to plan her care

The reasons they gave for supporting such information-sharing were based on an understanding that better information-sharing benefits those receiving care. They thought it would provide a fuller picture of the patient and the care options available to them, thereby promoting better decision making for clinicians, timelier treatments and interventions, and safeguarding from misdiagnoses and mistakes.

In line with other citizens’ juries and public attitude work, the jury was also supportive of the use of confidential patient data for altruistic reasons other than direct care, such as developing new tools for health and care or helping with the diagnosis of other patients.

They cited the importance of contributing to future research and advancing the knowledge of health professionals. They also referenced the importance of doing something for the ‘greater good’ to benefit the public. While still said to be within reasonable expectations by a majority, 2 scenarios that did create higher levels of discomfort for some jurors were related to administrative tasks carried out by non-clinical staff to support the delivery of individual care. In both cases, several jurors expressed an expectation of privacy in the vote taken at the end of the jury.

They expressed a concern that the information shared with administrative staff might be disproportionate to the task, explaining that if it was a restricted set of information (i.e. not the full medical record) they would support the sharing. However, there was also recognition that the handling of patient information by non-clinical staff was necessary to run the system and make the most effective use of clinical resources.

The scenarios where information was sent to assist the diagnosis of another patient, or the sharing of data to enable a university to develop artificial intelligence software, also had comparatively higher numbers of jurors being unsure or expecting privacy, at the beginning of the jury. By the end of the jury, however, when the uses and safeguards had been explained, a majority were comfortable with these uses.

So what did we learn?

The jury shared some clear reasons why they would expect sharing or privacy, broadly focused on supporting the outcomes that they would want to see for individuals, the health and care system, and society more generally. We believe that these are useful further insights into what members of the public expect in relation to data sharing, and what factors are important to citizens in regard to their confidential health information.

Importantly, the jury also demonstrated to us that the legal concept of reasonable expectations – which is based on an abstract judgement of what ‘a person of ordinary sensibilities’ might expect or be ‘broadly aware of’ – is a difficult subject to discuss. This was evidenced by the fact that the jurors gravitated more to considering whether the ends of the data-sharing were desirable (and if so how much data-sharing was necessary to achieve those ends) rather than whether it could be reasonably expected. Although the facilitators continued to emphasise the concept of ‘reasonable expectations’, the jury’s discussions tended to focus more on whether they supported the purpose of the data sharing in the various scenarios presented to them.

We also feel that the exercise demonstrated the importance of communication with the public about the value of data. During the 3 days of discussion, the jury was not asked to consider how much information should be provided in order to provide a basis for patients’ expectations around data-sharing. However, it was notable that, especially where information is being used in ways which go beyond traditional or well-known uses, the views of jurors changed during the 3 days of discussion as they had the chance to talk to ‘witnesses’ such as doctors, researchers, and administrators who use patient data day-to-day. The number of jurors expecting privacy, or who were unsure, was higher at the beginning of the jury than at its end, when the uses and safeguards had been explained to them.

We are of the view that there is a dynamic element when considering what are reasonable expectations. The provision of good information to patients and service users allows expectations to be informed. The more we provide transparent and well-designed communications about data usage, the more confident we can be of where reasonable expectations might lie. Where data is being used in novel or controversial ways, the need to provide information to patients and service users is likely to be higher.

By placing the expectations of the patient at the centre of discussions about how confidential patient information may be used, by acting consistently according to well-understood professional norms, by listening to members of the public such as our jury about what they want to see and by communicating well so that people’s expectations are informed, the health and care system (or indeed any data use initiative) will be taking steps to ensure that it is acting in a way that is trustworthy.

Dame Fiona Caldicott, National Data Guardian and Dr Mary Tully, Director of Public Engagement, Connected Health Cities

Published 13 August 2018