By Emma Morgan, Research & Evidence Manager
“I’d like to be more intentional and deliberate about health data security and how it affects me. If you know more it helps you, even in the way you hear information.”
“No one wants to think that these things happen, its daunting, the harsh reality is it has happened, it probably is going on, I'd want to know it might happen.”
“It’s not that it’s better for people not to know. Actually maybe if the information was presented differently we could engage more. People may be upset later if they are not informed”
- Quotes from participants
Today, Understanding Patient Data is publishing a new report on public knowledge and attitudes to health data security in direct care settings, as well as co-created specifications for a public-facing explainer resource on this topic.
We worked in collaboration with Kohlrabi who delivered a desk review, deliberative dialogues and co-creation workshops with a diverse sample of members of the general public from across the UK to understand their perspectives on health data security in direct care.
Why did we undertake this research?
Although we know that most people trust the NHS to keep their health data secure, many remain concerned about security threats and there is little awareness or understanding of what is done to keep health data safe. There is a risk that without exploring what people want to know, whether and how these needs can be met, and co-creating potential solutions, these concerns, well-founded or not, can undermine trust in the use of health data. Providing an opportunity for people to access transparent, accessible and understandable explanations about the genuine practices, risks, and successes or failures of health data security, can help inform better quality conversations and decisions. Although progress continues to be made on the standards and measures for data security capabilities across healthcare organisations in line with other sectors, this is not necessarily always well-communicated with the public. Through this project, UPD seeks to help people to understand the basic facts of health data security, to support them to make more informed choices about their own data, and to take a apply a critical lens to information on this topic.
About the Research
Kohlrabi conducted a three-part study:
What did we find out?
The main findings from this research underpin the following four principles for producing and communicating public-facing health data security information, each with implications for the resource development:
Information should feel personal: This research was a reminder of how little public knowledge there is about data security in general. Until participants viewed health data security concepts through the lens of their own lives and started asking questions, their knowledge gaps were filled by faith and assumptions. Becoming informed through relatable examples helped participants feel more in control.
Transparency builds confidence: Participants’ realisation of their knowledge gaps raised feelings of low agency and anxiety, aroused suspicions that information was being hidden, and encouraged seeking answers from unofficial sources. Participants saw no reason for information not to be clearly and comprehensively communicated to them. Many people were pragmatic about data use and its security: risks in life exist and they and the protections in place should be visible.
Proactive assurance of accountability: Participants didn’t just want facts about risks - they wanted improved knowledge and trust that the security safety net was there and that they would be alerted if and when there is a risk to them.
Useful information - now and into the future: Participants had some concerns and questions which had not been anticipated by expert stakeholders. In addition, there was a strong desire for understanding of what a breach might mean for them 1 2 3 4 32 and what practical steps they could take in response. However, while some queries may be answered easily, some are beyond the scope of one resource, and in some areas, the ‘answers’ are changing as society evolves.
Next steps
Understanding Patient Data will take this project forward by working with a creative design agency to further shape and develop the specifications and ultimately produce the recommended resources likely by Autumn 2025. As with all UPD’s resource, these will eventually be available on a CC-BY license for all to use in their own suite of resources too.
UPD will also work to incorporate the recommendations shaped by this public engagement work into our broader policy messaging around health data security and beyond, ensuring that the public view continues to be heard and promoted.
Read the outputs
For more information about the project, including the draft resource specifications, visit our web page here, or download the desk review and research report.
