Trust and digital privacy in healthcare: a cross-sectional descriptive study of trust and attitudes towards uses of electronic health data among the general public in Sweden
BMC Medical Ethics volume 23, Article number: 19 (2022)
The ability of healthcare to protect sensitive personal data in medical records and registers might influence public trust, which in turn might influence willingness to allow healthcare to use such data. The aim of this study was to examine how the general public’s trust relates to their attitudes towards uses of health data.
A stratified sample from the general Swedish population received a questionnaire about their willingness to share health data. Respondents were also asked about their trust in the management and protection of electronic health data.
A large majority (81.9%) of respondents revealed high levels of trust in the ability of healthcare to protect electronic patient data. Good health was associated with significantly higher levels of trust compared to bad health. Respondents with low levels of trust were significantly less willing to allow personal data to be used for different purposes and were more inclined to insist on being asked for permission beforehand. Those with low levels of trust also perceived risks of unauthorized access to personal data to be higher and the likely damage of such unauthorized access worse, compared to those with high levels of trust.
Trust in the ability of healthcare to protect electronic health is generally high in Sweden. Those with higher levels of trust are more willing to let their data be used, including without informed consent. It thus seems crucial to promote trust in order to be able to reap the benefits that digitalization makes possible through increased access and use of data in healthcare.
Trust has long been recognized as an important factor for successful interaction in relation to many societal institutions [1, 2]. Its importance has been further stressed in relation to acceptance of expanded access to personal information . Trust is arguably particularly important in the context of healthcare, where people may turn up when they are especially vulnerable and where they need to rely on others on important and personal matters . Since distrust may reduce patients’ willingness to accept others’ access to and use of their personal data, trust has been pointed out as an essential aspect of successful use of electronic health records and other electronically stored health information [5, 6].
Trust in healthcare may refer to trust in healthcare providers and individual medical experts or trust in the healthcare system as a whole . Trust in health care varies between countries . As for variations within countries, a Swedish study indicates that such differences in trust among the general public are primarily associated with micro-level issues, such as interpersonal relationships and the communication skill of healthcare providers—for instance, the patients’ perception of being listened to and taken seriously .
Trust in healthcare is usually associated with patient expectations being met in a benevolent manner and patients being offered treatment when needed [4, 5]. Distrust may be a result of previous expectations not being met or with the absence, in the eyes of the patient, of a shared understanding [4, 5]. Trust might colour patients’ perception of interpersonal relationships and outcomes of treatments . High levels of trust might develop into positive feedback loops where trust is continually strengthened; perceptions and attitudes influence behaviour, which in turn affects treatment outcome, which influences perceptions and attitudes, which influence behaviour, and so on . Low levels of trust might work in the opposite way, developing into negative feedback loops . Those who have high levels of trust in healthcare probably seek healthcare when needed, and high levels of trust might also facilitate adherence to treatment. If so, high levels of trust will have beneficial consequences for patient safety. Expected effects for patients with low levels of trust are in many respects the very opposite .
The area of e-health and the number of applications of digital solutions in healthcare are growing rapidly, with analysis of data on individuals’ health being a cornerstone. This development gives rise not only to benefits to individuals and society, but also to privacy concerns. Benefits for individual patients include more efficient and safer healthcare, increased possibilities for patient involvement, and more personalised treatments through the use of big data analytics [11,12,13,14]. Benefits for the collective, future patients, and society at large include improved possibilities for research on new treatments and organisational methods, quality assurance, identification of suitable treatments, preventive measures for specific groups, and so on [11,12,13,14].
Privacy is a broad concept, linked with issues such as secrecy and confidentiality, the protection of data from unauthorized access, and the individual’s own control of personal information [15,16,17]. The present study concerns the use of electronic health data and the general public’s attitudes relating to privacy. While the relevance of trust has long been stressed in the healthcare context in Sweden as well as internationally [7, 18, 19], there is still a lack of knowledge regarding trust and willingness to share personal health data. How does trust come into play and what are its effects?
The aim of the present study was to examine the association between the general public’s trust in how healthcare manages and protects electronic health data and their attitudes towards different uses of their electronic health data from medical records and health registers. Specific questions of the present study were:
Does the general public trust how healthcare manages and protects electronically stored health data?
Does the individual’s level of trust in healthcare correlate with attitudes towards use of electronic health data for different purposes, and the disposition to demand informed consent?
Does current trust in healthcare correlate with the estimation of the risk of unauthorized access to health data, and the seriousness of such access?
What background factors, if any, are particularly associated with trust in healthcare?
The present cross-sectional study is based on a questionnaire survey developed and distributed by The Swedish Agency for Health and Care Services Analysis, which also presented overarching results in a report in Swedish . Based on a reanalysis of data from this (first-time) survey, a paper investigating attitudes concerning the use of personal health data has previously been published . The present study is also based on a reanalysis of data, specifically relating to issues of trust.
The study sample consisted of a stratified selection (with 30 strata) of the Swedish population, 18 years old and above (n = 5460). Stratification concerned age and geographical area. Stratification was motivated by the fact that certain age groups tend to respond less frequently than others to questionnaire surveys and the ambition to obtain enough answers for statistical analysis also from members of those groups . The response rate was 30% (n = 1645/5460).
The questionnaire contained 60 questions. Ten of these concerned the respondents’ background and three concerned previous experiences of healthcare, while the rest concerned views and opinions in six areas: the individual’s access to her medical records; access to medical records within the healthcare system; the individual’s control over her medical records; the use of the medical record for other purposes than the individual’s own care; registries and databases where health data is collected; and privacy risks of health data. Three of the questions on views and opinions allowed free-text responses. Out of the ten questions on background, one concerned trust and seven were considered relevant for trust and therefore used in the present paper (see Table 1). The remaining two background questions were not considered useful for analysis in this paper due to how they were phrased.
In the present study, we focused on issues relevant for trust in healthcare and how trust might influence the respondents’ attitudes and judgments. We examined associations between stated levels of trust in healthcare and respondents’ inclination to allow the use of information from their medical record for quality assurance, medical research, and educational purposes—with or without informed consent. Moreover, we investigated to what degree current levels of trust influenced their estimation of risk of unauthorized access and severity of consequences if electronic health data are exposed to unauthorized access. All questions analysed in this study can be found in Additional file 1: Supplementary materials.
Trust in healthcare was in the questionnaire specified as trust in how healthcare manages and protects electronically stored health data from unauthorized access. Trust in this context refers to current trust and how it might influence judgment and attitudes.
In the analysis, responses stating high or rather high levels of trust in healthcare were collapsed into high level of trust. Correspondingly, responses stating low or very low levels of trust were collapsed into low level of trust. These two categories were of central interest in the analyses made in the paper. Results are presented as the proportion of respondents with high levels of trust versus respondents with low levels of trust in relation to different background variables (Table 1) and to questions on specific topics, such as accepted data use and informed consent (Tables 2, 3, 4). The results are presented as proportions with a 95% confidence interval; differences between confidence intervals not overlapping each other are considered as significant, comparable with a hypothesis test with a significance level of < 0.05.
Responses such as “I don’t know” and “I don’t have an opinion” were excluded from the analyses. The number of survey respondents providing such responses, together with respondents choosing not to answer the question at all, can be deduced from the tables where the number of respondents of each question is reported.
The study was approved by the research ethical review board in Stockholm (reference number 2018/872-31/5) and was conducted in accordance with relevant legislation and ethics guidelines.
About four fifths of the respondents, 81.9% (95% CI: 80.0–83.8), stated that they had a very or rather high level of trust in how healthcare manages and protects electronic health data from unauthorized access. Corresponding proportion regarding trust in Swedish authorities in general was 70.6% (95% CI: 68.4–72.8).
Among those who stated that they experienced a good or very good health, 84.2% (95% CI: 82.1-86.3) also stated that they had a very or rather high level of trust in healthcare, compared to those who stated that they experienced a bad or very bad health, where only 66.7% (95% CI: 55.8-77.6) also stated that they had a very or rather high level of trust in healthcare. Respondents’ perception of their own health was the only background factor of those we analysed (sex, age, education, health, self-estimated knowledge of the use of medical records within healthcare, and own experience from working in healthcare) that made a significant difference between those with high and low levels of trust (Table 1).
Trust and the use of electronic health data with and without informed consent
A majority of the respondents stated that they were prepared to allow the use of digital information from medical records and health registers for quality assurance of healthcare, for research purposes, and for clinical education under certain conditions. The level of trust in healthcare was associated with respondents’ willingness to allow these uses with and without informed consent. Significantly more of those with high levels of trust accepted the use of health data without informed consent compared to those with low levels of trust. The proportion requesting informed consent was higher for both high-level and low-level trusters when asked about use for medical research and even more so for clinical education, compared to use for quality assurance (Table 2).
Trust and estimation of risks and severity of consequences
The relations between respondents’ trust in healthcare and their estimations of (a) the risk of unauthorized access when healthcare units share medical records and (b) the severity of the consequences if their medical records were to be exposed to unauthorized access were also examined. Those with high levels of trust estimated the risks as significantly lower [26.6% (95% CI: 23.8–29.4)] than did those with low levels of trust [59.3% (95% CI: 52.6–66.0)]. Those with high levels of trust also thought consequences would be serious if unauthorized persons accessed their medical records [30.3% (95% CI: 27.4–33.2)] to a significantly lower degree than those with low levels of trust [54.0% (95% CI: 47.3–60.7)] (Table 3).
The estimation of how serious different kinds of unauthorized access would be was also investigated in relation to trust. A difference between those with high and those with low levels of trust was identified. This difference varied depending on the nature of the unauthorized access. Staff reading information from a patient’s medical record without having a professional need to do so was considered a more serious action by those with low compared to those with high levels of trust. The more serious the action was considered to be by all respondents, the lesser the difference in estimation of seriousness between the groups. For instance, there was no significant difference among the two groups if the action concerned hackers who got access to electronically stored sensitive personal information and spread it (Table 4).
The level of trust is high and seems to influence views on health data use
The results of this study suggest that there is considerable trust in Swedish healthcare and its ability to protect electronic health data among the respondents. Prior results show that the Swedish population has a significantly higher level of trust in healthcare as well as in other public authorities compared to other European countries and to the U.S. [8, 21, 22]. However, the results of this study also show that the respondents’ attitudes towards the use of their health data varied with their level of trust in healthcare. Those with low levels of trust were less willing to allow personal data to be used for different purposes and were more inclined to insist on being asked for permission beforehand. Those with low levels of trust also perceived risks of unauthorized access to personal data to be higher and the likely damage of such unauthorized access worse, compared to those with high levels of trust. Our interpretation is that trust influences attitudes and judgments in these respects.
Among both those with high and those with low levels of trust, rather few respondents rejected use of medical records for quality assurance, medical research, or clinical education purposes, i.e., for uses beyond their own immediate health interests. However, among those with high levels of trust, the proportion of respondents rejecting such uses was lower than among those with low levels of trust. There was a tendency among both those with high and those with low levels of trust to perceive quality assurance as a more acceptable use than medical research and even more so than clinical education purposes, even though the latter group was less positive than the former towards all uses. Quality assurance might perhaps be understood as more directly linked to the quality of present patients’ care, whereas research might be understood as generating less immediate benefits. Although it should be obvious that clinical education is a precondition for the existence of professional healthcare and high-quality treatment, use of data for educational purposes was treated with greater caution by the respondents.
Also a majority of those with high levels of trust regarded informed consent as a precondition for accepting that their medical record be used for medical research or clinical education. Nevertheless, trust seems to have influenced the responses, since those with low levels of trust to a greater extent considered informed consent a precondition for their approval. This is in accordance with previous studies [23, 24].
If our analysis is correct, it is imperative to maintain and increase the level of trust among the public, as this seems to be a precondition for broad acceptance of the use of health data for purposes of important social value beyond the benefits of the individual patient. Mechanisms of trust therefore warrant further study .
Levels of trust associated with self-reported health
A surprising result was that self-reported good health was associated with high levels of trust while self-reported bad health was associated with lower levels of trust. One explanation of this result could be that those with good health have fewer contacts with healthcare and therefore fewer potential occasions where they might get disappointed, while those in poor health have more contacts with healthcare and to a greater extent lose trust due to experienced realities. However, the result disagrees with some prior findings for which the opposite pattern of explanation was offered in . Based on our result, we suggest that one’s trust in how healthcare handles electronic health data is influenced by one’s general trust in healthcare. It is known from previous studies that patients with negative healthcare encounters mistrust healthcare to a greater extent . Another possible interpretation, in line with the feedback loops described in the introduction, is that those with limited trust tend to underestimate their own health status, while those with higher trust tend to do the opposite.
The connection between levels of trust, feeling wronged, and levels of health needs to be further explored.
Estimations of risks influenced by trust
The results of this study further indicate that trust in healthcare is associated with estimations of risks of unauthorized access to health data, and the severity of consequences following of such unauthorized access. Those with high levels of trust tend to estimate risks as lower and subsequent consequences as less serious, compared to those with low levels of trust. Relations between levels of trust and estimations of risk have been reported previously .
In other words, trust seems to influence the perception of reality. One way to interpret this is that one learns through previous experience what to expect (correct or not) about risks and consequences if things go bad. This is not to deny that trust may also be influenced by other factors, for instance negative reports in traditional and social media, but how such news are perceived may be strongly influenced by what level of trust one already has [23, 25, 26].
To be worthy of trust, one must be reliable in fulfilling expectations. However, to be trusted, it is not enough that one consistently acts in a trustworthy way and has the will to do so—the person trusting will also have to perceive that this is the case . In the context of the present paper, patients’ trust in the healthcare system arguably has to do with the actual and perceived trustworthiness of its handling and protection of patient information from unauthorized access.
What healthcare can do to prove its competence and willingness to act in a way worthy of trust  is to set up and follow proper reliable routines for handling sensitive personal data—and to communicate with the individuals concerned that appropriate steps are taken and that the matter is taken seriously. This means that maintenance of trust requires reliable systems of data storage and retrieval, but also that the provider–patient communication is satisfactory both regarding the patient’s needs and regarding how data is protected. The communication part might involve taking time to listen to patients on how they prefer their data to be used and explain the ways in which their data will handled, including who will have access. It might also involve reassuring them of the safeguards in place to protect their privacy and ensuring they are aware of existing possibilities to influence how their data are to be used.
With reliable and well communicated routines in place, patients are more likely to end up in a positive feedback loop regarding trust, which facilitates use of electronic health records and other electronically stored health information in ways promotive to health, which in turn provides further appreciation of the reliability and productiveness of the system. Again, it is important not only that patients trust the handling of personal data, but also that this trust is adequate and deserved . If not, short term benefits from data sharing may be turned into harms to patients who experience their privacy disrespected and as a consequence become less willing to share data and possibly also less inclined to be truthful in their encounters with healthcare.
Strengths and limitations
The low response rate of the questionnaire (30%) reflects a trend during the last decades of decreased response rates in survey-based research carried out in Sweden . Well-known recurrent surveys also face this challenge . This particular survey was made for the first time, was cognitively demanding, and required proficiency in Swedish. Furthermore, the government agency distributing it was formed only five years earlier and is probably not that well known. All these are factors that might be relevant in explaining the low response rate. The stratification procedure applied in the survey, inviting more potential participants from groups who usually have low response rates in questionnaires, probably further lowered the average response rate.
However, even though the response rate is quite low, it is not obvious that the main results—that levels of trust in healthcare influenced participants’ estimations and attitudes towards various issues associated with the use of health data—would have been different if the response rate had been higher. As in all cross-sectional studies, there is a risk for selection bias, particularly if the response rate is low.
Previous research indicates that the general public primarily associates trust in healthcare with interpersonal relationships (9). This could be a problem for the present study since trust in healthcare here refers to trust in the ability of healthcare to manage and protect electronic health data from unauthorized access. However, it may not, since previous research could be understood as saying merely that trust levels are influenced by micro-level events.
Trust in the ability of healthcare to manage and protect sensitive health information in medical records and health registers from unauthorized access is high among the respondents in this study, as is the willingness to allow health data to be used for purposes with no immediate benefit to the individual patient. Our results suggest that estimations of risk of data breaches, and the severity of consequences if such events were to take place, are influenced by respondents’ level of trust, as is their attitudes towards the need to apply informed consent procedures for use of patient data.
Our results show that trust is crucial for broad acceptance of uses of health data for a variety of socially valuable purposes. To protect and promote trust is therefore of outmost importance for reaping the benefits of digitalization in the healthcare setting.
Availability of data and materials
The data that support the findings of this study are not openly available due to reasons of sensitivity and are available from the corresponding author upon reasonable request. Data are located in controlled access data storage at Karolinska Institutet.
Baier A. Trust and antitrust. Ethics. 1986;96(2):231–60.
Hardin R. Trust. London: Polity; 2006.
Grossman C, McGinnis JM. Digital infrastructure for the learning health system: the foundation for continuous improvement in health and health care: workshop series summary. Washington, DC.: National Academies Press, 2011.
Hall MA, Dugan E, Zheng B, Mishra AK. Trust in physicians and medical institutions: What is it, can it be measured, and does it matter? Milbank Q. 2001;79(4):613–39.
Hawley K. Trust and distrust between patient and doctor. J Eval Clin Pract. 2015;21(5):798–801.
Rynning E. Public trust and privacy in shared electronic health records. Eur J Health Law. 2007;14(2):105–12.
Myndigheten för vård- och omsorgsanalys (Swedish Agency for Health and Care Services Analysis). Förnuft och känsla. Befolkningens förtroende för hälso- och sjukvården. Report 2018:4.
Blendon RJ, Benson JM, Hero JO. Public trust in physicians—US medicine in international perspective. N Engl J Med. 2014;371(17):1570–2.
Wessel M, Lynøe N, Juth N, Helgesson G. The tip of an iceberg? A cross-sectional study of the general public’s experiences of reporting healthcare complaints in Stockholm, Sweden. BMJ Open. 2012;2(1):e000489.
Damschroder LJ, Pritts JL, Neblo MA, Kalarickal RJ, Creswell JW, Hayward RA. Patients, privacy and trust: patients’ willingness to allow researchers to access their medical records. Soc Sci Med. 2007;64(1):223–35.
Belfrage S, Lynøe N, Helgesson G. Willingness to share yet maintain influence: a cross-sectional study on attitudes in Sweden to the use of electronic health data. Public Health Ethics. 2021;14(1):23–34.
Mittelstadt BD, Floridi F. The ethics of big data: current and foreseeable issues in biomedical contexts. Sci Eng Ethics. 2016;22(2):303–41.
Blumenthal D. Realizing the value (and profitability) of digital health data. Ann Intern Med. 2017;166(11):842–3.
Nuffield Council on Bioethics. The collection, linking and use of data in biomedical research and health care: ethical issues, 2015. Available at http://nuffieldbioethics.org/project/biological-health-data.
Westin A. Privacy and freedom. New York: Atheneum; 1967.
Sunstein C. Privacy and medicine: a comment. J Leg Stud. 2001;30(S2):709–14.
Van Den Hoven J, Blaauw M, Pieters W, Warnier M. Privacy and information technology in Zalta, E. N. (ed.) The Stanford Encyclopedia of Philosophy (Summer 2018 Edition). [Available at: https://plato.stanford.edu/archives/sum2018/entries/it-privacy/].
Gille F, Smith S, Mays N. Why public trust in health care systems matters and deserves greater research attention. J Health Serv Res Policy. 2015;20(1):62–4.
Ozawa S, Sripad P. How do you measure trust in the health system? A systematic review of the literature. Soc Sci Med. 2013;91:10–4. https://doi.org/10.1016/j.socscimed.2013.05.005.
Myndigheten för vård- och omsorgsanalys (Swedish Agency for Health and Care Services Analysis). För säkerhets skull. Befolkningens inställning till nytta och risker med digitala hälsouppgifter. Report 2017:10.
European Commission. Standard Eurobarometer 93. Results for Sweden. 2020. [Available at: https://ec.europa.eu/commfrontoffice/publicopinion/index.cfm/Survey/getSurveyDetail/yearFrom/2015/yearTo/2020/surveyKy/2262]
Platt JE, Jacobson PD, Karida SLR. Public trust in health information sharing: a measure of system trust. Health Serv Res. 2018;53(2):824–45.
Bexelius C, Hoeyer K, Lynöe N. Will forensic use of medical biobanks decrease public trust in healthcare services? Some empirical observations. Scand J Public Health. 2007;35(4):442–4.
Hoeyer K, Olofsson BO, Mjörndal T, Lynöe N. The ethics of research using biobanks: reason to question the importance attributed to informed consent. Arch Intern Med. 2005;165(1):97–100. https://doi.org/10.1001/archinte.165.1.97.
Esmaeilzadeh P. The impacts of the perceived transparency of privacy policies and trust in providers for building trust in health information exchange: empirical study. JMIR Med Inform. 2019;7(4):e14050.
Van Der Schee E, De Jong JD, Groenewegen PP. The influence of a local, media covered hospital incident on public trust in health care. Eur J Pub Health 2011;22: 459–64.
Hawley K. Trust, distrust and commitment. Noûs. 2014;48(1):1–20. https://doi.org/10.1111/nous.12000.
Baier A. Two lectures on “Trust”: Lecture 1, “Trust and Its Vulnerabilities” and Lecture 2, “Sustaining Trust”, in Tanner Lectures on Human Values, 1991 (Volume 13), Salt Lake City, UT: University of Utah Press, pp. 109–174.
Falk E, Sandelin F, Weissenbilder M. Den nationella SOM-undersökningen 2020—En metodöversikt. SOM report no 2021:2, University of Gothenburg.
The authors wish to thank participants in the Stockholm Centre for Healthcare Ethics seminar for helpful comments. We would also like to thank those involved in the Swedish Agency for Health and Care Services Analysis (Myndigheten för vård- och omsorgsanalys) project on patient privacy and health data, from which data used in the work presented in is manuscript was obtained.
Open access funding provided by Karolinska Institute. SB received funding from Riksbankens Jubileumsfond (project ref. RMP14-1599:2). The funding body had no role in the design of the study or collection, analysis, and interpretation of data or in writing the manuscript.
Ethics approval and consent to participate
The study was approved by the research ethical review board in Stockholm (reference number 2018/872-31/5). The study was carried out in accordance with relevant legislation and ethics guidelines. All respondents to the survey analysed in this article were at least 18 years old. Potential respondents were provided written information and gave their informed consent to participating in the survey by ticking a “Yes” box.
Consent for publication
The authors declare that they have no competing interests.
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
About this article
Cite this article
Belfrage, S., Helgesson, G. & Lynøe, N. Trust and digital privacy in healthcare: a cross-sectional descriptive study of trust and attitudes towards uses of electronic health data among the general public in Sweden. BMC Med Ethics 23, 19 (2022). https://doi.org/10.1186/s12910-022-00758-z