Degree Name

Doctor of Philosophy


School of Information Systems and Technology


Traditionally the privacy of medical patients personal information is protected through interpretations of the ‘limited access’ theory of privacy which in many cases was instantiated through to secure storage of physical paper charts and records. With the change of medium for capture and storage of personal medical information from paper based to electronic medium, the ‘limited access’ approach to privacy is under pressure due to the ease with which electronic information can be exchanged. The medical doctor’s traditional ‘gatekeeper’ role to oversee patients’ personal information is becoming harder to maintain with electronic health records. This is particularly the case in the context of the secondary use of medical data. Secondary uses of medical data are those uses not directly related to the delivery of healthcare to an individual. These secondary uses are diverse and include those aimed at improving societal knowledge of healthcare and medicine and far more commercial orientated activities, such as optimising insurance premiums or financial accounting associated with charges for medical services. Contemporary privacy theories move beyond the ‘limited access’ privacy theory and are well suited to application within the secondary use of medical data context. Meaningful engagement with patients/consumers is of growing importance in this context and consumer surveys attracting 1,573 responses from citizens in Australia and Canada investigated public opinion regarding the application of contemporary privacy theory in the secondary use of medical data. Survey results indicated that contemporary privacy theories can be applied to the secondary use of medical data. Survey respondents indicated diverse concerns and expectations regarding privacy with statistically significant results across gender, education level, age and healthcare workers. A Privacy Framework for secondary use of medical data is proposed. The framework is founded on contemporary privacy theories and includes a multi-level consumer engagement model informed by Australian and Canadian survey outcomes. This study was undertaken within the post-positivist and interpretive paradigms and utilized mixed methods with a concurrent triangulation design.

FoR codes (2008)

0806 INFORMATION SYSTEMS, 1117 PUBLIC HEALTH AND HEALTH SERVICES, 220103 Ethical Use of New Technology (e.g. Nanotechnology, Biotechnology)



Unless otherwise indicated, the views expressed in this thesis are those of the author and do not necessarily represent the views of the University of Wollongong.