Article Text

Download PDFPDF

Public attitudes in England towards the sharing of personal data following a mass casualty incident: a cross-sectional study
  1. G James Rubin1,
  2. Rebecca Webster1,
  3. Antonia N Rubin2,
  4. Richard Amlot3,
  5. Nick Grey4,
  6. Neil Greenberg1
  1. 1 Department of Psychological Medicine, King’s College London, London, UK
  2. 2 Tonbridge, Tonbridge, UK
  3. 3 Behavioural Science Emergency Response Department Science and Technology (ERD S&T), Health Protection Directorate, Public Health England, Porton Down, UK
  4. 4 Mood and Anxiety Clinical Academic Group, Sussex Partnership NHS Foundation Trust, Worthing, West Sussex, UK
  1. Correspondence to Dr  G James Rubin; Gideon.rubin{at}kcl.ac.uk

Abstract

Objectives To assess public attitudes towards data sharing to facilitate a mental health screening programme for people caught up in a mass casualty incident.

Design Two, identical, cross-sectional, online surveys, using quotas to ensure demographic representativeness of people aged 18–65 years in England. Participants were randomly allocated to consider a scenario in which they witness a terrorism-related radiation incident or mass shooting, after which a police officer records their contact details.

Setting Participants were drawn from an online panel maintained by a market research company. Surveys were conducted before and immediately after a series of terrorist attacks and a large tower block fire occurred in England.

Participants One thousand people aged 18–65 years participated in each survey.

Main outcome measures Three questions asking participants if it would be acceptable for police to share their contact details, without asking first, with ‘a health-related government organisation, so they can send you a questionnaire to find out if you might benefit from extra care or support’, ‘a specialist NHS team, to provide you with information about ways to get support for any physical or mental health issues’ and ‘your GP, so they can check how you are doing’.

Results A minority of participants reported that it would be definitely not acceptable for their details to be shared with the government organisation (n=259, 13.0%), the National Health Service (NHS) (n=141, 7.1%) and their general practitioner (GP) (n=166, 8.3%). There was a small, but significant increase in acceptability for the radiation incident compared with the mass shooting. No major differences were observed between the preincident and postincident surveys.

Conclusions Although most people believe it is acceptable for their details to be shared in order to facilitate a mental health response to a major incident, care must be taken to communicate with those affected about how their information will be used.

  • data sharing
  • mass casualty incident
  • public attitudes
  • terrorism
  • shooting
  • radiation

This is an Open Access article distributed in accordance with the terms of the Creative Commons Attribution (CC BY 4.0) license, which permits others to distribute, remix, adapt and build upon this work, for commercial use, provided the original work is properly cited. See: http://creativecommons.org/licenses/by/4.0/

View Full Text

Statistics from Altmetric.com

Strengths and limitations of this study

  • The survey sample was demographically representative of people aged 18–65 years in England.

  • The survey was conducted again after the recent terrorist incidents and the Grenfell tower fire as we felt that the scenarios may have become more salient for respondents, providing a better test of attitudes towards data sharing in such contexts.

  • Although demographically representative, our sample volunteered to answer internet surveys and may be more accepting of data sharing than those who did not volunteer.

  • The scenarios used in our surveys were hypothetical. Being directly involved in a major incident may alter someone’s views about the desirability of data sharing.

  • Participants were asked to consider that neither they nor anyone they knew well had been harmed in the described scenarios. This may have reduced the perceived need to participate in a psychological screening programme and hence the perceived acceptability of data sharing.

Introduction 

Following a disaster, terrorist attack or other mass casualty incident, rates of mental distress and disorder among survivors, their relatives, eyewitnesses and first responders can be substantial.1 Although evidence-based interventions are available to treat established mental health disorder, failure to seek professional help for mental illness is common as a result of stigma and other barriers to care.2 3 Because of this, in their guidance on the detection and treatment of post-traumatic stress disorder, the UK National Institute for Health and Care Excellence recommends that ‘screening of all [affected] individuals should be considered by the authorities responsible for developing the local disaster plan’.4 Within the UK, the first use of a ‘screen and treat’ approach occurred following the 7 July 2005 bombings in London. A central team used a range of methods to contact as many people as possible who had been caught up in the incident. Those contacted were asked to complete a short mental health questionnaire, invited to have a more detailed assessment if need be, and referred for treatment where required.5 Although the process resulted in many patients receiving treatment who might not otherwise have done so, difficulties were encountered in assembling a comprehensive list of people to be screened. Sharing of information between agencies was hampered by a cautious interpretation of legislation designed to safeguard personal data.6 As a result, only 910 people were contacted out of an estimated 4000 who were exposed to the attacks. Within the UK, greater clarity about the flexibility that responders have to share information was subsequently provided.6 This guidance notes that where information is not ‘sensitive’ (ie, related to ethnicity, political opinion, religious belief, trade union membership, health, sexual life or criminal activity) then it is acceptable for names and contact details to be shared between official agencies to facilitate the provision of care to those affected.

In June 2015, 38 people were killed by a terrorist in Sousse, Tunisia. Thirty of those killed were British holidaymakers. Given the large number of British tourists who witnessed the attacks and felt their own lives to be in danger, a psychological health screening programme was again set up and subsequently widened to include victims of terrorist attacks in Brussels and Paris. Public Health England was given the task of setting up a registry of all English nationals who were directly affected by the attacks, something which might also be considered in the future for other forms of disaster.7 Once again, however, obtaining the contact details for many of those affected was not possible. Although the police collected contact details from holidaymakers as they returned to England, legal advice prevented them from sharing this information. Difficulty in sharing information between agencies often hampers response efforts following a major incident. While it is sometimes possible to find more indirect routes to contact people, these approaches are often less than ideal. For example, while it might be possible for the police to send out information to people on behalf of a screening service or to ask for permission before sharing data, in practice, such strategies can be time consuming to agree, often result in a poorer response rate and prevent any single agency from combining overlapping lists of names held by different groups into a single, consolidated list of those affected.

Clearly, uncertainties still exist about when it is appropriate to share information following a major incident. Changes to legislation in 2018 will create stiffer penalties for organisations found to be in breach of data protection law and are likely to create an even more cautious approach to data sharing. But how members of the public themselves view this matter is unclear. Recent polling suggests that public attitudes towards data sharing are shaped by who is doing the sharing, what for and whether safeguards are in place.8 Data sharing for the public good is generally viewed positively. For example, only 9% of respondents to one large UK survey felt that it would be an invasion of privacy if details held about them on a cancer registry were used to invite them to participate in a study conducted by a university medical school.9 Where a personal benefit is possible, people also tend to be more willing for information to be shared.10 To our knowledge there has been no research on the public acceptability of data sharing in the context of a major public health incident, disaster or terrorist attack.

In this study, we used an online quota survey of a sample of adults in England designed to reflect the known population profile, to identify public attitudes towards the sharing of personal information following a mass casualty incident and the setting up of a register of affected people. We tested whether attitudes might differ depending on whether the incident resulted primarily in a mental or physical health risk for those involved in the incident. Soon after we conducted our survey, four terrorist attacks and a tower block fire occurred in England killing over 100 people. Given the intense media attention about the need to provide support to victims of these incidents, we felt that the scenarios described in our survey may have become more salient for respondents, providing a better test of attitudes towards data sharing in such contexts. We therefore repeated the survey with a new sample of respondents.

Method

Design

We commissioned the market research organisation Ipsos MORI to conduct two online surveys of 1000 adult (18–65) residents of England. Data collection for the initial, preincident survey took place between 9 and 15 March 2017. Four terrorist attacks then occurred in England between 22 March and 19 June, killing 34, and a tower block fire occurred on 14 June, killing 71. Data collection for our second, postincident survey took place between 3 and 10 July 2017. The procedures and questionnaires for both surveys were identical.

Participants

Ipsos MORI recruited participants from an existing panel of people willing to take part in internet surveys (approximate n=160 000). Panel participants typically receive points for every survey they complete. For our surveys, participants received points equivalent to 30 pence. Quotas based on participant age and gender (interlocked), location and working status were used to ensure that the sample was demographically representative of adults aged 18–65 years in England, according to data from the National Readership Survey.11 We excluded adults aged over 65 years on the basis that older adults who are members of an internet survey panel may not be representative of the general population of older adults.12 We intended to recruit 1000 participants for each survey to provide us with a maximum sample error of about ±3%.

Scenarios

Ipsos MORI emailed a link to the survey to potential participants. After providing informed consent and clicking through to begin the survey, participants received questions about one of two hypothetical scenarios. Which scenario they received was decided by the survey software, based on which scenario had the lowest number of completed responses at that time. We based the scenarios on an example given in HM Government’s ‘Data Protection and Sharing—Guidance for Emergency Planners and Responders’6 (case study 5). The two versions represented an incident that might primarily pose a mental health threat (witnessing shooting) or a physical health threat (exposure to radiation). In the first version, participants were asked to ‘imagine that you are on holiday in another country and witness a terrorist shooting. Some people are badly injured but you are not harmed and neither is anyone you know well’. The second version asked them to ‘imagine that you are on holiday in another country and a place you visit is discovered by police to be contaminated by radioactive material. The police believe this is linked to a terrorist group. Some people are badly injured but you are not harmed and neither is anyone you know well’. Participants in both versions were then told that ‘the British government arranges for you to be flown home, along with other British nationals who were in the area. When you arrive back in Britain, a police officer at the airport records your name, address, phone number and email address. The following questions ask about things that might happen next’.

Questionnaire

The supplementary materials show the full text for all items. We first presented participants with eight groups who might ask the police to share information with them following the incident, together with their reasons for this. In each case, we asked whether the participant thought the police currently could share information with this group without asking the participant first, and whether the participant thought it was acceptable for the police to share their information with the group.

We next provided information about the rationale and process for a mental health screen and treat programme. We described it as a specialist NHS service set-up to offer support and treatment to those who need it and explained that a government organisation would support the service by putting together a confidential database of those affected and writing to them with a screening questionnaire. We asked participants to state their level of agreement with the statements that ‘ If I was caught up in a terrorist incident, I would want the police to give my contact details to the government organisation so that they can contact me about this service;’ ‘I would want my name to be included on this database;’ and ‘I would be unhappy if my name was included on this database.’

Participants were then asked to reconsider the scenario they had been presented with and told that the police had decided to share their name and contact details with a health-related government organisation. They were asked to state their agreement with 10 statements concerning their views about this (eg, ‘it would be an invasion of my privacy’).

We asked all participants about their age, gender, working status, where in England they lived and their highest educational qualification.

Analysis

We calculated the proportion of respondents endorsing each response option and assessed the difference in responses between the preincident and postincident surveys and between the two scenarios using χ2 tests.

Patient involvement

No patients or members of the public were involved in the design, recruitment or conduct of the study. Due to anonymity, results cannot be disseminated to study participants unless they specifically request them from the researcher.

Results

The top-line results provided by Ipsos MORI for both surveys can be found in online supplementary files 1 and 2.

Response rates and demographics

Response rates to the invitation emails were 10% (preincident) and 6% (postincident). These are normal rates for surveys of this nature. The lower response rate for the postincident survey may reflect the fact that data collection occurred during July which coincides with the summer holiday period in England. In each case, a small proportion of respondents (45 in total) were excluded from the data for completing the surveys suspiciously quickly or giving illogically identical answers to multiple consecutive questions. Demographics are shown in table 1.

Table 1

Demographic characteristics of survey respondents

Perceived ability and acceptability of the police sharing data with other agencies

Table 2 presents data on the perceived ability of the police to share personal data with other agencies. The option that was most commonly believed to be within the police’s current powers was sharing data with ‘a specialist NHS team, to provide you with information about ways to get support for any physical or mental health issues’ (endorsed by 60.8% overall). 53.9% of respondents believed that police could definitely or probably share data with ‘your GP, so they can check how you are doing’, while 45.9% believed that data could definitely or probably be shared with ‘a health-related government organisation, so they can send you a questionnaire to find out if you might benefit from extra care or support’. No differences were found between the preincident and postincident surveys. Significantly more people believed that data could be shared following a radiation incident compared with a shooting incident with: your general practitioner (GP), a health-related government organisation and a specialist NHS team.

Table 2

Ability of police sharing personal data with other agencies, without asking first

Table 3 presents data on the acceptability of the police sharing personal data. The option that was most commonly seen as being acceptable was sharing data with a specialist NHS team (seen as definitely acceptable by 27.6% and probably acceptable by 44.3%). Most respondents believed it was definitely (29.9%) or probably (40.2%) acceptable for the police to share data with their GP, while a smaller number believed it was definitely (13.0%) or probably (37.6%) acceptable for data to be shared with a health-related government organisation. No differences were found between the preincident and postincident surveys, aside from a small reduction in the postincident data in the acceptability of information being shared with medical researchers. Significantly more people believed it would be acceptable to share their data following a radiation incident compared with a shooting incident with: their GP, a team of university medical researchers and a health-related government organisation.

Table 3

Acceptability of police sharing personal data with other agencies, without asking first

Attitudes towards data sharing to enable a screen and treat programme or database

Table 4 presents the attitudes of participants towards a screen and treat programme and confidential database. Although most respondents strongly agreed (21.0%) or tended to agree (45.6%) that they would want the police to share their contact details to allow them to be contacted about screening, 10.7% tended to disagree and 5.2% strongly disagreed. In total, 51.6% strongly agreed or tended to agree with wanting their name to appear on the database, while 18.3% tended to agree that they would be unhappy if it was included on the database and 9.6% strongly agreed that they would be unhappy. No differences were found between the preincident and postincident surveys. Because these questions asked about ‘a terrorist incident’ in general, we did not test for differences between the shooting and radiation scenarios.

Table 4

Attitudes towards proposed confidential database

Table 5 presents the broader attitudes of participants towards data-sharing in the context of the radiation and shooting scenarios. Concerns endorsed by more than 50% of respondents about the police sharing their information were that: my details would be made public by accident, I would be concerned about how my information might be used in the future and I would be concerned that my details might be shared by the health organisation with other groups without my permission. Most participants reported wanting to be kept informed about how their information was being used. More positively, 55.4% strongly agreed or tended to agree that they would be ‘reassured that a health organisation was looking out for me’ and 54.4% would trust the health organisation to keep their details secure. No differences were found between and preincident and postincident surveys. Significantly more people in the radiation than the shooting scenario reported that they would be reassured that a health organisation was looking out for them and also that they would want to be kept informed about how their information was being used. Significantly fewer people in the radiation scenario reported that the sharing would be an invasion of their privacy.

Table 5

Attitudes towards contact details being shared with another agency by the police

Discussion

Our data suggest that not only do the majority of people believe that it is acceptable for the police to share their details with health agencies in the aftermath of a major incident, but that most people believe that the police are currently able to do this under existing legislation. This belief is not simply due to a broader misunderstanding among the public about their data protection rights: only 8% believe that the police are able to share data with journalists, for example. Instead, in line with findings reported by others,10 it appears that where a direct benefit to the individual might result from sharing information with a trusted source such as a GP or NHS service, the public have a greater acceptability of it, and an expectation that it will occur. However, such views were not unanimous among our participants. It was notable that 7% of our sample thought it was definitely not acceptable for their details to be shared with an NHS service following a major incident, 8% thought it was definitely not acceptable for their details to be shared with their GP and 10% strongly agreed that they would be unhappy for their name to be included on a confidential database of those affected. More people (8%, 9% and 18%, respectively) thought these actions were probably not acceptable or tended to agree that they would be unhappy. These figures must be taken into consideration by responding agencies. Given that it is impossible to know in advance who is or is not willing for his/her data to be shared, not sharing data without prior permission to protect the interests of this minority may be a justifiable position in some cases.

Our data provide some indications as to why people may be concerned about data sharing following an incident. In particular, the risk of accidental or deliberate sharing of information to a third party was noted as a concern by many. If data sharing or the setting up of a database is to be considered following any future incident, a robust policy around further sharing should be developed and explained to those affected. Keeping people regularly updated on how their data are being used is also important. More generally, the nature of the incident itself is a determinant of the acceptability of data sharing and the use of a database. Participants who were asked to imagine a scenario that might pose a long-term physical health risk to themselves (eg, possible exposure to radiation) were more likely to have a positive view of data sharing than those who were asked to consider a risk to their mental health (eg, witnessing a shooting). Whether this was because participants found it hard to envisage that their mental health might be affected in the scenarios that we used, or whether this reflects the broader stigma associated with mental illness is unclear. Similarly, while people may be familiar with the concept of physical health effects that develop some time later after a radiation incident, they may be less familiar with the concept of mental health effects that only become apparent later: this lack of understanding may also have reduced the perceived desirability of a mental health screening programme across both conditions. It is important also not to overstate the differences that we observed, however. Although statistically significant, in many cases these were small. Nonetheless, additional care might be required when communicating with the public about data sharing that is primarily intended to support a mental health response. It is possible that ongoing public campaigns to improve the understanding of mental ill-health may impact on these differences over time.

Limitations

Several limitations with our data need to be considered. First, we restricted our sample to people aged 18–65 years. We are unable to extrapolate from our data to those older or younger than this. Second, although our sample was demographically representative of people aged 18– 65 years in England, it may not have been psychologically representative of this population. In particular, it seems plausible that people who volunteer to answer internet surveys may be more accepting of data sharing than those who do not volunteer. If anything, our estimate of the number of people expressing reticence about data sharing is therefore likely to be an underestimate. Third, the scenarios used in our surveys were hypothetical. We hoped that repeating our survey soon after a series of terrorist attacks and a major disaster would make the issues involved more salient for participants. Doing this did not alter our results, possibly reflecting the fact that participants in our first survey were already thinking carefully about the scenarios that we presented. Nonetheless, it is possible that being directly involved in a major incident would alter someone’s views about the desirability of data sharing. Fourth, for ethical reasons, we asked participants to consider that neither they nor anyone they knew well had been harmed in the scenarios that we described. This may have reduced the perceived need to participate in a psychological screening programme and hence the perceived acceptability of data sharing. People who are injured, bereaved or otherwise harmed in an incident may be more willing for their data to be shared. Finally, we have no information on our participants’ previous experiences of data sharing or data protection breaches. Prior experience of breaches, from whatever source or agency, may make people more reluctant to consider future data sharing. This may be relevant for the minority of people in our sample who were reluctant to share data. It would also reinforce the need for clear information and reassurance about data handling.

Conclusion

Disagreement often exists between officials and agencies about the appropriateness of, and best mechanisms for, data sharing in the aftermath of a major incident. These disagreements are also apparent among members of the public: while most support the sharing of data between the police and health services in order to facilitate public health measures, this is by no means a unanimous view. The absence of a clear consensus reinforces the view that agencies should consider the benefits and risks of sharing data with organisations that seek to protect their mental health. In order to assuage public concerns, agencies who hold such data should communicate to the public their policies for securely holding the data and for updating people on how the data will be used.

Supplementary file 1

Supplementary file 2

References

  1. 1.
  2. 2.
  3. 3.
  4. 4.
  5. 5.
  6. 6.
  7. 7.
  8. 8.
  9. 9.
  10. 10.
  11. 11.
  12. 12.
View Abstract

Footnotes

  • Contributors GJR developed the idea for the survey and the survey materials in conjunction with ANR, RA, NiG and NeG, Ipsos MORI carried out the data collection. RW carried out the data analysis. GJR drafted the manuscript and revised the manuscript with comments from all authors. GJR accepts full responsibility for the work, had access to the data and controlled the decision to publish.

  • Funding The research was funded by the National Institute for Health Research Health Protection Research Unit (NIHR HPRU) in Emergency Preparedness and Response at King’s College London in partnership with Public Health England (PHE), and by the NIHR HPRU in Evaluation of Interventions at the University of Bristol in partnership with PHE. HPRU-2012-10414.

  • Disclaimer The views expressed are those of the author(s) and not necessarily those of the NHS, the NIHR, the Department of Health or Public Health England.

  • Competing interests None declared.

  • Patient consent Not required.

  • Ethics approval The study was approved by the Psychiatry, Nursing and Midwifery Research Ethics Committee at King’s College London (ref: HR-16/17-3814). All participants provided informed consent before starting the surveys.

  • Provenance and peer review Not commissioned; externally peer reviewed.

  • Data sharing statement No additional data available.

Request Permissions

If you wish to reuse any or all of this article please use the link below which will take you to the Copyright Clearance Center’s RightsLink service. You will be able to get a quick price and instant permission to reuse the content in many different ways.