Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


Chapter: 

Methodology

Our research approach is based on the methodology of engagement. Recognising that much of the wisdom in a domain already exists within, we begin by consulting experts and practitioners to advise on relevant literature and empirical studies, and to hear their own experiences so that we are grounded in their contexts. IDRC was a key partner in helping to identify these individuals and organisations. We also made extensive use of our own existing networks, through interviewing and consulting with leading academics, technology developers, policy and legal professionals, medical practitioners, and development experts. Throughout this process we moved back and forth between conducting consultations with experts in the field and expanding our reviews of the literature to increase our competence and our ability to engage further.

We quickly encountered the key research challenge for this domain: while there are many experts and resources on medical informatics and privacy, too few consider developing countries and humanitarian operations. Worryingly, the converse also appears true: while there are many experts and resources on medical informatics in developing countries, too few study and understand privacy.

These gaps were illuminated by the workshops we organised and attended.

  • Expertise on the technological and ethical dimensions of medical informatics were well understood amongst the participants in our London workshop, but few had worked in developing countries.
  • Security and privacy frailties within the design of the technologies were well understood amongst participants of the technology workshop in Washington, DC, yet the legal frameworks were mostly ignored, and users were assumed to be empowered and knowledgeable.
  • Our workshops and consultations around the OpenMRS and MedInfo conferences in Cape Town were full of insight on local modalities in many countries, including the interests in protecting confidentiality, but legal frameworks were often identified as weak, while developers were sometimes focused on delivering functioning solutions rather than considering ethical and quasi-legal concepts that were considered foreign.
  • We consulted with some of the largest software and hardware developers, both in the traditional medical informatics space (e.g. General Electric, Phillips) and the new and emerging companies who are building the platforms of the future (e.g. Google, Microsoft, Nokia). We delivered our initial findings at an academic workshop at the University of Oxford, and sought more guidance at the International Conference of Data Protection and Privacy Commissioners in Jerusalem. We quickly realised that many people were encountering the same challenges, and that there was no incumbent body of knowledge or literature.

Rather than trying to be that incumbent, we hope that this study will instead provide food for thought so as to inspire greater resources to enter this domain. Dangerous decisions occur too often where the risks are so high and where awareness is so low. As we are building new infrastructures in countries that we all hope to exist for decades to come, getting this right now requires a great collection of minds and resources. It is indeed possible we may not get a second try.