CC BY-NC-ND 4.0 · Yearb Med Inform 2018; 27(01): 029-036
DOI: 10.1055/s-0038-1641197
Special Section: Between Access and Privacy: Challenges in Sharing Health Data
Working Group Contributions
Georg Thieme Verlag KG Stuttgart

Balancing Between Privacy and Patient Needs for Health Information in the Age of Participatory Health and Social Media: A Scoping Review

Mowafa Househ
1  Department of Health Informatics, College of Public Health and Health Informatics, King Saud Bin Abdulaziz University for Health Sciences, Ministry of National Guard Health Affairs, Riyadh, Kingdom of Saudi Arabia
Rebecca Grainger
2  Rehabilitation Teaching and Research Unit (RTRU), University of Otago, Wellington, New Zealand
Carolyn Petersen
3  Global Business Solutions, Mayo Clinic, Rochester, Minnesota, United States
Panagiotis Bamidis
4  Lab of Medical Physics, Medical School, Aristotle University, Thessaloniki, Greece
5  Leeds Institute of Medical Education, University of Leeds, Leeds, United Kingdom
Mark Merolli
6  School of Health Science, Swinburne University of Technology, Melbourne, Australia
› Author Affiliations
Further Information

Correspondence to

Mowafa Househ
Department of Health Informatics, College of Public Health and Health Informatics, King Saud Bin Abdulaziz University for Health Sciences
Ministry of National Guard Health Affairs, Riyadh
Kingdom of Saudi Arabia   
Phone: +966 599 101 559   

Publication History

Publication Date:
22 April 2018 (eFirst)



Objectives: With the increased use of participatory health enabling technologies, such as social media, balancing the need for health information with patient privacy and confidentiality has become a more complex and immediate concern. The purpose of this paper produced by the members of the IMIA Participatory Health and Social Media (PHSM) working group is to investigate patient needs for health information using participatory health enabling technologies, while balancing their needs for privacy and confidentiality.

Methods: Six domain areas including media sharing platforms, patient portals, web-based platforms, crowdsourcing websites, medical avatars, and other mobile health technologies were identified by five members of the IMIA PHSM working group as relevant to participatory health and the balance between data sharing and patient needs for privacy and confidentiality. After identifying the relevant domain areas, our scoping review began by searching several databases such as PubMed, MEDLINE, Scopus, and Google Scholar using a variety of key search terms.

Results: A total of 1,973 studies were identified, of which 68 studies met our inclusion criteria and were included in the analysis. Results showed that challenges for balancing patient needs for information and privacy and confidentiality concerns included: cross-cultural understanding, clinician and patient awareness, de-identification of data, and commercialization of patient data. Some opportunities identified were patient empowerment, connecting participatory health enabling technologies with clinical records, open data sharing agreement, and e-consent.

Conclusion: Balancing between privacy and patient needs for health information in the age of participatory health and social media offers several opportunities and challenges. More people are engaging in actively managing health through participatory health enabling technologies. Such activity often includes sharing health information and with this comes a perennial tension between balancing individual needs and the desire to uphold privacy and confidentiality. We recommend that guidelines for both patients and clinicians, in terms of their use of participatory health-enabling technologies, are developed to ensure that patient privacy and confidentiality are protected, and a maximum benefit can be realized.



Social networking sites (SNS), blogs, mi-croblogs, media sharing platforms, wikis, and virtual worlds are regarded as mobile and web-based tools, and like social media, afford users the ability to communicate, share, participate, collaborate, and create user-generated content in an interactive fashion[1] [2]. Since their utility as tools for health management was proposed[3], they have become more widely accepted for their ability to engage and empower individuals to become active participants to their own health and well-being management. This forms the very foundations of participatory health[4] [5]. Such platforms allow individuals to search for and crowdsource health information, connect with online health communities, find and communicate with health providers, share their experiences, and participate in research[1].

Recently, there has been an exponential rise in the peer-reviewed outputs related to social media use in health and healthcare[6]. Several areas and applications have featured in the health informatics research domain, commenting on potential benefits, i.e. delivery of health interventions, impact of using social media on patient-reported health outcomes (PROs) as part of health management, syndromic and disease surveillance, and the utility of these platforms for recruiting participants into research studies[1].

Whilst the collective intelligence surrounding the various uses and applications of social media and mobile technology in health is on the rise, the evidence-based research for social media's effectiveness to improve health outcomes remains relatively immature[2]. Several compelling arguments exist for why evidence needs to continue to grow, including the need to examine not only perceived positives, but also to unpack any potential negatives or unintended consequences of using social media[1] [7]. This has been a core focus of the work of the members of the International Medical Informatics Association - Participatory Health and Social Media Working Group (IMIA PHSM), many of whom are authors of this manuscript. Of primary significance to this Yearbook theme, the working group's previous work has noted that ethical issues related to social media, such as privacy and confidentiality, are key areas warranting further research[1] [7].

The very notion of participatory health through social media not only implies that individuals engage with these technologies for active self-management but also anticipates changes in the patient-provider relationship[8]. The greater access to health information and the formation of connected online communities have also been heralded as reasons that citizens are more able to approach the patient-provider relationship on a more equal footing. In doing so, the very nature of the relationship changes and shared-decision making about health ensues[3] [4] [9].

In light of social media's utility as tools for participatory health, interest surrounding the integration of such platforms as tools for communication and/or data inputs into a patient's clinical record continues to grow[1] [10] [11]. Suggested benefits of doing so may include: access to a diverse range of relevant health information, decreasing ambiguity by providing context to clinical health information, enabling personalized and tailored communication, as well as identifying novel research challenges[1] [10]. Interestingly, the idea of including patient-reported information (PRI) as a legitimate and complementary addition to more traditional clinical health indicators and patient-reported outcome (PRO) measures is not new and has been discussed as part of the evidence-based practice rhetoric[12] [13].

Perceptions about using personally-controlled electronic health records (PCEHRs) from the patient's perspective are generally positive[12] [14] [15]. However, in regard to social media's place in this discussion, challenges remain. For example, whilst there exist stringent guidelines for health practitioners about social media use in clinical healthcare, no such privacy or confidentiality legislation exists to regulate how and where an individual may distribute and post her/his own health information online[1]. Patients are concerned by the social and economic impacts of health information being misused by employers or insurance companies to discriminate against them[16]. The relative ease to post and/or access personal health information online continues to cause health organizations to revisit how they will approach integrating social media data into electronic health records (EHRs) and how social media data will thus influence the clinical management of patients[1]. Ethics, privacy, and confidentiality, all lie at the heart of this issue[1] [10] [11] [15].

Hence, the primary objective of the IMIA PHSM Working Group's Yearbook contribution is to examine the question: “What is the balance between privacy and confidentiality, and patients’ needs regarding social media communication and information in clinical participatory health?”



The authors used their knowledge and expertise of participatory health informatics and social media to define the priority areas to study. This included a brief consultation with the broader membership of the IMIA PHSM working group, which included the five authors of this work, to help identify opportunities and challenges for the balance between privacy and confidentiality of clinical and/or health information via participatory and social media platforms. In doing so, six topic areas were identified and selected for investigation: media sharing platforms, patient portals, web-based platforms, crowdsourcing websites, medical avatars, and other mobile health (mHealth) technologies. Secondly, each of the authors selected one or more priority topic areas relevant to their expertise to perform a narrative review of the literature. Each member selected keywords to search the literature using a variety of databases ([Table 1]). Searches were conducted in October and November 2017. The authors included relevant literature and summarized the literature for each of the domain areas selected.

Table 1

High-level summary of the literature review process

Topic Areas



Unfiltered Hits

Final Results

Patient portals

“privacy”, “patient-portal”


15 returns

8 papers

Web-based platforms

“privacy”, “website”


70 returns

10 papers


“mHealth”, “privacy”, “confidentiality”


138 returns

16 papers

Medical avatars

“medical avatar”, “healthcare”, “privacy”, “confidentiality”


49 returns

18 papers

Media sharing

“picture”, “video”, “patient”, “privacy”, “sharing”

PubMed, MEDLINE, Scopus, Google Scholar

1,143 returns

8 papers


“crowdsourcing”, “privacy”

PubMed, MEDLINE, Scopus, Google Scholar

558 returns

8 papers


1,973 returns

68 papers



A total of 1,973 abstracts were retrieved among which 68 were included in the review. The range of papers retrieved was from 8 to 18 papers for each topic. A discussion of the results for each of the six topics is provided below. The summary of the search process and final number of papers included for each topic is provided in [Table 1].

1 Patient Portals

The sharing of personal health information (PHI) via patient portals and linked personal health records has been an area of significant interest for providers and patients alike. In some places, governments mandate that individuals be able to securely access their medical information online. Although privacy within patient portals is by no means the main concern of many patients, it is one of the two most pressing issues for older users[17]. A number of issues emerged with regard to the storage and use of PHI in portals, including inappropriate PHI access and use by pharmaceutical companies, access to health records by insurance companies and governments without patients’ permission, and the fear that health record information could be used to evict individuals from independent living environments[17]. Among low-education and low-income patients, the fear that passwords will provide inadequate protection and that PHI could be stolen is a significant concern[14]. People who access the Internet through venues such as public libraries are concerned about others seeing their PHI, particularly when they have conditions that may result in discrimination, such as HIV infection[18].

Even if patients express concerns about privacy and confidentiality when accessing information through patient portals, they remain open to using portals[19]. Despite limited resources, patients who received care at a urban safety-net clinic have reported regular use of the Internet and email, and have expressed interest in using a portal to manage their PHI and engage with providers[20]. Training about safe portal use would likely assuage privacy concerns, particularly in low-income and/or low-literacy populations. Having a way to find out who has accessed their medical record would make patient portals more attractive to patients of vulnerable groups[18]. A patient portal task force involving 71 members from 10 academic medical centers recently noted that innovative approaches to protect privacy and security while optimizing portal access, e.g., health record banking, should be evaluated[21].

Despite concerns about privacy and security of data made accessible through patient portals, some factors do help patients overcome privacy concerns[22]. The ability to access and control PHI contained in portals and to check records for errors leads to feelings of empowerment and confidence, which can improve patients’ ability to manage their health. Patients also perceive that portals facilitate improved communication with their providers and they are more likely to use portals when providers encourage them to do so. In settings in which patients and caregivers have not perceived privacy to be an issue, such as in an inpatient rehabilitation hospital, patients and caregivers have reported finding value in patient portal use, indicating that efforts to overcome privacy and security concerns are merited[23].


2 Web-based Platforms

Privacy has been a primary concern for users of all types of information displayed or distributed via the Internet. Privacy concerns are particularly relevant as patients provide PHI or access their treatment via the Internet. Users of health-related Web sites and Web-based platforms have expressed concerns about the privacy of personal data transmitted or accessed via the Web, and the use of the Internet as a platform for interventions (e.g. mental health consultations) raises ethical as well as privacy questions[24]. Although users of mental health services have expressed a preference for face-to-face interventions[25], acceptance of online engagement is evident and suggests improvements of online mental health services (e.g., brief modules, personalized content) may increase use. Users’ perceptions about PHI privacy within Web-based behavior modification programs are mixed; privacy concerns did reduce participation in an alcohol-reduction program[26], but not in an interactive sexual risk reduction program targeted to teens[27].

Recruitment of individuals for clinical trials via the Internet is another area in which privacy is of paramount interest, because determining eligibility for trials requires PHI. While developing a model for recruiting cancer patients and family caregivers, investigators noted that even the use of privacy-protecting measures in social media recruitment messages directing users to a hospital blog could not guarantee that PHI would remain private[28].

In addition to the general concern about privacy, application trials offer additional insight. During the testing of a Website for heart failure symptom monitoring that was to be embedded into a patient portal, participants expressed concerns about what would be done with the data[29]. In a trial in which participants used a Web-based nutrition management program with the goal of preventing metabolic syndrome, users reported satisfaction with the privacy-preserving features of the tool, which included user authentication and SSL (Secure Sockets Layer) encryption[30].

Technology-based approaches offer some potential for ensuring that Web users’ PHI is protected during Web-based activities. An approach that limits the ability of Web applications running in separate browser windows during the same Internet session to share user information (timing-based probing attacks) has demonstrated that such privacy violations can be reduced on interactive Alexa sites[31]. Software that generates random identifiers that conceal individuals’ true identities is another technical method reported to protect privacy in epidemiologic and clinical studies[32]. The Data Sphere Project, a data sharing platform launched to accelerate cancer research by making data from Phase III clinical trials available to a broad range of investigators, de-identifies patient-related data prior to making it available to project researchers to promote patient acceptance and confidence[33].


3 Mobile Health (mHealth)

The adoption of smartphones in healthcare is increasing[34], as health professionals, patients, and the public are often using third-party applications (apps) ranging from medical references, to gaming applications, or to alternative add-ons to medical devices[35]. However, mHealth's growth has outpaced governmental regulations regarding apps. Privacy and security of user health data have been raised as a concern, along with regulation regarding access to user interaction data with installed apps. It is usual that apps and services are downloaded, distributed, and provided for free to individual users, but privacy is not always assured[36]. Smart services care for the collection of information about the individual use of apps, which can then be exploited for targeted marketing or syndicated product development[37]. Less experienced and first-time users are more prone to privacy breaches, as high usability can be accompanied by security risk of mobile systems. Thus, naive users can be misled to other apps containing malware or offering medical information of uncertain quality[38] and may, with increasing frequency, present to a clinic “armed with the questionable medical opinion of their digital iDoctor in hand”[39].

A more serious concern is the non-compliance of medical apps with standards and regulations, such as the Health Insurance Portability and Accountability Act[40]. Adherence to medical devices/software certification and conformance with safety, security, and privacy issues should become standardized criteria for review of medical apps[41]. A recent study revealed that only a small minority (30.5%) of the used apps had privacy policies[42]. Losses of individuals’ data due to hacking is costly even when quantified-self apps are considered[43], and developers must ensure their applications’ security is well-tested before released so as to minimize risks of vulnerabilities such as data storage, encryption, and authentication processes[44]. These problems are sometimes linked to K-anonymity, which is one of the identity challenges resulting from the use of information from an anonymous user to identify his/her personal identity without consent. An example of this situation occurs when someone's preferences (such as pictures, searches, or shopping habits) are used to obtain his/her identity, which may in turn be lost or stolen[45]. Such situations call for advanced encryption, such as efficient homomorphic encryption techniques.

Finally, external factors such as cultural, human, or country differences have been so far underresearched, but may also threaten privacy[44]. Human factors such as age, personality, literacy level, and cognitive ability perplexed with other cultural or societal norms may also threaten security. It is equally important that biomedical and behavioral researchers as well as institutional review boards suitably tackle the nuanced ethical issues raised by mHealth, such as anonymiza-tion, behavioral privacy, continuous and unintended sensing, and multiplexed sensor semantics[34] [45] and contribute in developing those effective mechanisms to secure mHealth technology and protect users’ personal health information.


4 Media Sharing Platforms

Media sharing of pictures and videos related to personal health or medical procedures is common on sites such as Instagram, Pinter-est, and YouTube[48] [49]. The implications on individuals’ privacy and confidentiality of potentially sensitive health information held in visual media depend on who is sharing, for what purpose, the intended and actual audience, and the platform media sharing being used.

Individuals sharing media on social media platforms to seek a diagnosis, management advice, or support, have implicitly consented for these to be in the public domain. However, even when so-called ePatients continue to produce video content about personal health experiences to help others and support self-management, loss of privacy remains a concern[50]. Furthermore, visual media shared with one audience can be captured, manipulated, and shared with a different and potentially wider audience; individuals may feel this visibility is an invasion of their privacy.

Serious implications for privacy and confidentiality of health information of individuals may arise when health professionals, organizations, or third parties share images using social media. Tolerance of risk to privacy is likely to differ depending on the purpose of media posting and the consent obtained. The General Medical Council defines visual media posted on a website or social media as tertiary use, which requires special consideration of capacity to consent, specific consent, and the consideration of relevant legislation[51]. In addition to position statements from regulators, many practical guidelines have been published for health care professionals about how to post images on social media while maintaining patient confidentiality and reducing risk of privacy breaches[49] [52] [53] [54]. While removing identifying content of images is included in these guidelines and is intuitive to most health professionals, removal of metadata from images is not always considered and poses significant risk of privacy breaches[52]. Furthermore, even highly esteemed medical journals can inadvertently share images with identifying details, which then have a wider reach due to reposting in social media[52]. Patients are likely to accept wide distribution of images for education of other health practitioners (e.g., under the hashtag of #FOAMed or “Free Open Access Medical education”)[55], as long as consent is obtained. Health professionals do, however, need to disclose the current terms of service of social media providers in order to truly inform patients when obtaining consent[49].

Some healthcare providers may post images or video on social media for promotion of services or fundraising, purposes for which tolerance for breaches of privacy are likely to be lower. Plastic surgeons are known to post extensively on social media such as Instagram and Snapchat live broadcasts of procedures where the line between education and marketing of services is blurred, which poses particular difficulties for obtain informed consent[49]. Another example is social media postings by Helicopter Emergency Medical Services (HEMS) in the United Kingdom in the purpose of public awareness to generate donations. HEMS have posted images and maps of incidents across multiple social media sites which, with cross referencing, often provided detailed information about the patient, location, and treatment, that would breach expected standards for patient privacy[54]. This is of particular concern as patients in emergency situations are unlikely to be able to provide consent in this context. Healthcare providers, professional organizations, and regulators will need to continue to develop guidelines for the use of images and videos in social media that balance professional needs for education and promotion with protection of privacy and confidentiality, with the balance of power remaining with patients.


5 Crowdsourcing

Crowdsourcing is the practice of obtaining information, services, or resources from a large group of people to generate ideas or complete a task or a project, typically via the internet. In the health domain, crowdsourcing has been used by online patient communities to access lay-expertise or generate patient-led research[56], by individuals to obtain possible diagnoses for unexplained illness[57], as a research methodology[58], particularly for genomic data[59], for knowledge management or problem ideation in public health[60], and even to fund healthcare[61]. Crowdsourcing as an approach falls between the traditional top-down hierarchical medical care or research and the bottom-up grassroot processes of patient groups as a shared top-down and bottom-up approach where the locus of data control and data use lies between organizations and the online community[60]. For this reason, crowdsourcing in all health situations requires a high-trust environment[59]. Organizations or crowds are expected to respect personal data that individuals offer to a data repository, often for altruistic reasons or for personal gain, while individuals offering data must be aware that their data could be used for other purposes which may impact them in a negative manner[59] [62].

For example, the Personal Genome Project (PGP) is a large, international, genomic, and biobanking project which aims to sequence the genomes of 100,000 volunteers and make their genetic, health, and trait information available in a public repository for research[63]. Although data are de-identified, data sets may be associated back with a participant's name, so-called re-identification, thus creating the risk of discrimination in employment insurance or for social stigma. This potential for breach of privacy is clearly explained in the consent process for the PGP. Participants in the PGP have expressed strong altruistic or personal motivations for participating; while the risks of re-identification are worrying, they would not prevent participation[62].

Online patient communities enable individuals to crowdsource ideas for diagnosis, self-management, and treatment from lay experts and health professionals, members of the communities - in accordance with professional ethics -, or lay-crowdsourced expertise[56]. In these settings, individuals are offering their personal experience in as much detail as they wish, and they thus have control over the disclosure of personal health information or any identifying details. Theoretically, there is no privacy risk in this setting since participation indicates the information is not private. Many social media platforms have the ability for users to restrict access to content posted. For example, “closed” or even “secret” Facebook groups with administrators controlling access are extensively used for crowdsourcing health information and advice from lay-peers while maintaining some privacy.


6 Medical Avatars

In computing, an avatar is “the graphical representation of the user or the user's alter ego or character”[64] or “a digital computerized stand-in for a live person or scripted character”[65]. This can be either a three-dimensional form representation, often in games or virtual worlds, or a two-dimensional form used in Web 2.0-like forums or online communities[66].

Recently, avatars may also have the form of an Intelligent Virtual Agent[67], a Virtual Care Assistant, an Embodied Conversational Agent[68], or a Bot Assistant[69], that can assist health care providers to better manage patients, boost engagement, improve treatment adherence rates and reduce costs, or promote and support self-management.

There is already literature regarding the rights a person ought to expect to retain when being represented by an avatar[70], like informed consent in virtual worlds, as well as avatar bodily integrity. It has been argued that, as another manifestation of the individual, an avatar should also have rights similar to those of a biological creature; in fact, it is argued that avatars must have rights by proxy of the rights of their users. A study conducted in Second Life on post-traumatic stress disorder and traumatic brain injury[71] discusses the rights of an individual's avatar and the analysis of issues relating to the authentication of both providers and patients alongside the latter's informed consent. The study also links the concepts of patient confidentiality and well-being with those of clinician competence and training of providers.

Systems taking advantage of 3D virtual world avatars and visualization have potential benefits in healthcare services provided for older adults[72]. In pilot studies, where embodied conversational agents in the form of an avatar (termed “digital pet”) were used to enhance older adults’ social interaction, it was shown that despite participants’ enjoying the companionship, entertainment, reminders, and instant assistance from the avatar, privacy and dependence were two of the major concerns reported by the participants[68]. This is why Reamer[73] has suggested following standards from the National Association of Social Workers Code of Ethics in an effort to guide future practice.

Contemporary avatar-assisted therapy in substance abuse treatment and remotely set group counseling sessions was shown as potentially appealing to clients who are concerned about anonymity and coniden-tiality[74]. Furthermore, a recent trial has shown that it is feasible to use Embodied Conversational Agent technology to improve education on lifestyle and physical activity, healthy eating, and stress management for diverse, urban women, without being practically restricted by any ethical considerations[75].

Moreover, medical practitioners could well overcome the aforementioned notions and use systems incorporating avatar-mediated training. For example, delivering bad news to patients or their relatives[76] including the palliative care setting in which avatars may be considered as effective and viable educational approaches. Certainly, future research could focus on expanding the discussion on the ethical considerations. Privacy and confidentiality are admittedly raised when applying virtual creatures to healthcare practice and training. Thus, immediate priority should be given to outline those elements of informed consent which are deemed necessary in virtual world scenarios. Likewise, technology should provide tools for encryption, transparent informed consenting, and means to adhere to user preferences and rights in a more comprehensive way. When avatar systems are eventually used in clinical practice, their creators should consider and follow medical software certification processes.



A number of challenges for the balance between privacy and confidentiality of health information and patient needs via participatory platforms have been identified and explored in this paper. One of the primary concerns concerns privacy of patients sharing their health information online. For example, it is difficult to ensure that health information shared online by patients can be de-identified. Also, media sharing platforms have different privacy terms and conditions and most users are unaware of how media sharing platforms are using health information collected and for what purposes, especially among vulnerable populations. Another point of note is that there is a risk of sensitive information being leaked online. Other concerns may relate to differences in cross-cultural understanding of healthcare privacy and its impacts on patient empowerment; clinician awareness and understanding of how to use social media platforms; and the threat of commercialization of patient clinical data. Other challenges identified in this paper, include:

  • Inappropriate PHI access and use;

  • Privacy of personal data transmitted or accessed via the Web;

  • Non-compliance of medical apps and web-based platforms with standards and regulations that could result in breaches to privacy and confidentiality for patient users and confidentiality when healthcare professionals, healthcare organizations, or other third parties share patient information and images without their consent.

Furthermore, there are few legal frameworks that protect patient confidentiality and privacy on the Internet. The issue becomes more complicated when patients are sharing their own health information online without realizing the impact it may have on their privacy, especially when patients unknowingly share their health information with unscrupulous individuals through online platforms. Even if legal frameworks were introduced, they cannot provide universal protection of patient confidentiality and privacy in the age of the Internet. We believe that increasing patient awareness about the harms of sharing personal health information online is needed and that patients should deal with credible participatory health and social media that protect patient privacy and confidentiality. Examples of such platforms are those certified by Health On the Net.

This situation reminds us of the circus, and especially, the balancing act of walking the tightrope. In this stunt, the fearless clown walks on a tensioned wire that is suspended in the air using a long pole to balance him/herself while getting from one side to the other, astonishing the crowd in the process of performing the act. Depending on how experienced the clown is, the clown may fall to his demise or injury or get to the other side unscathed. Similarly, the patient is walking the tightrope trying to balance his/her need for privacy and confidentiality with the goal of obtaining the health information needed to get well or live well. The empowered patient can get across the tightrope and get the information needed without jeopardizing privacy and confidentiality. However, the untrained patient may share sensitive health information online via public platforms (e.g., Facebook or Twitter), thereby jeopardizing personal privacy and confidentiality. These unaware patients are most in need of help and support from healthcare and participatory health and social media communities.

On the other hand, there are also several opportunities for balancing between privacy and confidentiality of health information via participatory and social media platforms. These focus on opportunities for empowering patients and enhancing their experiences by connecting social media data with clinical records which can be used for comparison and improved clinical-patient communication. As mHealth tools are becoming more credible and more useful, patients are becoming more educated about privacy and confidentiality of clinical and health information being shared online. There is also a need for open data sharing of information where patient use of mHealth, serious gaming, and other participatory healthcare platforms will be further enhanced with e-consent, thereby allowing for easier sharing of patient health information through participatory health and social media platforms.



The range of platforms examined in this paper represent only a subset of the full range of social media and participatory health enabling technologies considered under the topic's umbrella. Furthermore, the choice to examine this selection was aligned with the expertise areas of the authors. Hence, the findings and considerations discussed in this manuscript are not necessarily representative of the full landscape of privacy and confidentiality in participatory health informatics. The goal has been to provide a succinct overview of the topic and research landscape, and provide directions for future research using robust and detailed methods.



As participatory health enabling technologies continue to evolve, the need to balance privacy, confidentiality, and patient needs for health information is a challenge. This is true for all stakeholders: patients, health professionals, researchers, policy makers, and healthcare organizations. There is much work that needs to be done in introducing regulations monitoring how participatory healthcare can handle patient information to ensure that patient confidentiality and privacy are protected, particularly, as we consider the increased push to consider social media data along with clinical records. We recommend future research in this area.



The authors of the present manuscript would like to duly thank their colleagues of the IMIA PHSM working group who helped shape the key considerations discussed in opportunities and challenges. This knowledge expertise provided by leaders in the field of participatory health informatics and social media is invaluable to shape state-of-the-art research and future research endeavors.

Correspondence to

Mowafa Househ
Department of Health Informatics, College of Public Health and Health Informatics, King Saud Bin Abdulaziz University for Health Sciences
Ministry of National Guard Health Affairs, Riyadh
Kingdom of Saudi Arabia   
Phone: +966 599 101 559