People also consciously or implicitly provide personal information about their physical, biological and medical status to a health care decision structure when, for instance, they enter a hospital. They do so in the hopes of having their life saved, a disease cured, or the quality of their life improved. This personal information is revealed to (or taken by) legitimate members of the decision structure and stored in its files, databases and archives. Once captured this personal data can be processed and transmitted through the decision structure's communication networks, and ultimately delivered to the individual service providers within the structure who need it to perform their tasks. All of this is done with the understanding that this personal information will be used to achieve some personal goal of the patient, a goal that the giver deems, at the time, to be more important than preserving his or her privacy.

During a lifetime each of us enters into many complex privacy relationships with helping institutions. The moral dimensions of these relationships are clear: (1) the person helped - the giver of information - has a right to privacy, (2) the receiver -the decision structure that is acting as a service provider - being a fiduciary, has a duty of confidently and should protect and secure that information against access by third parties. From a social contract point of view it may be assumed that the first party enters into the relationship under conditions of informed consent: the first party is authorizing the second party decision structure to take certain actions on his or her behalf, is fully aware of what risks attend to the actions, and has an opportunity to terminate the decision making and action taking activities at any time. The second party, for its part, is promising several things: not to use the personal information about the first party obtained for one given authorized purpose for any other purposes; not to make it available to any unauthorized third party; not to keep secret from the first party the fact that the personal information has been collected; to provide a means for a first party to find out what personal information about him or her has been collected and how it is being used; and, to provide a means for the first party to correct or amend that information. Furthermore, the second party must assure the accuracy and reliability of the personal information for the intended use and take reasonable precautions to prevent it from falling into third party hands or being misused. (This follows generally from the principles for fair information practice adopted in 1973 by the U.S. Department of Health, Education and Welfare.)

In the digital environment the second party's ability to perform these duties has been increasingly challenged. A fiduciary who holds only tangibles or money can readily provide physical security for them in the form, say, of a safe or a locked storage room. However, a fiduciary who holds only digital pulses must secure them by other means such as software and organizational procedures. Information, especially information in digital form, Cleveland points out, is inherently leakable, transportable, shareable, diffusive, expandable, compressible and substitutable. (1982) As more and more of the information within and, especially among, second and third party decisions structures is electronically networked the effects of Cleveland's characteristics are compounded. This results in a significant systems design problem, one with both moral and technical dimensions. The moral problem is to identify all of the individuals within the second party decision structure who have a need or right to know and what personal information they require. The technical problem is to design and implement a system that readily makes the information available to those who need to know when they need to know it and that actively precludes all other third parties from receiving that information.