At Guild, we often touch on the implications of instant messaging applications in the workplace – from 21 reasons why we hate using WhatsApp for work, to issues with messaging apps and GDPR compliance.
The specific use of messaging between healthcare professionals comes with its own practical and legal complications that are worth exploring. In 2018, the NHS issued the following statement on their planned use of instant messaging: “instant messaging services can be a vital part of the NHS toolkit”.
This is a definitive step towards embracing messaging as a solution for effective communication in a medical context.
What has already been put forward?
One of the first initiatives to develop an app for doctors to communicate via instant messaging is Hospify. In 2016, they received a £5,000 grant from the UK government to be able to build on their app that allows medical professionals from all over the country to quickly connect with each other.
Branding themselves as the “WhatsApp for health”, Hospify currently operates in more than 60 hospitals.
Of course, the protection of patient data is of utmost importance when developing an app like this one. Hospify ensures that it complies with GDPR, and uses an end-to-end encrypted messaging system. A six-digit pin number must also be entered to access Hospify messages.
In recent years, there has been a concerning trend of medics using WhatsApp to communicate during emergency situations. Patient care was coordinated through the app during incidents such as the Croydon tram crash, Grenfell disaster and Manchester Arena terror attack. Whilst it is positive that instant messaging technology makes patient care a smoother process, all caregivers should be aware of the potential risks of using it.
Patient data is highly sensitive, and broadcasting updates and names through instant messaging is a security risk. Despite the fact that WhatsApp is currently free from prying eyes, the U.S and UK are working on developing ‘back door’ access to monitor WhatsApp messages from people they deem necessary to monitor.
This throws WhatsApp’s potentially high privacy levels down a notch, and forces the healthcare industry to develop their own apps such as Hospify to conduct their own private communication in order to defend their naturally high levels of information governance. It is vital that patient information remains protected.
What is the current position of the NHS?
In its November 2018 statement, the NHS presented new guidance for medical professionals to follow when considering using instant messaging to coordinate patient care:
- Only use apps which meet the NHS encryption standard
- Do not allow anyone else to use your device
- Disable lock-screen notifications to protect patient confidentiality
- Keep proper medical records, and delete messages once their information has been transferred to the relevant records.
This is a great improvement on the July 2018 story that stated 60% of NHS trusts had no regulations at all on instant messaging.
However, using WhatsApp poses a threat to almost all of the guidance above. As well as its encryption status being in danger from the new legislation surrounding back-door access, mobile phones will inherently be seen or used by someone close to the owner. All it takes is forgetting to disable lock-screen notifications or letting a family member use the device for patient privacy to potentially become compromised.
Therefore, it is going to be important for the NHS to find or develop their own software capable of meeting their security standards. It might also be helpful for devices to show no implicating notifications, and owners to be prohibited from taking them away from the hospital (as long as they aren’t in line for emergency callouts from home).
Any clinician who fails to observe the new guidance set out by the NHS is liable to have to “defend themselves against regulatory investigation if they have not taken sufficient steps to safeguard confidentiality." From the strength of this statement, it is clear to see that going forward it will be increasingly important for healthcare organisations to firm up security surrounding their messaging platforms.
Photo by Luis Melendez on Unsplash.