An informative article published by digitalhealth, (click here), looks at the practical and legal  implications of the General Data Protection Regulation (GDPR) which comes into force this Spring (2018).   

According to research undertaken by BMJ Innovations, WhatsApp is a  communication tool widely used by healthcare professionals, with 97% of doctors claiming they routinely use this App to send patient information without consent – despite 68% of them having concerns about  using this tool for data sharing.

Modern medicine requires multidisciplinary working, which depends upon quick and efficient communication of complex patient information, which may include videos and images.  WhatsApp is a simple, easy to use, mobile, form of communication, which at first glance appears to plug a gap in the current NHS software offering.  However, NHS Trusts have declared the use of WhatsApp, and similar services, to be inappropriate and insufficient.

Legal considerations for patient data sharing

A fundamental security and privacy standards difference exists between the needs of mobile message sharing amongst clinical professionals, and the needs of the general public.  A recently published White Paper on the use of social media messaging services by medical professionals practising under UK law  concludes that whilst end-to-end encryption on WhatsApp covers data-in-transit security, there is also a need to ensure the data on the phone and servers complies with NHS security and privacy standards. This is not the case with WhatsApp, where the focus is on ease of users to share media over their phone and be able to back it up.

It is also important to note that there is no formal arrangement in place between WhatsApp, (and similar messaging services), and users, with regard to the processing and storage of patient information.  This is a fundamental requirement of GDPR.  The General Medical Council (GMC), (who have produced a document, Working with doctors Working for patients, which clearly lays out  the main principles of sharing patient information), clearly state “the standards expected of doctors do not change because they are communicating through social media rather than face to face or through other traditional media.”

Patient confidentiality Vs patient safety

Studies suggest that health professionals believe that patient anonymity is a sufficient confidentiality safeguard when using WhatsApp.  However, they also adhere to the “do no harm” fundamental principle of medicine, which necessitates all members of the care team knowing the identity of the patient in order to avoid confusion or potential serious mistakes being made i.e.  it appears patient confidentiality is being given priority over patient safety.

Turning a growing liability into an opportunity

There is a clear need for a clinician mobile messaging service.  NHS Trusts and IT leads need to provide a compliant alternative which offers the ease of use of WhatsApp but with additional privacy features.   There are companies who can supply such a service.  Trusts also need to issue clear guidance as to how the sharing of data using such services can meet the requirements of both GDPR and the GMC.

With the coming of GDPR, it is essential that a compliant, easy-to-use service is provided to support the vital communication needs of our clinicians and the confidentiality requirement of the GMC and GDPR.

To read the full article, written by Adam Rose, partner, and Stefania Littleboy, associate, from the data protection group at Mishcon de Reya LLP; and Joost Bruggeman, former surgical resident and Arvind Rao, both founders of Siilo, please click here.