Rules Navigator

UK watchdog calls for checks on data safety over use of WhatsApp by NHS staff

NHS staff looking at a phone
Use of WhatsApp among NHS staff is allowed, though with certain guidelines. Photo: Carl Court/Getty Images

Hameed Shuja

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

The proposal comes after mounting concerns about the use of WhatsApp among NHS staff, which has raised data safety issues.

The head of the UK’s data watchdog has raised the prospect of spot checks on NHS staff to make sure they are using WhatsApp safely and are not compromising patients’ data safety.

Information commissioner John Edwards told the Financial Times he recognises that the use of WhatsApp by staff “is a reality”, but has warned that it can also be “hugely problematic.”

“It needs to occur out in the open and in a way that is in accordance with policies and procedures,” he said, following mounting concerns about patients’ data safety.

In a separate report last month, the FT revealed that “NHS doctors and nurses routinely use WhatsApp to share confidential patient details, test results and medical documents.”

Those findings had prompted experts to warn of a “wild west” for data, as NHS staff preferred the messaging app as a workaround of official communication channels which, in their opinion, were slow and outdated.

“I am a big fan of audit and particularly random audit. So from time to time, you just go and say to somebody: ‘I need to look at your WhatsApp, I need to check the settings.’ That’s going to remind people,” Edwards said.

The use of WhatsApp by NHS staff is not officially banned, but existing guidelines strongly advise frontline and other staff to “take sufficient steps to safeguard confidentiality.”

Mounting concerns

Last year, the Information Commissioner’s Office (ICO) reprimanded a local NHS body for allowing “personal information such as patient names, phone numbers and addresses” to be shared by 26 staff members on more than 500 occasions.” The breaches took place at NHS Lanarkshire, according to reports.

Data experts, including those working for the NHS, have repeatedly warned about the risks to data safety, both from internal as well as external sources, from the use of off-channel messaging apps.

According to one NHS expert: “If you’re a criminal who’s trying to steal a bit of money from just anybody, we’re a big chunk of that. They will just hit the system, take control and demand payment because we’re there, we’re connected and we’re vulnerable.”

“Using WhatsApp needs to occur out in the open and in a way that is in accordance with policies and procedures.”

John Edwards, Information Commissioner

Last month a new bill aimed at making “patients’ data easily transferable across the NHS so that frontline staff can make better informed decisions for patients more quickly” was introduced to the British parliament.

The government believes the Data Use and Access Bill will help in “freeing up 140,000 hours of NHS staff time every year, speeding up care and improving patients’ health outcomes.”

But data privacy campaigners have warned that the creation of a single large database which holds key personal information about millions of people can be vulnerable to serious cyber attacks by criminals.

And digital rights organisations have also in the past criticised the Information Commissioner’s Office for the way it has dealt with data privacy breaches, accusing it of having “a poor track record of issuing weak reprimands instead of fines and acting as a critical friend to government.”

, , , , , , , , , , , , ,

You may also like