There is little doubt that instant messaging is being used by clinicians to share patient information – with all the related risks. John Safa believes that new guidance in the area and efforts to develop secure apps are welcome. But he argues that to truly address the issue requires a much more integrated approach to communication and data security across healthcare.
Speak to just about any doctor off the record and they will tell you that, yes, of course they have used instant messaging on their smartphone to send a clinical image to a colleague. They will use the technology that they have, that they are comfortable with and, here’s the most important bit, that works without interrupting their workflow.
Speak to just about anyone else and they will agree that doctors – and all other frontline healthcare professionals for that matter – have a very real need to be able to share patient data if they are to deliver excellent care. That this need to share information is often time critical is also not in doubt.
What is in doubt, however, is the ability of legacy NHS infrastructure to provide the technological medium to deliver this ability where, when and how healthcare professionals need it. If it were meeting this requirement then surely doctors wouldn’t be opting to use an alternative technology – one that is available to them whenever and wherever, but also comes with no usability learning curve or care delivery delay: namely a standard messaging app on a smartphone or tablet.
We know from previous research studies that both doctors and nurses really want a secure method of sending this type of patient data from their smartphones. The new messaging guidance published jointly by NHS England, NHS Digital, Public Health England, and the Department of Health and Social Care would appear to recognise this. It says that health staff who are using instant messaging apps during times of crisis, in order to coordinate patient care, should only use those that meet the NHS Encryption Good Practice Guide (GPG) standard.
It also points out the law obliges clinicians to protect patient confidentiality, and those who don’t take sufficient steps to do so could find themselves at the sharp end of regulatory investigations. Some of the advice is good old fashioned common sense, such as protecting the device itself with a password protected lock-screen and not sharing said password with other people. Some is less obvious but just as welcome, like disabling message notifications that might otherwise pop-up on a lock-screen for example.
The advice that concerns me most is that the original messages must be deleted once the data has been entered into the separate medical record. Why does this concern me? Experience mainly.
Because while the NHS Encryption Good Practice Guide does state that data at rest that is stored on a device must be protected “through the use of an encryption solution”, it doesn’t address the extended problem of secure deletion.
Most clinicians would assume that delete means delete. But most CIOs and CCIOs know that it doesn’t and, I hope, have solutions in place that ensure secure erase of data from devices being used within existing infrastructures. But what about those clinicians using ‘shadow IT’ such as their smartphone or tablet, even if they are otherwise following the latest information governance guidance from the NHS regarding messaging app use?
Dr Jonathan Bloor, in an article for Digital Health, has said: “WhatsApp is being used outside current information governance rules, often without local NHS oversight and with huge confusion about just how secure information held in WhatsApp really is.” He’s right, and I’m not convinced this new guidance properly addresses the problem of data retention on smartphones and tablets.
So, what is the answer? Good question. Dr Bloor suggests the WhatsApp-style NHS secure instant messaging service called for by the Centre of Policy Studies earlier this year probably isn’t it. At least not in isolation. The previous three words are the most important in my view: not in isolation.
Third-party apps, even ‘secure’ ones such as WhatsApp (which wasn’t explicitly recommended in the latest guidance, but is what most clinicians will no doubt be using) won’t solve the issue of patient data being stored on the docs’ smartphone or tablet – or prevent the consequences should the device be lost, stolen or compromised. End-to-end encryption is vital, yes. Encryption at rest equally so. But these must be part of an integrated system.
It’s time to look again at how information is shared and ensure the platform being used is truly fit for purpose rather than a hotchpotch of legacy infrastructures and third-party applications. Secure integration must be at the heart of any data sharing system. NHS organisations need to be able to see what data is being shared, with whom and by whom.
Only a properly integrated system, with strong analytical reporting and central controls that give proper oversight, can enable healthcare professionals to concentrate on saving lives rather than securing data. So let’s stop bolting on ‘secure bits’ to an otherwise clunky and creaking legacy data sharing infrastructure (pagers and fax machines, in 2018, really?) and start thinking securely from the ground up.
John Safa is founder and CTO of Pushfor.
11 December 2018 @ 12:30
A solution that integrates with EPR’s is available now: https://www.commontime.com/solutions/clinical-messaging/.
10 December 2018 @ 12:24
Agreed.
Messaging needs to be part of the overall EPR. Not storing any data on the device is vital if using for patient care. If part of the EPR, the conversation should become part of that patients record and clinicians can also point their colleagues to a relevant result or part of the EPR for review. Reducing the time to re-write the situation etc.
Lets not force our clinicians to have a host of different apps for different functionality.
7 December 2018 @ 08:32
He’s right, it’s not about messaging in isolation, but getting the right information to the right people when most needed. He’s wrong about messaging per-se, there are two tests that matter most about securing confid patient data: it should not be held on the mobile device, and it should not be capable of being copied to anyone not authorised to see it. WhatsApp totally fails on both counts.