Guidance issued on the use of instant message apps in the wake of WannaCry has been “more confusing than helpful”, it has been claimed.
Dr Barney Gilbert, a junior doctor and chief executive of instant messaging app Forward, told Digital Health exclusively that “very few” NHS workers would be aware of the guidance for using apps like WhatsApp to quickly share patient data.
“One of the things that NHS England and NHS Digital don’t understand is that by silently putting some guidance on their website, that very few members of the ordinary workforce look at anyway, it doesn’t change anything,” he said.
“When the advice is confusing and complicated, for example I think specifically on WhatsApp the guidance ended up being quite feeble.
“Basically it said ‘here’s a big handful, I think seven or eight steps that are required’ like changing your WhatsApp front-end to make it compatible with our guidance.
“It’s actually been more confusing than it’s been helpful.”
The guidance was released in November last year and sets out how, and in which circumstances, doctors, nurses and other healthcare staff can use messaging apps within acute care settings.
It also outlined privacy rules and procedures for sharing patient information.
“There are efforts like the guidance to try and make that process [of communicating patient data] clearer, but it’s just the delivery of that information has not been done very well,” Dr Gilbert added.
“There’s also a long established culture of clinicians looking for local guidance and looking to their own CEO or department manager.
“A staff nurse on a ward in Rotherham is not going to go and look on the NHS Digital website, they are going to say ‘What are we doing about getting our phones out at work? Is there a bring your own device policy on our ward?’ – it’s much more local in practice.”
During large-scale emergency incidents like Grenfell Tower and the terror attacks in London and Manchester in 2017, messaging apps proved instrumental in helping emergency responders communicate.
WhatsApp was a key communication tool during the WannaCry attack in 2017, allowing NHS staff to communicate after being locked out of computer systems.
There have subsequently been calls to introduce a WhatsApp-like messaging service into the NHS.
Dr Gilbert believes his company, Forward, is the solution.
Forward is a smartphone-based workflow app created by clinicians and researchers as a secure solution for sharing patient data. It’s already in use in 140 NHS hospitals and the company plans to expand further across the health service.
A recent survey by the company found 11% of NHS staff believe existing communication methods allow them to work effectively, with many turning to the likes of WhatsApp to quickly share information.
But that comes with it’s own risks and many staff feel they could be made a scapegoat if patient data is accidentally breached, Dr Gilbert said.
“People do feel like they could be a scapegoat because under GDPR one of the conditions is that organisations which are data controllers could be fined 4% of their annual recurring revenue, or up to €20 million, for a significant breach in data handling processes,” he said.
“In practice, what happens is, when there is a breach they refer that professional to the General Medical Council, which then becomes a disciplinary hearing which costs the organisation two or three grand in that employees time, rather than the massive fine.
“So there’s some strategies around how organisations can deflect that risk and put it on the employee and the workforce rather than the organisation.”
The guidance was published jointly by NHS England, NHS Digital, Public Health England, and the Department of Health and Social Care.
It didn’t endorse any instant messaging tool, but set out the standards that need to be met by health staff using instant messaging during emergencies to co-ordinate patient care.
This includes only using apps and other messaging tools that meet the NHS encryption standard, keeping clinical records separate and deleting any notes after they have transcribed and attributed in the medical record. It also offers practical guidance such as disabling lock-screen notifications and discouraging staff from sharing devices.