Use of consumer messaging tools at NHS trusts adds new security concerns
[London, UK] A new CommonTime report has revealed that a majority of NHS trusts have no official policies to discourage the use of consumer messaging apps like WhatsApp, Facebook Messenger among healthcare professionals.
The study found that despite the clear privacy risks posed by those apps, many trusts don't provide other, more secure alternatives for staff to use.
While the NHS has taken steps to bolster its cybersecurity position, more government funding is needed.
Health and Social Care Secretary Matt Hancock pledged to transform and upgrade the hospital IT infrastructure back in July, announcing a £487m funding package.
But on a more basic level, the recent report shows too many hospitals are still behind on simple enforcements that could bring major improvements in patient privacy.
CommonTime researchers found nearly 58% of the 136 trusts included had no policy in place to restrict the use of consumer messaging platforms.
CommonTime, which used the Freedom of Information Act to view various hospitals policies, showed a similar majority of trusts (56%) did not equip staff with approved alternatives to consumer messaging applications.
A handful of trusts even said tools like WhatsApp and iMessage were officially sanctioned at their hospitals, which highlights the difficulties in tracking how patient data is transmitted across those apps.
And there are greater challenges in attempting to integrate those apps securely within the network, while GDPR adds even more security concerns for the trusts.
As David Juby, Head of IT and Security at CommonTime pointed out, GDPR compliance 'requires that a health service data controller must consider if they are able to provide a copy of data if requested by a patient and that they able to erase personal data when requested'.
But the study also showed 17 trusts had banned instant messaging apps wholesale.
That may help head off a big security concern, but it could also have an adverse impact on patient care: 43% of staff said they depended on instant messaging and worried quality and safety could be impacted without it.
An earlier CommonTime report found that nearly half a million NHS employees use IM apps in their daily work at the trusts.
"As is usual, NHS staff have adopted technology, likely in the belief that they are doing the right thing to support patient care, in an increasingly pressurized environment," said Rowan Pritchard-Jones, Chief Clinical Information Officer at St. Helens and Knowsley Teaching Hospitals NHS Trust.
"It is incumbent on digital leaders to embed in our evolving culture the need to protect patient confidentiality, deliver these conversations into the patient record and support staff to have these interactions with the support of their organizations," he added.
The study also showed there are plenty of valid uses for IM apps, such as supporting patient handoffs and shift changeovers, soliciting second opinions, creating patient care plans and other functions.
Hancock also emphasized his commitment to consumer-friendly tech in July.
"I came from a tech background before I went into politics, and I love using modern technology myself," Hancock said. "Not only do I have my own app for communicating with my constituents here in West Suffolk, but as you may have heard I use an app for my GP."
He told staff at West Suffolk Hospital:
"Doctors and nurses will soon throw away their pagers and install a new smartphone app, removing the need to phone colleagues for details after getting paged – something that a pilot has shown should save nurses more than 20 minutes and doctors almost 50 minutes every shift."
But it's clear from the new report that the NHS needs to enact policies that outline the apps staff can safely use and how to securely use the platforms.
And wherever possible, officials need to equip them with approved tools on par with their privacy and security policies.
Steve Carvell, Head of Healthcare at CommonTime, said many trusts have begun 'supporting their staff, some with instant messaging applications specifically designed to cater for healthcare workflow and that can help staff work more effectively in pressured environments when they are caring for patients'.
But he said many others still need to 'take action to provide staff with the tools they need to communicate effectively in delivering patient care'.
"Staff need to be given guidance to help ensure organisations can comply with ever more stringent data protection regulations," Carvell added.
Originally published on Healthcare IT News, a sister publication of BJ-HC.