The majority of England’s NHS Trusts could be exposing themselves to privacy and compliance risk by using consumer IM tools, a new Freedom of Information request has revealed.
Mobile solutions provider CommonTime analyzed responses from 136 of the country’s 151 hospital trusts to find that over half (58%) have no policy in place to discourage the use of consumer-grade IM platforms like WhatsApp and iMessage.
A further 56% provided no approved alternative to staff for these messaging applications, six trusts listed them as official communications channels, and 17 trusts said they’d banned the apps altogether.
A previous report from the vendor revealed that use of such applications is widespread in the health service as healthcare workers under huge amounts of pressure look for easy ways to communicate and share patient data.
It found that 43% of NHS staff are reliant on instant messaging at work, with many claiming patient care would suffer if they didn’t have access to the technology.
However, doing so can cause compliance problems and raise issues around patient privacy.
The report cited multiple anonymous examples given by responding NHS employees of patient data sent to the wrong person, sometimes outside of the health service; sharing of patient addresses and phone numbers and unauthorized access to patient details.
“When considering the usage of WhatsApp and other consumer messaging apps within a GDPR context, a health service data controller must consider if they are able to provide a copy of data if requested by a patient and that they able to erase personal data when requested,” claimed CommonTime head of IT and security, David Juby.
It was estimated that around half a million NHS employees rely on IM tools at work: including both clinical and non-clinical staff.
CommonTime’s head of healthcare, Steve Carvell, argued that staff needed to be given more data protection guidance and the right tools to do their job securely.
“Where consumer messaging isn’t appropriate, trusts have a responsibility to provide alternative communication tools that are effective in supporting secure information flows in healthcare,” he said.