eLetters

1 e-Letters

  • Ensuring secure communication in health care:
 A response to O’Sullivan et al on their paper ‘‘WhatsApp Doc?’’

    The high incidence of sensitive patient data exchanged between physicians via Whatsapp and iMessage evidenced in this study demonstrate potential violations of the new General Data Protection Regulation (GDPR) due to come into effect in May 2018. The GDPR outlines specific requirements for the processing and storage of data of which patient data is arguably the most sensitive. Breaches are expected to generate fines of up to 4% of annual turnover or 20 million euro – for authorities such as the NHS and HSE, this is potentially catastrophic.

    Images of Xrays, blood results or wounds, taken via the mobile device in a doctor’s pocket, can be streamed via the famously insecure Apple iCloud in the USA, and suggested for potential upload to social Apps such as Facebook by default. Such material shared via Apps such as Whatsapp are downloaded by default to the image gallery on a smartphone and streamed between all networked devices, whether the recipients open the message or not. Such images can contain EXIF data, such as geographical co-ordinates, date, time, make and model of device etc. Such images are required to be encrypted and stored securely with the patient’s medical notes.

    It cannot be overstated that ‘free’ communications solutions such as iMessage, WhatsApp, Signal, Secure Chat etc. are not free at all - if cash is not being paid for an App, the data of the clinician and patient is the commodity being paid for the functionality. Typically Apps have...

    Show More