WhatsApp Doc? | BMJ Innovations

Subscribe
Log In More

Log in via Institution
Log in via OpenAthens

Log in using your username and password
For personal accounts OR managers of institutional accounts

Username *

Password *

Forgot your log in details?Register a new account?
Forgot your user name or password?
Basket
Search More

Search for this keyword

Advanced search

Close More
Main menu

Podcasts

Latest content

Current issue

Archive

Authors

About
Subscribe
Log in More

Log in via Institution
Log in via OpenAthens

Log in using your username and password
For personal accounts OR managers of institutional accounts

Username *

Password *

Forgot your log in details?Register a new account?
Forgot your user name or password?
BMJ Journals

Responses

Letter

WhatsApp Doc?

Compose a Response to This Article

Compose Response

Title *

Author Information

Contributors
First Name and Middle Initial * First or given name, e.g. 'Peter'. Last Name * Your last, or family, name, e.g. 'MacMoody'. Email Address * Your email address, e.g. higgs-boson@gmail.com Occupation * Your role and/or occupation, e.g. 'Orthopedic Surgeon'. Affiliation * Your organization or institution (if applicable), e.g. 'Royal Free Hospital'.

Statement of Competing Interests

Competing interests? *

Yes

No

Please describe the competing interests

PLEASE NOTE:

A rapid response is a moderated but not peer reviewed online response to a published article in a BMJ journal; it will not receive a DOI and will not be indexed unless it is also republished as a Letter, Correspondence or as other content. Find out more about rapid responses.
We intend to post all responses which are approved by the Editor, within 14 days (BMJ Journals) or 24 hours (The BMJ), however timeframes cannot be guaranteed. Responses must comply with our requirements and should contribute substantially to the topic, but it is at our absolute discretion whether we publish a response, and we reserve the right to edit or remove responses before and after publication and also republish some or all in other BMJ publications, including third party local editions in other countries and languages
Our requirements are stated in our rapid response terms and conditions and must be read. These include ensuring that: i) you do not include any illustrative content including tables and graphs, ii) you do not include any information that includes specifics about any patients,iii) you do not include any original data, unless it has already been published in a peer reviewed journal and you have included a reference, iv) your response is lawful, not defamatory, original and accurate, v) you declare any competing interests, vi) you understand that your name and other personal details set out in our rapid response terms and conditions will be published with any responses we publish and vii) you understand that once a response is published, we may continue to publish your response and/or edit or remove it in the future.
By submitting this rapid response you are agreeing to our terms and conditions for rapid responses and understand that your personal data will be processed in accordance with those terms and our privacy notice.

I agree to and have read the terms and conditions for rapid responses and BMJ Privacy Notice *

CAPTCHA

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

Vertical Tabs

Other responses

Jump to comment:

Ensuring secure communication in health care:  A response to O’Sullivan et al on their paper ‘‘WhatsApp Doc?’’
Bernadette A. John
Published on: 14 November 2017

Published on: 14 November 2017
Ensuring secure communication in health care:  A response to O’Sullivan et al on their paper ‘‘WhatsApp Doc?’’
- Bernadette A. John, Consultant DigitalProfessionalism.com
The high incidence of sensitive patient data exchanged between physicians via Whatsapp and iMessage evidenced in this study demonstrate potential violations of the new General Data Protection Regulation (GDPR) due to come into effect in May 2018. The GDPR outlines specific requirements for the processing and storage of data of which patient data is arguably the most sensitive. Breaches are expected to generate fines of up to 4% of annual turnover or 20 million euro – for authorities such as the NHS and HSE, this is potentially catastrophic.

Images of Xrays, blood results or wounds, taken via the mobile device in a doctor’s pocket, can be streamed via the famously insecure Apple iCloud in the USA, and suggested for potential upload to social Apps such as Facebook by default. Such material shared via Apps such as Whatsapp are downloaded by default to the image gallery on a smartphone and streamed between all networked devices, whether the recipients open the message or not. Such images can contain EXIF data, such as geographical co-ordinates, date, time, make and model of device etc. Such images are required to be encrypted and stored securely with the patient’s medical notes.

It cannot be overstated that ‘free’ communications solutions such as iMessage, WhatsApp, Signal, Secure Chat etc. are not free at all - if cash is not being paid for an App, the data of the clinician and patient is the commodity being paid for the functionality. Typically Apps have...
Show More

The high incidence of sensitive patient data exchanged between physicians via Whatsapp and iMessage evidenced in this study demonstrate potential violations of the new General Data Protection Regulation (GDPR) due to come into effect in May 2018. The GDPR outlines specific requirements for the processing and storage of data of which patient data is arguably the most sensitive. Breaches are expected to generate fines of up to 4% of annual turnover or 20 million euro – for authorities such as the NHS and HSE, this is potentially catastrophic.

Images of Xrays, blood results or wounds, taken via the mobile device in a doctor’s pocket, can be streamed via the famously insecure Apple iCloud in the USA, and suggested for potential upload to social Apps such as Facebook by default. Such material shared via Apps such as Whatsapp are downloaded by default to the image gallery on a smartphone and streamed between all networked devices, whether the recipients open the message or not. Such images can contain EXIF data, such as geographical co-ordinates, date, time, make and model of device etc. Such images are required to be encrypted and stored securely with the patient’s medical notes.

It cannot be overstated that ‘free’ communications solutions such as iMessage, WhatsApp, Signal, Secure Chat etc. are not free at all - if cash is not being paid for an App, the data of the clinician and patient is the commodity being paid for the functionality. Typically Apps have access a range of material on the users’ smartphone, including contact lists (to access and download), calendars (to read and amend entries) email, SMS, iMessage etc. (to read and send communications to those in the contact lists without notifying the owner), microphone (to access and record) and location (to track). If we are being ‘cost aware’ is access to a doctors diary, address book, email, digital messages, microphone and location/movements actually a cost worth paying?

The danger posed by lost phones is indeed alarming, and the importance of thoroughly cleaning devices before they are upgraded or discarded cannot be overstated either.

Security and data protection must be a central concern, not only for health service administrators, but for clinicians who understand that confidential patient data is no trivial issue. Patients disclose intimate personal information with the understanding that it will be stored and communicated securely and safely.

There is a range of technical solutions for the appropriately secure, efficient communication of patient data – Apps such as Hospify for example. It is essential that clinicians are provided with access to approved technical solutions, digital professionalism training and regular technical updates by the health service urgently, if they are to adhere to the new GDPR and an avoidable data protection disaster is averted.
Show Less

Conflict of Interest:
None declared.
- Back to top