Download PDFPDF
WhatsApp Doc?
Compose Response

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Author Information
First or given name, e.g. 'Peter'.
Your last, or family, name, e.g. 'MacMoody'.
Your email address, e.g.
Your role and/or occupation, e.g. 'Orthopedic Surgeon'.
Your organization or institution (if applicable), e.g. 'Royal Free Hospital'.
Statement of Competing Interests


  • Responses are moderated before posting and publication is at the absolute discretion of BMJ, however they are not peer-reviewed
  • Once published, you will not have the right to remove or edit your response. Removal or editing of responses is at BMJ's absolute discretion
  • If patients could recognise themselves, or anyone else could recognise a patient from your description, please obtain the patient's written consent to publication and send them to the editorial office before submitting your response [Patient consent forms]
  • By submitting this response you are agreeing to our full [Response terms and requirements]

Vertical Tabs

Other responses

  • Published on:
    Ensuring secure communication in health care:
 A response to O’Sullivan et al on their paper ‘‘WhatsApp Doc?’’

    The high incidence of sensitive patient data exchanged between physicians via Whatsapp and iMessage evidenced in this study demonstrate potential violations of the new General Data Protection Regulation (GDPR) due to come into effect in May 2018. The GDPR outlines specific requirements for the processing and storage of data of which patient data is arguably the most sensitive. Breaches are expected to generate fines of up to 4% of annual turnover or 20 million euro – for authorities such as the NHS and HSE, this is potentially catastrophic.

    Images of Xrays, blood results or wounds, taken via the mobile device in a doctor’s pocket, can be streamed via the famously insecure Apple iCloud in the USA, and suggested for potential upload to social Apps such as Facebook by default. Such material shared via Apps such as Whatsapp are downloaded by default to the image gallery on a smartphone and streamed between all networked devices, whether the recipients open the message or not. Such images can contain EXIF data, such as geographical co-ordinates, date, time, make and model of device etc. Such images are required to be encrypted and stored securely with the patient’s medical notes.

    It cannot be overstated that ‘free’ communications solutions such as iMessage, WhatsApp, Signal, Secure Chat etc. are not free at all - if cash is not being paid for an App, the data of the clinician and patient is the commodity being paid for the functionality. Typically Apps have...

    Show More
    Conflict of Interest:
    None declared.