A substantial number of acute hospitals in England are not taking important steps to prevent staff sharing sensitive information via WhatsApp, Facebook Messenger and other consumer applications, a series of Freedom of Information Act requests has revealed.
Many hospitals are also failing to offer staff effective alternatives, according to the research at mobile technology company CommonTime, which analysed responses from 136 of England’s 151 acute trusts.
Nearly six in ten trusts (58%) said they had no policy in place to discourage consumer instant messaging. This is despite research earlier in the year that raised data protection concerns.
The freedom of information responses revealed that a majority of trusts (56%) provided staff with no approved alternative to consumer messaging applications. And 17 trusts said they had simply banned instant messaging applications altogether.
But the 2018 report Instant Messaging in the NHS showed 43% of NHS staff to be reliant on instant messaging at work, with many professionals believing patient care will suffer without access to the technology. The FoI findings also follow calls in July from health secretary Matt Hancock for the NHS to make greater use of apps for patient care.
Rowan Pritchard-Jones, consultant burns and plastic surgeon and chief clinical information officer at St Helens and Knowsley Teaching Hospitals NHS Trust, commented on the latest findings: “As is usual, NHS staff have adopted technology, likely in the belief that they are doing the right thing to support patient care, in an increasingly pressurised environment. It is incumbent on digital leaders to embed in our evolving culture the need to protect patient confidentiality, deliver these conversations into the patient record, and support staff to have these interactions with the support of their organisations.”
Six trusts that responded listed consumer applications including WhatsApp and Apple’s iMessage as official channels, despite limitations in being able to trace how patient data is transmitted, and challenges around integrating information with NHS systems. Researchers said this raised concerns around compliance with the General Data Protection Regulation (GDPR), that came into force this year.
David Juby, head of IT and security at CommonTime, said: “When considering the usage of WhatsApp and other consumer messaging apps within a GDPR context, a health service data controller must consider if they are able to provide a copy of data if requested by a patient and that they are able to erase personal data when requested.”
The latest research builds on findings from March’s report ‘Instant Messaging in the NHS’, which suggested as many as 500,000 NHS staff use consumer instant messaging applications at work – including Facebook Messenger, WhatsApp and iMessage. The report found that one in 50 staff had faced disciplinary action as a result, and that despite unsubstantiated reports of malicious uses, the majority of frontline staff had been using the applications to keep up with care needs. Valid uses included supporting shift handovers, organising rotas, asking for second opinions, developing care plans and organising community care. Fewer than half of staff questioned at the time were satisfied with NHS provided channels.
Steve Carvell, head of healthcare at CommonTime, said the latest freedom of information findings showed that many trusts needed to do more to support their staff. “It is encouraging to see pioneering trusts supporting their staff, some with instant messaging applications specifically designed to cater for healthcare workflow and that can help staff work more effectively in pressured environments when they are caring for patients.
“But our latest research also shows that many other trusts still need to take action to provide staff with the tools they need to communicate effectively in delivering patient care. Staff need to be given guidance to help ensure organisations can comply with ever more stringent data protection regulations. And they need access to technologies that allow them to do their job. Where consumer messaging isn’t appropriate, trusts have a responsibility to provide alternative communication tools that are effective in supporting secure information flows in healthcare.”
CommonTime’s latest research into instant messaging follows revelations from its 2017 investigation into pager usage in the NHS, which found that the NHS still relies on 10% of the world’s pagers.