The Dangers of Using WhatsApp in the Healthcare Industry

WhatsApp and GDPR

As a result of out-dated communication methods, over 600,000 NHS professionals regularly use WhatsApp and other consumer messaging services to connect within the workplace. Pandemic or no pandemic, messaging tools bring undeniable benefits to the healthcare sector, and with Matt Hancock insisting that doctors must abandon pagers by 2021, the need for compliant and secure messaging tools is only set to increase.

But WhatsApp is not the solution (despite Smartphone-carrying doctors and nurses using it extensively to communicate at work). The onset of GDPR regulations back in May 2018 means that employees of healthcare institutions who use such consumer tools to handle patient identifiable data are liable for fines of up to 4% of their annual turnover. All health and social care organisations are also required to comply with the National Data Opt Out by September 2020.

With the above in mind, there is obviously a clear need for an application that is designed to correspond with the compliance and security requirements of the NHS.

From the life-saving surgeon to the life-changing nurse, there isn’t a healthcare professional who can negate the benefits of using messaging platforms. An integrated approach to providing healthcare is crucial in enhancing patient experiences and outcomes, and there are obvious advantages to being able to easily connect with other clinicians and support staff in real time. With medical teams working more collaboratively than ever before, this means that healthcare workers will continue to communicate via WhatsApp if other options are not made available.

So, with 1.5 billion active users across the globe, why is WhatsApp such a no-go in the healthcare industry?


1: WhatsApp Themselves Say “No” to Professional Use

WhatsApp may be easy and convenient to use, but it is against the terms of service to use it for professional purposes. To cover themselves against the risks that come with work-related communication, WhatsApp specifically state:

“You will not use (or assist others in using) our Services in ways that:(f) involve any non-personal use of our Services unless otherwise authorized by us.”

Breaching this policy by using WhatsApp for professional purposes could result in a hefty fine as per the Terms and Conditions policy’s civil wars.


2: Issues with GDPR Compliance

WhatsApp utilizes user information to operate, understand, improve, customise, and support. It also accesses your address book and metadata to enable the exchange of messages between you and your contacts.

Any sector that has to deal with sensitive and confidential information deserves high-priority protection, and this is something that WhatsApp areunable to provide. In the healthcare industry, a major cause for concern is the fact that any member of staff can add anyone else (including patients and suppliers), to a WhatsApp group without their consent. If an employeeprovides WhatsApp with access to their phone contacts, and those contacts include other members of staff or patients, then they are essentially uploading that data to Facebook without consent.

Of course, WhatsApp protect themselves by making this “consent” the responsibility of individual users:

“You provide us, all in accordance with applicable laws, the phone numbers of WhatsApp users and your other contacts in your mobile address book on a regular basis, including for both the users of our Services and your other contacts.”


3: Official Data Can be Lost or Stolen

If you are a healthcare professional and you use WhatsApp to communicate at work, then you run an enormous risk of your data being lost or stolen if you misplace your phone.

WhatsApp does not provide a security layer to prevent data loss or theft, and as its user accounts have no data access control defined, confidential healthcare data may be accessed by others in case of mobile theft.

Unless you can absolutely guarantee that your phone will never be lost or stolen (which is impossible), then you should not be using WhatsApp for professional purposes.


4.Messages in WhatsApp are End-to-End Encrypted

This means that it is not possible to audit conversations for regulatory purposes. It also means that it is impossible to access the contents or metadata from conversations for the purposes of useful data analysis.


5.WhatsApp is Not “Cross-Platform”

It isn’t possible to have a desktop only WhatsApp account, and desktop usage depends upon having a working and authenticated WhatsApp on a mobile device with a phone number. While a large number of healthcare workers use Smartphones, there are still some who do not.

At Alertive we’re working hard to address these and other risks, at the same time as uncovering many ways in which hard working NHS professionals can save themselves valuable time.