Community team inappropriately used WhatsApp to share patient data
NHS Lanarkshire was found to have shared highly sensitive information on the platform and failed to put clear policies in place around the use of WhatsApp
A Scottish health board has been reprimanded after a community team used an unauthorised messaging app to share confidential patient data.
An investigation by the Information Commissioner’s Office (ICO) found there were more than 500 messages in a WhatsApp group set up by staff at NHS Lanarkshire that included patient names. Among these messages were other personal and clinical data, including phone numbers, addresses, photos and videos.
The investigation found 26 workers had access to the group, which was in use between April 2020 and April 2022. A non-staff member was also accidentally added to the group.
‘Every healthcare organisation should consider their own policies on messaging apps’
WhatsApp had been made available to staff for communicating basic information only in the early days of the COVID-19 pandemic.
However, the group was created without the knowledge of NHS Lanarkshire, which had not approved WhatsApp for sharing patient data.
The ICO made it clear it was not appropriate to share highly sensitive patient information in this way and said NHS Lanarkshire had failed to put clear policies in place around the use of WhatsApp.
‘Every healthcare organisation should look at this case as a lesson and consider their own policies when it comes to messaging apps and processing information about patients,’ said the ICO’s UK information commissioner John Edwards.
Health board will improve use of data
Health & Social Care North Lanarkshire nurse director Trudi Marshall apologised to the patients affected and said the health board was taking steps to improve data protocols.
‘We recognise that the team took this approach as a substitute for communications that would have normally taken place in either a clinical or office setting but was not possible at that time due to Covid restrictions. However, the use of WhatsApp was never intended for processing patient data,’ she added.
The use of mobile messaging is supported by the NHS in certain circumstances, and many nursing teams used WhatApp and other services to keep in touch during the pandemic.
NHS England says staff should minimise amount of information shared via apps
Anecdotal evidence gathered by Nursing Standard last year suggests these apps continue to be widely used in the workplace.
Nurses reported using WhatsApp for messages about overtime and rotas, sharing important work updates, organising team socials or for safety reasons to check in on colleagues working alone.
Updated guidance issued by NHS England’s Transformation Directorate in December 2022 stresses that clinicians should minimise the amount of personal or confidential information shared via mobile messaging.
It says apps such as WhatsApp should only be used where there is no practical alternative and the benefits outweigh the risks.
Top tips for using messaging apps safely
- Mobile messaging should not replace formal patient records. Transfer any clinical decisions communicated by mobile messaging as soon as possible and delete the original messages
- Do not allow anyone else to use your device, and switch on additional security settings
- Always check you are communicating with the right person or group
- Follow your organisation’s policies on mobile messaging
In other news