Policy briefing

Instant messaging: guidance for NHS staff in hospitals

New guidance is intended to help NHS organisations and staff judge how and when to use instant messaging in acute clinical settings

NHS England advises organisations and staff on how and when to use instant messaging in acute care

Picture: iStock

Essential facts

Instant messaging services such as WhatsApp have become useful communication tools for many nurses in their everyday work and also during major emergencies.

Doctors and nurses responding to the fire at Grenfell Tower and terrorist attacks in London and Manchester said instant messaging helped them plan services and arrange staffing. This led to important improvements in patient care, according to NHS England.

However, the use of such services – often on personal smartphones – raises concerns about the security of information shared by healthcare staff.

A survey of more than 800 NHS staff in March by mobile technology firm CommonTime suggested 43% use instant messaging at work. The NMC has warned in the past that nurses judged to have made unlawful or unprofessional use of social media might put their registration at risk.

What’s new

New guidance published jointly by NHS England, NHS Digital, Public Health England, and the Department of Health and Social Care aims to ensure that NHS staff in hospitals use instant messaging safely. It is intended to help NHS organisations and staff make the right judgement on how and when to use instant messaging in acute clinical settings, such as during a major emergency, taking into account rules on data sharing and data privacy.

The NHS does not endorse any particular instant messaging tool but has set out what information governance issues need to be considered and what standards need to be met.

Important points include meeting NHS encryption standards, verifying that people using the app are who they say they are, whether messages can be deleted remotely if a phone is lost or stolen, and whether the app automatically deletes messages after a certain time.

Of four apps discussed in the guidance, only one called Telegram appears to meet all the stipulations.

Using the correct tool can improve patient care by speeding up staff communication, the guidance says. It sets out simple steps that nurses can take to protect information they are sending, such as not allowing others to use their phone.

But the RCN has questioned the usefulness of the document, and says it fails to address fundamental concerns about data safety.

Implications for nurses

The guidance says staff should:

  • Only use apps and other messaging tools that meet the NHS encryption standard.
  • Not allow anyone else to use their device.
  • Disable message notifications on their phone’s screen lock to protect patient confidentiality.
  • Keep separate clinical records and delete the original messaging notes once any advice has been transcribed and attributed in the medical record.
  • Minimise the amount of data they communicate via instant messaging that can identify a particular patient.

Expert comment

Anna Crossley, RCN professional lead for acute, emergency and critical care

‘This guidance appears to focus on hospitals during major incidents, when robust policies and plenty of staff mean the use of instant messaging is probably less important than normal.

‘However, official methods of communication have often failed away from the hospital setting at the sites of major emergencies, leaving practitioners to resort to using personal devices. This guidance seems to confuse rather than solve information governance concerns.

‘Nurses should always remember that patient data they share must be protected against improper access, disclosure and loss at all times. However, fully protecting patient data by anonymising it could lead to miscommunication and confusion around patient identification.

‘The ideal solution would be for the NHS to research and test a fully secure alternative, but this will take many years and a lot of funding. Until then, nurses are left with this confusing and limited guidance that seems to place even more onus on them to secure data when they are simply trying to improve patient care.’

Further information

This article is for subscribers only