WhatsApp Doc?


This year London has had its fair share of major incidents with the Westminster and London Bridge attacks, and most recently the Grenfell fire. On these occasions we have activated our well thought out major incident plan, and each time analysed what went well, and what we could improve, and debriefed our teams. 

At the final Westminster debrief there was some discussion about the use of our personal mobile phones and WhatsApp to improve communication within our teams. During the meeting I set up a WhatsApp group for the anaesthetic consultants for use only in major incidents – it took me two minutes, most of my colleagues were broadly supportive, a couple immediately left the group and a few others mentally rolled their eyes at yet another group that was going to ping on their phone and generally annoy them. 

When I was woken by the major incident phone call at 3am on the 14th June I looked at my phone and there was already a lot of activity on the WhatsApp group, colleagues offering to come in, directions on where to report to and what needed doing. I looked out on our terrace and was met with an awful sight of West London lit up by the Grenfell fire.

 Image courtesy of Paul Barlow
Our hospital’s response to the fire was very well coordinated and effective, but I was particularly proud that the information sharing and general coordination of the anaesthetic department was second to none. Other teams looked on us with envy and the central coordination team was asking me for updates on how things were going. Anaesthetists are central in the treatment of any critically injured patient, and in the management of multiple casualties it is vital to have the anaesthetist and ODP/anaesthetic nurse in the right place. WhatsApp was absolutely central to this and made team coordination simple. 

Despite being against most NHS information governance rules, WhatsApp is used routinely every day in the NHS for communication within teams. I’m glad to say that no patient identifiable information was shared in or Major Incident group but I know such information passes within clinical team WhatsApp groups up and down the country every single day. Is this a contravention of information governance principles? I would say no, as long as professional safeguards are applied. 

WhatsApp is end-to-end encrypted, meaning that the only way of viewing those messages is on the smartphones of the members of the group, and hacking into the messages is otherwise pretty much impossible, so security is dependent on the group members having encryption on their phones and treating the information they receive responsibly. Many of the concerns expressed about WhatsApp involve irresponsible behaviour – what if they share the information on social media? This would be no different to taking a set of notes and leaving it open in the hospital cafe for everyone to see, and contravenes the GMC’s excellent social media guidance

Why doesn’t the NHS spend a lot of money on setting up its own social media platform to mirror WhatsApp where you can share patient data then? I would argue it would be a waste of money as the platform already exists and is already secure. In addition the NHS platform wouldn’t have the resources to be kept up to date with new operating system releases and would soon enough become less secure and more prone to attacks. Also, new, convenient features get added quickly to WhatsApp but would be extremely slow to get into any bespoke system. 

So should the NHS embrace WhatsApp communication? I would say yes, but there needs to be guidance on it. It is the responsibility of healthcare professionals to treat that information confidentially and with respect, to have their phones encrypted and to delete information from groups after they move to a different job. We need to accept the reality of WhatsApp and all the benefits it brings us, but need to provide sensible safeguards on the way it is used, and to treat unprofessional social media behaviour in the same way as leaving a set of confidential notes on a park bench. 

In the meanwhile, I hope my Major Incident WhatsApp group stays silent for a while now.

Advertisements

4 Comments

  1. I share your frustration with the NHS being slow at embracing these new technologies despite appearing to tick all the boxes. Data protection and confidentiality are clearly the issues here.

    At our trust a messaging system was introduced a few years back called ‘Yammer’. After some digging it apparently it was deemed appropriate for professional communication alongside emails. It comes in an app form for smartphone use. I’m hoping to use it for discussion groups.

    I agree however about the maintenance of these systems – if they become obsolete through replacement by superior alternatives then one does have to wonder about the security of all that ‘cloud based’ content further down the line…

    Like

  2. Good post. Anything that improves safe and effective communication is to be welcomed. Before criticising the use of WhatsApp (as many are out there) it is important to remember it is just a vehicle for conversation. Conversations can happen in many ways, may be private or not, and may identify others (e.g. patients or colleagues), or not. Much professional business takes place in corridors, over the phone, in meetings, by email etc. and should be conducted to same professional standards whatever the medium. For example, if a conversation about a patient results in a therapeutic decision or other information that should be documented in that patient’s record, it doesn’t matter a jot whether the conversation took place in the corridor or on WhatsApp, it is still a professional responsibility to ensure that it is recorded. The singular advantage of WhatsApp is that the conversation is much less likely to be overheard.

    Like

  3. I’ve posted this over to another forum I’m in. There is a lot of discussion about what the actual need is for WhatsApp… How are people using it particularly for patient management? If the need is clear then solutions can be worked on, but just stating that WhatsApp works as a solution isn’t enough for people to understand what problem is being solved. Thanks for teasing this out.

    Like

  4. It’s interesting to see the focus here, and in the Twitter discussion about this post, on end-to-end encryption and disk-encryption of phones as being the relevant factors in ensuring good security (and good governance).

    The rather large omission is the security of phones themselves and the range of other factors both in (e.g. apps installed and where from) and out (e.g. vulnerabilities in the OS or, worse, bits of hardware) of the user’s control. Where does the responsibility fall when the issues of security become more complicated than ‘Switch on encryption’?

    I should acknowledge the other point that often gets brought up – regardless, this would still be a massive step forward over phone, fax and bits of paper in terms of security and much else!

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s