Ensuring Safe Use of WhatsApp in NHS: Guidance and Best Practices
- Hospitals in England must conduct spot checks on doctors' and nurses' phones to ensure they use WhatsApp properly for patient care discussions.
- His remarks followed reports that many health workers share confidential patient information, test results, and medical documents through WhatsApp on personal devices.
- Edwards acknowledged WhatsApp is widely used but stressed the need for transparency and adherence to established policies.
Title: Ensuring Safe Use of WhatsApp in NHS Communications
Hospitals in England must conduct spot checks on doctors’ and nurses’ phones to ensure they use WhatsApp properly for patient care discussions. John Edwards, the Information Commissioner, highlighted that improper use could pose serious problems for NHS staff and patients.
His remarks followed reports that many health workers share confidential patient information, test results, and medical documents through WhatsApp on personal devices. Experts noted this situation creates a “wild west” for data security.
Edwards acknowledged WhatsApp is widely used but stressed the need for transparency and adherence to established policies. He advocated for random audits, suggesting that randomly checking settings on staff devices would reinforce compliance.
NHS England released guidelines in 2020 that permit using mobile messaging for patient discussions but require protecting confidentiality. Key points from the guidance include:
- Any clinical decisions discussed in messaging apps must be recorded in the official patient record promptly.
- Original messaging notes should be deleted.
- Staff should unlink WhatsApp from the photo library and silence notifications when locked.
Frontline workers praised WhatsApp for its efficiency but admitted not all followed the guidance consistently due to a lack of oversight. The Information Commissioner’s Office advises that organizations create records management policies that address the risks of using non-official communication channels.
Edwards stated that if staff share NHS patient data on personal devices, management should have the authority to check that data. He pointed out that WhatsApp’s end-to-end encryption could be more secure than some official systems, depending on usage.
NHS England emphasized that each trust is responsible for establishing its own mobile communication policies and must take steps to ensure confidentiality through regular staff training and reminders.
In summary, Edwards called for medical institutions to have clear policies and regularly remind staff about them. He compared this need to the careful introduction of new medical devices, stressing that communication methods must also be verified for safe use.
