Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
NHS doctors and nurses routinely use WhatsApp to share confidential patient details, test results and medical documents, prompting experts to warn of a “wild west” for data.
Frontline health workers said the platform has become an important work tool, and a workaround for official systems that are often siloed, making it difficult to access information quickly.
“Every day, staff are using it constantly across the NHS,” said a senior consultant who works in one of London’s largest hospitals. “I’ve got nurses, junior doctors and senior consultants all in this one group, using WhatsApp on their personal phones to do the work we do.”
Sensitive patient data — including blood test results and images of X-rays — are being shared in real time on the platform to speed up communication between medical staff who are battling with slow or outdated IT systems, he said.
The issue of safeguarding patient data has been thrown into the spotlight this week by government plans to bring together a single patient record through the NHS app. This would enable the public to access their records and improve information sharing across NHS trusts in England, though privacy campaigners have warned the creation of one single database, even if anonymised, would be more vulnerable to cyber attacks.
They are concerned that patient data could be accessed by anyone working across the NHS, or sold for use by private pharmaceutical or tech companies.
On Thursday, ministers will present legislation to create uniform standards about how data is shared and stored, in an effort to aid information sharing across public bodies.
Ministers have insisted the government is “absolutely committed” to the protection of patient data. But campaigners and experts, as well as NHS staff themselves, say the widespread use of WhatsApp across the health service has been overlooked in debate.
After years of uncertainty around the use of the messaging app, NHS England published official guidance for staff in 2020, permitting the use of mobile messaging to discuss patients, accepting that it “can be useful in health and care settings, particularly in emergency situations”, but warning staff “should take sufficient steps to safeguard confidentiality”.
One NHS doctor told the Financial Times his team has to know exactly which patient they are discussing, “so it can’t all be anonymised”. They added: “Despite the potential shortcomings, it’s just widely accepted as the most efficient way for us to communicate. I think we all feel it’s being used in the best interest of the patients.”
But Saif Abed, a former NHS doctor and expert in cyber security and public health, said there were “significant risks” to the widespread use of WhatsApp by clinicians across the country, and said the health service is becoming the “wild west” of patient data.
“From a data privacy and security perspective it is entirely problematic,” he said. “Essentially you have patient data on a personal device, on a non-clinical application, which NHS organisations have no sight of and no control over.”
He added there were “too many questions” raised by its use, including where the data is going, whether sensitive images are being shared, or what happens if a phone or account is compromised.
NHS England guidance states that any clinical decisions made on a messaging app must be added to the formal health record “as soon as possible” and that staff should “delete the original messaging notes”. Healthcare staff are also advised to unlink the app from the photo library and disable message notifications when the screen is locked.
However, doctors conceded not all staff were following this guidance and there was little oversight. One also raised concerns that the group admin was not always ensuring that any member of a WhatsApp was removed after leaving that particular team, meaning they may still be receiving patient information long after they had left.
Matthew Jaggard, an NHS doctor and founder of DocComs, a clinical app, said the platform has “become culturally ingrained in the NHS out of necessity, and to provide the best care”, but warned that data security had been “sidelined”.
He added: “I think it will take one high-profile data breach, drug error or a patient death, for the public to learn how big the issue is, and to effect cultural change among medical professionals.”
Several medical staff working in an overwhelmed service argue WhatsApp’s end-to-end encryption makes it safe to share data, as it only allows the sender and recipients to read messages.
Sam Smith, a spokesperson for the advocacy group medConfidential, agreed that one advantage of messaging apps such as WhatsApp and Signal is that it is “doctor to doctor encrypted”.
“Many other tools have companies with servers in the middle that take copies of messages, and then the question is what happens to them when the companies get bought?” he added.
NHS England said: “NHS trusts are responsible for their own policies on the use of communication tools, including mobile apps, and should take sufficient steps to safeguard confidentiality.”
Additional reporting by Anna Gross