NHS England appears to have shifted its position on the use of WhatsApp by staff in the NHS, with a softening of tone regarding the popular smartphone application.
The national commissioning body has now conceded that the encrypted messaging app can be “useful” for staff to communicate with each other, though it has restated its oppostion to its use for discussing patient information.
“WhatsApp and other messaging services can provide a useful way for staff to communicate”
The change in tone on the app appears to be a response to the WannaCry ransomware attack in May, when many NHS email and other official electronic communications systems went down.
“WhatsApp and other messaging services can provide a useful way for staff to communicate,” a spokeswoman for NHS England told Health Service Journal. However, she said the app should still “not be used to share identifiable or confidential patient data”.
Despite the change in tone regarding to app, NHS England had not changed its overall policy, the spokeswoman added.
The new position is a shift from NHS England’s last stated view in 2015 that the messaging service “should never be used for the sending of information in the professional healthcare environment” because of security concerns.
“There is no valid reason for its use within the NHS,” the information governance bulletin had said at the time.
NHS Digital also appears to have relaxed its stance over the past four months. In May, it published a social media guide stating that WhatsApp should not be used for “work or official communications, unless it is part of your responsibilities”.
“We would expect local data controllers to make sensible decisions”
But Chris Flyn, security operation lead at NHS Digital’s data security centre, told Health Service Journal last week that WhatsApp could be “a good way for teams to quickly get in touch with each other and to share non-confidential information”.
However, because NHS Digital was not able to fully test the app’s security, it should not be used to send patient identifiable data, he said.
He said: “We would expect local data controllers to make sensible decisions about the data they share, in response to the situation at the time.”
The popular messaging service, which is owned by Facebook, has been the subject of debate within the NHS. There have been several reports that many NHS doctors regularly use WhatsApp and other messaging apps to quickly share patient information.
NHS chiefs relax position on nurses’ use of WhatsApp
The prevalence of WhatsApp being used by clinicians has raised data security concerns, particularly as it transmits information overseas.
However, WhatsApp could have applications for communicating non-clinical information quickly, particularly if other IT systems are down, or in large parts of the NHS that still rely heavily on paper processes.
After the ransomware attack earlier this year, Ipswich and East Suffolk Clinical Commissioning Group updated its cybersecurity emergency planning to include WhatsApp groups to communicate quickly with GPs.
A CCG spokesman said: “The ongoing action plan for improvement includes the setting up of WhatsApp groups. These would be used to help with the coordination of logistical information only in an emergency. WhatsApp would not be used for transmission of confidential patient information.”