Hospify screenshot

Worried about data security? Try the new "WhatsApp for health"

Thu 21 Dec 2017

MiP and UNISON are supporting trials of Hospify, a new secure messaging app for NHS staff which avoids falling foul of data protection and patient confidentiality rules. James Flint explains why you should give it a try.

If you’ve been working in a West Midlands hospital in the last couple of months and have happened across a Unison stand, you may have noticed something unusual – a second stand, positioned next to it, displaying information about the trial of a smartphone app called Hospify.

Hospify is being called “WhatsApp for health”, and Unison and MiP have been supporting its trial in the region with good reason.

 If you work in healthcare the chances are you’ve used WhatsApp to communicate with your colleagues. According to several surveys, over 90% of doctors have already done so and, if doctors are doing it, we can be pretty sure everybody else in health is too. 

You only have to take a look at the WannaCrypt ransomware attack earlier this year to get a good idea of why that is. Communications in healthcare are so labyrinthine and inefficient, and WhatsApp is so downright convenient, that it makes sense to use it even though you know you shouldn’t!

The trouble is that many nurses and doctors are facing disciplinary proceedings because they’ve turned to consumer messaging apps like WhatsApp and Facebook out of pure frustration with the comms provided for them at work.  

According to the British Medical Journal there have been already been 28 GMC investigations into doctors’ use of WhatsApp, Facebook and Twitter, and this is only going to get worse when new EU guidelines known as the General Data Protection Regulation (GDPR) take effect on May 25th next year – which will happen regardless of Brexit.

From that date a nurse or doctor sending information about a patient via WhatsApp will automatically be committing a data breach that must be reported to the Information Commissioner’s Office (ICO) by their Trust, even though reporting it could land the Trust with a fine of up to 4% of its annual turnover.

People think that WhatsApp is safe to use because WhatsApp is encrypted, but encryption is only part of the story. The storage of messages and other data is crucial too, and all WhatsApp messages are stored on WhatsApp’s servers, most of which are located outside of Europe, which is itself is a breach of GDPR rules where health data are concerned. 

In addition, all data that are stored about a patient can be requested by that patient at any time, with the messaging service duty-bound to hand them over. This is impossible to do if the data are properly encrypted – because they are encrypted and no one, not even the messaging company, can read them! The alternative – putting in a “security backdoor” – not only creates a massive hacking risk (backdoors are very vulnerable to hackers), but also requires that teams of people are made available to sift through and properly vet the requested information, an effort that would require significant technical, financial and human resource. 

The upshot is that the one industry in which fast and efficient communication is quite literally a life-or-death issue is the one industry which cannot take advantage of the virtually free communication tools that the vast majority of us keep in our pockets, take entirely for granted, and use every day. 

What is needed is a viable alternative: hence the trial of Hospify.

Hospify’s app offers a very similar user experience to that offered by WhatsApp – simple, efficient individual and group messaging – but does it in a way that’s compliant with both new and existing regulation. 

Hospify encrypts and delivers text messages from phone to phone and then deletes them its servers within 72 hours of delivery, so that the only copies are held within the phones of the people in the conversation or group in question. And even then, no information can be held for more than 90 days, as after that time it is automatically deleted from the user’s phone.

This design massively reduces the risk for security breaches or legal liabilities of any kind. Because messages are only kept in the phones of users, they remain the legal responsibility of the individuals in the conversation or their employers – which is how it should be. If something in a Hospify conversation needs to be added to the patient record, then it should just be written up using standard methods, exactly as would be the case with a phone call or face-to-face conversation. There’s no need for complex IT integrations that are difficult and costly to support and themselves introduce another point of failure – just as they did during the WannaCrypt attack.

Hospify’s standard service is free to use and anyone can download the app from the Apple Appstore or Google Play store. Currently Hospify is handling text messaging only, but picture messaging is in development and should be available in early 2018.

From January, when Hospify officially launches, users who want to join a lot of groups or send a lot of pictures will be asked to pay a Premium subscription via their app store of just 99p a month or £9.99 a year. In this manner, the app will pay for itself just like any normal consumer app without NHS organisations being asked having to pour yet more money down the drain of commercial IT.

With Hospify, then, organisations can offer both clinicians and patients and alternative to WhatsApp without having to spend a single penny. For more information check out Hospify’s website at www.hospify.com, or email them at info@hospify.com. To give the app a try yourself, just search for “Hospify” in the Apple Appstore or Google Play store – make sure you get a friend or colleague to do it too, so you can invite each other and start messaging.

It’s the easiest way to get off WhatsApp before the GDPR arrives in May!

  • James Flint is chief executive of Hospify

Join MiP

As specialists in healthcare management we provide expert employment advice and representation and fast access to legal services to make sure you are treated fairly. You also receive our quarterly magazine and have access to leadership networks.

Reasons to JOIN MiP >

FDA Portfolio

MiP members get all the benefits provided by our sister unions. FDA has launched a portfolio of benefits offering a range of discounts, legal support and financial advice. Click through from the MiP members' area for details.

Employment rights

We provide a range of advice and information for healthcare managers on issues that affect your employment. We produce factsheets and briefings to keep you informed about your rights and opportunities.

Find out more >