MiP and UNISON are supporting trials of a new secure messaging app for NHS staff, amid concerns that staff using WhatsApp and other commercial social networks could be in breach of data protection and patient confidentiality rules.

Many NHS staff have turned to using WhatsApp or Facebook to communicate with colleagues out of frustration with inefficient and unreliable NHS systems. But the new General Data Protection Regulations (GDPR), due to come into force in May 2018, means staff using these apps to send information about patients will automatically be reported to the Information Commissioner’s Office (ICO), exposing their trusts to fines of up to 4% of turnover.

MiP understands that the General Medical Council is already investigating around 30 cases of doctors’ use of WhatApp, FaceBook and Twitter, even before the new regulations come into force.

New app being trialled

The new app, called Hospify, offers a WhatsApp-style user experience but is fully compliant with new and existing data and confidentiality regulations. MiP and Unison began trialling Hospify in September, and and one trust is now set to begin a 100-user trial with a view to offering the app to all 2,000 staff.

“People think that WhatsApp is safe to use because WhatsApp is encrypted, but encryption is only part of the story,” said Hospify chief executive James Flint. “All WhatsApp messages are stored on WhatsApp’s servers, most of which are outside Europe, which is itself is a breach of the new EU rules – which will still apply in the UK regardless of Brexit.”

Patient confidentiality

WhatsApp also fails to comply with existing confidentiality rules which give patients the right to view information held about them at any time, since WhatApp’s end-to-end encryption means not even the company itself can read the messages stored on its servers.

Hospify encrypts and delivers text messages from phone to phone, then deletes them from its servers within 72 hours, so the only copies are held within users’ phones. Messages are automatically deleted from staff phones after 90 days.

“This design massively reduces the risk for security breaches or legal liabilities of any kind,” adds Flint. “Messages remain the legal responsibility of the individuals in the conversation or their employers – which is how it should be.”

Trial versions of Hospify are free to download from the Apple Store or Google Play. For more information visit the Hospify website.