Matt Morgan: WhatsApp Doc?

Restricting the use of WhatsApp is fine, but there must be a viable alternative provided

The pager buzzes in my pocket. It’s lucky I noticed because the battery is nearly dead and the screen display only just visible through the sticky tape holding it together. Next starts the hunt for a phone. I’m walking down an empty corridor on my way to speak to a patient’s family so I pop into the nearest ward only to find all three phones in use. The bleep goes again. I walk in the opposite direction back up the corridor and lean over a reception desk to borrow the first free phone I can find. I call the number displayed on the pager’s screen—engaged. My bleep goes again as the same number flashes up. I call again and this time it is answered.

“Hi, this is Matt one of the ICU consultants” I say.


“Um, ok. How can I help you?” says the perplexed voice on the other side.

“Someone paged me.”

“Oh, I’m not sure who that was, hold on . . .”

I hear a sound of the receiver being bumped around on the desk as a conversation between doctors is audible in the background.

“ANYONE PAGED ICU!?” shouts a voice.

“YES! It was me, give me a minute I’m just dealing with a patient” I hear.

A few minutes pass.

“Hi Matt, the family of bed 3 have arrived. They said they were due to speak to you five minutes ago.”

“I’m on my way . . .” I say.

I retrace my steps along the corridor to speak to that same family that I was originally walking towards five minutes ago.

In my pocket, I have a device one million times more powerful than the computers that delivered the Apollo moon landing. On this device is a piece of software with encryption that the CIA are unable to crack—WhatsApp. A recent paper has shown that over one third of doctors have used mobile software to share confidential clinical information. A simple question about the use of WhatsApp in the NHS posed on Twitter by our very own David Oliver spawned over 500 replies within twelve hours such is the gap in a service that allows quality, confidential transfer of information within a healthcare setting.

There are huge incremental benefits to using current technological solutions including WhatsApp and other commercial platforms. They all also bring important risks. Although end-to-end encryption allows message content to remain secure in transit, unlocked devices may still allow information leak. This is a risk equally present using the current ratified means. My NHS email is similarly secure in transit, but not if I leave my computer turned-on when I go to the toilet. In fact, the commonly used security method of writing hospital username and passwords underneath a keyboard can hardly compare with fingerprint access to my iPhone. All communication means have risks, and must be matched to benefits and viable alternatives.

The advice from the NHS is clear. Do not use WhatsApp to transfer confidential information. However, there seems to be a growing tension between patient safety and patient confidentiality. The doctors who use WhatsApp do so to improve communication and deliver better healthcare. In my day job, I use fax machines, Windows 98, 1980s pagers, and landlines. As I cross the hospital exit, I use mobile data, WhatsApp, secure banking apps, and iPads. It is right and proper for the NHS to recognise the risks in these technologies, but they also need to recognise the risks of sticking with the status quo. Restricting their use is fine but there must be a viable alternative provided. Until then people will continue to use fax machines on open wards, paper lists that fall out of the pocket, and conversations in corridors that can be readily overheard. These come with similar if not greater risks. It would be useful to embrace incremental benefits whilst working towards perfection.

Matt Morgan, Honorary Senior Research Fellow at Cardiff University, Consultant in Intensive Care Medicine and Head of Research and Development at University Hospital of Wales, and an editor of BMJ OnExamination. He is on twitter: @Matrix_Mania

See also:

  • Kit Byatt

    Ironically, no-one ever complained about hard copy letters being sent out, unencrypted, and potentially able to be lost, opened, stolen in transit, or mis-delivered…
    There seem to be double standards here!!

  • Matt Morgan

    Absolutely. Standards not applied to existing methods.

  • Chris Frith

    Is it time for the NHS to either approve WhatsApp or distribute to all registered (not just NHS staff) in the U.K. their own encrypted messaging service integrated to work seamlessly as possible on “all” their devices?

  • Thanks for capturing the issue so clearly. The non-compliant use of WhatsApp is a major problem that health and care workers are trying to work around by anonymizing patient data. Unfortunately, only too often mistakes are made and actual names are shared.

    Also, it is important to consider that the Information Commissioner’s Office (ICO) “considers data to be anonymised if it does not itself identify any individual, and if it is unlikely to allow any individual to be identified through its combination with other data. Simply removing the patient’s name, age, address or other personal identifiers is unlikely to be enough to anonymise information to this standard.”

    Even if clinicians and other health and care workers believe they have ensured the information shared doesn’t identify patients, they could still be in breach by using initials or information which could be used alongside other sources to identify someone.

    Finally, it is also worth considering that using bed numbers and initials to identify patients is an accident waiting to happen… it won’t be long before the bed with patient ‘BC’ is swapped with ‘CB’ during the night shift…