27k unique visitors in the last 3 days

British Doctors Using Whatsapp to Share Confidential Patient Information

Nobody seems to be guarding against the privacy risks when NHS staff expect sensitive data to be available on large and poorly managed Whatsapp groups.

The Financial Times reports that staff working for Britain’s National Health Service (NHS) are routinely using Whatsapp on their private phones to share information about patients in their care.

“Every day, staff are using it constantly across the NHS,” said a senior consultant who works in one of London’s largest hospitals. “I’ve got nurses, junior doctors and senior consultants all in this one group, using WhatsApp on their personal phones to do the work we do.”

Political polarization and the gross simplification of technology risks results in a poor quality of analysis surrounding privacy threats. Foreign spies and greedy corporations make better bogeymen then the archetype of a caring medical professional, but it is the latter who have unmediated access to sensitive information which could devastate a person’s life if it is made public. There is an obvious potential for data to be leaked from Whatsapp groups created by NHS staff, as pointed out by several campaigners to the FT. These are some of the risk factors that come with using an informal communications tool like Whatsapp:

  • Staff that change jobs or retire are unlikely to be promptly removed from Whatsapp groups, and will continue to have access to new sensitive information that they have no reason to see.
  • Old information about former patients is likely to remain available in the history of the group conversation long after it should have been deleted.
  • Larger Whatsapp groups are more convenient but they also mean more information will be shared with people who do not need it.
  • It is easy to forward content from a Whatsapp group but nobody within the group would know about it.
  • The loss or theft of a phone may lead to the compromise of the data stored on it.

If Whatsapp was directly responsible for breaking privacy laws by recklessly sharing patient data then a slew of leader writers and politicians would be wailing about it. Public faith in the integrity of British health professionals does not appear to have been dented by a series of scandals, including cancer surgeon Ian Paterson getting 15 years’ prison for unnecessary operations and nurse Lucy Letby receiving multiple life sentences for the murder and attempted murder of babies. As a consequence, the threat posed by the inappropriate use of Whatsapp will not receive the attention it deserves until there is another scandal. That reflects a mistake that human societies keep repeating because they refuse to learn from them.

Read the FT story here.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email