A report published in the online journal BMJ Innovations has revealed that NHS staff are putting “highly sensitive and confidential” patient data at risk by messaging through SMS and Whatsapp
The report said that doctors and nurses were sharing patient data via their unsecured smartphones with almost eight out of ten doctors and just over a third of nurses downloading a medical app on personal phones to store data.
More than 850 clinical staff at five different hospitals in London answered questions on ownership and use of portable devices and mobile health apps in the workplace.
655 of the doctors had used SMS to send patient data (compared to nurses at 14%), a third of doctors had used app based messaging and 46% had used their phone’s camera and picture messaging to send a photo of a wound or x-ray to a colleague (compared to 7.5% of nurses).
Doctors were significantly more likely to send clinical patient data using all these methods, and one in four (27.5%) of the doctors believed they still retained clinical information on their smartphones.
94% of the doctors used their smartphone while at work to communicate with their colleagues compared with 28.5% of nurses with half of the doctors using their smartphones instead of a traditional bleeper.
Dr Nithin Thomas, Founder and CEO of SQR Systems, said: “The revelation that the majority of our doctors routinely send sensitive patient data via SMS and potentially unsecured apps demonstrates the general lack of awareness of the threats facing our data.
“Cyber criminals are becoming increasingly inventive, and using unsecured communication channels for personal data is an open invitation for theft and fraud.
“Smartphones are the perfect tool for medical professionals to communicate with their peers swiftly and efficiently to better tackle difficult health concerns, but this should not come at the expense of patient confidentiality and privacy.
“It is not only the data that is stored on the devices but every conversation through text, voice or video using an app that is potentially exposing sensitive data that can be exploited by criminals.
“There is a common misconception that unsecured apps are the only way for people to send information without specialised equipment or technical expertise, but in fact government-level encryption is now readily available for users in all fields.
“Anyone who routinely handles sensitive personal or corporate data must be able to ensure they have end-to-end security for all of their communications.”