Medical data privacy and compliance are crucial for maintaining the confidentiality and security of patient…
WhatsApp is a widely popular free internet-based communication app and a subsidiary of Facebook. Users can make voice and video calls, send messages and voice notes, and share documents, contacts, and pictures. Doctors and other medical staff are using WhatsApp to enhance patient care continuity and offer efficient medical services provision, specifically in critical care units.
But, Does WhatsApp comply with the regulations set by the Australian government to protect sensitive medical data? To answer this question, we try to discuss the risk factors that are involved when transferring patient’s data when using WhatsApp. Unfortunately, Facebook doesn’t have a good record of keeping the consumer’s data safe and Facebook owns WhatsApp, so the security provided will be the same.
2 years ago, Facebook’s founder defined that his company’s vision is to prioritize users’ privacy. Absurdly, one result of his vision is to provide Facebook with superior access to consumer information across its secondary platform, WhatsApp. Instead of offering consumers better control over their private data.
Is WhatsApp Secure for Sharing Medical Data?
Most people think that WhatsApp is now completely secure with the end-to-end encryption update. It’s not true, the company still transfers the information over servers placed internationally, establishing data transmittance abroad. Cybercriminals decrypt information onto their respective mobile devices. On top of that, one doesn’t need login information to access a WhatsApp account. Consequently, a stolen phone may mean the exploitation of your data.
Most users automate the downloading of images on the phone and uploading of photos to cloud servers, available on connected devices and transferred abroad. In addition to that, healthcare workers have to make accounts on the platform using their private contact numbers. The data doesn’t remain safe on the personal phones of staff members.
Confidentiality Alarms Regarding Nurses Using WhatsApp
Nurses have to remind each other about patients’ needs, which patients are the most difficult to tackle, and attendees who can create a fuss. Today, nurses use WhatsApp as an effective tool to communicate with each other regarding their hospital duties. The nurses working in the same ward often have a WhatsApp group where they may share patients’ photos and other information. They also make group calls and group chats about patients. They may take pictures of patients’ injuries and X-rays and put them on WhatsApp, a platform that doesn’t even require a user login.
Can Stricter Regulations Solve the Issue?
Government bodies have been coming up with several practices to enhance patient data security on WhatsApp. These include using initials as a patient identity proof, MR number, patient’s ward, and recurrent message deletion. But these strict practices might be harmful to patients. If doctors can’t identify which patient the prescription relates to, then they may prescribe the wrong advice to the wrong patient.
Should Medical Practitioners Trust WhatsApp?
The answer is simple. If a healthcare organization is utilizing WhatsApp for transmitting PHI (protected health information), it means that WhatsApp is a business associate of that organization in the eyes of law. A healthcare practice abiding Australian government’s medical laws and regulations should ask their business associate to sign a contract with them that they will abide by the same laws too.
This contract would include all the necessary protective measures to safeguard PHI. So far, WhatsApp and Facebook haven’t signed such an agreement with any organization, and it’s highly unlikely that they will do it in the future. It means that WhatsApp is not law compliant and they can easily exploit the patients’ sensitive data whenever they want.
Many healthcare professionals trust WhatsApp due to the end-to-end encryption feature that restricts data access to only the sender and receiver. However, any unauthorized person can access the messaging app easily due to the lack of access and verification controls.
What’s the point of encryption if anyone can open the app on a medical professional’s phone or device and access the transferred data? After downloading the app, a user doesn’t need a password or login to access the application. It is a grave violation of the Australian government’s medical data security laws.
WhatsApp is not an appropriate messaging platform to share sensitive and protected health information due to its safety inadequacies and the company’s reluctance to sign a business contract. It concludes that this messaging app doesn’t fulfill the Australian government’s compliance measures, thus it should not be used by medical practitioners.