Messenger apps and patient confidentiality – what every healthcare professional should know
Three years after GDPR rules were launched, many healthcare professionals are still failing to comply when sharing clinical data via instant messaging
The global pandemic has provided a catalyst for the adoption of specialist digital communications tools which enable secure information sharing and faster decision-making. Siilo - Europe’s largest medical messenger app – experienced a 202% increase in app downloads in the last 18 months alone.
Privacy, security and data compliance should be at the forefront of every healthcare professional’s mind when sharing patient notes, photos and sensitive data via messenger apps. Unfortunately, many of the most commonly used apps are not compliant. What’s more, we only have to look at the recent ransomware attack on Ireland’s Health Service Executive (HSE) to appreciate the importance of data security within the healthcare sector.
To help mark the third anniversary of the EU’s General Data Protection Regulation (GDPR) for healthcare compliance, Joost Bruggeman, CEO and co-founder of Siilo, highlights the five key security features every healthcare professional should look for in their choice of messenger app:
- Fingerprint/Facial Recognition & PIN code security Facial and fingerprint recognition is a convenient way of accessing your apps securely. Including the additional layer of a personalised PIN code gives you much greater security over the sensitive information on your phone, from photos to confidential patient information. These security locks ensure your private messages are protected, helping to prevent other people from accessing them without permission.
An additional step taken by some messaging apps is the use of end-to-end encryption, where data exchanged is protected throughout the chat process, encrypted when you send it and decrypted when it arrives with the receiver. End-to-end encryption provides the gold-standard for protecting communication. In an end-to-end encrypted system, the only people who can access the data are the sender and the intended recipient(s) – and no one else.
Image-editing features Allowing images to be edited prior to being sent gives the user the opportunity to blur out any personal details, names, faces and birth dates allowing images to be anonymised further protecting patient data. This is a step taken by Siilo to guarantee patient anonymity, as personal information or identifiers can be removed or blurred by the sender in order to protect a patient’s identity. Alongside this, Siilo have included another editing feature where critical areas of an image can be highlighted using the Arrow tool. This allows for the focus to be on the matter at hand rather than anything else, streamlining the workflow process and saving valuable time. There is also no problem if the image isn’t correct on the first attempt, with the ‘Undo’ function any edits to images can be reversed ensuring only the most accurate, relevant information is shared.
Processor agreements Confidentiality is one of the pivotal factors that is required from a company, business or organisation when sharing data. Users must be reassured that the data they provide is kept safe and confidential and that it may only be processed by authorised personnel and that third persons may not access them.
Under Article 28 of the General Data Protection Regulation, a data processing agreement is a legally binding contract that states the rights and obligations of each party concerning the protection of personal data. Essentially this ensures data privacy and security compliance at both an organisational as well as an individual level. Within a messaging app this means that user data should be handled by the host platform securely ensuring data protection.
- Identity & medical verification In the healthcare industry, trust is essential for both patients and practitioners. This has been amplified over the past year with the increased move to virtual communication, which has highlighted that now more than ever security in relation to who you are contacting and sharing information with online is paramount.
In some instances, apps will ask for verification by uploading an image of your photographic ID. This could be a driving license, passport or an industry related ID such as your medical registration number. This helps to make sure that app users are who they claim to be, ensuring that any potentially sensitive information is being sent and accessed by the intended recipient.
- Separation between personal/professional media Some messaging apps save photos automatically to your mobile phone library, which means that images shared securely within a chat are then easily, and often unknowingly, saved to your personal device. It goes without saying that this is a huge problem when it comes to patient confidentiality, especially if patient data is stored within these images.
This is generally a default option which then needs to be manually disabled by the user, but if the user is unaware of this even happening the distinction between personal and professional files then becomes blurred. It is important to check what your messaging app offers and whether these default settings can be turned off to minimise the risk of this happening. Some apps will allow you to save files and photos directly to their app interface, allowing you to have a record of important files while ensuring they won’t be saved to your device or a cloud service.
This was posted in Bdaily's Members' News section by Jo Hudson .