Staff are reminded that person-confidential information (whether in text or picture/video format) must not be sent or shared using WhatsApp, Messenger or any other instant messaging apps (excluding Microsoft Teams). This applies to both patient and staff information and is in line with NHS guidance and Trust policies.
The instant messaging functionality in Microsoft Teams (the ‘Chat’) can be used if staff are logged in with their work account and are using Teams on work devices (e.g. laptops, tablets or phones).
As data controller for person-confidential information collected from its patients and staff, the Trust must be able to control its use and to ensure its confidentiality and security is always safeguarded. Also, all information relating to a patient’s clinical care must be stored in and available via their care record, not held remotely elsewhere.
When using messaging apps, all staff must ensure that they act professionally in line with their relevant professional codes of conduct and comply with current Data Protection legislation, the Caldicott Principles and Trust policies and procedures.
WhatsApp and other messaging apps can be efficient and are of clear value to individuals who tend to be busy and short on time. Messaging apps are worldwide, allowing quick and convenient communication in pairs or groups, without the logistical hassle of a phone call or meeting, or a lengthy email exchange. They are extremely useful in certain situations, for example to advise colleagues of an emergency incident or to let colleagues know if they are running late for a meeting. Furthermore, the use of messaging apps has grown particularly over the last few years with the shift to remote working during the pandemic.
Whilst such messaging apps are a useful tool for individuals to communicate, there are often serious data security and confidentiality concerns regarding their use. The use of such apps in health and social care puts proper record keeping, detailed decision making, and accountability and transparency at risk and may ultimately impact on patients and present a clinical risk to them.
- Messaging apps make record keeping and scrutiny more difficult. Informal messaging should be moved over and retained in formal systems to ensure full records are held and for others to understand what decisions have been taken and what action should be followed.
- Messaging apps also result in poor decisions being made with incomplete information. Instant messaging may be quick but does not allow for much detail which may result in key information, perspectives or challenges being missed. There is also the risk that different overlapping group chats and parallel conversations duplicating each other may cause and result in poor and confused decision making.
- Finally, messaging apps undermine accountability and transparency of information. The purpose of health and social care records is to ensure good decision making and provide effective care, but also to enable accountability and transparency of those organisations. Recorded information within messaging apps is subject to disclosure under the Freedom of Information Act, whist personal information in such apps is subject to disclosure under the subject access rights of Data Protection legislation.
They can blur the lines between work and personal life, meaning it can be difficult to avoid constant messages when you’re not actually in work thus becoming increasingly difficult to switch off and wind down outside of working hours. It is important to avoid information overload and staff burnout.
For further advice and information, please email the Information Governance Team at IG