Celo vs. WhatsApp in the Healthcare Setting
In the healthcare sector, there are mobile devices everywhere which are often being used at the point of care. In particular, clinicians at hospitals and healthcare organisations are using consumer text-messaging and instant-messaging apps to communicate and discuss patient details due to the convenience of these services. This can violate health privacy standards, including HIPAA (USA), GDPR (EU & UK), HISO Regulations (NZ), or OAIC (AUS) regulations. At Celo, we have solved the problems this presents and have become an integral part of the healthcare sector by offering compliant and secure solutions to individuals and organisations.
Evidence from the British Medical Journal
A recent study published in the British Medical Journal: “The ownership and clinical use of smartphones by doctors and nurses in the UK”, found that:
- 98.9% of clinicians own a smartphone
- over 90% of clinicians use a healthcare centred app
However, a survey published in the Journal of Hospital Medicine reported that:
- 27% of clinicians use a secure messaging application in the workplace
- only 7% said most clinicians were using a hospital-issued messaging app
While almost all clinicians have access to a smartphone, a majority were wrongfully using consumer applications readily available to non-healthcare professionals.
An article published in the British Medical Journal titled “Wanted: a WhatsApp Alternative for Clinicians” shows that WhatsApp is a valuable tool in the healthcare sector, even if it does not comply with health privacy laws such as the GDPR.
The article showed that the huge risks of using WhatsApp in a clinical setting are outweighed by the benefits. This highlights a problem in the healthcare sector that needs to be solved quickly as over 90% of clinicians are already using their smartphones in the workplace. The NHS England states that “WhatsApp should not be used for clinical communications”.
Celo solves healthcare privacy risks
Why is WhatsApp not compliant for medical use?
- Data and photos are stored on your personal device.
- The servers, owned by Facebook, are based in the US.
- WhatsApp is not pin protected.
- You require personal phone numbers to message individuals.
- Easily mixed with personal contacts and communications.
Issues with using non healthcare specific messaging applications
The research from the British Medical Journal and the Journal of Hospital medicine reveals a clear demand from clinicians for Celo, and the integration of mobile technology into healthcare workflows. While services like WhatsApp are easily accessible, they come with a number of risks, including:
Lack of security and encryption.
- Consumer messaging applications are built for communication between friends, but they should never be used for sharing confidential information.
- Apps like WhatsApp are end-to-end encrypted. However, these apps usually are not password protected and store data on the local device storage which is accessible if somebody steals or finds a lost device.
- If a phone is lost or compromised, an unauthorised individual would have access to every message and photo.
- Anybody can download messaging apps from the app store and sign up to them. This means sensitive information could be accidentally sent to a member of the public.
- Consumer messaging apps cannot be audited by a higher authority. E.g Enterprise providing the service to their employees
- Consumer messaging apps do not follow data sovereignty and localisation laws or policies that most health authorities require.
- Many conversations about an individual’s medical information need to be stored within electronic health records. (Records allow clinicians, who haven’t previously been included in conversations, to see developments and the latest updates).
- Messages on consumer apps can simply be deleted, making any record of what was sent and received difficult to trace.
- Taking a photo on a smartphone is a convenient way for a clinician to show, document, and share patient information.
- Many smartphone systems automatically sync photos to cloud services. This auto-backup function poses a security threat for clinicians, especially if the cloud photo account is shared with family members or the public.
- Smartphones store photos in an unencrypted state. If access was gained to a clinicians phone by an external party, sensitive patient photos could be accessed with relative ease.
- Patient consent is needed for clinical photography; consumer grade messaging apps do not have a facility to show that consent was given for a clinical photograph to be taken.
- The reason most messaging apps are free is because the users information is being sold to third parties.
- While data is usually secure and encrypted, it is not always private.
- Patient information may be falling into the wrong hands through no criminal or negligent use by clinicians, by simply not knowing the app they are using lacks security by design.
There are numerous benefits to using mobile communication apps within a healthcare organisation. However, there needs to be an emphasis on:
- The use of healthcare centred messaging apps.
- The protection of patient data.
- Adherence to strict organisational policies to stay compliant with the law.
With Celo, clinicians can have the convenience of texting without putting private patient information at risk, and healthcare organisations and authorities can support them in doing so, ensuring they won’t turn to the App Store for less-than-ideal solutions.