Celo vs. WhatsApp in the Healthcare Setting

In the healthcare sector, there are mobile devices everywhere which are often being used at the point of care. In particular, clinicians at hospitals and healthcare organisations are using consumer text-messaging and instant-messaging apps to communicate and discuss patient details due to the convenience of these services. This can violate health privacy standards, including HIPAA (USA), GDPR (EU & UK), HISO Regulations (NZ), or OAIC (AUS) regulations. At Celo, we have solved the problems this presents and have become an integral part of the healthcare sector by offering compliant and secure solutions to individuals and organisations.

Evidence from the British Medical Journal

A recent study published in the British Medical Journal: “The ownership and clinical use of smartphones by doctors and nurses in the UK”, found that:

  • 98.9% of clinicians own a smartphone
  • over 90% of clinicians use a healthcare centred app

However, a survey published in the Journal of Hospital Medicine reported that:

  • 27% of clinicians use a secure messaging application in the workplace
  • only 7% said most clinicians were using a hospital-issued messaging app

While almost all clinicians have access to a smartphone, a majority were wrongfully using consumer applications readily available to non-healthcare professionals.

An article published in the British Medical Journal titled “Wanted: a WhatsApp Alternative for Clinicians” shows that WhatsApp is a valuable tool in the healthcare sector, even if it does not comply with health privacy laws such as the GDPR.

The article showed that the huge risks of using WhatsApp in a clinical setting are outweighed by the benefits. This highlights a problem in the healthcare sector that needs to be solved quickly as over 90% of clinicians are already using their smartphones in the workplace. The NHS England states that “WhatsApp should not be used for clinical communications”.

Celo solves healthcare privacy risks

Authenticated

All Celo users are verified as healthcare professionals working at a verified healthcare organisation. The Celo app is always pin code or biometrics protected.

Secure

All Celo data is stored securely on Celo servers, which are healthcare grade encrypted, in your “Celo secure library”. Data is never stored on the end user’s device.

Encrypted

All data is stored in a regionally and healthcare compliant Microsoft Azure Data Centre that is compliant with ISO 27001, GDPR, HIPAA, HISO regulations and OAIC regulations. All data used by the Celo app and end user is also encrypted using sha256RSA.

Cel vs WhatsApp

Why is WhatsApp not compliant for medical use?

  • Data and photos are stored on your personal device.
  • The servers, owned by Facebook, are based in the US.
  • WhatsApp is not pin protected.
  • You require personal phone numbers to message individuals.
  • Easily mixed with personal contacts and communications.

Issues with using non healthcare specific messaging applications

The research from the British Medical Journal and the Journal of Hospital medicine reveals a clear demand from clinicians for Celo, and the integration of mobile technology into healthcare workflows. While services like WhatsApp are easily accessible, they come with a number of risks, including:

Lack of security and encryption.

  • Consumer messaging applications are built for communication between friends, but they should never be used for sharing confidential information.
  • Apps like WhatsApp are end-to-end encrypted. However, these apps usually are not password protected and store data on the local device storage which is accessible if somebody steals or finds a lost device.
  • If a phone is lost or compromised, an unauthorised individual would have access to every message and photo.
  • Anybody can download messaging apps from the app store and sign up to them. This means sensitive information could be accidentally sent to a member of the public.

Not auditable

  • Consumer messaging apps cannot be audited by a higher authority. E.g Enterprise providing the service to their employees
  • Consumer messaging apps do not follow data sovereignty and localisation laws or policies that most health authorities require.
  • Many conversations about an individual’s medical information need to be stored within electronic health records. (Records allow clinicians, who haven’t previously been included in conversations, to see developments and the latest updates).
  • Messages on consumer apps can simply be deleted, making any record of what was sent and received difficult to trace.

Photo syncing

  • Taking a photo on a smartphone is a convenient way for a clinician to show, document, and share patient information.
  • Many smartphone systems automatically sync photos to cloud services. This auto-backup function poses a security threat for clinicians, especially if the cloud photo account is shared with family members or the public.
  • Smartphones store photos in an unencrypted state. If access was gained to a clinicians phone by an external party, sensitive patient photos could be accessed with relative ease.
  • Patient consent is needed for clinical photography; consumer grade messaging apps do not have a facility to show that consent was given for a clinical photograph to be taken.

Data mining

  • The reason most messaging apps are free is because the users information is being sold to third parties.
  • While data is usually secure and encrypted, it is not always private.
  • Patient information may be falling into the wrong hands through no criminal or negligent use by clinicians, by simply not knowing the app they are using lacks security by design.

Celo Presents

A secure and encrypted app

All Celo data is password protected and encrypted with healthcare grade protocols. As no data is stored on the user’s device, Celo cannot be compromised if unauthorised access is gained to your phone. All Celo users are verified healthcare professionals.

Auditability

Celo data is securely stored and can be integrated to Electronic Medical Records. Furthermore, Celo data is stored to be compliant with data sovereignty requirements.

Celo Secure Library

Photos and documents stored or created in Celo are only saved to the Celo Secure Library and not saved on the user’s device. The Celo Secure Library is not synced with any third party servers or cloud services. Celo allows clinicians to attach a record of consent to all clinical photos.

Privacy by Design

Data in your Celo Secure Library is private unless you choose to share it with a healthcare professional from the Celo Verified Directory.

Conclusion

There are numerous benefits to using mobile communication apps within a healthcare organisation. However, there needs to be an emphasis on:

  • The use of healthcare centred messaging apps.
  • The protection of patient data.
  • Adherence to strict organisational policies to stay compliant with the law.

With Celo, clinicians can have the convenience of texting without putting private patient information at risk, and healthcare organisations and authorities can support them in doing so, ensuring they won’t turn to the App Store for less-than-ideal solutions.