Patient data at risk as medics send scans via Snapchat

Published: 11-Jul-2017
Regulatory Digital

Expert panel warns of 'insecure, risky and non-auditable' practice of medics using image sharing app

The growing trend of doctors using Snapchat to send patient scans to each other is putting medical data at risk, IT security experts are warning.

A report commissioned by a panel of experts, chaired by former Liberal Democrat MP, Dr Julian Huppert, revealed medics are increasingly using the image messaging and multimedia mobile app to send scans and to record patient information.

But it warns that this is ‘clearly an insecure, risky, and non-auditable way of operating’.

The panel was set up to examine dealings that DeepMind Health (DMH), owned by Google, has with the NHS.

Seeing the difference that technology makes in their own lives, clinicians are already manufacturing their own technical fixes

And their findings come just a week after the Information Commissioner’s Office (ICO) found that London’s Royal Free hospital failed to comply with the Data Protection Act when it handed over personal data from 1.6 million patients to DMH.

The ICO ruling against the hospital related to the creation of the healthcare app Streams, an alert, diagnosis and detection system for acute kidney injury.

The ICO’s ruling was largely based on the fact that the app continued to undergo testing after patient data was transferred.

And patients, it said, were not adequately informed that their data would be used as part of the test.

In its review, the panel, chaired by the former Liberal Democrat MP Dr Julian Huppert, said: “The digital revolution has largely bypassed the NHS, which, in 2017, still retains the dubious title of being the world’s-largest purchaser of fax machines.”

“Many records are insecure, paper-based systems which are unwieldy and difficult to use.

“Seeing the difference that technology makes in their own lives, clinicians are already manufacturing their own technical fixes.

“They may use Snapchat to send scans from one clinician to another or camera apps to record particular details of patient information in a convenient format.

“It is difficult to criticise these individuals, given that this makes their job possible. However, this is clearly an insecure, risky, and non-auditable way of operating, and cannot continue.”

Commenting on the use of Snapchat and other message-sharing social media apps, Andrew Barratt, managing principal of cyber risk management company, Coalfire.

He told BBH: “Unfortunately for patients there is not much they can do if their medical data is shared via Snapchat.

Doctors using Snapchat to share patient data should be aware of the regulations they might be breaking and what this could mean for themselves and their trusts

“Unless data was accidentally broadcast as part of a Snapchat story, for instance, there is no way of knowing who shared it or who has access to it.

“But doctors using Snapchat to share patient data should be aware of the regulations they might be breaking and what this could mean for themselves and their trusts.

“With medical data classified as highly sensitive under the Data Protection Act, the Information Commissioners Office is likely to take a dim view of anyone caught sharing information via Snapchat. Both individual doctors and NHS trusts could face fines and additional penalties.

“Having worked with the healthcare industry for more than 10 years, I know that the NHS IT infrastructure can be an issue for some.

“While the UK government did take steps to improve IT security by issuing the NHS Information Governance Toolkit, further help is needed.

“NHS trusts should now think about getting in expert teams who can help identify problems and find solutions that work for NHS staff.”

And Jim Beagle, president and chief executive of BridgeHead Software, added: “If healthcare organisations do not provide a compliant and sanctioned means to share data, clinicians will find other ways to do it.

“But, there are some obvious risks to sharing patient information through uncontrolled means – first and foremost being the privacy and security of data.

“Hospitals who are turning a blind eye to his practice are leaving themselves open to patient data breaches and the disclosure of sensitive information; of course, coupled with the wrath of the Information Commissioners Office (ICO) and some heavy fines.

“Granted, these apps enable a convenient way of sharing data between immediate devices. However, the result is the creation of further data siloes, whereby the data is locked into the devices on which the information was shared, i.e. it will never formulate part of the patient record.”

The ‘workable alternative’, he added, is the use an independent clinical archive (ICA).

It’s been clearly identified in the Wachter Review that the digitisation of healthcare and data sharing is vital for future success. As such, data sharing policies cannot be ignored, nor pushed under the carpet

This standards-based enterprise repository offers a fully-compliant means to store, protect and share all data pertinent to a patient, including medical images, scanned documents such as historical paper-based referral documents and patient consent forms, observation results, clinical reports, medical photographs and videos.

“With an ICA clinicians and support staff have a quick and easy means to search and retrieve data as and when they need it at the point of care,” said Beagle.

“It’s been clearly identified in the Wachter Review that the digitisation of healthcare and data sharing is vital for future success. As such, data sharing policies cannot be ignored, nor pushed under the carpet.

“Healthcare providers must review their practices and put in place the technology that will allow them to continue to share data for the benefit of patients, safely, securely and in a timely manner.

“Data is, after all, the most-strategic asset that a healthcare provider has in its armour, so it should be treated with the respect it deserves and harnessed to the betterment of care delivery.”

Darren Hedley, director of public sector at Insight UK, added: “From new mobile phones to wearable and ingestible devices – technology is becoming a natural extension of ourselves.

“Doctors using consumer apps such as Snapchat to speed up patient feedback is an example of how technology has the potential to revolutionise healthcare, and its adoption is somewhat unstoppable.

“Authorities have to consider ways of securing the right infrastructure in place to support and encourage innovation.

“By working together with technology specialists, the transition to digital healthcare can be made as smooth as possible.”

  • Companies:
  • BridgeHead Software Limited
  • Insight UK
  • Royal Free London NHS Foundation Trust
  • Coalfire
See more

You may also like

Digital

Frontline digitisation: What is going to happen to legacy EPR data?

Read more
John McCann, vice president of global marketing at BridgeHead Software, looks at how NHS trusts can solve their legacy application and data issues, particularly focusing on implementing new EPRs

Trending Articles

  1. Health Tech Solutions launches in the UK Established in 2010 in India, the healthcare provider now aims to bring its healthcare model that includes at-home healthcare services to the UK
  2. SPARK TSL acquires Sentean Group to bring hospitals "state of the art apps for clinicians and patients" SPARK TSL has acquired Dutch Sentean Group with a complementary background in hospital entertainment and communication
  3. Queen Victoria Hospital selects Altera Digital Health as EPR provider Queen Victoria Hospital NHS Foundation Trust has purchased Altera Sunrise EPR, to meet NHS England’s target for trusts to have an electronic patient record by March 2026
  4. Orchestrating the new world of AI in healthcare Orion Health’s UK and Ireland Customer Conference 2023 focused on the future potential and immediate, practical application of AI to healthcare – and gave delegates a first look at the Orchestral health intelligence platform that will support integrated care systems and trusts that want to get started
  5. Nuance announces availability of Ambient Clinical Intelligence AI-powered ambient solution already improving physician productivity, patient throughput, and 88% higher physician satisfaction scores

Upcoming event

HEFMA Leadership Forum

8–10 May 2024 | Conference, exhibition and awards | Telford, UK See all

You may also like

Digital

Frontline digitisation: What is going to happen to legacy EPR data?

John McCann, vice president of global marketing at BridgeHead Software, looks at how NHS trusts can solve their legacy application and data issues, particularly focusing on implementing new EPRs
Design & Build

Secure I.T. Environments designs and installs micro data centre at Barnet Hospital ICU

Facility improves reliability and supports all ICU wards
Digital

Jersey selects BridgeHead’s HealthStore to manage medical images

Government consolidates medical images as part of its digital overhaul
Personal Protection

Hospital implements pioneering healthcare comms

New BEACH Building in Bournemouth will feature digital smart nursecall and infant tracking systems
Digital

What’s in a click? How to improve workflows for NHS staff

Tim Kaschinske, HealthStore senior product manager at BridgeHead Software, explains how a ‘less clicks, more care’ approach to electronic medical record (EMR) systems empowers physicians and improves outcomes for patients
Digital

BridgeHead and Summit advance healthcare data archiving

BridgeHead’s partnership with Summit Healthcare brings together complementary solutions and services for the migration, consolidation, access and interoperability of healthcare data
Media

Private IT firm 'loses' thousands of patient letters meant for GPs

NHS launches investigation after Cerner update leads to letters from hospitals to GPs being lost
Subscribe now