‘No excuse’: NHS well being board reprimanded after affected person knowledge shared on WhatsApp over 500 occasions

NHS Lanarkshire has been reprimanded by a watchdog after workers members shared sufferers’ private knowledge on WhatsApp a whole bunch of occasions.

The Information Commissioner’s Office (ICO) reported that non-public info comparable to affected person names, telephone numbers and addresses had been shared by 26 workers members on greater than 500 events.

Images, movies and screenshots – which included medical info – had been additionally shared on the messaging platform.

The delicate knowledge was leaked between April 2020 and April 2022.

NHS Lanarkshire had apologised to these affected.

While WhatsApp is accepted for NHS employees for fundamental communication, it isn’t accepted by the well being board for sharing delicate knowledge.

A non-staff member was additionally added to the WhatsApp group by mistake, ensuing within the disclosure of private info to an unauthorised particular person.

Once NHS Lanarkshire turned conscious, it reported the incident to the ICO.

An investigation was subsequently launched, which concluded that the well being board didn’t have the suitable insurance policies, clear steerage and processes in place when WhatsApp was made accessible to obtain.

This meant that NHS Lanarkshire had no evaluation of the potential dangers referring to sharing affected person knowledge on this approach.

UK Information Commissioner John Edwards mentioned: “Patient data is highly sensitive information that must be handled carefully and securely. When accessing healthcare and other vital services, people need to trust that their data is in safe hands.

“We recognize that NHS Lanarkshire, like all healthcare suppliers, was underneath large stress throughout the pandemic however there isn’t a excuse for letting knowledge safety requirements slip.

“Every healthcare organisation should look at this case as a lesson learned and consider their own policies when it comes to both messaging apps and processing information about patients.

“We will likely be following up with NHS Lanarkshire to make sure that affected person knowledge will not be compromised once more.”

The ICO issued various suggestions to stop future knowledge breaches, together with implementing a safe medical picture switch system for the storage of pictures and movies inside a care setting.

The watchdog added that NHS Lanarkshire ought to “consider the risks” in relation to private knowledge and be certain that workers are “aware of their responsibilities to report personal data breaches internally without delay to the relevant team”.

The well being board – which has been requested to supply an replace of motion taken inside six months – mentioned it has already taken various steps.

Trudi Marshall, nurse director, well being and social care North Lanarkshire, mentioned: “We have received a formal reprimand from the ICO for the use of WhatsApp by one of our community teams to exchange personal patient data during the pandemic.

“We recognise that the crew took this method as an alternative choice to communications that might have usually taken place in both a medical or workplace setting, however was not doable at the moment on account of COVID restrictions.

“However, the use of WhatsApp was never intended for processing patient data.

“We supply our honest apologies to anybody whose private particulars had been shared by way of this group.

“We have already taken a number of steps including looking at alternative apps that can be introduced for the transfer and storage of images and videos within a care setting.

“This is being taken ahead whereas contemplating the dangers referring to the storage of any private knowledge.”