‘No excuse’: NHS well being board reprimanded after affected person information shared on WhatsApp over 500 instances

NHS Lanarkshire has been reprimanded by a watchdog after workers members shared sufferers’ private information on WhatsApp tons of of instances.

The Information Commissioner’s Office (ICO) reported that private data comparable to affected person names, telephone numbers and addresses had been shared by 26 workers members on greater than 500 events.

Images, movies and screenshots – which included medical data – had been additionally shared on the messaging platform.

The delicate information was leaked between April 2020 and April 2022.

NHS Lanarkshire had apologised to these affected.

While WhatsApp is accepted for NHS employees for primary communication, it isn’t accepted by the well being board for sharing delicate information.

A non-staff member was additionally added to the WhatsApp group by mistake, ensuing within the disclosure of non-public data to an unauthorised particular person.

Once NHS Lanarkshire turned conscious, it reported the incident to the ICO.

An investigation was subsequently launched, which concluded that the well being board didn’t have the suitable insurance policies, clear steerage and processes in place when WhatsApp was made accessible to obtain.

This meant that NHS Lanarkshire had no evaluation of the potential dangers regarding sharing affected person information on this means.

UK Information Commissioner John Edwards mentioned: “Patient data is highly sensitive information that must be handled carefully and securely. When accessing healthcare and other vital services, people need to trust that their data is in safe hands.

“We respect that NHS Lanarkshire, like all healthcare suppliers, was below large strain in the course of the pandemic however there is no such thing as a excuse for letting information safety requirements slip.

“Every healthcare organisation should look at this case as a lesson learned and consider their own policies when it comes to both messaging apps and processing information about patients.

“We will likely be following up with NHS Lanarkshire to make sure that affected person information is just not compromised once more.”

The ICO issued numerous suggestions to forestall future information breaches, together with implementing a safe medical picture switch system for the storage of photos and movies inside a care setting.

The watchdog added that NHS Lanarkshire ought to “consider the risks” in relation to non-public information and be certain that workers are “aware of their responsibilities to report personal data breaches internally without delay to the relevant team”.

The well being board – which has been requested to supply an replace of motion taken inside six months – mentioned it has already taken numerous steps.

Trudi Marshall, nurse director, well being and social care North Lanarkshire, mentioned: “We have received a formal reprimand from the ICO for the use of WhatsApp by one of our community teams to exchange personal patient data during the pandemic.

“We recognise that the crew took this strategy as an alternative to communications that will have usually taken place in both a medical or workplace setting, however was not doable at the moment as a result of COVID restrictions.

“However, the use of WhatsApp was never intended for processing patient data.

“We supply our honest apologies to anybody whose private particulars had been shared via this group.

“We have already taken a number of steps including looking at alternative apps that can be introduced for the transfer and storage of images and videos within a care setting.

“This is being taken ahead whereas contemplating the dangers regarding the storage of any private information.”