Compliance - A user's guide
The law around messaging is changing
Ill-served by inefficient, out-dated communication systems based on landlines and bleepers, up to 89% of UK doctors now use consumer messaging services like WhatsApp, Messenger, Skype, Snapchat or Telegram to supplement communication. These services might be encrypted but they are not compliant with NHS Information Governance rules or new healthcare data protection legislation such as the European General Data Protection Regulation (GDPR). As a result, using them to send patient identifiable information can automatically qualify as a data breach.
If you're running a GP practice, a private health practice or a health trust then by law from 25th May 2018 you must publicly report any data breaches that occur within your business - and you can be fined up to 4% of your annual turnover for each one! It will not take many such breaches to destroy your finances... and this is why we've created Hospify.
Don't take our word for it. Read more about it here and here. The General Data Protection Regulation is going to have an enormous effect on British and European businesses, Brexit notwithstanding (the GDPR's tenets are already part of UK law). It's worth reading Information Commissioner Elizabeth Denham's recent keynote speech on the subject, which outlines the impact the new legislation will have.
"GDPR brings a more 21st century approach," notes Denham. "The right of consumers to data portability is new, as is mandatory data breach reporting, higher standards of consent, and significantly larger fines for when companies get things wrong." This is the tough new regulatory environment that Hospify has been built for - an environment in which the consequences of hospital staff using non-compliant comms like WhatsApp, Viber, Facebook Messenger, Snapchat, Slack, Skype and Telegram are going to be very severe.
What's wrong with normal chat apps?
These everyday chat apps might be encrypted but that alone is not enough to make them align with UK and EU health data laws. Have you ever received a picture on WhatsApp? Have a look in your phone's main photo gallery. The picture will most likely appear there, as well as in WhatsApp itself. This is because nearly everyone's devices automatically backup such pictures to cloud services that are likely to be geographically-located outside of Europe. Even if you switch the feature off, gaffs by Apple and others can mean it gets switched back on without your knowledge. And of course these apps send messages via non-European cloud services as a matter of course and, worse, store them there beyond the easy access of subject data access requests.
These are just some of the many ways in which standard consumer apps fall foul of the law when it comes to patient-identifiable health data. But Hospify is different. Hospify is specifically designed, not just to deliver messages securely, but to keep them confined to your device instead of floating around in a server cloud that could be located anywhere on the planet (the new legislation insists that all EU health data is only transmitted by servers that are physically situated in Europe).
How do I comply?
Given that these new rules are coming - and in some cases are already here - what can you do to comply with them before you get fined? Firstly tell your healthcare colleagues, staff and patients to stop using WhatsApp and other apps like it when they're at work, and to install and use Hospify instead. On the surface, they won't notice a great deal of difference; Hospify looks and feels much like any other messaging app. But underneath, there's all the difference in the world.
"In order to protect patient confidentiality and abide with European health data protection guidelines, all staff in this Trust/medical practice use Hospify when they communicate using their mobile devices in the course of their work. Hospify securely encrypts messages, passes them from handset to handset, holds no information about its users communications on its servers, and keeps all communications within the European Economic Area, so abiding by UK data protection and the terms of the European General Data Protection Regulation. For more information please visit www.hospify.com."
And that's it. You're done!