GDPR and instant messaging for General Practitioners
Hospify press release may 2018
WITH the introduction of GPDR on the 25th May, practitioners who are using instant messaging to discuss patients could face fines of up to 4% of their annual turnover.
The new legislation gives patients more control of their health information and – importantly for practitioners – prohibits the use of messaging services such as iMessage and WhatsApp for sending messages containing non-anonymised information about their patients, as these services store data on servers outside of the EU, contravening the new rules.
Many practitioners like the convenience of instant messaging, particularly when working across multiple locations, as face-to-face contact can be limited and phone calls can interrupt work.
In these situations, messaging apps like WhatsApp, iMessage, Telegram and Facebook Messenger offer an easy way for practitioners to keep in touch with both patients and colleagues in an efficient manner.
The new data protection rules that come into force this Friday May 25th generally require that anyone wanting to share someone else’s data get that person’s explicit consent first.
There are exemptions to this rule for health professionals who need to talk about or with patients, but in order to take advantage of these exemptions, the onus is on the practitioner as the data controller to ensure patient information is handled correctly.
Practitioners looking to avoid fines find themselves having to become specialists in both data compliance and information technology in order understand the myriad of legislative and security requirements.
Some have responded by changing the way they use text messaging by adding extra security on their mobile phones or tablets and by trying to anonymising patient information as they go.
However, anonymisation is very difficult to do properly and can introduce significant risk of patient misidentification. And even if implemented effectively, it is still likely to fall short of what the legislation actually requires.
Neville Dastur, a consultant vascular surgeon with a strong background in healthcare IT, saw the advantages of using instant messaging in his own private practice – but also spotted the possible risks of data breach once the new legislation came in.
He set about designing a messaging service that would give healthcare professionals the convenience of the apps they found so useful, but with the built-in security and compliance that would allow them to communicate freely without having to anonymise patient information.
“We launched Hospify in 2017 to tackle GDPR head-on. Practitioners simply want to send messages without the worry of what is and is not compliant.”
Messages sent on Hospify are not end-to-end encrypted and are deleted from Hospify’s exclusively EU-based internet servers after delivery, ensuring that the only copies are stored in the sender and receiver’s phone or tablet. The app itself is protected with a PIN code, and even messages stored within the app are deleted after 30 days.
This helps ensures that any sensitive patient data transmitted using the app is sent, stored and deleted in line with GDPR legislation, and helps ensure that the practitioner using the app stays compliant with both GDPR and UK data protection laws.
Hospify was founded by Neville Dastur, a consultant vascular surgeon and IT developer, and James Flint, a former technology journalist specialised in building media platforms, in order to improve communications in the health care in a data compliant way. Hospify is used by NHS staff and Trusts, private health care providers and the UNISON and MiP unions in various sites across the country to give health care staff free access to secure and compliant healthcare instant messaging. Hospify has ISO 27001 and NHS IG Toolkit accreditation.
The Hospify app is available to download and use for free from the Apple and Android app stores.
Contact Emma Dastur on 0203 6335775 or email@example.com for more information or to arrange to speak to the founders.