Patient data at risk as medics send scans via Snapchat

Expert panel warns of 'insecure, risky and non-auditable' practice of medics using image sharing app

The growing trend of doctors using Snapchat to send patient scans to each other is putting medical data at risk, IT security experts are warning.

A report commissioned by a panel of experts, chaired by former Liberal Democrat MP, Dr Julian Huppert, revealed medics are increasingly using the image messaging and multimedia mobile app to send scans and to record patient information.

But it warns that this is ‘clearly an insecure, risky, and non-auditable way of operating’.

The panel was set up to examine dealings that DeepMind Health (DMH), owned by Google, has with the NHS.

Seeing the difference that technology makes in their own lives, clinicians are already manufacturing their own technical fixes

And their findings come just a week after the Information Commissioner’s Office (ICO) found that London’s Royal Free hospital failed to comply with the Data Protection Act when it handed over personal data from 1.6 million patients to DMH.

The ICO ruling against the hospital related to the creation of the healthcare app Streams, an alert, diagnosis and detection system for acute kidney injury.

The ICO’s ruling was largely based on the fact that the app continued to undergo testing after patient data was transferred.

And patients, it said, were not adequately informed that their data would be used as part of the test.

In its review, the panel, chaired by the former Liberal Democrat MP Dr Julian Huppert, said: “The digital revolution has largely bypassed the NHS, which, in 2017, still retains the dubious title of being the world’s-largest purchaser of fax machines.”

“Many records are insecure, paper-based systems which are unwieldy and difficult to use.

“Seeing the difference that technology makes in their own lives, clinicians are already manufacturing their own technical fixes.

“They may use Snapchat to send scans from one clinician to another or camera apps to record particular details of patient information in a convenient format.

“It is difficult to criticise these individuals, given that this makes their job possible. However, this is clearly an insecure, risky, and non-auditable way of operating, and cannot continue.”

Commenting on the use of Snapchat and other message-sharing social media apps, Andrew Barratt, managing principal of cyber risk management company, Coalfire.

He told BBH: “Unfortunately for patients there is not much they can do if their medical data is shared via Snapchat.

Doctors using Snapchat to share patient data should be aware of the regulations they might be breaking and what this could mean for themselves and their trusts

“Unless data was accidentally broadcast as part of a Snapchat story, for instance, there is no way of knowing who shared it or who has access to it.

“But doctors using Snapchat to share patient data should be aware of the regulations they might be breaking and what this could mean for themselves and their trusts.

“With medical data classified as highly sensitive under the Data Protection Act, the Information Commissioners Office is likely to take a dim view of anyone caught sharing information via Snapchat. Both individual doctors and NHS trusts could face fines and additional penalties.

“Having worked with the healthcare industry for more than 10 years, I know that the NHS IT infrastructure can be an issue for some.

“While the UK government did take steps to improve IT security by issuing the NHS Information Governance Toolkit, further help is needed.

“NHS trusts should now think about getting in expert teams who can help identify problems and find solutions that work for NHS staff.”

And Jim Beagle, president and chief executive of BridgeHead Software, added: “If healthcare organisations do not provide a compliant and sanctioned means to share data, clinicians will find other ways to do it.

“But, there are some obvious risks to sharing patient information through uncontrolled means – first and foremost being the privacy and security of data.

“Hospitals who are turning a blind eye to his practice are leaving themselves open to patient data breaches and the disclosure of sensitive information; of course, coupled with the wrath of the Information Commissioners Office (ICO) and some heavy fines.

“Granted, these apps enable a convenient way of sharing data between immediate devices. However, the result is the creation of further data siloes, whereby the data is locked into the devices on which the information was shared, i.e. it will never formulate part of the patient record.”

The ‘workable alternative’, he added, is the use an independent clinical archive (ICA).

It’s been clearly identified in the Wachter Review that the digitisation of healthcare and data sharing is vital for future success. As such, data sharing policies cannot be ignored, nor pushed under the carpet

This standards-based enterprise repository offers a fully-compliant means to store, protect and share all data pertinent to a patient, including medical images, scanned documents such as historical paper-based referral documents and patient consent forms, observation results, clinical reports, medical photographs and videos.

“With an ICA clinicians and support staff have a quick and easy means to search and retrieve data as and when they need it at the point of care,” said Beagle.

“It’s been clearly identified in the Wachter Review that the digitisation of healthcare and data sharing is vital for future success. As such, data sharing policies cannot be ignored, nor pushed under the carpet.

“Healthcare providers must review their practices and put in place the technology that will allow them to continue to share data for the benefit of patients, safely, securely and in a timely manner.

“Data is, after all, the most-strategic asset that a healthcare provider has in its armour, so it should be treated with the respect it deserves and harnessed to the betterment of care delivery.”

Darren Hedley, director of public sector at Insight UK, added: “From new mobile phones to wearable and ingestible devices – technology is becoming a natural extension of ourselves.

“Doctors using consumer apps such as Snapchat to speed up patient feedback is an example of how technology has the potential to revolutionise healthcare, and its adoption is somewhat unstoppable.

“Authorities have to consider ways of securing the right infrastructure in place to support and encourage innovation.

“By working together with technology specialists, the transition to digital healthcare can be made as smooth as possible.”

Companies