Short answer: It is NOT safe to use WhatsApp to send patient data. But can something be done to make is more secure? Why yes, I'm glad you asked. Before answering how, let's look at the problem.
What's Happening Now
Anecdotal evidence suggests many doctors worldwide are using WhatsApp to share messages, and images with other physicians. In the UK the use of WhatsApp is now ubiquitous in NHS hospitals.
The Nine Big Issues
If you use the default camera in WhatsApp (or use the default camera app and import a photo into WhatsApp) it is near impossible to not breach privacy regulations.
- Consent. There is no documentation of consent.
- Not HIPAA compliant. In the US, where patient data is protected under the "Health Insurance Portability and Accountability Act of 1996", WhatsApp isn't considered "HIPAA compliant".
- Data sovereignty. WhatsApp is owned by Facebook, a US company. Paraphrasing regulations, most countries state that patient data should not travel internationally if it can be accessed without knowledge by a foreign entity. Cough, "Snowden".
- Stored in gallery By default, WhatsApp automatically saves all photos you receive into your phone gallery! On iOS it is easy to change the setting to prevent this. On Android it is ridiculously hard - you have to download another app to do it! Photos in the gallery are often auto uploaded to Apple or Google's servers. Again, the patient data may travel outside of your country.
- Photos not de-identified. De-identifying photos aren't/can't be done properly. Metadata still remains in the photos.
- No control over sent photos. In theory, you should instruct the recipient to delete photos after they have been viewed. Invariably, this is not done. See the How do I delete patient photos I have stored in my photos? FAQ for instructions.
- Removing photos not done. You have to remove images from the WhatsApp conversation. Although possible, this is rather impractical. See instructions for removing images from Whats App in our FAQs.
- Data accessible if a phone is lost. Clinical photos may be accessible if you lose your phone.
- Questions over encryption. There is a question about the encryption used. In 2017, a security vulnerability exposed the data of millions of users. Although quickly patched; it's still a cause for concern. WhatsApp uses end-to-end encryption which is good, but this isn't the holy grail of security.
Given the afore-stated reasons, we strongly suggest that you do not use WhatsApp for sharing patient data. The NHS echoes this advice. "Whatever the other merits of WhatsApp, it should never be used for the sending of information in the professional healthcare environment."
Securing WhatsApp using PicSafe
PicSafe has just released an update (version 2.5) that allows reports to be shared via WhatsApp. Using PicSafe bypasses all the issues above and keeps patient data encrypted at all times. Here is how it works.
- A doctor takes a patient photo using PicSafe. As normal, they enter the patient's details and get the patients consent.
- Just above the "Send" button, there is a "Send to" row. Tap that and, you are given the option of selecting "WhatsApp".
- Upon pressing "Send", the app encrypts the report into a .picsafe file and uploads it to one of our temporary storage servers. We have servers in Australia, Canada, Germany, Ireland, the UK, and the USA. If you are in one of those countries, it will use that server. If you are in any other EU country, it will use the German server.
- The storage server returns a link (URL) that can be used to fetch the report.
- The PicSafe App opens WhatsApp and asks the user to select the recipient.
- A message is pre-populated with the link and a short message.
- When the doctor sends the message, the data is removed from their phone.
- When the recipient gets the message, they will be prompted to download PicSafe and sign up (if they have not done so already).
- When they click on the link, it will open the PicSafe app and start downloading the report.
- Once downloaded, the app will fetch a key to decrypt the report (the recipient must be logged in to PicSafe to do this so we can verify they are whom they say they are).
- The report will then be visible in PicSafe.
Under this scenario, using PicSafe:
- No data is stored on the senders' phone.
- No data is stored on the recipients' phone.
- No patient data is stored on WhatsApp/Facebooks server.
- If the sender and recipient are both in either Australia, Canada, Germany, Ireland, the UK, or the USA, then not patient data travels internationally.