NHS Lanarkshire has been reprimanded by a watchdog after workers members shared sufferers’ private knowledge on WhatsApp a whole lot of instances.
The Information Commissioner’s Office (ICO) reported that non-public data similar to affected person names, cellphone numbers and addresses had been shared by 26 workers members on greater than 500 events.
Images, movies and screenshots – which included scientific data – had been additionally shared on the messaging platform.
The delicate knowledge was leaked between April 2020 and April 2022.
NHS Lanarkshire had apologised to these affected.
While WhatsApp is accredited for NHS staff for primary communication, it’s not accredited by the well being board for sharing delicate knowledge.
A non-staff member was additionally added to the WhatsApp group by mistake, ensuing within the disclosure of private data to an unauthorised particular person.
Once NHS Lanarkshire grew to become conscious, it reported the incident to the ICO.
An investigation was subsequently launched, which concluded that the well being board didn’t have the suitable insurance policies, clear steerage and processes in place when WhatsApp was made accessible to obtain.
This meant that NHS Lanarkshire had no evaluation of the potential dangers referring to sharing affected person knowledge on this method.
UK Information Commissioner John Edwards mentioned: “Patient data is highly sensitive information that must be handled carefully and securely. When accessing healthcare and other vital services, people need to trust that their data is in safe hands.
“We recognize that NHS Lanarkshire, like all healthcare suppliers, was beneath enormous strain in the course of the pandemic however there is no such thing as a excuse for letting knowledge safety requirements slip.
“Every healthcare organisation should look at this case as a lesson learned and consider their own policies when it comes to both messaging apps and processing information about patients.
“We will probably be following up with NHS Lanarkshire to make sure that affected person knowledge isn’t compromised once more.”
The ICO issued quite a lot of suggestions to forestall future knowledge breaches, together with implementing a safe scientific picture switch system for the storage of pictures and movies inside a care setting.
The watchdog added that NHS Lanarkshire ought to “consider the risks” in relation to non-public knowledge and be certain that workers are “aware of their responsibilities to report personal data breaches internally without delay to the relevant team”.
The well being board – which has been requested to offer an replace of motion taken inside six months – mentioned it has already taken quite a lot of steps.
Trudi Marshall, nurse director, well being and social care North Lanarkshire, mentioned: “We have received a formal reprimand from the ICO for the use of WhatsApp by one of our community teams to exchange personal patient data during the pandemic.
“We recognise that the staff took this strategy as an alternative choice to communications that will have usually taken place in both a scientific or workplace setting, however was not doable at the moment attributable to COVID restrictions.
“However, the use of WhatsApp was never intended for processing patient data.
“We supply our honest apologies to anybody whose private particulars had been shared via this group.
“We have already taken a number of steps including looking at alternative apps that can be introduced for the transfer and storage of images and videos within a care setting.
“This is being taken ahead whereas contemplating the dangers referring to the storage of any private knowledge.”
Source: information.sky.com”