New revelations about the way that doctors in the UK (and no doubt the rest of the world) use smartphones and tablets is casting a shadow on the medical profession’s most holy of holies: the Hippocratic oath. When we visit a doctor, we assume that our ailment – no matter how insignificant it may be – will remain among us, our doctor, and any specialist needed to tackle the health issue.
Now, a new research paper published by BMJ Innovations reveals that doctors have been using smartphones to send colleagues patient information during the diagnosing and prescribing process. Even admitting to at times sending photo messages of wounds and x-rays (or whatever else they need a second opinion on).
The research, which was conducted at 5 hospitals by the Imperial College healthcare NHS trust in London, took a survey from 287 doctors and 564 nurses to find out how they communicate. Unsurprisingly, the results showed that 65% of doctors at times use SMS text messages to contact other colleagues about patient ailments. Of those 46% admitted to having used picture messages to share Xray photos and the like, and 33% admitted to using messaging Apps. So what is the problem?
The problem is not that they desire a second opinion or that they are using a mobile phone. The problem is that doctors are using the same mobile phone that they use at home and that they are using regular SMS text messages and messaging Apps to send communications, and here lies the problem.
If doctors had a specific messaging App agreed for use by the National Health Service, and an encrypted work phone – done correctly, with some care and oversight – this kind of communication could be okay. As it stands, however, it is balancing confidential knowledge on a knife edge.
For a start, the way in which these medical records are being shared means that the NSA and GCHQ have most certainly got patient data among their mass collected surveillance data. Only recently Snowden reinforced this point on the BBC’s television show Panorama. Speaking to Panorama, he explained that beyond mass collected data, GCHQ also has tools for hacking smartphones, named after the Smurfs, that allows it to use the camera and microphone on smartphones to spy on people.
Then you have the possibility of a doctor’s phone being hacked by a malicious cybercriminal. We all know that there is a lot of evidence that phones are being regularly hacked. Sadly, we are talking large amounts of Androids and iPhones that are being targeted with malware that puts a phone’s contents at risk.
Lord Darzi a former health minister in the UK, and one of the six researchers who undertook the study agrees that sensitive data is being put at risk,
‘It is apparent that large proportions of doctors are using messaging services to convey patient-related clinical information to colleagues. Furthermore, over a quarter believe that such information is still retained on their handset. Owing to a lack of data encryption and necessary security modules, the transmission of patient information through these messaging modalities is currently unsecure and may result in the inadvertent disclosure of highly sensitive and confidential data, particularly if handsets are lost, stolen or viewed by unauthorised users.’
In that quote, Lord Darzi hits the nail on the head. Sadly, it is not required that a doctor’s phone be hacked by cyber criminals in China – or be intercepted by government agencies – for patient confidentiality to be violated. The doctor does not need to be mugged, or leave his phone in a taxi for patient information to get into the wrong hands either. The doctor could just leave the room for a moment, allowing a jealous partner to have a quick snoop through the phone’s texts, and whoopsies there goes patient confidentiality again.
Recently, a team of data recovery experts from Kroll Ontrack and Blancco Technology Group found that they could memory sweep second-hand smartphones (purchased on eBay) and recover about 35% of a phone’s old data. In total, they recovered 2,153 emails and 10,838 texts – from phones that users had sold believing that they had been completely erased. If old, erased phones can have their secrets extracted, then think what someone with a little technical knowledge can do with a doctor’s phone.
A spokesperson from the NHS medConfidential campaign group warns that this is a very real issue that needs to be addressed,
‘While no doubt these messages are being sent to facilitate the best care of patients, there are serious concerns about the safety of such sensitive patient information being sent – unencrypted and unsecured some instances – from personal device to personal device. What happens if the message gets sent to a wrong number? Retaining a patient’s clinical data on your phone for longer than absolutely necessary is not only a serious breach of data protection, it could lead to breaches of confidentiality or worse.’
A final point of concern raised in the report was doctor use and recommendations of individual medical Apps. These, the report concludes have not been tested thoroughly enough by medical standards groups,
“Doctors and nurses must also be aware that the mhealth app market is currently under-regulated and that defective apps are capable of causing patient harm. Both staff and healthcare organisations should be encouraged to risk assess the medical apps prior to their use in order to mitigate such dangers.”