The perils of BYOD in the UK healthcare sector have been exposed by new research claiming that nearly two thirds of NHS doctors send sensitive patient data to colleagues via text.
The researchers polled over 6,000 doctors and nurses at five hospital sites about their use of mobile devices. Unsurprisingly, 99% of doctors and 95% of nurses claimed to own a smartphone and 74% and 65% owned a tablet, respectively.
The research—published in the BMJ—revealed that 93% of doctors and 53% of nurses found their smartphone “very useful” or “useful” in helping them perform their clinical duties.
A further 90% of doctors and 67% of nurses claimed to be using medical apps at work.
However, 65% of doctors and 14% of nurses admitted to sending patient information to colleagues by text. A further third of doctors said they used mobile app-based messaging to do so, while nearly half (46%) said they used picture messaging to send photos of wounds, X-rays and other patient-related images.
While some messaging platforms like Whatsapp are implementing uncrackable encryption to encode messages, they're not secure across the board. And texts are also at risk of interception, creating privacy risks around current medical practices.
It’s perhaps unsurprising then that 72% of doctors and 37% of nurses said they wanted a messaging app to send patient-related info to colleagues in a secure way.
Even worse, 28% of doctors and 4% of nurses admitted to still having patient related info on their smartphones, adding to privacy concerns.
Tony Pepper, CEO of secure communications firm Egress, argued that medical staff need easy access to encrypted comms to do their jobs more securely.
“People will continue to look to use the simplest ways to share information, especially when they need to do so quickly and efficiently, such as in healthcare,” he added. “It is therefore up to these organizations to provide usable and secure encryption technologies to protect patients’ sensitive information, as well as educating employees in best practice.”
Nithin Thomas, founder of security start-up SQR Systems, argued that using unsecured channels for sending personal data is “an open invitation for theft and fraud.”
“There is a common misconception that unsecured apps are the only way for people to send information without specialized equipment or technical expertise, but in fact government-level encryption is now readily available for users in all fields,” he said.
“Anyone who routinely handles sensitive personal or corporate data must be able to ensure they have end-to-end security for all of their communications.”