Security and compliance should be front-of-mind for pharmacists during the pandemic and beyond
Digital messaging apps have become an important facet of everyday life, enabling people to quickly and easily stay in touch with friends, family, and colleagues anytime, anywhere. This convenience, however, doesn’t come without risk, and we have all experienced messages being sent to the wrong people or groups.
When communicating with friends, a mistaken message may be amusing or, at worst, embarrassing, but in the workplace, the consequences can be far more serious. In the healthcare sphere in particular, the potential for such errors poses a significant risk to patient confidentiality and data protection, which threatens the most fundamental aspects of healthcare ethics.
However, many pharmacists and other healthcare professionals are unacquainted with this issue. A recent survey by the European Heart Rhythm Association (EHRA) revealed that 88.3 per cent of its members regularly use instant messaging apps for sharing clinical information with medical colleagues, yet 29.3 per cent admitted they were unaware of EU data protection regulations. A further 46.7 per cent indicated there are no regulations in place at their institution regarding the sharing of clinical data via instant messaging.
This is worrying, but not surprising. Technology moves at a rapid pace, so it stands to reason that it frequently advances more quickly than the government and industry can create new standards and procedures to address it. What’s more, instant messaging tools offer huge benefits right across the medical profession, so the demand for them is strong. They can enable pharmacists to engage directly — and safely — with their peers, to share urgent news and documents, to identify and solve everyday problems for their patients, and to share the latest rules on electronic prescriptions of medicine.
These benefits were emphasised at the height of the pandemic, when information-sharing and fast decision-making were essential for helping pharmacists to learn how to deal with a hitherto unknown virus. In these circumstances, many came to appreciate the value of being able to discuss issues among their peers, such as sharing tips and photographs of how they maintain a safe practice for both themselves and their patients.
The pandemic also highlighted the huge benefits of sharing patient cases between each other and providing answers to questions before procedures can even happen. Additionally, in terms of medication management, easier access to doctors — inside and outside of opening hours — also proved vital, facilitating discussion on issues such as a dosage or medication changes. There have even been instances where medication recalls were swiftly handled across entire associations, as achieved by the Dutch Royal Pharmacy Organisation in the Netherlands, thanks to secure messaging services.
The immediacy of conversation which secure instant messaging enables, together with clear, effective and quick knowledge-sharing on a wide scale, has proven invaluable during the pandemic and will continue to do so as digital technology advances, and the needs and expectations for faster solutions grows.
The answer, therefore, is not to simply banish messaging apps, just when they have proven themselves indispensable. The better solution is for technology providers to create messaging tools which are fit for purpose and which meet the demands of medical staff, all without the associated risks that come with universally-available providers. In fact, the data-security challenge was recognised some time ago, and was a key influence behind the development of specialist healthcare apps such as Siilo — the only tool on the market which is compliant with GDPR and medical legislation and which can be downloaded free of charge.
However, the importance of using specialist tools is not yet fully understood because there is a failure to differentiate between security and compliance. The basic premise of ‘end-to-end’ encryption, which is offered by the best-known messaging apps, certainly provides a strong element of security — it means the servers of the vendor cannot decrypt the message data even if they wanted to, because they don’t have access to the encryption keys that belong to this encrypted data. However, this only applies to data whilst it is ‘in transit’ from one phone to another. What happens when the data is ‘at rest’, ie, delivered to a phone or other device?
After a phone receives a message, several synchronisations take place with common messaging apps: Photos and videos are synced automatically to the photo library of the phone, where the media is not encrypted; all conversations are backed-up by default and automatically go onto the cloud services of the phone provider, where message data is also stored unencrypted. As such, all these unencrypted conversations are exposed to unauthorised third parties.
This is a huge problem because it becomes impossible for any healthcare professional sending an instant message on most services to be able to guarantee patient confidentiality. A way which is often used to get around this is to anonymise patient information within communications, but this also brings significant issues — if healthcare teams cannot clearly identify which patient they are communicating about, it will almost certainly lead to confusion and mistakes.
What this means is that off-the-shelf messaging apps are not suitable for use within healthcare. Using them offers no guarantee of patient confidentiality, and worse still, may compromise their welfare. What’s more, the recent ransomware attack on the HSE’s IT system has again highlighted the importance of robust data security. Little wonder, perhaps, that Siilo experienced a 908 per cent surge in app downloads in Ireland following the recent incident.
Other common scams on high-profile messaging apps, such as account hijackings recently reported among WhatsApp users, still continue to catch out even the most safety-conscious. Digitalisation offers tremendous benefits to the healthcare sector, and for pharmacists in particular, who often play an essential role in almost every care path a patient goes through, efficient and secure communication across multiple disciplines is vital. But it is essential that it is truly fit to meet the standards expected within the profession.
For communications technologies, this means applying absolute rigour to ensure patient confidentiality cannot be compromised.
Joost Bruggeman is a former surgery resident at Amsterdam University Medical Centre and now CEO and co-founder of Siilo. For more information, please visit http://www.siilo.com