According to a recent paper entitled “WhatsApp Doc?” in the Irish medical journal BMJ Innovations, 97% of interns at University Hospital Limerick (UHL) sent highly confidential sensitive patient data on instant messenger apps such as WhatsApp without their patients’ consent.
It is reported that more than two thirds (68%) were concerned about sharing patient data this way but did it regardless.
It is believed that patient information shared in this way is accessible by all the phones of members in a group chat. This would mean that a lost phone would ultimately result in a data security breach, even if the individual in question had never sent data themselves.
The report added that “worryingly” 30% of interns had lost their phone within the past year and 5% had lost one within the past week.
This study highlights that instant phone messaging systems are integrating into modern medicine in Ireland, with some 80% of the interns in UHL suggesting that they all had an active group chat within WhatsApp used for clinical medicine at UHL.
It is likely this behaviour isn’t unique to Limerick and is happening in hospitals and other companies throughout Ireland.
Do you know how your employees/colleagues share customer data within your organisation? The ability to efficiently map the data flow within your organisation and carry out regular data protection impact assessments is imperative for GDPR compliance.
Get the knowledge and skills to successfully implement and manage your privacy and information security compliance with our Certified GDPR training.