Be phone smart

Many doctors use their smartphones at work but are you aware of the potential risks? Dr Naeem Nazem offers some practical advice

HandSmartphone_shutterstock_147402290.jpgIT IS hard to imagine life before the smartphone. Whether it’s browsing social media, shopping online or checking emails, most of us look at our phones several times per day if not per hour.

These devices have also brought about big changes for medical professionals. Gone are the days of the junior doctor weighed down with copies of the latest BNF handbook and local formularies. You can now access this information and so much more, by downloading helpful apps provided by the likes of the General Medical Council (GMC), NICE and SIGN.

Unfortunately, the smartphone era inevitably brings risks which have resulted in new types of complaints and claims against doctors. The good news is there are some simple steps you can take to protect yourself.

Messaging groups

WhatsApp and other messaging groups can be an invaluable way to get quick advice or discuss difficult administrative issues with colleagues. Although most messaging platforms pride themselves on their security and confidentiality (WhatsApp provides users with end-to-end encryption), doctors must nevertheless be mindful of their duty of patient confidentiality.

The GMC has extensive advice on this in their Confidentiality guidance, but doctors also have a statutory obligation under the Data Protection Act 1998 (DPA) (as well as the General Data Protection Regulation (GDPR) which comes into force in May 2018) to ensure they keep patient information private.

One case MDDUS recently handled involved a small number of FY1 hospital doctors who created a Whatsapp group chat to share information on teaching opportunities. However, the group gradually evolved into a platform to air grievances about “unreasonable” colleagues and “nightmare” patients.

Some months later, performance concerns were raised at the annual review of one of the FY1 doctors and in response he mentioned using the messaging group as a source of peer support. Concerned that patient confidentiality may have been breached, the Trust legitimately sought and obtained a copy of all the WhatsApp group’s messages. Although they found no specific patient names had been mentioned in the messages, sufficient information had been shared to identify individuals. As the DPA makes clear, this is enough to constitute a breach of patient confidentiality.

Reflecting on this case, there were some easy ways in which the doctors could have protected themselves from criticism. Whether it’s jotting down something important on the back of your hand or sending a message in WhatsApp, always consider whether what you are recording could identify a patient either directly or indirectly. If it does, you may need the patient’s consent to proceed. Generally, you do not need consent if you are acting as part of a healthcare team to deliver medical care. (This does not apply to the use of WhatsApp and other messaging apps which should not be used as part of direct patient care.) However, if you are communicating information to any other party, including doctors who are not directly involved in their care, you may need the patient’s consent.

Photo diagnosis

Another popular use of smartphones is for taking and sending pictures. Again, this can be very useful for doctors but there are risks. Consider the following scenario:

An FY2 doctor is asked to see a patient on the ward with a new onset swelling next to the site of an earlier operation. The rest of her team is still in theatre so she takes a picture of it on her personal phone and sends it to her registrar for advice. The registrar replies to suggest she start the patient on intravenous antibiotics. The FY2 administers the medication and notes it on the patient’s prescription chart.

Some may feel the FY2 acted appropriately in the circumstances – she sought senior advice and commenced appropriate treatment, ensuring the patient was managed promptly and did not come to further harm. However, her actions in this case leave her vulnerable to criticism.

Firstly, most trusts/health boards prohibit the use of personal phones to take pictures of patients. Although in this case the picture did not show the patient’s face or other identifying features, it was still an image of a patient who had the right to confidentiality and whose consent had not been sought. If you do want to take an image of a patient, be sure to follow your local organisation’s own policy. This will inevitably include obtaining the informed consent of the patient.

Another significant vulnerability in this case was the complete absence of appropriate documentation in the medical records. A third party reviewing the patient’s records or drug chart would have no idea of the presence/nature of the swelling or the rationale for commencing intravenous antibiotics.

The doctor in this case could have protected herself from criticism by considering the alternative resources available to her. She could have asked another colleague to carry out an urgent review. And if she felt a picture of the swelling was essential, she should have followed her Trust’s policy on the taking of images, which would have ensured patient consent was obtained and confidentiality was not compromised.

Data storage

Another aspect to consider when using your smartphone is the storage of sensitive information on the device. The GMC’s guidance Making and using visual and audio recordings of patients is a useful reference here. It highlights the need to make appropriate secure arrangements for storing visual/audio recordings. If you use your smartphone for personal messages/emails, take extra care to ensure any patient-related correspondence is kept separate.

Again, check your local organisation’s policy here as it is likely to forbid the storage of sensitive patient data of any kind on personal and possibly also NHS mobile devices. This includes text messages, photos, videos, emails or other files/documents. The policy may allow for limited use of personal devices but it is likely to demand devices are not directly connected to the organisation’s network and are compatible with NHS mail security standards.

It is also advisable to activate your phone’s passcode lock with a limit set on the number of failed attempts allowed. These precautions are particularly invaluable should your smartphone be lost or stolen.

Stay smart

Life as an FY doctor is busy and messaging platforms and apps remain a valuable resource. But before sending or receiving any message/ photo relating to your clinical practice, take a step back and ensure you are not compromising patient confidentiality. Remember you do not need to mention a patient by name or show their face for the information to constitute a breach.

If you are seeking general advice from a colleague or reviewing the latest clinical or professional guidance, then there is no reason why your smartphone can’t act as a useful aid. But do remember to note any relevant information in the patient’s medical records. And above all, always comply with GMC guidance and your local organisation’s policies.

Dr Naeem Nazem is a medical adviser at MDDUS and editor of FYi