November 2024: slight tidy ups.
June 2023: NHS England recently made their guidance less comprehensible (again). The 2023 wording is entirely compatible with the much clearer 2018 wording; paragraphs in blue below are omissions from that official guidance.
As a clinician or nurse, you should not have to keep up with the latest fluff of the apps you might use for work. But teams need to talk to each other (without using Microsoft Teams for everything!)
NHS England has put our several attempt at ‘guidance’ on using instant messaging apps. It previous WhatsApp was not banned, but failed to provide helpful guidance on what to actually use. It still hasn’t. There was a Do & Don’t list, which was better than nothing, but it isn’t in the latest version, and was almost impossible to turn into practice in the real world.
If asked, we would suggest something like this:
Summary
- If your employer offers an instant messaging solution, use that.
- If you are picking apps to use yourself, you are safest with Signal.
- If you are not picking the apps you use, you will probably have to use WhatsApp or Skype. But be aware that someone will be held responsible when Facebook or Skype change their rules – and it’s probably not going to be the person who picked the app…
- Don’t use Facebook Messenger, Instagram, or Telegram.
Whatever app you use for work, chats in that app should be set to expire in a few days (possibly less), and the vast majority of people should avoid having their phone going ding for work purposes while they are not at work. For most apps, a swipe left on the main list of ‘chats’ should show an option to “hide alerts” for some time period – this should ensure that if you do give your personal number to work colleagues, it doesn’t end up driving you to distraction outside work. If someone really wants to get in touch, they can always just call you normally.
The reasoning behind our suggestions: Doctor-to-Doctor encryption
The important step in secure messaging is something called “end-to-end” encryption, which prevents anyone – a third party ‘listening in’, or even the service making the connection – knowing what you said. It’s the equivalent of having a conversation in a private consultation room, rather than doing it standing next to the nurses station, or in a waiting room. But even with Signal, if you are messaging using your personal device, you should treat any conversation as if it were in a lift where another person might be listening.
Signal allows you to decide for how long you will keep messages from any particular person or group, and will automatically delete the stored messages after that. But what happens with the stored message history in other apps? WhatsApp, for example, wants you to give it a full copy of all your messages and send them to its servers as a ‘backup’ (though at some point it will show you ads against them – it is part of Facebook after all).
You may also have set your phone itself to backup to somewhere. Do you know where the backup goes, and what’s in it? If chats don’t auto-delete in minutes, your backups will need to be carefully managed.
Of course, it is best practice to backup everything on your phone, and most apps assume (probably correctly) that you don’t want to lose every message or photo you receive of your kids. This doesn’t necessarily translate neatly to a clinical setting – anything that must be kept should be recorded elsewhere, so that if you lose your phone, the only thing you won’t have kept was ward chit-chat. WhatsApp wants everything – it doesn’t offer clinical reassurance. And while Snapchat has deletion as a feature, it has other problems akin to Facebook and Skype.
The longer-term security of your messaging is dependent upon who makes the app – and when, and why, they will change the rules on you. We (also) recommend Signal because it is produced by a charitable foundation whose sole mission is to provide secure, usable, communications. One key reason why the NHS England guidance is so terrible is that WhatsApp has lobbyists telling NHS England that it should allow their product; Signal doesn’t.
Since Facebook (the owner of WhatsApp) lies to regulators about its intentions, you clearly cannot rely on the company not to do tomorrow what it denies it will do today. As a consequence of this, any official guidance must in future be kept up to date by NHS Digital. And, as corporate policies change, so must the guidance – removing from the equation NHS England’s fear of the deluge of lobbying that created this mess in the first place.
Clinicians deserve better tools than those that NHS England chooses to recommend, where a national body prioritises its own interests over the needs of those delivering direct care. The NHS England guidance is the output of meetings and committees that with every iteration gets progressively less useful for those who need to use something to help the and the people they work with practice medicine.
(This post will be kept under review as technologies change; it was last updated in October 2024)
October 2024: slight tweaks, primarily doctor-to-doctor encryption and deleting messages.
June 2023: The December 2022 guidance from NHS England is split over a page about messaging, with key parts on the page about devices.
March 2021: added link to common definition and tests for a secure app.
March 2020 Update: custom apps are now in the NHS Apps library, and so apps that your staff routinely use for other purposes shouldn’t be used.