Image source: Unsplash/Dima Solomin

News • Concerns over new law

How would a WhatsApp ban for doctors affect patient care?

Doctors express concerns over new law, warn about negative consequences

UK law changes pose a threat to the security of messaging apps – and therefore their use in the NHS. In The BMJ, doctors warn that patient care will suffer if they can no longer use apps such asWhatsApp and Signal to share information. 

In March 2020, in the face of the pandemic, clinicians were officially allowed to use messaging services such as WhatsApp “where the benefits outweigh the risk,” reversing years of caution about their use in patient care – provided the apps used encryption, explains journalist Stephen Armstrong.

Care is better when doctors can talk to each other. For a range of situations doctors find themselves in, only a general app like WhatsApp is easy to use

Sam Smith

The most recent NHS England advice continues that policy, advising healthcare workers to use two-step verification and disable message notifications on the lock-screen. And yet two recent pieces of legislation – one passed and one pending – threaten the use of any end-to-end encrypted messaging in the NHS. October’s Online Safety Act instructs the UK communications regulator Ofcom to monitor user-to-user apps and software, while an amendment to the Investigatory Powers Act – expected in the spring – says technology companies can’t introduce new security software or make any significant changes to the security of their existing service without UK government approval. 

What this means, in effect, is that the government will have installed surveillance of all encrypted messaging, making it impossible to be sure patient data is secure, writes Armstrong. Not only that, but the app providers – including major tech companies such as Meta, owner of WhatsApp and Facebook, Apple and Signal – have warned that the new requirements may force them to withdraw services from the UK if it unduly impacts their ability to innovate and introduce new security features. 

Marcus Baw, an emergency medicine and general practice doctor in Yorkshire, says if WhatsApp were to disappear, “we’d have an NHS wide problem immediately.” Ross Anderson, professor of security engineering at Cambridge University, also points out that “as Signal and WhatsApp upgrade their software a number of times a week to deal with bugs or new threats, the UK would have to be treated like Burma or North Korea and simply avoided rather than wait for GCHQ approval – which could take months”. 

“The combination of the IPA reforms and the online safety Act presents the possibility of a shocking level of state interference,” says Meredith Whittaker, president of Signal Foundation. “If the choice came down to adulterating the security features that allow us to keep the privacy promises we make to the people who rely on Signal in the NHS or leaving, we would leave.” 

An Ofcom spokesperson told the BMJ they will use their new online safety powers “in a way that is compatible with rights to privacy and freedom of expression” and “won’t be reviewing all harmful online material or be able to read private online messages.” But Mike Grocott, professor of anaesthesia and critical care medicine at the University of Southampton, argues that tech companies are not prepared to subject their apps to this level of government surveillance. If encrypted messaging apps withdraw from the UK, patient care would suffer, he says. “Care is better when doctors can talk to each other,” agrees Sam Smith from patient privacy group MedConfidential. “For a range of situations doctors find themselves in, only a general app like WhatsApp is easy to use.” 

For Marcus Baw, the entire problem could have been avoided if NHS IT leaders had had the vision to build an end-to-end encrypted NHS approved app linked to NHS mail. His hope is that someone in government is going to realise the electoral foolishness of the two pieces of legislation. “The tech companies are serious,” he says. “Can you imagine the outcry from the population if WhatsApp withdraws from the UK? It would be an act of catastrophic self-harm by any government. Perhaps for once common sense will prevail.” 

COI Statement: Stephen Armstrong is a journalist and author. He is paid to write about technology, medicine, science, politics, and culture for Wired, the Sunday Times, and the Daily Telegraph, among others. He has written books on the private security industry, the rise of oligarchs in the developing world, and poverty in the UK. He is a trustee of the Orwell Foundation and a fellow of the Royal Society of Arts. He owns no stock options or shares in any pharmaceutical, IT, or healthcare companies. He has a personal pension, which may invest in these types of companies. 

Source: The BMJ


Read all latest stories

Related articles


Article • Cybersecurity in hospitals

Ransomware: The race between attackers and defenders

Since 2015, the number of known ransomware attacks has not only increased substantially across many industries. Hospitals, and the healthcare industry in general, have also become favorite targets of…


News • Regulatory issues

Genetic data privacy, the GDPR, and research needs: a delicate balance

The EU’s General Data Protection Regulation (GDPR) has created a great deal of uncertainty about how key requirements should be interpreted. This means that collaborators in international genetic…


News • Inconceivable?

Many fertility apps not exactly fussy about data privacy, study shows

The majority of top-rated fertility apps collect and even share intimate information without the users’ knowledge or permission, a collaborative study by Newcastle and Umea Universities has found.…

Related products

Subscribe to Newsletter