Sensitive information about patients’ conditions could become public if phones are lost or stolen, warn researchers

Details of patients’ illnesses and treatment could be leaked because so many doctors use smartphones to send details of their cases to each other, including x-ray results and photographs of wounds, warns research.

Patients are at risk of having their confidentiality breached because up to two-thirds of doctors are using SMS texts and picture messages to share information, including photographs of wounds, in the search for a second opinion.

The findings prompted concern that sensitive details of patients’ conditions could become public if doctors’ phones were lost or stolen or they inadvertently sent a message to a wrong number.

Research among 287 doctors and 564 nurses working at the five hospitals in the Imperial College healthcare NHS trust in London found that 65% of the doctors had used SMS messages to communicate with colleagues about a patient.

Just less than half (46%) had used picture messaging on their smartphone to send a photograph of a wound or an x-ray, while 33% had used app-based messaging.

“It is apparent that large proportions of doctors are using messaging services to convey patient-related clinical information to colleagues. Furthermore, over a quarter believe that such information is still retained on their handset”, say the six co-authors, who work at the trust and include Lord Darzi, a former health minister.

“Owing to a lack of data encryption and necessary security modules, the transmission of patient information through these messaging modalities is currently unsecure and may result in the inadvertent disclosure of highly sensitive and confidential data, particularly if handsets are lost, stolen or viewed by unauthorised users.”

The medConfidential campaign group, which scrutinises data security in the NHS, warned that doctors sharing information in such ways could end up breaching patients’ confidentiality.

“While no doubt these messages are being sent to facilitate the best care of patients, there are serious concerns about the safety of such sensitive patient information being sent - unencrypted and unsecured some instances – from personal device to personal device. What happens if the message gets sent to a wrong number?,” a spokesman said.

“Retaining a patient’s clinical data on your phone for longer than absolutely necessary is not only a serious breach of data protection, it could lead to breaches of confidentiality or worse.” He echoed the authors’ call for the NHS to develop rules to ensure that such devices are used safely and securely.

The research, published in BMJ Innovations, also warns that doctors may recommend partients use medical apps that have not been tested and which could cause them harm.

“Doctors and nurses must also be aware that the mhealth app market is currently under-regulated and that defective apps are capable of causing patient harm. Both staff and healthcare organisations should be encouraged to risk assess the medical apps prior to their use in order to mitigate such dangers,” they advise.