This site is intended for health professionals only

New NHS guidance tells GPs how to use instant messages during crises

NHS England has urged caution to medical staff using instant messaging services to communicate during a crisis, while telling them they are a ‘vital tool’ in such instances.

New guidance published today has asked doctors and nurses using apps like Viber, Telegram, Signal or WhatsApp to only use those that meet the NHS encryption standard and to ensure that no one else has access to their phone while it still has confidential patient information on it.

They have also been told to verify the identity of the person or group before beginning a conversation, include as little patient data in the messages as possible, and to delete this information from their mobiles as soon as it has been added to the relevant medical record.

The new guidance has been published by the NHS England jointly with Public Health England and the Department of Health and Social Care.

It was reviewed by Imperial College Healthcare NHS Trust consultant anaesthist Dr Helgi Johannsson, who set up an instant messaging group in the aftermath of the Grenfell Tower fire to coordinate the hospital’s response.

Dr Johannsson said the Westminster attack taught them how important it is not to burden emergency care coordinators by offering to help, and that the messaging group helped inform staff when they should come in and where they were needed.

NHS England’s chief clinical information officer for health and care, Dr Simon Eccles, said the guidelines were intended to help doctors and nurses to use technology effectively ‘under the most intense pressure’. 

NHS England’s instant messaging guidance include:

  • Only use apps that meet the NHS encryption standard
  • Don’t allow anyone else to use your mobile
  • Disable message notifications on the mobile’s lock screen to ensure patient confidentiality
  • Keep separate medical records and delete the original message

WhatsApp was the mode of communication which some CCGs have suggested practice managers and commissioners should use to keep in contact with each other in case of another cyberattack like the one that hit the NHS in May last year. 

The IT attack wreaked havoc across 600 GP practices which were locked out of their systems after they were infected by the ‘WannaCry’ virus.