Whatsapp, health data at risk? The case of medical prescriptions breaks out

The use of messaging apps and emails has helped operations during the acute phase of the pandemic but the confidentiality of information may be compromised. Uk ICO asks Government and Department of Health for guidance to address the issue 12 Jul 2022 Patrizia Licata journalist

Imposition of best practices by the Department of Health and request to the government to intervene with new wide-ranging guidelines: this concludes a year of investigations by the British Information Commissioner's Office (ICO) on the use of messaging applications such as WhatsApp and personal email during the pandemic. Personal apps have helped the Department of Health and Social Care (DHSC) operate, but they pose risks to the security, confidentiality and integrity of communications, the ICO concluded. The results of the investigation, launched in 2021 by Commissioner Elizabeth Denham, are collected in the report "Behind the screens – maintaining government transparency and data security in the age of messaging apps". The first danger, the ICO points out, is that important or sensitive information is lost or managed in an unsafe way; for example, some data has been stored by the ministry in private accounts, outside the official systems of the DHSC. Index of topics • Private messaging in the PA: risks to data • Authority Guidance: Focus on Security and Privacy • The new ICO plan to respond to the challenges of the digital age Private messaging in the PA: risks to data The ICO's investigation into the use of private email and WhatsApp in the Ministry of Health found that such use by DHSC ministers, executives and staff was "extensive" and indicates that, in all likelihood, this has also been the case in other ministries.

Executives copied privately exchanged information into government accounts to track conversations and events, but the practice was not followed consistently and continuously. In addition , the DHSC had no appropriate technical or organizational controls to ensure management of the security and risks associated with the use of private correspondence channels. For example, there is no information about where the servers that host the external accounts are and where, therefore, the department's data has gone. In general, the use of these channels posed a risk to the confidentiality, integrity and accessibility of the data exchanged. The Authority's Guidance: Focus on Security and Privacy The ICO has issued a number of recommendations on practices to be adopted in the UK Department of Health. The authority orders first to improve the management of the requirements of the Foi law and, in particular, to focus on any content created or contained in personal accounts. The authority also issued a "reprimand" for breaches of the UK General Data Protection Regulation which requires the DHSC to improve processes and procedures regarding the handling of personal information via private correspondence channels and to ensure that the information is protected. Finally, the ICO asked the government to deal in general with the issue of the use of private communication channels in the Public Administration. London should consider new guidelines on the use of private messaging in the DHSC and, in general, across the PA to ensure a unique approach that allows it to benefit from new means of technology without harming data protection and information transparency. The new ICO plan to respond to the challenges of the digital age "I understand the value of instant communication that products like WhatsApp can bring, especially during the pandemic when public officials had to decide and work at speed and in particular conditions. However, the price of these products, while certainly not illegal, risks being a lack of transparency and inadequate data security," said ICO Commissioner John Edwards. The point, Edwards said, is to make sure that the Freedom of Information Act (FOI) continues to be effective in helping public authorities act transparently and responsibly toward citizens. "Understanding how the role of technology changes is part of the task: I will give further details on how my office intends to deal with the Foi law when we launch the new three-year Ico25 plan," the British commissioner indicated.