Active discussions

Meet the Other Phone. Protection built in.

Meet the Other Phone.
Protection built in.

Buy now

Please or to access all these features

Talk
AIBU?

Share your dilemmas and get honest opinions from other Mumsnetters.

Original poster

Care plan sent to What'sApp group

102 replies

NameChanger43 · 13/08/2020 18:37

Please tell me if this is outrageous or I'm way over thinking this. I don't want to be outting too much! I work in Healthcare caring for about 40ish people in a residential setting. A new person is coming to stay and their entire care plan was sent over a what'sapp group of about 50 people not all of who would be involved in their care. Notes included:

Full name
DOB
Address
Full and detailed medical history and medication
Incontinence care
Family and relationships
Behaviour
Money management and how they are being funded
Personal care
End of life/last wishes
Mental capacity... and much more

I know the importance of everyone knowing these details butsurely whatsapp is not secure. If my phone was stolen or lost anyone could read that (i do have a password).

How would you feel if this was your mum/dad/relative?

OP posts:
Original poster
NameChanger43 · 13/08/2020 19:05

Thank you for this, its frustrating sometimes having the knowledge and qualifications of someone higher up but being so low down because of circumstances. This is something I could have pointed out even if it was a genuine mistake!

OP posts:
Okbutnotgreat · 13/08/2020 19:05

We can’t even share work rosters so we can see who is working where (community support) so this is a shocking breach of confidentiality imo. Glad you’re reporting it.

Original poster
NameChanger43 · 13/08/2020 19:07

@Doobydoo

Who sent it?
The clinical lead x
OP posts:
Original poster
NameChanger43 · 13/08/2020 19:09

@Gingerfish91

My son is disabled. Everything sent to me from anywhere is usually password protected. Mugs name is never used just his initials.
Usually we would use initials that's why I was suprised
OP posts:
Cocklepops · 13/08/2020 19:13

Report it to the Trust or CCG’s Information Governance/Data Protection department. A series of questions for them to consider: What was the legal basis for sharing that special category data with 50 people, some of whom are not directly involved in the care of that patient? Was the use of What’s App appropriate? Their data centres are in the US as far as I’m aware and that’s a security concern for a start - as well as Facebook owning What’s App. I’m not sure NHS Digital or England have approved any messenging apps for use where patient data is involved. NHS data is need to know - who made the assessment that 50 people needed this info? Who approved the information being sent via what’s app - someone has presumably spent the time putting the group together to send it out to, so presumably they got permission first? Was the Caldicott Guardian informed? Was the Trust Data Protection Officer informed? Was a Data Protection Impact Assessment carried out, if this is a new way of using information for the organisation?

Leaannb · 13/08/2020 19:13

It's illegal in the US unless your phone is wncrypted

Original poster
NameChanger43 · 13/08/2020 19:15

@Cocklepops

Report it to the Trust or CCG’s Information Governance/Data Protection department. A series of questions for them to consider: What was the legal basis for sharing that special category data with 50 people, some of whom are not directly involved in the care of that patient? Was the use of What’s App appropriate? Their data centres are in the US as far as I’m aware and that’s a security concern for a start - as well as Facebook owning What’s App. I’m not sure NHS Digital or England have approved any messenging apps for use where patient data is involved. NHS data is need to know - who made the assessment that 50 people needed this info? Who approved the information being sent via what’s app - someone has presumably spent the time putting the group together to send it out to, so presumably they got permission first? Was the Caldicott Guardian informed? Was the Trust Data Protection Officer informed? Was a Data Protection Impact Assessment carried out, if this is a new way of using information for the organisation?
Thanks for those details, the whatsapp group has already been around for a while for passing information along/training reminders/shift cover etc.
OP posts:
christinarossetti19 · 13/08/2020 19:22

Yes, outrageous breech of confidentiality and process. Really serious.

whataboutbob · 13/08/2020 19:23

I work for a CCG and am involved with care homes. I cannot send any patient information to an email account that is not an nhs.net email account. If I sent stuff via WhatsApp- not sure I’d have a job after that. I’m surprised your colleagues did that as they should have had data handling training.

MoaningMinniee · 13/08/2020 19:40

Going against the grain... I don't use WhatsApp normally, and if someone told me some info had to be sent in a timeframe and I couldn't find any other way of sending it I might be driven to use it, just to get the job done and off my schedule so I could get home, especially if I was on the sort of shit terms conditions and payscale that most care workers are on.

AiryFairyArtyFarty · 13/08/2020 19:43

And I replied

User563420011 · 13/08/2020 19:44

Massive confidentiality breech.
Absolutely no reason for this to be sent across a message app, anyway- it should be in a physical file.

TeddyIsaHe · 13/08/2020 19:45

@MoaningMinniee

Going against the grain... I don't use WhatsApp normally, and if someone told me some info had to be sent in a timeframe and I couldn't find any other way of sending it I might be driven to use it, just to get the job done and off my schedule so I could get home, especially if I was on the sort of shit terms conditions and payscale that most care workers are on.
That’s not going against the grain - that’s completely illegal. Service users right to privacy far outweigh your need to finish work early. Please tell me you don’t work with any vulnerable people at all.
User563420011 · 13/08/2020 19:46

@MoaningMinniee

Going against the grain... I don't use WhatsApp normally, and if someone told me some info had to be sent in a timeframe and I couldn't find any other way of sending it I might be driven to use it, just to get the job done and off my schedule so I could get home, especially if I was on the sort of shit terms conditions and payscale that most care workers are on.
I would much rather be disciplined for not doing it on schedule than face the consequences of a data breech.
alexdgr8 · 13/08/2020 19:48

do it anon, and use the points cocklepops has outlined.
you know if someone is being this careless, what else are they doing.
like when the police mass on a station and pick up fare dodgers, some of whom are found to be wanted for serious crimes....

sixlemons · 13/08/2020 19:50

You won't get into bother for being a whistleblower if everybody else reports it as well.

AiryFairyArtyFarty · 13/08/2020 19:50

@MoaningMinniee

Going against the grain... I don't use WhatsApp normally, and if someone told me some info had to be sent in a timeframe and I couldn't find any other way of sending it I might be driven to use it, just to get the job done and off my schedule so I could get home, especially if I was on the sort of shit terms conditions and payscale that most care workers are on.
Please tell me you don't work in care
raspberryk · 13/08/2020 19:52

Actually whatsapp is encrypted so security in that respect isn't so much the issue, I use it for remote working currently.

However 50 people of whom not all required the info is the major issue.
Do report it.

Haffdonga · 13/08/2020 19:53

Whatsapp is encrypted so it's actually a safe way to send information. (Safer than email for example).

The issue here is should the information have been shared with all those people. AS you say some of those 50 aren't involved in this person's care THAT is your data breach.

TeaSoakedDisasterMagnet · 13/08/2020 19:55

That a massive GDPR breach, and would maybe be a Datix incident too.

Original poster
NameChanger43 · 13/08/2020 19:57

I wasn't aware whatsapp was encrypted so that's interesting, still doesn't seem right though.

@MoaningMinniee I understand where you're coming from but it would have taken less time to say "Mrs Smiths care plan has arrived, haven't printed it but please see me if you need to double check anything" rather than sending it en masse

OP posts:
Bangkokbaby · 13/08/2020 19:58

Rather than having one copy if the care plan, stored in a secure location there are now 50 copies on various people's phones. Those 50 could forward it on, amend it, print it etc. It's a huge data breach. Ive worked in care for many years, I'm really shocked by this. Thank you for reporting it. I imagine you won't be the only one.
Plus what happens when the care plan is updated, but people have copies of the old one? Vital information could be missed as people refer to old documents.

year5teacher · 13/08/2020 20:00

massive GDPR breach, report.

chomalungma · 13/08/2020 20:03

That's the issue with all these ways of communicating. It's so easy to set up What's App groups and communicate in quicker ways than NHS email etc. But it's too easy to share personal stuff with people who don't need to know.

Original poster
NameChanger43 · 13/08/2020 20:03

@Bangkokbaby

Rather than having one copy if the care plan, stored in a secure location there are now 50 copies on various people's phones. Those 50 could forward it on, amend it, print it etc. It's a huge data breach. Ive worked in care for many years, I'm really shocked by this. Thank you for reporting it. I imagine you won't be the only one. Plus what happens when the care plan is updated, but people have copies of the old one? Vital information could be missed as people refer to old documents.
Exactly what worried me, its no less difficult to have one or 2 hard copy in the office that we can pop in and access. Also in my role the only things I really need to know is diet/personal care/mobility and preferences.
OP posts: