Active discussions

Meet the Other Phone. Child-safe in minutes.

Meet the Other Phone.
Child-safe in minutes.

Buy now

Please or to access all these features

Talk
AIBU?

Share your dilemmas and get honest opinions from other Mumsnetters.

Original poster

Care plan sent to What'sApp group

102 replies

NameChanger43 · 13/08/2020 18:37

Please tell me if this is outrageous or I'm way over thinking this. I don't want to be outting too much! I work in Healthcare caring for about 40ish people in a residential setting. A new person is coming to stay and their entire care plan was sent over a what'sapp group of about 50 people not all of who would be involved in their care. Notes included:

Full name
DOB
Address
Full and detailed medical history and medication
Incontinence care
Family and relationships
Behaviour
Money management and how they are being funded
Personal care
End of life/last wishes
Mental capacity... and much more

I know the importance of everyone knowing these details butsurely whatsapp is not secure. If my phone was stolen or lost anyone could read that (i do have a password).

How would you feel if this was your mum/dad/relative?

OP posts:
Original poster
NameChanger43 · 13/08/2020 21:05

@comeonbaby You've summed up exactly how I was feeling/why I was worried, I didn't think much about it at first because I get that its an easy way to share things and thought fair enough. It wasn't until I went back onto my phone and into my documents to send some pictures to my mum that I saw it had been saved automatically on my phone. That's when I really thought about it and how bad it can be, the fact that anyone who acesses one of the 50 people's phone can then see it. Sorry I'm not very eloquent, especially onlineGrin

OP posts:
InFiveMins · 13/08/2020 21:10

This reply has been deleted

Message deleted by MNHQ. Here's a link to our Talk Guidelines.

HarveySchlumpfenburger · 13/08/2020 21:11

@MoaningMinniee

Going against the grain... I don't use WhatsApp normally, and if someone told me some info had to be sent in a timeframe and I couldn't find any other way of sending it I might be driven to use it, just to get the job done and off my schedule so I could get home, especially if I was on the sort of shit terms conditions and payscale that most care workers are on.
well you wouldn't do it many times. The first time would get you a written warning and the second would get you fired in our trust.

OP, the appropriate people to report it to in England would be to the caldicott guardian and the ICO. I'm not sure if it's the same in Wales.

Original poster
NameChanger43 · 13/08/2020 21:12

Thank you everyone for your replies there have been some really helpful as well as informative ones. Im terrified next time I'm in work now everyone will know that someone has posted about it and will think its me, completely irrational I know! I also want to reiterate that in no way do I want anyone to lose their job at all, I'm sure many of us have made huge or silly mistakes in our jobs (granted not to do with people's lives). I wanted an outsiders view on it as I really wasn't sure if it was alright to do as no-one replied or said anything. I haven't reported it today as I only saw it this evening but i will try to give myself some courage.

OP posts:
InFiveMins · 13/08/2020 21:13

OP, by reporting it someone is probably going to lose their job. They made a mistake, we all do sometimes.

TeddyIsaHe · 13/08/2020 21:18

@InFiveMins

OP, by reporting it someone is probably going to lose their job. They made a mistake, we all do sometimes.
Fucking hell. Private, personal data being shared to 50+ people is not a mistake that you can just shrug off. Clearly you don’t understand working with confidential information in the slightest.

This needs to be reported to CQC(or equivalent) and as a GDPR breach so that it can never happen again.

Iliketeaagain · 13/08/2020 21:20

I read your OP and it made me feel a bit queasy at the thought of having to investigate an incident like that.

It's one thing to have a send to all message saying "Mrs AB's care plan has been updated, please make sure you're aware of it before you visit", but an entirely different thing to have all that patient identifiable information shared with 50 people who may not need to know.

If someone I work with sends patient identifiable information to one person incorrectly, or to the wrong printer for example, it would be an incident reported and investigated. If someone did it again, it would probably end up in an informal warning.

Please make sure you report it, anonymously if need be. Although you should absolutely not get in trouble for raising concerns, but I can see why you might be worried about that.

silverPersephone · 13/08/2020 21:20

This is gross misconduct with data and a gdpr breach not just a mistake..... sorry but the person deserves a warning as a minimum.

fascinated · 13/08/2020 21:20

@InFiveMins

what do you intend to get out of this, OP? Someone to lose their job?
Why would you immediately jump to that conclusion?

It’s ok to just care about the rules being respected. Seems fewer and fewer people do nowadays.

ComeOnBabyPopMyBubble · 13/08/2020 21:22

@InFiveMins

OP, by reporting it someone is probably going to lose their job. They made a mistake, we all do sometimes.
Then that's on the care home managers not OP. This can be fixed with a meeting, possibly a warning more training and concrete protocols and rules over WhatsApp use.

If they take the easy way out and just fire that person , then that's on them.

It doesn't make what this person did and it could create a precedent for it happening again and again.

OverUnderSidewaysDown · 13/08/2020 21:32

InFiveMins stop being a goady fucker.

LibrariesGiveUsPower · 13/08/2020 21:33

That’s a enormous breach. Report to ICO and governing bodies.

Bargebill19 · 13/08/2020 21:48

Good for you reporting. Definitely a breach.

cdtaylornats · 13/08/2020 21:49

What makes you think WhatsApp isn't secure. It uses end-to-end encryption which makes it one of the most secure messaging systems.

TeddyIsaHe · 13/08/2020 21:50

@cdtaylornats

What makes you think WhatsApp isn't secure. It uses end-to-end encryption which makes it one of the most secure messaging systems.
Because the WhatsApp group was made up of 50 people, most of which had no clearance to see a care plan.
chomalungma · 13/08/2020 21:53

What makes you think WhatsApp isn't secure. It uses end-to-end encryption which makes it one of the most secure messaging systems

It's secure.

But...do 50 people need to see it?
Is there an issue with 50 people being able to download such a document no doubt on to many personal phones?

Plus the more specific issues of where is the data being stored (outside of the EU / UK)

Then there's the GDPR aspects of the specific details and sensitive personal data being shared - that should be shared with only those who need to know.

So yes, it's secure. But that's not the point.

CornishTiger · 13/08/2020 21:57

I have had to do something similar but did it in a direct to person concerned and then my manager.

I was way below the person who breached GDPR and was astonished they would be so ignorant in their role of what they had done.

What the consequences for their actions aren’t your concern but as a minimum I’d expect retraining and a warning. Plus tightening up of policies.

chomalungma · 13/08/2020 22:00

Mind you - from what I understand - a lot of NHS professionals (and no doubt other professionals in other areas) use WhatsApp to share personal data as it's easy and quick to do.

So this person is not the only one doing this

www.mobihealthnews.com/content/whatsapp-use-nhs-‘privacy-and-clinical-safety-timebomb’

esearch at St George’s University Hospital NHS Foundation Trust has found the use of WhatsApp in the NHS to be “a privacy and clinical safety timebomb”, according to a press announcement.
A soon-to-be published study of 77 staff members in the trauma and orthopaedics department revealed that 87 percent of staff used smartphone apps to discuss patient cases at work, despite 56 percent not being sure whether the information was secure.

TeddyIsaHe · 13/08/2020 22:00

Well, if the care home in question is found to have breached GDPR, lack of training etc then there will be big fines as well.

I’m stunned at how many people don’t understand how important confidentiality actually is, and how seriously it is taken. For a care home to be found not adhering to confidentiality procedures it will be more than a warning and retraining.

chomalungma · 13/08/2020 22:07

Well, if the care home in question is found to have breached GDPR, lack of training etc then there will be big fines as well

Not necessarily.

Even though there are potentially big fines, I don't think the ICO have done any large ones for similar breaches.

They've not really prosecuted many companies compared to the number of breaches that get reported.

ico.org.uk/action-weve-taken/enforcement/

Throckmorton · 13/08/2020 22:14

Thank you @NameChanger43 for reporting this - it's a hard thing to do, but absolutely the right thing. That poor poor woman having her detailed shared like that.

Ginger1982 · 13/08/2020 22:37

@InFiveMins

OP, by reporting it someone is probably going to lose their job. They made a mistake, we all do sometimes.
What is wrong with you?
FlamingoAndJohn · 13/08/2020 22:45

WhatsApp is owned by Facebook.
I don’t trust it at all and don’t use it.
Signal is much better and very much more secure.

But no matter what system you are using this shouldn’t be sent to all those people.

GrolliffetheDragon · 14/08/2020 00:18

WhatsApp is considered really quite secure

Yes, but do all 50 people have a password protected, encrypted phone?

We're not allowed to have any personal data of service users on laptops that are taken out of the office, and we're not allowed to use a phone for work unless it has a password and is encrypted.

diddl · 14/08/2020 07:17

@InFiveMins

OP, by reporting it someone is probably going to lose their job. They made a mistake, we all do sometimes.
Well if that would be the end result, which I doubt, that's just too bad for them isn't it?

Is there no concern for the new resident?