WhatsApp guidelines – what guidelines? A literature review

Abstract

Introduction

Instant messaging (IM) is pervasive in modern society, including healthcare. WhatsApp, the most cited IM application in healthcare, is used to share sensitive patient information between clinicians. Its use raises legal, regulatory and ethical concerns. Are there guidelines for the clinical use of WhatsApp? Can generic guidelines be developed for the use of IM, for one-to-one and one-to-many healthcare professional communication using WhatsApp as an example?

Aim

We aimed to investigate if there are guidelines for using WhatsApp in clinical practice.

Method

Nine electronic databases were searched in January 2019 for articles on WhatsApp in clinical service. Inclusion criteria: paper was in English, reported on WhatsApp use or potential use in clinical practice, addressed legal, regulatory or ethical issues and presented some form of guideline or guidance for WhatsApp use.

Results

In total, 590 unique articles were found and 167 titles and abstracts met the inclusion criteria. Twenty-one articles identified the need for general guidelines. Twelve articles provided some form of guidance for using WhatsApp. Issues addressed were confidentiality, identification and privacy (eight articles), security (seven), record keeping (four) and storage (three). Mandatory national guidelines for the use of IM for patient-sensitive information do not appear to exist, only advisories that counsel against its use.

Conclusion

The literature showed clinicians use IM because of its simplicity, timeliness and cost effectiveness. No suitable guidelines exist. Generic guidelines are required for the use of IM for healthcare delivery which can be adapted to local circumstance and messaging service used.

Keywords

WhatsApp guidelines literature review telemedicine instant messaging

Introduction

The mobile phone has become an integral part of everyday life and instant messaging (IM) is replacing conventional voice calls. Although not designed for health-related needs, IM applications (apps) are used in clinical departments and disciplines throughout the world to assist in the delivery of patient-related information and healthcare information through one-to-one communication and one-to-many chat groups.^1–5 Clinicians have independently discovered that they can use their favourite IM app to send text messages to colleagues to seek or give clinical advice, supplemented with images, video, or audio recordings made using their phone.²^,⁶

This is counter to current conviction about how to implement scalable and sustainable telemedicine services.²^,⁷ No needs or eHealth readiness assessment is undertaken, no business or change management plan formulated, no new software has to be installed, no training is required, and typically there is no budget. And yet clinical use of IM grows. Clinicians have found a simple solution to their specific needs that has not been imposed on them by some authority.² This ‘backdoor adoption’ occurs because of familiarity, ease of use, and utility of the solution. However, its informality and spontaneity are associated with lack of policy and guidelines, and often in contravention of institutional IT governance rules.⁸ Sharing sensitive patient information by IM raises legal, regulatory and ethical concerns. These include consent, confidentiality, privacy, data security, data storage, record keeping, authentication, identification, encryption, liability and phone stewardship.⁶

WhatsApp is the most widely used IM app in the world with over 1.5 billion active users participating in 1 billion groups,⁹ and sending 65 billion messages a day.¹⁰ Given its prevalent use in clinical services, how have existing clinical services using WhatsApp addressed these legal, regulatory and ethical issues? What obligatory (binding) guidelines or informal guidance exist for its use for one-to-one communication and group chats in clinical practice, and can these be used to develop generic guidelines for IM?

This study undertook a scoping literature review to determine if there are existing guidelines or guidance for the use of WhatsApp in clinical practice and to determine which of the identified legal, regulatory and ethical issues have been addressed and how.

Methods

In February 2019, nine databases were searched for articles on WhatsApp use in clinical practice; PubMed, Scopus, Science Direct and six databases within EbscoHost - CINAHL with full text, Health Source Nursing/academic edition, Index to legal periodicals, PsycARTICLES, PsycINFO and MEDLINE. The search term used for PubMed was “WhatsApp” [All fields] and for the other databases ((“WhatsApp”) AND (“telemedicine” OR “telehealth” OR “eHealth” OR “e-Health” OR “mhealth” OR “m-Health”)) All fields. The search strategies differed because PubMed is restricted to biomedical-related resources.

Inclusion criteria were: paper was in English, reported on WhatsApp use in clinical services or its potential for clinical use, and addressed legal or ethical issues. Articles were then reviewed for evidence of some form of guideline on WhatsApp use. Book chapters, conference proceedings that were not full length papers, and articles on the use of WhatsApp for behaviour change, education, appointment reminders or medication adherence were excluded. All decisions on inclusion and exclusion were made by consensus of all authors.

The following data were extracted from the reviewed articles: year of publication, year in which the WhatsApp service began, country of use, one-to-one or group communication, patient communication, and legal and ethical issues.

Results

Of 817 resources identified 33 met the inclusion criteria, with 21 identifying the need for guidelines and 12 providing evidence of specific ‘guidance’, for example guidelines, rules or similar terms regarding the use of WhatsApp (Figure 1).

Figure 1.

PRISMA diagram of the search process.

No paper presented obligatory guidelines for WhatsApp use, although 12 articles referred to some form of ‘guidance’ in using WhatsApp. This included rules,^11–13 advice,¹⁴ a directive,¹⁵ a protocol,¹⁶ conditions to be met,¹⁷^,¹⁸ and reminders on proper use of WhatsApp within a group.¹⁹ Three reported following existing (but unstated) guidelines: a generic statement,²⁰ a recommendation to follow guidelines of a governing body and local hospital regarding patient information,²¹ or guidelines for clinical photography.¹ Generally guidance was limited to a few issues in each paper. Issues not included in a specific guidance but raised in a paper providing guidance are included in this review. All but one²⁰ of the 12 articles providing guidance referred to chat groups.

The articles came from 10 countries, six each from the developed¹^,¹²^,¹⁵^,¹⁷^,¹⁸^,²¹ and developing world,¹¹^,¹³^,¹⁴^,¹⁶^,¹⁹^,²⁰ were published between 2015 and 2019, reporting services started between 2012 and 2017.

Confidentiality and privacy

Confidentiality and privacy were addressed in six guidances through anonymisation or de-identification of patient information, which varied by degree.^11–13^,¹⁵^,¹⁷^,¹⁸ When sharing pathology images it was proposed to gain consent when posting full facial photographs, and not give the exact age of the patient, or the region or side of the body.¹¹ Other guidance stated: it was ‘forbidden to share patient’s identity’;¹³ that no message should contain patient ‘identifiers of any kind’;¹² ‘patient identifiable data were [to be] omitted’ but ‘the patient’s initials and a brief clinical description allowed team members to identify the subject without breaking confidentiality’;¹⁷^,¹⁸ and ‘transferring only unidentifiable information’ was permitted.¹⁵ Alternatively, although not in a guidance, ‘to address confidentiality we take separate informed consent for all our patients’.²² A laboratory service felt that confidentiality and privacy was not compromised in any way when using WhatsApp, but as an additional precaution people were removed from the WhatsApp group when they left the department.¹⁴ Having a safe and secure Internet connection was felt to ensure confidentiality,¹⁷^,¹⁸ and privacy was maintained by an unstated ‘unequivocal protocol and strict code of conduct’.¹⁶

Record keeping and data storage

Record keeping is an integral part of clinical practice and a legal requirement in many countries, and record keeping and data storage are linked. Although no guidance addressed record keeping, the need for keeping ‘meticulous’²⁰ and ‘contemporaneous’¹⁸ documentation when using WhatsApp was noted. Two services reported downloading WhatsApp chats in hardcopy format, with the chats deleted from the users’ phones at the end of the working week.¹⁷^,¹⁸ A service, which prohibited sharing of patients’ identities, reported printing and storing communications at regular intervals.¹³ In another, while all images usually remained on the ‘on-call’ smartphone, some were backed up to departmental computers and the advantage of possible ‘easy and immediate storage of data onto cloud services’ was noted.¹⁶ Data were also deleted from the users’ phones when ‘no longer needed’¹⁵ or after the clinical scenario was ‘addressed’, which was felt to be in keeping with unstated guidelines for maintaining patient confidentiality and privacy.²⁰ A laboratory service left chat deletion to the user’s discretion.¹⁴ The ability to post WhatsApp chats as emails was noted, but its use was not reported.¹²

Security and phone stewardship

Security relates to the safe keeping of stored data, data transmission and phone stewardship. No guidance addressed these. Cell phone stewardship refers to careful and responsible management of the cell phone and its contents.²³ Aspects dealt with were limiting phone access by not sharing a phone¹⁵ and through the use of passwords and pin numbers,¹¹^,¹⁴^,¹⁶ image and message deletion,¹⁴^,¹⁵^,¹⁷^,¹⁸^,²⁰ and ensuring secure data transmission.¹⁷^,¹⁸ As WhatsApp has been end-to-end encrypted since April 2016 the requirement of using a secured wireless network¹⁷^,¹⁸ has become redundant. End-to-end encryption was considered sufficient to obviate the need for application locking or other security methods.¹² No paper addressed the security provision of being able to remotely delete data from a mislaid or stolen phone.

International service

Four articles reported international use of WhatsApp but no guidance was provided for this. A maternal-foetal medicine group in Canada exchanged messages between 14 countries for advice on specific patient management, sharing clinical experiences and educational material, with the requirement that patient information be de-identified.¹² A neurosurgery group in India providing services in the Asian subcontinent and Africa required phone password protection,¹⁶ and a laboratory service in India advised password protection.¹⁴ A burns service in South Africa removed all communications and images once the case was resolved in accordance with existing but unstated guidelines.²⁰ No paper commented on the possible legal requirement of licensure or jurisdiction.

Consent

Guidance on consent was provided in three articles; one was a clinical trial¹⁷ and two required consent for photography.¹¹^,²² Five articles addressed consent which was written and informed in a clinical trial,¹⁷ verbal²⁰ and obtained ‘where possible’ or ‘implicit’.¹⁶ Some did not see consent as a major obstacle,¹⁶ and sharing images for ‘discussion for educational purposes’ was considered legally and ethically acceptable even without consent.¹¹ One report noted that consent was often not obtained, and that while there was an understanding of the requirement of consent for clinical photography there was confusion over what consent was required and whether consent should be recorded in the patient notes.¹

Authentication

No paper reported authentication but the need for it was identified.¹ Several articles implied that being part of a designated chat group was a form of security and ensured privacy, and inferred authentication as the group members were known.¹¹^,¹²^,¹⁶^,¹⁷ Inadvertently sending a message to someone outside the group was seen as a risk of IM.¹⁴

Legal, regulatory and ethical

While possible ethical issues about privacy exist, it was felt that ‘ethical and legal risks’ would not apply if the group was restricted¹² or if password protection was used,¹¹ but that there was potential legal risk if erroneous advice was offered.¹¹^,²⁰ In a survey of practitioners referring patients to a burn service no ethical concerns were raised.²⁰ New privacy laws in the European Union and Australia, that require information acquired from a patient to only be used for the purposes for which consent was originally given, were noted.¹

Miscellaneous

Patient-to-doctor communication was identified in one service but not in a guidance.¹⁶

Discussion

The World Medical Association (WMA) recently provided generic guidance regarding mhealth, which includes use of IM apps. While noting the potential of mhealth and encouraging its appropriate and selective use, the WMA also notes the need for a clear legal framework, and ‘Sufficient policies and safeguards to regulate and secure the collection, storage, protection and processing of data of mHealth users, especially health data’.²⁴

No guidelines for the use of WhatsApp in clinical practice were identified, although 12 articles presented some form of ‘guidance’. Guidances were narrow in focus and limited in scope, addressing only local circumstance, not national needs. At best, guidances showed an understanding of the need to provide some advice on WhatsApp use to protect the patient and physician.

Some guidance was well intentioned but impractical. De-identification or anonymisation of patient information was used, but clinicians still need to know to whom the information they receive refers.²⁵^,²⁶ Work-arounds used included minimising identifiers,²⁷ using patient’s initials,¹⁸ and identifying patients by medical record numbers, ward, bed number,²⁸ procedure and specialist, date of surgery and place on the operating list.²⁶^,²⁹^,³⁰ These defeat the purpose of de-identification.

Positive patient identification is a fundamental of good and safe healthcare. Even so, patient identification is not infallible, and de-identification renders incorporation of chat messages into an electronic or paper medical record difficult or impossible. Some reports assumed that contemporaneous notes are being made in the patient’s record,¹⁸ but what record does the referring doctor keep, other than the chat message on their phone, which some guidances require they delete?¹⁴^,¹⁷^,¹⁸^,²⁰ No paper addressed the issue of how to link de-identified or anonymised messages and chats to patient records, but two reported keeping hardcopy records of the chats.¹⁷^,¹⁸ In services that do not de-identify patient information the chat messages could be considered a medical record³¹ with attendant responsibilities. WhatsApp has the facility for chats and associated images to be forwarded by email.¹² Chats could be sent to a secure server for incorporation into a medical record but this was not reported and should be considered when a unique patient identifier is available. The storage of recently introduced WhatsApp voice messages adds a new layer of complexity.

Record keeping is a legal requirement in many countries. At issue is whether the WhatsApp transmission should be transferred and stored electronically or as a paper record, and whether the information stored on the users’ phones constitutes a record, requiring its preservation and the practice of good cell phone stewardship.

Autonomy and consent are foundations of medical ethics. Guidance on consent was limited.¹¹^,¹⁷^,²² Consent for WhatsApp use should ideally cover use of the application, data acquisition such as a photograph, its transmission, information about who will receive it, its storage on the sender’s and receivers’ phones,⁶ and in terms of recent privacy laws and regulations such as the General Data Protection Regulation in the European Union, an explanation of how it will be used and by whom.¹ The form in which consent should be obtained, and whether or how it should be recorded, was not addressed. A lax approach to consent may be common practice, with 97% of doctors in one survey sending patient information without consent.³²

International consultation was reported,¹²^,¹⁴^,¹⁶^,²⁰ but no guidance was provided and no paper commented on licensure, liability or jurisdictional issues. The legal concern of transmission of data via servers located in another country was not addressed.

No obligatory national guidelines (only guidances) for the use of WhatsApp or IM were found, and in their absence it is presumed that guidelines for the ethical practice of telemedicine pertain. IM is a form of store-and-forward telemedicine not envisaged when most guidelines were developed. The WMA Statement on Mobile Health states that physicians ‘should heed the ethical guidelines set out in the WMA Statement on the Guiding Principles for the Use of TeleHealth for the Provision of Health Care’.²⁴ After initially banning IM use, the National Health Service in England has recently issued guidance in the form of 15 ‘do’s and don’ts’ on using IM and its use in acute clinical settings (emergencies).³³ In Ireland, the Health Service Executive’s current policy prohibits the use of IM for transmission of patient data but the near ubiquitous use of WhatsApp is acknowledged.³ There have been calls for a WhatsApp-like IM app for medical communication,²⁵ and several countries are investigating standards to enable secure messaging.³⁴ Alternatives such as Siilo, Trillian, MedX, MyBeebR, and Vula exist, but their uptake has been limited, probably because of the ubiquity, utility and familiarity of WhatsApp.

Conclusion

No established or published obligatory guidelines specifically for the use of WhatsApp or IM were found. The literature reflects clinicians’ understanding of the need for advice on how to use WhatsApp in an ethical, regulated and legal manner, and the guidances found reflect the fledgling attempts by clinicians to protect themselves and their patients. These, and existing telemedicine-related guidelines, could be used as a starting point from which to develop obligatory generic guidelines for IM. Further, health authorities see the benefit of this simple solution and have softened their approach to it by providing advice and attempting to find other IM solutions that avoid some of the shortcomings of WhatsApp. Given the devolution or evolution of responsibility for morally and ethically appropriate use of IM to the level of healthcare practitioners, the development of IM-specific guidelines reflecting and relevant to each national setting is urgently required.

Footnotes

Declaration of Conflicting Interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: Research reported in this publication was supported by the Fogarty International Centre of the National Institutes of Health under Award Number D43TW007004-13. The content is solely the responsibility of the authors and does not necessarily represent the official views of the National Institutes of Health.

References

Nikolic

Wickramasinghe

Claydon-Platt

, et al. The use of communication apps by medical staff in the Australian health care system: Survey study on prevalence and use. JMIR Med Inform. 2018; 6(1): e9.

Mars

Scott

RE.

Being spontaneous: the future of telehealth implementation?

Telemed J E Health 2017; 23(9): 766–772.

The Medical Independent. HSE planning to introduce new instant messaging service. https://www.medicalindependent.ie/hse-planning-to-introduce-new-instant-messaging-service/ (2018, accessed 17 July 2019).

Natarajan

Nair

Outsmarted by the smartphone!

Indian J Ophthalmol 2015; 63(10): 757–758.

Hyder

Hatton

Tolley

, et al. What’s wrong with WhatsApp? BMJ Innov 2019 June 17.

Mars

Scott

RE.

WhatsApp in clinical practice: A literature review.

Stud Health Technol Inform 2016; 231: 82–90.

Momentum. Eighteen critical success factors for deploying telemedicine, http://telemedicine-momentumeu/wp-content/uploads/2014/05/Momentum_CSFs_v01_6may2014pdf. (2015, accessed 17 July 2019).

De Benedictis

Lettieri

Masella

, et al. WhatsApp in hospital? An empirical investigation of individual and organizational determinants to use. PloS One 2019; 14(1): e0209873.

99Firms.com. WhatsApp 2019: Stats and Facts, https://99firms.com/blog/whatsapp-statistics/ (2019, accessed 17 July 2019).

10.

Al-Heeti

WhatsApp: 65B messages sent each day, and more than 2B minutes of calls. https://www.cnet.com/news/whatsapp-65-billion-messages-sent-each-day-and-more-than-2-billion-minutes-of-calls/CNet, (2019, accessed 17 July 2019).

11.

Bennani

Sekal

Usefulness of WhatsApp for discussing difficult cases in pathology practice: A Moroccan experience.

Turk Patoloji Derg 2019; 35(2).

12.

Carmona

Alayed

Al-Ibrahim

, et al. Realizing the potential of real-time clinical collaboration in maternal-fetal and obstetric medicine through WhatsApp. Obstet Med 2018; 11(2): 83–89.

13.

Eksert

Asik

Akay

, et al. Efficiency of instant messaging applications in coordination of emergency calls for combat injuries: A pilot study. Ulus Travma Acil Cerrahi Derg 2017; 23(3): 207–211.

14.

Dorwal

Sachdev

Gautam

, et al. Role of WhatsApp Messenger in the laboratory management system: A boon to communication. J Med Syst 2016; 40(1): 14.

15.

Siegal

Dagan

Wolf

, et al. Medical information exchange: Pattern of global mobile messenger usage among otolaryngologists. Otolaryngol Head Neck Surg 2016; 155(5): 753–757.

16.

Joshi

Murali-Krishnan

Patankar

, et al. Neurosurgical referral service using smartphone client WhatsApp: Preliminary study at a tertiary referral neurosurgical unit. Br J Neurosurg 2018; 32(5): 553–557.

17.

Nardo

Cannistra

Diaco

, et al. Optimizing patient surgical management using WhatsApp application in the Italian healthcare system. Telemed J E Health 2016; 22(9): 718–725.

18.

Johnston

King

Arora

, et al. Smartphones let surgeons know WhatsApp: An analysis of communication in emergency surgical teams. Am J Surg 2015; 209(1): 45–51.

19.

Amani

Nansseu

Mah

, et al. Use of a social media network to reduce early neonatal mortality: A preliminary report from a quality improvement project in Yaounde, Cameroon. Matern Health Neonatol Perinatol 2017; 3(1): 26.

20.

Martinez

Rogers

Numanoglu

, et al. The value of WhatsApp communication in paediatric burn care. Burns 2018; 44(4): 947–955.

21.

Miller

Beaumont

McGrath

Is it now safe to use WhatsApp for clinical messaging?

Am J Surg 2016; 212(5): 1032–1033.

22.

Tazegul

Bozoglan

Ogut

, et al. A clinician’s artificial organ? Instant messaging applications in medical care. Int J Artif Organs 2017; 40(9): 477–480.

23.

Mars

Morris

Scott

RE.

Selfie telemedicine-what are the legal and regulatory issues?

Stud Health Technol Inform 2018; 254: 53–62.

24.

World Medical Association. WMA statement on mobile health, https://www.wma.net/policies-post/wma-statement-on-mobile-health/ (2015, accessed 17 July 2019).

25.

Thomas

Wanted: A WhatsApp alternative for clinicians.

BMJ 2018; 360: k622.

26.

Wani

Rabah

Alfadil

, et al. Efficacy of communication amongst staff members at plastic and reconstructive surgery section using smartphone and mobile WhatsApp. Indian J Plast Surg 2013; 46(3): 502–505.

27.

Gulacti

Lok

Comparison of secure messaging application (WhatsApp) and standard telephone usage for consultations on Length of Stay in the ED. A prospective randomized controlled study.

Appl Clin Inform. 2017; 8(3): 742–753.

28.

Ellanti

Moriarty

Coughlan

, et al. The Use of WhatsApp Smartphone messaging improves communication efficiency within an orthopaedic surgery team. Cureus 2017; 9(2): e1040.

29.

Choudhari

Study on effectiveness of communication amongst members at department of orthopedics surgery unit 3 using smartphone and mobile WhatsApp.

Int Surg J 2016; 1(1): 9–12.

30.

Fernández-Valencia

Salas

Egea

, et al. WhatsApp messenger for surgical team coordination. Initial experience of a hip team in a third level hospital. Int J Adv Jt Reconstr 2015; 2(1): 23–26.

31.

Chan

Leung

AY.

Use of social network sites for communication among health professionals: Systematic review.

J Med Internet Res 2018; 20(3): e117.

32.

O’Sullivan

O’Connor

, et al. WhatsApp Doc? BMJ Innov 2017; 3(4): 238–239.

33.

Crouch

Information governance considerations for staff on the use of instant messaging software in acute clinical settings. Digitalhealth, https://www.digitalhealth.net/2018/03/information-governance-alliance-guidelines-instant-messaging-use/ (2018, accessed 17 July 2019).

34.

Mistry

Information governance considerations for staff on the use of instant messaging software in acute clinical settings. NHS Digital, https://digital.nhs.uk/data-and-information/looking-after-information/data-security-and-information-governance/information-governance-alliance-iga/information-governance-resources/information-governance-and-technology-resources (2018, accessed 17 July 2019).

35.

Australian Digital Health Agency. National Digital Health Strategy. Secure Messaging, https://conversation.digitalhealth.gov.au/secure-messaging (2019, accessed 17 July 2019).