Dr Benjamin Cheah
Recently, we heard about an improvement in Whatsapp security to include end to end encryption using Textsecure. It is only available to Android devices and does not cover group chats and images yet. However, this modality of communication among doctors is rife. Sensitive patient information and images are often transmitted through this medium. The paucity of an alternative forces doctors and health professionals to turn to this app for the solution in easing communication between individuals, despite the apparent security flaws.
As digitization of health and medical records increase, there is a greater need to improve the security of such information. As doctors embrace the concept of mHealth and EHR, digital transmission of patient information is bound to exponentially increase. Stricter guidelines are needed in regulating the transmission of any sort of patient information via the digital platform.
In US, The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was aimed at addressing these issues. Malaysia has recently introduced the Personal Data Protection Act(PDPA) in 2010 , which addresses some of the issues of how data can be transmitted. It is clear that Whatsapp, SMSes and similar modalities contravene these Acts. In fact, emails may not even offer enough security features to fulfill the strict security measures needed to protect personal data.
Indeed , there is little choice apart from direct telephone conversations, to ensure that such data is protected. The digital revolution has enveloped every aspect of our lives making communication via any other modality archaic and inefficient. Unfortunately the current digital environment may not yet be fully ready to support a robust way of communication between health professionals.
In Malaysia, there are several closed groups online involving doctors who use social media platforms to discuss cases, which include patient identifiers. Social media platforms has never been known for their stringent security. It is clear that these platforms would technically also contravene the PDPA.
With everything that seem so familiar to doctors negated, what can they turn to. Until the solutions for doctors are rolled out, the security risk of the usual digital platforms has to be ignored for now. There is no way now to ignore messaging apps or emails or social media platforms. It is these digital platforms that will have to play catch up for once.