This document discusses the use of messaging apps like WhatsApp in radiology. It notes that while messaging apps allow for quick sharing of images and information, using unsecure apps like WhatsApp to share patient medical information poses privacy and compliance risks. The document reviews surveys finding increasing use of messaging apps by doctors, outlines legal and ethical concerns around privacy and security, and discusses the GDPR and HIPAA compliance of WhatsApp. It concludes by advocating for the use of secure, dedicated medical messaging apps that comply with regulations and protect patient information.

1. What’s in WhatsApp for radiologists?
Erik Ranschaert, MD, PhD
ETZ Hospital, Netherlands

2. Disclosure
• CMO Diagnose.me
• Advisor MedicalPHIT
E R Ranschaert, RSNA 2018

3. Objectives
• After this lecture you should know more about:
1. The secure use of messaging services in
medicine and radiology
2. The ethical and legal issues involved in using
messaging services for medical purposes
E R Ranschaert, RSNA 2018

4. Messaging apps
• Real-time transmission of
information
• Possible to have group-
chats
• Possible to exchange
pictures, video,
documents, sound
recordings
Statista, 2018
E R Ranschaert, RSNA 2018

5. Messaging apps

6. WhatsApp in the Netherlands
• Albert Schweitzer Hospital,
Dordrecht, Netherlands
• Online survey, 86 participants
• Types of images sent:
– Chest Xray
– Skin, wound,…
E R Ranschaert, RSNA 2018
Increasing number of specialists
is using WhatsApp
GUIDELINES NEEDED FOR USING MODERN COMMUNICATION TECHNIQUES

7. Communication in the Albert Schweitzer Hospital
E-MAIL 84% sends data by e-mail
• Including patient’s name
• Including picture of patient
83%
45%
WHATSAPP 40% sends data by WhatsApp
• Including patient’s name
• Including picture of patient
33%
62%
PRIVATE PHONE 44% has PHI on own smartphone
HCP OPINION E-mail is the right medium
WhatsApp is the right medium
Guidelines are needed for communication
45%
22%
32%
E R Ranschaert, RSNA 2018
Usage of communication tools by medical specialists of the AS Hospital.
34 % of 252 medical specialists completed the survey (2015)
Medisch Contact, 26 November 2015

8. UK Survey 2015
• UK Survey, n = 2107 doctors
– Nearly 100% owns a smartphone
– 75% owns a tablet
• ¾ owns iPhone, ¼ Android-based handset
• 90% of doctors is using medical apps in clinical
practice.
E R Ranschaert, RSNA 2018
BMJ Innovations 2015;1:174-181.

9. Demand for messaging apps
• Large proportions of doctors are using messaging services
to convey patient-related clinical information to colleagues
• Growing demand for medical apps enabling to perform
work-related tasks more efficiently.
• 72% of doctors expressed a desire for a secure messaging
app to allow transmission of patient-related information to
colleagues in a secure way
E R Ranschaert, RSNA 2018
BMJ Innovations 2015;1:174-181.

10. Percentage of staff using various features of their smartphones to help them to perform their clinical
duties.
Mohammad H Mobasheri et al. BMJ Innov 2015;1:174-181Copyright © BMJ Publishing Group Ltd & British Cardiovascular Society. All rights reserved.

11. Percentages of doctors and nurses sending patient-related clinical information over their smartphones
using various messaging modalities.
Mohammad H Mobasheri et al. BMJ Innov 2015;1:174-181Copyright © BMJ Publishing Group Ltd & British Cardiovascular Society. All rights reserved.
“...e.g. to send a
photograph of a
wound or X-ray to a
colleague for an
opinion.”
E R Ranschaert, RSNA 2018

12. Reasons for this demand
• Provision of optimal care to patients
– easy and fast (efficient) sharing of data
– access to most actual information
• Most hospitals systems do not support
this type of efficient communication
• Hospital infrastructure is not adapted
yet to the paradigm shift of sharing
data, as we are used to in daily life
E R Ranschaert, RSNA 2018

13. Advantages of smartphone communication
• Overcomes inefficient communication
barriers among physicians in and outside
the hospital
• Facilitates collaboration
– Quick decision making
– Referrals of higher quality
• Allows less-experienced team members
to seek help
• Inspires camaraderie
https://www.theguardian.com/healthcare-network/views-from-the-nhs-frontline/2017/jun/05/should-doctors-use-whatsapp-to-bypass-archaic-nhs-tech
E R Ranschaert, RSNA 2018

14. Security risks
1. Transmission is not secure enough.
2. Information might contain highly sensitive and
confidential patient information
– Can be stored on device
– Handsets can be lost / stolen / hacked
– Messages can be viewed by unauthorised users
E R Ranschaert, RSNA 2018

15. More security risks
3. Messaging can create an unnecessary delay
– Information not read by recipient in tsunami of other messages
– Authorisation of recipient not guaranteed
– Does not replace professional conversation
4. It’s inappropriate towards the patient
– No guaranteed protection of information
– Only in real emergency cases benefit might overweigh risk
E R Ranschaert, RSNA 2018
http://blogs.bmj.com/bmj/2017/11/14/sadie-mullin-instant-messaging-in-the-workplace-is-no-substitute-for-a-professional-conversation/

16. Ethical concerns
• Security and Privacy
• Main ethical concern = hacking of mobile devices and
applications used on them
• Basic principle: do not harm patients
• Guidelines need to be refined
E R Ranschaert, RSNA 2018 16

17. Golden Rule
“If you would like to discuss
a patient case via social media,
then the patient should thereby remain anonymous
or the patient must have given
explicit consent.”
Hooghiemstra TF, Nouwt S. Een juridische blik op trends in e-Health. Ned Tijdschr Geneeskd 2014;158:A8423.

18. ACR perspective
• “It’s the responsibility of
the radiologist to securely
and effectively utilize
mobile technology in the
best interests of patient
care.”
E R Ranschaert, RSNA 2018
http://www.acr.org/Advocacy/Informatics/IT-Reference-Guide

19. ESR perspective
• ESR paper on the proper use of mobile devices in
radiology
– Mobile devices are currently not recommended as tools for
primary interpretation of radiologic studies.
– The use of mobile devices for image and data transmission
carries risks, especially regarding confidentiality, which
must be considered.
ESR paper on the proper use of mobile devices in radiology
https://doi.org/10.1007/s13244-017-0589-7
E R Ranschaert, RSNA 2018

20. How are patient data protected in the
EU vs. US?

21. General Data Protection Regulation
• Came into effect on May 25, 2018.
• 1 single regulation for EU, replaces
patchwork of national laws
• Main purpose: to define and
update the basic rights of data
subjects regarding control of and
access to personal data
• Privacy and security “by design and
by default”

22. GDPR
• Facilitates free flow of patient data (data subjects)
within EU.
• Ensures that personal data can only be gathered
under strict conditions and for legitimate purposes.
• Data controllers have to respect rights of data
subject (e.g. HCP, hospital)
• Cloud provider (data processor) must protect
information it handles and stores on behalf of data
controller (e.g. messaging company)
E R Ranschaert, RSNA 2018
Data subject
Data controller
Data processor

23. • HIPAA only governs protected health information (PHI)
• GDPR concerns EVERY piece of information that can
identify a person, not limited to HC
Governance
• HIPAA does not require consent from patient to release
health data for third parties (e.g. for insurance company)
• GDPR needs explicit consent for any interaction with PHI
other than direct patient care
Consent
HIPAA vs. GDPR

24. GDPR
Key
Elements
Clear Consent
Erasure
(right to be
forgotten)
Rectification
Portability
Notification of
data breach
Demonstration
of Compliance
Data
Protection
Officer (DPO)
Derogations
and exceptions
2
3
4
1
5
6
7

25. GDPR Perspective
• There is no formal
arrangement between
users and messaging
services in respect of
processing and storing
any patient information
• This is a fundamental
requirement under GDPR!
E R Ranschaert, RSNA 2018

26. Is WhatsApp GDPR compliant?
E R Ranschaert, RSNA 2018
GDPR requirement WhatsApp
Protection of patient data, even outside EU WhatsApp refuses to comply, wants to stay
under US laws
✗
Access controls No usernames nor passwords ✗
Audit controls No data backup nor retainment ✗
Permanent erasure Everything stays on WhatsApp servers, out
of control for client
✗
Formal arrangement No formal arrangement between users
and WhatsApp
✗
The service cannot be used to send ePHI
without risking violating GDPR Rules

27. Is WhatsApp HIPAA compliant?
HIPAA requirement WhatsApp
Encryption or equivalent measure End-to-end encryption ✔
Access controls No usernames nor passwords ✗
Audit controls No data backup nor retainment ✗
Permanent erasure Not possible to delete user account ✗
Formal arrangement Not necessary, is mere conduit for
information, « encrypted tunnel »
✔
E R Ranschaert, RSNA 2018
The service cannot be used to send ePHI
without risking violating HIPAA Rules

28. Current situation
• There is an unfulfilled communication need of physicians.
• Hospitals and health systems are lagging behind in uptaking new
communication technologies.
• The advice is clear: do not use WhatsApp to transfer patient
information. Non-compliant with HIPAA nor GDPR.
• Restricting the use of messaging apps is fine but there must be a
viable and low-cost alternative.
• Solution?
E R Ranschaert, RSNA 2018

29. Need for secure apps
• A system that replicates the functionality of
WhatsApp while complying with existing regulations.
• Adaptable smartphone technology that can support
the evolving requirements of clinical practice.
E R Ranschaert, RSNA 2018

30. Dedicated apps
Kanta Tiger Connect
Medic Bleep Forward Health
E R Ranschaert, RSNA 2018

31. Features
• Sharing of pictures, documents, voice recordings,
video’s
• Possible to create PDF documents
• Web-based version
• Integration with PACS, EPD -> image series
• Video-calls
• Creation and sharing of medical cases, separate
from chats
https://www.youtube.com/watch?v=PK9ypnGKx40
E R Ranschaert, RSNA 2018

32. Who is using it?
• Launched in 2016
• 100.000 users, largest in Europe
• +7,5 mio messages/mth
• 6000+ clinical chat groups
• Netherlands: +60% of specialists and GPs
• Used by all layers of HC providers
• Main purpose:
– Collaboration
– Image sharing (surgeons, dermatologists, radiologists)
– Fast decisions (advise)
E R Ranschaert, RSNA 2018

33. Safe and Secure messaging
• End-to-end encryption
• Authorised access/ vetting of users
• PIN-code/Facial recognition
• Messages automatically deleted after 30 days
• Media in “encrypted vault” separate from
other media on smartphone
• Yearly auditing
• Reports available on request
E R Ranschaert, RSNA 2018
Siilo

34. WhatsApp vs. Siilo
E R Ranschaert, RSNA 2018
Legal requirements Siilo WhatsApp
Encryption ✔ ✔
Transparency: what happens with data? ✔ ✗
Access controls ✔ ✗
External audit controls ✔ ✗
Permanent erasure ✔ ✗
Formal arrangement for processing and
storing of PHI (processor agreement)
✔ ✗
GDPR/HIPAA compliant ✔ ✗

35. Radiologists’ experience
• University MC of Utrecht
• Fast and efficient
communication with residents
and referring physicians
• On-call chats, calls and advice,
• Integration with PACS possible
for streaming image series
E R Ranschaert, RSNA 2018
https://www.youtube.com/watch?v=LzNPVmelFpc&feature=youtu.be

36. Conclusions
• It’s the responsibility of the physician (radiologist) to securely
and effectively utilize mobile technology in the best interests of
patient care.
• The existing regulations and legislation should be respected.
• Guidelines and additional training are needed to support the use
of mobile devices and to protect the patient’s privacy & security.
• Sharing medical information with dedicated apps can improve
communication & teamwork, and thus quality of care.
E R Ranschaert, RSNA 2018

37. Erik Ranschaert, MD, PhD
@eranrad
erik.ranschaert@gmail.com
Thank you!