Since its launch, WhatsApp has experienced tremendous popularity, boasting over two billion active users that include both consumers and businesses. More recently, WhatsApp has also gained traction within the medical field. This is evident on PubMed, a database of medical literature maintained by the US National Library of Medicine, where a search for trending topics on WhatsApp reveals a steadily increasing number of research papers featuring the popular messaging application.
In 2022 alone, 488 publications referenced the service in their research, and as of the current writing, over 1500 papers have mentioned it in total.
As you delve deeper into the research, you’ll discover some astonishing results. For instance, a 2020 study conducted in Brazil revealed that 97 % of clinicians had installed WhatsApp on their phones. While having the app on their phones may not seem harmful at first, the study confirmed that clinicians utilized the app not only for private communication but also for requesting second opinions and sharing patient data. Another study from 2018 conducted in India found that dentists also engaged in such practices. A staggering 98.52 % of randomly surveyed dentists confirmed that they regularly shared clinical photographs and radiographs via the instant messaging service for second opinions. Undoubtedly, many readers of this article can relate, as the app has also become a part of their daily professional lives.
So, what makes WhatsApp so appealing to dental professionals and other healthcare workers?
One reason is undoubtedly its high user density, which is particularly prevalent in the Western world. WhatsApp has become a staple on many phones regardless of whether you’re using an Android or an iPhone. However, another driving factor is pragmatism and the lack of alternatives available. This is particularly evident among public health providers, who often have outdated infrastructure. In fact, according to Richard Kerr, Chair of the Royal College of Surgeons Commission on the future of Surgery, the NHS in the UK still relies heavily on outdated technologies:
“Alongside innovation like artificial intelligence and robot-assisted surgery, NHS hospital trusts remain stubbornly attached to using archaic fax machines for a significant proportion of their communications. This is ludicrous.”
Using instant messaging services like WhatsApp has become a necessity for many healthcare practitioners, who opt for such platforms over antiquated tools that could potentially delay patient treatment. However, while they have good intentions and want to expedite the treatment process for their patients, practitioners are often unaware of the risks they and their patients face when using such services. In many cases, practitioners use these services out to provide timely and efficient care to their patients by quickly sharing information and coordinating treatments. The same applies to dentist and dental technicians where exchange of treatment instructions and patient pictures is common.
So, why is WhatsApp usage in a medical environment so controversial?
Although messages are secure, there are numerous topics to consider, including regulatory compliance, patient record-keeping, patient consent for data sharing, and anonymization. We will discuss each of these topics in detail to provide a comprehensive overview.
In many countries, patient information can only be used for the purposes for which consent was originally given, which is a common ethical principle. This means that in some cases, it may be a legal or ethical requirement for patients to give specific written informed consent before sensitive information is shared with other healthcare professionals or groups. While many practitioners typically collect general consent for communication, this may not be sufficient according to General Data Protection Regulation (GDPR) standards, which require explicit details on how data is used and transferred. This brings us to WhatsApp. When a user downloads the app, they often unknowingly give Facebook (Meta) access to all contact details stored on their phone, including contacts they don’t use WhatsApp to communicate with, such as patients or even family members. As a result, patients whose information is shared may not be aware of who their information will be shared with and how it will be used, which goes against most data protection laws and regulations.
Compliance with data protection regulations is essential in the medical field. For instance, the EU’s GDPR prohibits the storage of sensitive data of EU citizens on servers located outside the geographic area of the European Community. This means that WhatsApp messages, which are transmitted through servers located in the US, may not comply with a particular country’s data protection regulations. Moreover, these messages may be stored for up to 30 days before delivery, posing a risk to patient confidentiality. Even the EU-US Privacy Shield, a regulation designed to ensure data protection in such cases, was overturned in 2020 by the European Court of Justice, making sending data to the US without explicit consent unlawful. Whatsapp was part of the privacy shield.
In the medical field, some WhatsApp users believe that using the service is acceptable if sensitive patient information is de-identified and anonymized. However, in a clinical setting, confirming the identity of the patient is essential for safe healthcare delivery and the norm. Consider this example: If you were about to undergo surgery and your surgeons received your brain CT scan anonymized alongside scans of five other patients from the radiologist, would you feel comfortable? The same applies to dentistry. How can a dental technician assign patient pictures to the correct patient record or case if they’ve been de-identified? Anonymization may introduce significant operational challenges and pose a potential risk to patient treatment. It also makes it virtually impossible to create a reliable patient record. As a result, retaining the integrity of patient identity is critical to ensuring safe healthcare delivery. Anonymization is, therefore, the opposite of what is needed. This leads us to the next concern, which is record keeping.
Medical professionals have a legal and ethical responsibility to keep patient records and store patient information. For example, the MDR requires dental technicians to store information about cases for many years. While traditional paper-based files were used in the past, electronic patient records have become standard in most countries. The key aspect of keeping patient records is storing all patient information in one place to ensure integrity. Using WhatsApp to share patient pictures and discuss cases creates a duplicate storage, which has to be transferred into the final patient records. However, this is time-consuming and impractical since the messaging service does not support printing chat threads or have a dedicated export function. This can lead to a fragmented record-keeping system, which is not only ineffective but also compromises the accuracy of patient information. It defeats the purpose of being easy and fast to use, and can potentially harm patients if relevant information is not recorded.
Finally, let’s discuss the security aspect of using WhatsApp. Since March 31, 2016, messages sent between WhatsApp users have been protected with end-to-end encryption, which ensures that neither WhatsApp nor Facebook, nor any other third party can read them. This encryption applies to all types of messages, including chats, group chats, images, videos, voice messages, files, and even WhatsApp calls, making it impossible for anyone to intercept or access the information being transmitted. However, even with this level of security, the use of WhatsApp remains non-compliant with GDPR and HIPAA standards.
If patient information is being shared through this instant messaging service, it’s essential to note that the data is stored not only in WhatsApp’s cloud but also on both the sender’s and recipient’s phones. Since the application is not secured with a passcode, the loss or compromise of one phone can potentially expose all sensitive patient data. Even if information is deleted from one’s phone, the same is not necessarily true for the other party’s phone, particularly when shared in a group. Moreover, WhatsApp is linked to phone numbers, which means that account switching like in social media is not possible. As a result, it is common for private and professional chats to intermingle, which increases security risks. A survey of plastic surgeons revealed that 26% of respondents had accidentally shared clinical images with family or friends, underscoring the potential dangers of mixing private and professional communication.
Crownbeam: A WhatsApp alternative for dental professionals
Instant messaging has not only become popular among consumers but also in professional settings, particularly in the medical field. Dentists, dental technicians, and other clinicians require a quick and uncomplicated means to exchange information and patient data. While WhatsApp’s popularity in private life has contributed to its adoption in the medical field, it is important to note that using it for sharing and discussing patient data is unlawful and poses various risks to both clinicians and patients.
An alternative to using consumer instant messaging in the dental field is Crownbeam, a web-based application designed specifically for dental professionals. With Crownbeam, dentists and dental technicians can exchange information and patient data using workflows tailored to dental-specific needs. The application features an intuitive restoration configurator for setting up patient cases, along with the ability to add patient pictures, digital impressions, X-rays, and other relevant data easily. Digital impressions can be viewed, annotated, and integrated directly into a 1-on-1 instant messaging chat with a dental technician, which can be accessed conveniently from a PC, mobile phone, or intraoral scanner. All information is channelled directly into the case records, providing convenient record-keeping. To ensure data security, servers are located within the EU (in Germany), and files are encrypted for added protection.