top of page
Writer's pictureSteve Quenette

UK commissioner reprimands NHS Lanarkshire for sharing patient data via WhatsApp

Here is an excellent example of the innovator’s dilemma - the complexities of #socialconsciousness driving better #technologygovernance & #datagovernance in an environment desiring #speed and #agility. It’s a pattern we see all the time!


A UK commissioner recently reprimanded NHS Lanarkshire (the national health service operating in a Scottish county) following the unauthorised use of #WhatsApp by 26 staff to share patients’ personal data over 500 times in two years. What’s the story?


NHS Lanarkshire made limited use of WhatsApp available to staff as an environmental measure to increase speed and agility in response to the pandemic (working remotely, issues with IT systems, staff workload, etc). It seems the #cultural adoption of WhatsApp was too successful, such that not only did staff choose to use it for communicating patients’ #personaldata (especially images), but they also continued to do so well after the emergency of the pandemic. And then, a non-staff member was also added to the WhatsApp group in error, resulting in the inappropriate disclosure of personal information to an unauthorised individual. A clear break in public trust!


The reprimand recognises the complexity, highlighting poor communication and training in data governance and WhatsApp as the root cause. However, it first points out NHS Lanarkshire’s insufficient balance in #risk assessment. Our read is it relied on staff behaviour to mitigate the open nature of the tool, seemingly without consummate measures in place. It’s not necessarily about saying no, but what it takes to say yes.


Steve Quenette and Brent Valle - headline image to article
ICO reprimands NHS Lanarkshire for sharing patient data via WhatsApp - ico.org.uk (image from NHS Lanarkshire)

bottom of page