NHS doctors are using Snapchat to send patient scans to one another, according to a new report that warns it is an “insecure, risky” way of working. A panel of experts, chaired by former Liberal Democrat MP Dr Julian Huppert, said the NHS was letting the digital revolution pass it by, forcing medics to find their own “technical fixes”. The report also revealed that the NHS is the world’s largest purchaser of fax machines, described by the authors as a “dubious title” to hold. The report was commissioned to examine the dealings that DeepMind Health, which is owned by Alphabet, the parent company of Google, has with the NHS. A project between DeepMind and the Royal Free NHS Foundation Trust has recently come under fire.On Monday, the Information Commissioner’s Office (ICO) ruled that the NHS Trust “failed” to comply with data protection law when it provided data on 1.6 million patients to DeepMind. The files were shared as part of a test for an app that can alert doctors to patients who are at risk from kidney injuries. Last year DeepMind commissioned a panel of independent experts to look into its work with the NHS. In their first annual report, the experts highlighted a number of concerns but also commended DeepMind for many elements of its pioneering work.
The panel commissioned a series of independent experts to examine elements of DeepMind’s work – including employing data security analysts. They identified 11 “relatively minor” technical vulnerabilities but overall the panel commended DeepMind Health for its “high level of data security”. They were not so favourable about the NHS, writing: “The digital revolution has largely bypassed the NHS, which, in 2017, still retains the dubious title of being the world’s largest purchaser of fax machines. “Many records are insecure paper based systems which are unwieldy and difficult to use.
“Seeing the difference that technology makes in their own lives, clinicians are already manufacturing their own technical fixes. They may use SnapChat to send scans from one clinician to another or camera apps to record particular details of patient information in a convenient format. “It is difficult to criticise Blogster these individuals, given that this makes their job possible. However, this is clearly an insecure, risky, and non-auditable way of operating, and cannot continue.” The authors also add that the average NHS trust has 160 different computer systems in operation. At a press conference launching the report, panel chair Dr Julian Huppert said: “There are a lot of companies that supply technology systems within the NHS. I suspect if you were to examine any of them you would find quite a lot of things one could question.
“I think that there is a problem with the skill levels within the NHS and some cases within the companies that supply it. I think there are real questions about security of data throughout. “If you look at the Soup WannaCry attack, that encrypted data but if it had instead been aimed at exfiltrating and publishing all of that data I don’t believe there is much that could have stopped it. “I’m not a particularly expert programmer but there are real problems around the NHS and how it uses data and how securely that is kept and the relations it forms with others. “There is a huge amount of work in my view to improve the standards of data security to improve the standards of privacy across the entirety of the NHS.” On Monday the ICO said the Royal Free, in its role as “data controllers”, did not comply with the Data Protection Act when it provided the information as part of the test for the Streams app – which is for the use of healthcare professionals and can identify patients who are at risk from acute kidney injuries (AKI) and alert doctors. But DeepMind were not acting as “data controllers” but “data processors”. Asus Customer Service UK