Why doctors using SnapChat to send scans is not the problem

Britain’s vast, revered but increasingly troubled National Health Service (NHS) has many challenges to overcome but the one that is starting to really worry some sages is the way it uses – or more often fails to use securely – new technology.

As if a reminder of this perennial worry were needed, this week sees the publication of the first annual review from the Independent Review Panel, a body set up last year by Google’s DeepMind Health (DMH) unit to report on the company’s early work in the NHS.

Not unexpectedly, it reckons that the NHS and its modernisers have a big job on their hands. Writes Dr Julian Huppert, chair of the Independent Review Panel:

Many of the data systems in UK hospitals are still paper-based. They are complex, unwieldy and insecure, and the data they contain is difficult to manage.

It doesn’t help that the average NHS Trust must manage 160 IT systems to do its job, the result of a technological sprawl built over many decades.

Then Huppert throws out more alarming discoveries, including that doctors have taken to using SnapChat “to send scans from one clinician to another or camera apps to record particular details of patient information in a convenient format”.

This is called “shadow IT”, something organisations have been struggling with for years. Then again, not every large organisation handles data as sensitive as medical scans using an app built primarily for teens wanting to share selfies.

By the time Huppert informs us that the NHS is the largest purchaser of fax machines in the world, the dream of a 21st century health service starts to like a distant prospect. Frankly, if this is true, it sounds more like a colossal museum.

Then it occurs to you that perhaps the problem isn’t that doctors are using SnapChat, but that they are having to do it unofficially. Arguably, embracing an app to transfer data would be fine as long as it could do so in a way that met security, privacy and regulatory requirements.

This brings us, inevitably, to DMH itself – it set up the Independent Review Panel that is telling us all of this after all.

On the score, the report’s appearance this week is either very good or very bad timing, depending on how you interpret the spanking handed out only days ago by the Information Commissioner (ICO) over a project DMH ran with London’s Royal Free NHS Trust from 2015 onwards to set up a kidney-monitoring app called Streams.

We’ll refrain from rehashing the infringements of the Data Protection Act (DPA) the project was found to have made, but note that while the judgement was aimed at the NHS Trust involved, DeepMind Health didn’t emerge unscathed either.

But aren’t apps like Streams – custom-developed by clever Google people – precisely the innovation the NHS needs a good dose of if it is to modernise?

According to the Independent Review Panel (which wrote its report before the ICO judgment and is not paid for its work), it most certainly is, although the panel isn’t afraid to criticise DMH in other respects.

Ironically, its biggest worry isn’t that Streams and its ilk will fail, but that they will succeed so well they will create complex problems the NHS is ill-equipped to deal with, such as increased demand as a result of earlier detection of medical conditions.

One way or another, the NHS will have to find a way to clear out the old and introduce the new without losing sight of its duty of care by developing a new culture of oversight that is still poorly understood. Enthusiasm alone won’t be enough – and neither will reports.