Hospify is a secure messaging app designed to allow clinicians, carers and doctors to communicate safely, reliably and privately. Now, you might ask: ‘What’s wrong with WhatsApp?’. It’s reliable, fast and WhatsApp itself champions its end-to-end encryption. Indeed, WhatsApp’s cryptographic shell is so hard it gives evidence hunting law enforcement practitioners cause to call their lawyers.
What’s wrong with WhatsApp? The answer is, technically, not much. But, as we shall see, in clinical settings, it’s just not the right tool for the job. Hospitals and care settings are very different from the outside world. But, jumping into that part of the story is beginning in the middle.
The first chapter
Hospify itself was born in an operating theatre. Two specialist surgeons - Neville Dastur and Charles Nduka - were primed to begin an emergency operation. The problem was, they couldn’t contact the third member of the team and, as such, the clock ticked loudly.
‘Charles is a facial reconstruction surgeon… Neville is a vascular surgeon. They were on a complex case - a burns victim, I think,’ explains James Flint, Hospify’s Co-Founder and CEO. ‘They couldn’t get hold of the junior doctor to help with the anaesthetics… The thing is, even today, the lists of junior doctors and list of consultants are generally written on a piece of paper on the wall.’ And, on that day, that critical piece of paper was missing.
‘Everybody was frustrated with hospital communications,’ continues Flint - a former journalist and career technologist. ‘Landlines, bleepers, faxes, email on cranky old desktops… People were routing around the issues caused by these legacy problems by using WhatsApp,’ he says. ‘Everybody was secretly using WhatsApp. And, at the time, there were no rules against it.’
Something, Dastur and Nduka realised, needed to be done. And, with the help of Flint, the team set about finding and building a solution.
An unlikely catalyst
Along with this clear and present need for reliable communication, the other key ingredient in Hospify’s conception was far less dramatic: GDPR.
The problem - or the opportunity - the Hospify team saw, was that, though health settings might have been turning a blind eye to WhatsApp usage, GDPR was coming. And, they realised, the new regulations would ask some very fundamental and challenging questions of health organisations who allowed the popular message app’s use.
‘This was 2015,’ Flint recalls. ‘We’d never heard of GDPR. We went to talk to the Information Commissioner’s Office. As we left, we said: “Oh my god! When GDPR arrives everybody is going to have to stop using WhatsApp…” It’s going to be an absolute nightmare.’
And that was the lightbulb moment. The team realised, back in 2015, that there would be a need for a compliant messaging app. ‘There was a need for something convenient, easy to use and compliant,’ Flint explains. ‘Compliant with NHS Information Governance (IG) and GDPR. And we felt that this was something that WhatsApp itself would find difficult to approach so, we set out to build Hospify.’
Compliant by design
The Hospify story then, Flint says, slows down. The drama of an operating theatre and building a start-up was replaced by months, if not years, of understanding compliance, regulations and data governance rules.
‘It’s complicated…’ Flint recalls. ‘Before GDPR there were lots of rules [about data usage] but they were often contradictory and often paradoxical. There were frameworks but they weren’t always compatible with each other.’
This matrix of often conflicting frameworks was, historically, Flint says, one of the reasons why innovation and product development can be slow within health. You may build against and satisfy one framework but, in so doing, you could find you’re running contrary to another.
GDPR paves the way
‘This is why GDPR was so important,’ Flint continues. It wasn’t just an update to the UK’s data protection laws. Rather, as a result of its enactment, the health sector looked at its frameworks and brought them into line with the new EU directive.
‘Suddenly, what you had was a legislative framework that brought all the other rules into line,’ he enthuses. ‘It became possible to build to standards by following GDPR’s broad principles. And that wasn’t possible before.’
Summing up Hospify’s relationships with GDPR, he says: ‘If you do what we did, which is comply with GDPR and UK Data Protection Standards, get ISO 27001 or Cyber Security Essentials… And then you do the NHS IG then it is easy because you’ve already complied with 80% of it.’
How to build to GDPR
The Hospify applications and its back end are built on a principle of data minimisation - it tries to hold the absolute bare minimum amount of data.
‘The thing is, as soon as you start holding data you get into trouble with liabilities and standards,’ Flint says. ‘Data minimisation flows through GPDR. But [more importantly] you’re not liable for data you don’t hold. As long as data is held for its purpose and it’s deleted, you’re in pretty good shape. Problems start when you let data kick about and it gets used for purposes it wasn’t intended for. ’
WhatsApp, despite all its real-world advantages sins on multiple fronts in a clinical setting. Expanding on this, Flint explains: ‘It shares your personal details - if we connect on WhatsApp, you’ve got my phone number and you’ve always got it. That’s already a data breach.’
Continuing to explore some of WhatsApp’s problems specific to clinical use, he says: ‘The second problem is, WhatsApp stores all the message data and it stores that data on servers outside the EU. As soon as that patient data leaves the EU - without the data subject’s permission - that is a data breach. So, the data has left the EU and it is stored outside the EU. If the patient wants that data back and they’ve shared it with me - the clinician - I’m liable for it but I can’t get it. And, worse yet, the data is encrypted so WhatsApp itself can’t get it. And the patient is entitled to sue…’
The route to minimisation
To achieve data minimisation, Hospify doesn’t store data. It has servers that pass messages from phone to phone but, as soon as that information transfer has been facilitated, those servers delete their copies of the message. The messages themselves are stored in the users’ devices for thirty days and then deleted.
‘We also strip out the metadata,’ Flint explains. ‘The metadata goes one route and the text or the picture goes on another route. Everything is split up so you’d have to hack three or four different servers to piece everything back together… So, it’s a bit more like Snapchat than WhatsApp.’
On phone issues
The other problem with WhatsApp is that the phone upon which it is installed can be a weak security link. The phone might display messages as they arrive on its lock screen. The device might have a weak unlock password and, unlike your banking app, WhatsApp itself doesn’t ask for any authentication before launching its messaging application. So, if a badly configured phone falls into the wrong hands, an endpoint can be easily compromised.
And, of course, WhatsApp shares your data, so Facebook - its owners - can analyse it in order to send focused advertising your way. ‘It is full of trackers and AI analysis,’ Flint explains. ‘The message itself might be encrypted but it is taking all of your metadata and passing to Facebook who are selling it to advertisers.’
Of course, this exchanging of data for use of the service is fine if users understand the trade and they’re just talking about their cat. ‘That means I get advertising for cat food and I get a really good free service,’ Flint says. ‘It’s not fine if I’m talking to a doctor about my health.’
User feedback
The final part of Hospify’s recipe for hoped-for success with clinical settings is a user-centric design. Beyond being formed around the needs of surgeons, the Hospify team has spent a great deal of time watching, testing and exploring how nurses and doctors communicate digitally while they work. The hope is, through testing and understanding, the application can be a real enabler of easy, efficient and effective communication. ‘We’ve worked very closely with Unison (the trade union)… They’ve been brilliant.
They’ve put us in touch with hospital nurses and care workers. Other firms, like us, spend time around junior doctors. They tend to be early adopters of new technologies. They’re eager to take on new things and the level of complexity that brings. That’s why some products get over specced. We spent time with nurses. It’s not about the tech for them.’ Nurses, Flint says, have other priorities - patients.
