WhatsApp, A Healthcare Panacea: Not So Fast

texting-1490691_640A recent article on Forbes, “Why WhatsApp Could be a Game-Changer for American Health Care” caught my eye and attention. The article focuses on a commonly reported desire among professionals in the healthcare industry to have and use text messaging. Texting is used in everyday life, so why not in healthcare. The quick, but incomplete answer is HIPAA. HIPAA is used as an excuse or barrier for many proposals in healthcare, but it does not tell the entire story.

The Forbes article chooses to focus on WhatsApp because WhatsApp includes end-to-end encryption. It is argued that this form of encryption addresses privacy and security concerns in healthcare by helping to lock down the messages being transmitted, including the information contained in the message. Encryption is only a piece of ensuring that communications comply with applicable HIPAA requirements. As the article rightly points out, issues of recipient verification and maintenance of information present challenges under HIPAA. These are definitely relevant and valid concerns.

While WhatsApp and its end-to-end encryption may be appealing to healthcare, the application practically is not ready to be used in healthcare. Even though WhatsApp may claim it does not access messages or information sent through its network, the question of whether WhatsApp stores the data remains. If WhatsApp stores data, then it is not a conduit and any covered entity utilizing the service would need a business associate agreement with WhatsApp. Additionally, if data is stored on WhatsApp servers, it would be necessary to gain insight into the measures ensuring the privacy and security of information stored on those servers.

Another issue related to WhatsApp is the lack of enterprise level account creation capabilities and just the overall lack of enterprise level options. As currently constituted, WhatsApp is designed for individual use. Companies cannot gain control over accounts created by employees or otherwise create a corporate account that employees can work under. As recently as May, I directly asked individuals at WhatsApp whether the application would be expanded to commercial use and in particular for the healthcare industry. At that time, WhatsApp indicated that it was in the very early stages of incorporating or developing a commercial based product/option, but had not progressed very far or given special consideration to usage in the healthcare industry. The absence of consideration by WhatsApp itself further demonstrates that it is not ready for real use in healthcare this time.

Another recent announcement by WhatsApp should further dampen any potential usage in healthcare. In a shift from previous stances of zealously protecting privacy, WhatsApp announced that it will begin sharing some information about users withs its parent, Facebook. While users can opt-out of some amount of the data sharing, the mere fact that data will move outside of WhatsApp to another entity should cause pause for any healthcare provider that would consider using WhatsApp. Even if WhatsApp asserts that only some basic metrics will be shared, this suggests that information is being accessed and policies could continue to shift in the future.

The face value promise of WhatsApp and the speed with which publications or others seem to have jumped on potential uses underscores why healthcare needs to develop a solution that allows everyday functionality to come in. While easing communication and incorporating basic technology is a recognized and desired goal, healthcare and HIPAA present challenges. These challenges are not insurmountable, but demonstrate why healthcare specific solutions often need to be created. A quick look around the internet can find some healthcare specific messaging applications and the solutions continue to be refined so they more closely mirror applications such as WhatsApp or iMessage. However, the applications likely will need to be healthcare specific, at least at this point, to help ensure that individuals and entities within the healthcare industry can satisfy applicable regulatory requirements.

About Matt Fisher

Matt is the chair of Mirick O'Connell's Health Law Group and a partner in the firm's Business Group. Matt focuses his practice on health law and all areas of corporate transactions. Matt's health law practice includes advising clients with regulatory, fraud, abuse, and compliance issues. With regard to regulatory matters, Matt advises clients to ensure that contracts, agreements and other business arrangements meet both federal and state statutory and regulatory requirements. Matt's regulatory advice focuses on complying with requirements of the Stark Law, Anti-Kickback Statute, fraud and abuse regulations, licensing requirements and HIPAA. Matt also advises clients on compliance policies to develop appropriate monitoring and oversight of operations.
This entry was posted in Business, Health IT, Regulations and tagged , , , . Bookmark the permalink.

One Response to WhatsApp, A Healthcare Panacea: Not So Fast

  1. The other reason why WhatsApp and other standalone apps will not work is because physicians (and patients) what a single solution (like a patient portal) rather than an app for your heart rate, weight loss, fitness, SMS texting, etc…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s