Inform feature
Blurred photo showing hospital staff in a ward
Creative Commons attribution information
©Spotmatik Ltd via Shutterstock
All rights reserved

"We’re sleepwalking into a surveillance society with the tech in our pockets"

There are risks to the unthinking use of everyday tech, from Alexa to WhatsApp, and the consequences – for staff, students and their institutions – can be severe. Bernadette John argues that digital professionalism is the answer.

Bernadette John

You’re at your GP’s surgery, talking to your doctor about a delicate medical matter. She suggests you might find some physiotherapy helpful and … suddenly you hear Alexa pipe up with the name and phone number of a physio.

Or perhaps your consultant has shared a scan with some colleagues for a second opinion. You’re pleased she’s working collaboratively but … she’s shared it using a WhatsApp group. Which means that your personal image may well have been downloaded onto each of the doctors’ – or medical students’ – personal devices and stored in their unencrypted photo galleries.

Bernadette John has come across both these situations. As an experienced clinical tutor – and formerly a public health nurse and midwife – she’s deeply concerned about the lack of risk assessment around the everyday technology that’s used as a matter of course by clinicians.

“Many doctors I know exchange images of medical notes, clinical images and blood results on WhatsApp,”

says Bernadette.

“And they consider it to be secure and encrypted but they haven't realised that if they share an image on WhatsApp, it's downloaded by default into my Apple iCloud, and networked between all of my devices. It’s a security risk and we need to be considering the threat to privacy of the people we discuss and we are engaged in researching.”

Digital professionalism

For Bernadette it’s a matter of what she terms “digital professionalism”: the competence or values expected of a professional when engaged in social and digital communication. It’s a field she’s made her own since initiating it at King’s College London Medical School in 2012 (she’s now at University College Cork) and she’s passionate about training staff and students to think more seriously about the information and images they consciously, or unconsciously, share.

“People are sleepwalking into a surveillance society. They're not aware of what their obligations are with regards to the tech in their pockets, they're just using it for work without mindfully considering what the risks and benefits are and making a balanced and informed decision about it.”

Serious consequences

From maths to law, nursing to dentistry, Bernadette finds the same issues come up again and again in the training sessions she delivers to students. Digital communications, including smartphones and smart speakers, and social media are presenting challenges to young people in how they present themselves to the world. The consequences may be immediate but their online actions may equally have an impact on their future careers much further down the line.

Bernadette has compelling examples of students who have missed out on sporting scholarships to American universities and colleges thanks to Facebook photos revealing heavy drinking below the US legal age of 21 or inappropriate Instagram pictures that affect employability in more conservative professions.

“The consequences for individual students can be severe. They can become unemployable, and I have certainly seen that,”

says Bernadette.

“We need to actively train students in what we expect of them with regard to how they carry themselves on social channels, and to make it explicit. We need to show them scenarios where things haven't worked out well for others, and ask them to explore those scenarios. But we can't do that without also doing it for the staff.”

Compulsory training

Bernadette is a fan of compulsory and regular training in digital professionalism, ensuring a good grounding in what the current platforms are, what their terms and conditions say, what their rights and permissions are and how things are published. She also argues for e-learning modules tailored to the user, with scenarios applicable to students in different disciplines.

There is also a role for the institution in relation to monitoring and regulating the extent to which employees or students who handle sensitive information are allowed to use their own devices.

There are ways to share this kind of data safely. Bernadette points to the use of iPhones by doctors and clinical researchers in the US.

There, a hospital buys devices specifically for medics to communicate while at work, with that communication controlled by a system called Voalte. When the doctor leaves work, they hand that device to the person who is taking over from them or leave it in a secure area. If they walk off the premises with the device, it is automatically wiped. And all the apps are locked down so there is no potential for iCloud to be grabbing pictures or Facebook to be downloading contacts.

“Here they could use a secure, GDPR-compliant PDF creator app to take an image, and email it with their secure university email, or their Microsoft OneDrive that they've been issued, which is GDPR compliant, as opposed to using Dropbox or Google Drive. That risk assessment isn’t currently happening and it risks the security and integrity of the research that we generate and the privacy of our research subjects.

“We need to work together, risk assess each other and help each other to make informed decisions about what we do online,”

concludes Bernadette.

Bernadette John’s digital professionalism dos and don’ts

Review privacy settings on all social media profiles, accounts, chatrooms etc regularly as they can change, allowing material that was originally private into the public domain.

Consider everything that you write online as potentially public – the anonymous blog or Twitter account of today may later be exposed and associated with the author. Will that reflect your future role?

Social media should not be used as a way of raising concerns or whistle blowing.

It is best to avoid online mentions/discussions about clients, colleagues or even peers on Facebook/Instagram/Snapchat. All online discussions around clients must be anonymised and should be restricted to specific professional online forums and chatrooms.

Resist the urge to chart your exhaustion and lack of sleep with a toothache or sleepless baby, or your late-night socialising, on any social media – it may be used to evidence that you were below par in the workplace the following day!

Never accept Facebook friend requests or follows on Instagram/Snapchat from patients, clients or students. If possible, also don’t accept them from close work colleagues, those you meet on placements or internships, or your new boss.

Resist the urge to publish your photos of others on social channels without their permission and make sure that everyone knows they must ask your permission before they publish photos of you.

Be aware that EXIF data – such as geographical coordinates, date, time, make and model of originating device – are often embedded in the images that we create on our mobile devices and are therefore potentially viewable by others – and that could include the profile photos you may have uploaded onto that dating website...

Most apps now have permission to send and read digital communications (including email, SSM and iMessages) from your device without notifying you. Be aware that platforms such as Facebook can use your Bluetooth to locate you, even if you aren’t using their app and, potentially, even without asking for your permission.

Client/student data must be stored securely, and NOT in the Apple cloud. Is WhatsApp automatically downloading images to your image gallery on your personal mobile devices? WhatsApp is not an appropriate channel for professional/clinical communications.

Beware of image/message streaming between networked devices.

If you use a personal smartphone, tablet, laptop or PC for your professional/clinical work or research, be sure to establish how to clean the devices before discarding them or handing them in as part of an upgrade.