Digital communications tool provides solution for healthcare data protection

healthcare data protection

Joost Bruggeman, former surgery resident at Amsterdam University Medical Centre, and CEO and co-founder of Siilo, discusses how secure digital communications tools can ensure patient confidentiality and solve healthcare data protection issues.

Instant messaging apps have become essential tools in our daily lives – their convenience, reliability and sheer ubiquity have transformed how most people communicate, both socially and professionally. At the height of the pandemic, their value within the healthcare sector became even more pronounced, as they enabled rapid information-sharing to help medical professionals learn how to deal with a hitherto unknown virus.

In these circumstances, medical staff came to appreciate the benefits of being able to share details about individual patient cases, including photographs and other sensitive medical data. It facilitated timely and seamless collaboration, without which many more lives would have been lost.

The benefits of ‘off-the-shelf’ messaging apps, however, don’t come without risks. Within the medical sphere in particular, a mistaken message could put patient confidentiality and data protection in jeopardy, while threatening one of the most fundamental aspects of healthcare ethics.

Overcoming data protection issues

Since instant messaging apps are clearly of value within the health and social care sectors, a solution is needed to overcome data protection issues. In fact, this challenge was understood some time ago, and was a key influence behind the development of specialist healthcare apps such as Siilo, which places data security and medical compliance at the heart of its development.

Designed specifically for healthcare professionals, Siilo undertook the task of preserving the usability that people expect from the technology, while simultaneously ensuring that patient data could be exchanged safely and compliantly.

Paul Cowley, Chief Information Officer at St. John & St. Elizabeth Hospital (HJE) in St. John’s Wood, London, recognised the importance of adopting a messenger service which has been tailored to the healthcare sector’s unique challenges. “Timely, effective and safe patient care often requires rapid communication with multiple clinicians and sometimes offsite. A secure, easy-to-use app is needed to facilitate this level of care.

“While temporary guidance was issued during the pandemic that allowed the use of well-known commercial messenger services to help reduce the risk of patient care being compromised, as a hospital we recognised that such services increase risk both in terms of patient data security and patient care, particularly because of the need to anonymise communications wherever practical.”

Security and compliance

Unfortunately, many health and social care professionals and organisations are unacquainted with these issues. Indeed, a survey by the European Heart Rhythm Association (EHRA) revealed that 88.3 per cent of its members regularly use commercial instant messaging apps, like WhatsApp, for sharing clinical information with medical colleagues, yet 29.3 per cent admitted they were unaware of EU data protection regulations. A further 46.7 per cent indicated there are no regulations in place at their institution regarding the sharing of clinical data via instant messaging.

Given that specialist tools have been developed, why are they not mandated among healthcare professionals? The problem is that many health and social care providers still don’t understand the risks involved with off-the-shelf messaging apps because of a simple failure to differentiate between security and compliance.

The basic promise of ‘end-to-end’ encryption, which is offered by the best-known messaging apps, certainly provides a strong element of security. It means the servers of the vendor cannot decrypt the message data even if they wanted to because they don’t have access to the encryption keys that belong to this encrypted data. However, this only applies to data while it is ‘in transit’ from one phone to another. What happens when the data is ‘at rest’, i.e. delivered to a phone or other device?

After a phone receives a message, several synchronisations take place with common messaging apps;photos and videos are synced automatically to the photo library of the phone, where the media is not encrypted; all conversations are backed-up by default and automatically go onto the cloud services of the phone provider – where message data is also stored unencrypted. As such, all these unencrypted conversations are exposed to unauthorized third parties.

Importantly, the professional who makes the decision to share information about their patient is always held responsible for protecting the patient’s confidential data. On a messenger app, this remains the same – the sender is always responsible and therefore needs to have control of what happens with the information on the receiving end of that communication. This control is often not possible and means many conversations taking place over common messenger apps are not compliant with medical confidentiality laws.

This is a huge problem because it becomes impossible for any healthcare professional sending an instant message on most services to be able to guarantee patient confidentiality. A way which is often used to get around this is to anonymise patient information within communications, but this also brings problems.

As recognised early on by Paul and his team at HJE, if healthcare teams cannot clearly identify which patient they are communicating about, it will almost certainly lead to confusion and mistakes. Since all healthcare professionals have sworn an oath to “do no harm”, this risk is often one not worth taking.

Communication and collaboration

For staff at HJE, Siilo has become a key tool in improving communication and collaboration between staff, and therefore improving patient care. A good example of this can be highlighted via its use in supporting the hospital’s Urgent Care Clinic (UCC), which is also helping to drive adoption in other departments.

“If a UCC doctor feels the need for input from a specialist consultant or the patient needs onward referral to a consultant, the UCC doctor can now use Siilo to contact a relevant specialist consultant rapidly and securely wherever they are.”

It is also proving to be an invaluable component in the day-to-day running of its medical team. “Siilo is now the ‘go to’ for some of our multi-disciplinary team meetings (MDTs). It solved a problem with a desire to increase the frequency of our MDT meetings without placing undue burden on the clinicians that contribute.

“It also allows ad-hoc MDT meetings where clinical circumstances dictate a patient’s case needs a review ahead of the next scheduled meeting. The messenger app allows clinicians to collaborate securely and contribute from whatever location they are working, regardless of their diary commitments.

We know the opportunities for the app are vast and since adoption, we are already seeing options becoming wider and wider, with more exciting use-cases being frequently put forward by staff.”

A growing number of healthcare organisations in the UK are recognising the tremendous benefits offered by digitalisation to the healthcare sector. While this is encouraging, it is essential that tools and technologies are truly fit to meet the standards expected. For communications technologies, this means applying absolute rigour to ensure patient confidentiality.

Joost Bruggeman is a former surgery resident at Amsterdam University Medical Centre and now CEO and co-founder of Siilo. For more information, please visit

For more information about St. John and St. Elizabeth Hospital, please visit:

Health-tech sector can prosper from UK’s commitment to unleash potential of data

UK Healthcare

The role of digital data in the UK’s healthcare systems is set to gain newfound recognition and clarity when the government unveils its Data Saves Lives strategy this spring. If it lives up to its promise, the plan will help to drive the efficiency and effectiveness of data infrastructure and promote interoperability, while establishing clear and open standards for safely sharing data.

The backdrop to the new strategy is the tumult caused by the pandemic, and the ensuing acceleration of digital trends. The government now wants to build on the momentum which has been established in the push towards digital transformation. Similar exercises can be seen elsewhere in Europe, such as in Germany, which is set to invest €59 billion into healthcare technology and digitalisation in the rush to improve services.

While the UK’s strategy is primarily focused on the internal workings of the national healthcare system, the implications are positive for all healthcare technology organisations which have demonstrated a commitment to data safety and security. It means they are well-placed, both technically and culturally, to support the NHS on its journey.

Encouraging innovation

On reading the draft document, what is most encouraging is the focus on supporting innovators – those most likely to be responsible for developing and delivering new solutions to benefit both healthcare professionals and patients. The new strategy is set to provide a clear set of standards for those creating or deploying new data-driven technology.

“We find ourselves in the middle of a very exciting time in the digital development of healthcare in the UK.” Joost Bruggeman, Siilo messenger co-founder

This commitment to creating an innovation-friendly environment, with a framework for testing, approval and deployment, can be the catalyst for continuous improvement in the technologies used by healthcare professionals. It will provide the confidence to support investment, rather than the hit-and-miss, rather opportunistic nature of the current environment.

Joost Bruggeman, CEO of co-founder of Siilo

As CEO and co-founder of Siilo, a healthcare specific digital communications tool, I understand the fine line that the Government needs to walk.  On the one hand, it needs to build on the huge opportunities that new technologies present by keeping its doors open to innovation – doors which opened because of the challenges brought by the pandemic. But on the other hand, the Government needs to regulate and manage the relentless growth of new technologies.

Covid-19 played a part in Siilo’s own pathway into the UK healthcare market, due to the urgent need for rapid, reliable communication and information sharing. The other issue which facilitated Siilo’s entry was a series of daunting ransomware attacks in the UK, which prompted hospital boards to take preventive measures on all digital aspects of healthcare, pushing data security to the forefront, and seeing hospitals reject unsafe commercial messenger apps that posed a threat to data safety.

Siilo’s image ‘edit’ function allows users to blur and anonymise information and point out specific details on an image using the ‘Arrow’ tool

Without these driving factors, there is no doubt that Siilo’s route into the UK healthcare sector would have been far more difficult, especially as a tech company from outside the UK. So now that the panic of the pandemic is subsiding, the Data Saves Lives strategy is aiming to create an environment which is conducive to technological innovation, at a level which is appropriate for the NHS.

This is a significant challenge because oversight boards have to make decisions on topics and technologies that they may not be familiar with. Conversely, technology often develops so quickly that in vast structures such as the NHS, conducting a swift quality assurance and compliance strategy, as well as putting new regulations in place, is far more easily said than done.

Siilo’s Messenger App allows patients and healthcare professionals to communicate instantly

Siilo looks at the proposed strategy with great anticipation, while at the same time. understanding how things work in the real world. There’s unlikely to be a perfect solution, but that doesn’t mean that innovators should sit and wait until everything becomes more crystalised. It is the responsibility of the technology sector to interact with healthcare providers and the NHS, so we can hold up our side of any mutual agreement.

In short, it is also our job to provide clear data on our services so that decision makers have a good understanding of what we bring to the table, how we work, and how we can contribute to the NHS’s future aspirations and security regulations. And the sector should welcome any opportunities for dialogue, for we find ourselves in the middle of a very exciting time in the digital development of healthcare in the UK.

Joost Bruggeman is a former surgery resident at Amsterdam University Medical Centre and now CEO and co-founder of Siilo – Europe’s largest medical messenger app. For more information, please visit