Table of contents
Digital communication platforms have revolutionized the way we connect and share information. WhatsApp has become a popular way to communicate in recent years, with about 2 billion users worldwide sending over 100 billion messages daily.
Besides personal use, organizations commonly use WhatsApp to keep their staff connected. While this may seem like a convenient option, there are several risks to using this platform for internal communications, even more so for healthcare organizations.
Let’s explore some of the risks and concerns to bear in mind when your organization or your team relies on WhatsApp for day-to-day communication.
Organizations have no admin rights or control
When using WhatsApp, organizations ‘delegate’ the administrative responsibilities to individuals in the organization. Unlike other systems in the organization that are well-managed and governed, WhatsApp is not built with sophisticated permissions.
There’s no way to moderate, set specific permissions, limit functionality for specific users, or oversee or control activities over WhatsApp; with the exception of having group admins manage groups that were created by them.
As organizations scale, this could pose a significant challenge. What chat groups does the organization currently have? Who manages those groups? What if you wish to limit specific users’ capabilities? All those questions which are considered basic in any other system used by organizations are left unanswered when using WhatsApp.
Responsibility for offensive and inappropriate content
WhatsApp doesn’t offer the needed tools for managing internal communications, including the ability to remove offensive or inappropriate messages sent by others. This makes way for serious issues.
Organizations could be held responsible for any inappropriate content employees send through the organization’s communication channels, which could be subject to legal action. This leaves you exposed to financial as well as reputational damage.
Aside from the legal implications, having offensive content shared on company WhatsApp channels can negatively affect employee morale and your brand image.
Requires high maintenance and prone to errors
Organizations utilize the simplicity of group chats for their day-to-day activities, from full team group chats to management groups, and so forth.
Keeping those groups up-to-date, especially in a high turnover environment, is not a simple task and requires much manual work. Such manual work is not error-free and often leads to people being added to groups with great delay, or worse, not being removed from groups for a long period of time.
Also worth bearing in mind: the responsibility for being a ‘group admin’ is often given to specific individuals. If such individuals are terminated, there’s always the risk of ‘losing the hold’ on the group altogether.
Leakage of sensitive information
Organizations invest thousands of dollars into data security,however, employees who leave the company still have access to all WhatsApp conversations they participated in.
In the best case, you remember to remove former employees from all company chats, after which they nevertheless still have access to full conversation histories. In the worst case – which is not uncommon, especially in larger organizations – you forget to delete former employees and they continue to have access to all your company’s latest ins and outs.
This poses a significant risk of sensitive information being leaked, and for healthcare companies the risk is even greater.
Labor and employment lawsuits
Even the best organizations face the risks of labor and employment-related regulations. Even more so in high turnover sectors, which tend to employ high volumes of employees, sometimes for short periods of time.
While using WhatsApp can be very convenient, the fact is, full conversation histories and information held by employees could serve as evidence in cases of legal action taken against the company.
Unfortunately, WhatsApp evidence is one of the most frequently used in labor and employment litigation.
What about security and privacy?
Organizations establish robust processes and rely heavily on professional guidance and IT teams before bringing in new software solutions to the organization to ensure they are both safe and adequate for use.
When organizations choose to use WhatsApp as a work tool, they bypass those protections meant to ensure that high standards of data security and privacy are kept.
WhatsApp announced privacy changes that took effect in February 2021. In short, users are forced to accept terms of service that require them to share their data with Facebook (WhatsApp was acquired by Facebook back in 2014).
Zac Doffman at Forbes commented on WhatsApp’s extended collection of data: “This isn’t about WhatsApp sharing any more of your general data with Facebook than it does already, this is about using your data and your engagement with its platform to enable shopping and other business services, to provide a platform where businesses can communicate with you and sell to you, all for a price they will pay to WhatsApp.”
On top of that, and despite its end-to-end encryption, WhatsApp has seen a rise in security flaws: “data [collected] from the US National Vulnerability Database, a US government repository of flaws, disclosed 12 vulnerabilities in 2019 – seven of which were classified as critical”, according to a Forbes review.
While no platform is completely immune to vulnerabilities, critical vulnerabilities shouldn’t be overlooked. Even more so when considering that WhatsApp does not have commercial commitments with organizations using its consumer version, and hence it doesn’t carry the responsibilities and commitments regular software providers do, such as data backup and recovery, reporting on security breaches, etc.
The Care Quality Commission (CQC) does not appreciate the use of WhatsApp
As the independent regulator of health and adult social care in England, the CQC aims to ensure that health and social care services meet the required quality and safety standards. It does this by monitoring, inspecting, and regulating services and publishing their findings. Where the organization finds poor care, it vows to use its powers to take action.
In its audits, the CQC has criticized relying on WhatsApp in the past.,raising concerns around the safety of using WhatsApp in healthcare environments. While the use of WhatsApp does help organizations improve their response, it raises questions on how well led an organization is relying on external ‘non-admin’ platforms, some of which have used WhatsApp to relay unstructured communication, which should be better managed and documented for evidence.
While WhatsApp is an easy and convenient communication tool, its usage comes with significant risks which organizations should be aware of and take action to mitigate.
Healthcare organizations, in particular those that deal with sensitive information (whether health-related or not) are advised to consider solutions that grant them adequate means of control and ownership of the data exchanged in their internal communication platforms.