If you’ve been using WhatsApp with the latest update, you might have noticed a message yesterday while sending to some of your contacts. All users who’ve updated to the latest version released yesterday will now have all of their messages encrypted end-to-end. For the less tech-savvy out there, what this means is that all messages, images, videos etc. are encrypted, or scrambled, once they leave your device and are only decrypted on the receivers device. That means no copy of the message is ever accessible by WhatsApp servers or employees. Even if they would receive a court order to recover those messages there would be no way for them to do so.
What this might mean for healthcare providers is that since all messages you send are completely encrypted in transit and protected from access by anyone other than the intended recipient, there would be no way for the transmission to be leaked. WhatsApp would not even be considered a business associate because they have no access to the data at any time. The only issue I can see is control over the receivers device. Meaning that if the receivers device is unlocked, anyone who gains access to their physical device can read those messages. This issue would be solved for all internal company devices using device passcode locks and MDM, or Mobile Device Management, which should be in place regardless for employees who have access to company/healthcare resources through their mobile devices.
What some of you might not know is that WhatsApp actually started encrypting messages sent through its android app already in November of 2014. This was only for text and only from android user to android user. Another new feature that rolled out with this update is the ability to confirm the encryption by the lock icon and encryption notice on the other users profile. You can even tap the encryption notification and a passkey will pop up so you can manually verify the security code for the chat with the person you’re sending to.