We use cookies to help provide you with the best possible online experience.
By using this site, you agree that we may store and access cookies on your device. Cookie policy.
Cookie settings.
Functional Cookies
Functional Cookies are enabled by default at all times so that we can save your preferences for cookie settings and ensure site works and delivers best experience.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
1. Overview
MyBotGP provides automated processing services for pathology reports and letters on behalf of NHS healthcare practices using robotic process automation (RPA).
MyBotGP is UK-based and delivers services within NHS infrastructure. All processing of pathology reports and letters takes place within the NHS HBL ICT data centre environment.
When delivering services to an NHS practice, MyBotGP acts as a Data Processor. The NHS practice remains the Data Controller in accordance with the UK GDPR and Data Protection Act 2018.
2. Categories of Data Processed
As part of providing our services, MyBotGP processes:
- Pathology reports and letters
- Patient identifiers (e.g., name, date of birth, NHS number)
- Clinical information contained within documentation
This constitutes special category personal data (health data) under Article 9 UK GDPR.
3. Purpose of Processing
Processing is carried out solely to:
- Extract and structure information from pathology reports and letters
- Support NHS practice workflows
- Improve administrative efficiency
- Deliver the contracted RPA service
MyBotGP does not:
- Access data for any purpose other than documented NHS instructions
- Sell, share, or repurpose patient data
- Use data for analytics unrelated to the contracted service
- Transfer data outside agreed NHS infrastructure
4. Location of Processing
All processing of pathology reports and letters is conducted within the NHS HBL ICT data centre.
- No offshore processing is undertaken.
- No transfer of patient data outside NHS-controlled environments occurs.
- No use of public AI systems or external model training platforms is involved.
5. Nature of Processing
Processing is automated via RPA/bot technology.
6. Security Measures
MyBotGP operates within NHS infrastructure and applies appropriate technical and organisational measures, including:
- Secure NHS-hosted environment
- Encrypted communications (TLS/HTTPS)
- Role-based access controls
- Strong authentication mechanisms
- Activity logging and monitoring
- System updates and patch management
7. Data Retention
MyBotGP does not sore any personal identifiable information.
8. Data Subject Rights
As Data Processor, MyBotGP supports the NHS practice in fulfilling obligations relating to:
- Subject Access Requests (SARs)
- Rectification or erasure requests
- Incident investigation and breach reporting
Requests must be directed to the NHS practice.
9. Regulatory Compliance
MyBotGP supports compliance with:
- UK GDPR
- Data Protection Act 2018
- NHS Information Governance requirements
We are willing to enter into a Data Processing Agreement (DPA) in accordance with Article 28 UK GDPR.