We use cookies to make this site work. We'd also like to set optional cookies so we can understand how the site is used and improve it. We will not set optional cookies unless you accept them. You can change your choice at any time from the Cookie settings link in the footer.
Strictly necessary cookies
These cookies are required for the site to work. They store your cookie preferences and keep your session secure. They are exempt from consent under PECR Regulation 6(4) because they are essential to deliver the service you have requested.
Optional cookies
Optional cookies help us understand how the site is used and provide additional features such as analytics, accessibility tools and translation. We will only set them if you accept.
1. Overview
MyBotGP provides automated processing services for pathology reports and letters on behalf of NHS healthcare practices using robotic process automation (RPA).
MyBotGP is UK-based and delivers services within NHS infrastructure. All processing of pathology reports and letters takes place within the NHS HBL ICT data centre environment.
When delivering services to an NHS practice, MyBotGP acts as a Data Processor. The NHS practice remains the Data Controller in accordance with the UK GDPR and Data Protection Act 2018.
2. Categories of Data Processed
As part of providing our services, MyBotGP processes:
- Pathology reports and letters
- Patient identifiers (e.g., name, date of birth, NHS number)
- Clinical information contained within documentation
This constitutes special category personal data (health data) under Article 9 UK GDPR.
3. Purpose of Processing
Processing is carried out solely to:
- Extract and structure information from pathology reports and letters
- Support NHS practice workflows
- Improve administrative efficiency
- Deliver the contracted RPA service
MyBotGP does not:
- Access data for any purpose other than documented NHS instructions
- Sell, share, or repurpose patient data
- Use data for analytics unrelated to the contracted service
- Transfer data outside agreed NHS infrastructure
4. Location of Processing
All processing of pathology reports and letters is conducted within the NHS HBL ICT data centre.
- No offshore processing is undertaken.
- No transfer of patient data outside NHS-controlled environments occurs.
- No use of public AI systems or external model training platforms is involved.
5. Nature of Processing
Processing is automated via RPA/bot technology.
6. Security Measures
MyBotGP operates within NHS infrastructure and applies appropriate technical and organisational measures, including:
- Secure NHS-hosted environment
- Encrypted communications (TLS/HTTPS)
- Role-based access controls
- Strong authentication mechanisms
- Activity logging and monitoring
- System updates and patch management
7. Data Retention
MyBotGP does not sore any personal identifiable information.
8. Data Subject Rights
As Data Processor, MyBotGP supports the NHS practice in fulfilling obligations relating to:
- Subject Access Requests (SARs)
- Rectification or erasure requests
- Incident investigation and breach reporting
Requests must be directed to the NHS practice.
9. Regulatory Compliance
MyBotGP supports compliance with:
- UK GDPR
- Data Protection Act 2018
- NHS Information Governance requirements
We are willing to enter into a Data Processing Agreement (DPA) in accordance with Article 28 UK GDPR.