Information Governance

We take Information Governance very seriously over at Hummingbirds Medical. If you have any further questions then please .


BookYourGP is integrated with several third party services. All of these have the appropriate levels of security for NHS purposes.

BookYourGP uses GOV UK to send text messages, emails and letters. GOV UK is already being used by many government organisations including hospital trusts and the cabinet office. Further information about their security can be found here.

BookYourGP allows users to make telephone calls via Voice Over IP (VOIP) technology with Twilio. Twilio is ISO 27001 and GDPR Privacy Shield Compliant. More technical information can be found here.

BookYourGP is hosted on Amazon Web Services (AWS). Many healthcare apps are hosted here including the new EMIS X. NHS Digital have released guidance (found here) regarding hosting information on the cloud for NHS and Social Care data. According to NHS Digital there are three categories of data; “Top Secret”, “Secret” and “Official”. NHS data falls under “Official”. AWS supports and facilitates UK Official data. Further information can be found here.

General Data Protection Regulation (GDPR)

The GP Practice is considered the “Data Controller”, patients are considered the “Data Subjects” and Hummingbirds Medical / BookYourGP is the “Data Processor”. We allow your surgery to provide care to your patients.

Hummingbirds Medical is registered with the ICO. Our registration number is: ZA248356. BookYourGP carries out purely administrative duties and therefore the transfer and use of data is considered “business as usual” from an information governance perspective.

The Information Governance Alliance advises GP practices to process patient data for the delivery or administration of care under the following legal bases:

  • 6(1)(e)’...necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’
  • 9(2)(h)’...medical diagnosis, the provision of health or social care or treatment of the management of health or social care system…’

The ICO has warned against the use of consent as a legal basis for data processing by public authorities and healthcare providers.

MHRA Guidance

The Medicines and Healthcare products Regulatory Agency has released guidance on which software products are considered a “medical device”.

Full guidance can be found here.

The relevant parts of this interactive flow chart are as follows:

According to the MHRA as BookYourGP carries out only purely administrative work it is not considered a medical device.

Fortunately, courtesy of the RCGP the Hummingbirds Medical Team have discussed MHRA guidance with the MHRA Team and the Clinical Director of the MHRA. They also confirmed that BookYourGP is not classified as a medical device.

Interested? Need More Information? Already a user?

Contact us if you have any questions or if you are interested in being onboarded:

Why not read some clinical cases to see how BookYourGP can help you in your day to day life as a jobbing GP:

Need more information about how BookYourGP can be implemented in your surgery, how the BookYourGP team can help organise all your recalls and how surgeries maintain their recalls once onboarded? Read about how it works here:

Already a user? Read some of our tutorials here: