BookYourGP is integrated with several third party services. All of these have the appropriate levels of security for NHS purposes.
BookYourGP uses GOV UK to send text messages, emails and letters. GOV UK is already being used by many government organisations including hospital trusts and the cabinet office. Further information about their security can be found here.
BookYourGP allows users to make telephone calls via Voice Over IP (VOIP) technology with Twilio. Twilio is ISO 27001 and GDPR Privacy Shield Compliant. More technical information can be found here.
BookYourGP is hosted on Amazon Web Services (AWS). Many healthcare apps are hosted here including the new EMIS X. NHS Digital have released guidance (found here) regarding hosting information on the cloud for NHS and Social Care data. According to NHS Digital there are three categories of data; “Top Secret”, “Secret” and “Official”. NHS data falls under “Official”. AWS supports and facilitates UK Official data. Further information can be found here.
The GP Practice is considered the “Data Controller”, patients are considered the “Data Subjects” and Hummingbirds Medical / BookYourGP is the “Data Processor”. We allow your surgery to provide care to your patients.
Hummingbirds Medical is registered with the ICO. Our registration number is: ZA248356. BookYourGP carries out purely administrative duties and therefore the transfer and use of data is considered “business as usual” from an information governance perspective.
The Information Governance Alliance advises GP practices to process patient data for the delivery or administration of care under the following legal bases:
The ICO has warned against the use of consent as a legal basis for data processing by public authorities and healthcare providers.
The Medicines and Healthcare products Regulatory Agency has released guidance on which software products are considered a “medical device”.
Full guidance can be found here.
The relevant parts of this interactive flow chart are as follows:
According to the MHRA as BookYourGP carries out only purely administrative work it is not considered a medical device.
Fortunately, courtesy of the RCGP the Hummingbirds Medical Team have discussed MHRA guidance with the MHRA Team and the Clinical Director of the MHRA. They also confirmed that BookYourGP is not classified as a medical device.