Public Health Privacy Notice
All Local Authorities have a duty to improve the health of the population they serve. To help with this, our Public Health team use data and information from a range of sources including information collected at the registration of a birth or a death and client/customer use of provider services as commissioned by Norfolk County Council. Although not direct care, this helps us to understand more about the health and care needs of the population/s in our area. We can use the data to measure the health, mortality, morbidity and care requirements of our population, allowing us to plan and deliver health and care services in a coordinated and efficient way.
We act as a ‘data processor and controller’. This means that we collect and process information. We also follow the high information governance standards and instructions as set by NHS Digital.
Types of information we use
We work with many types of data to be able to promote health and support improvements in the delivery of health and care services in Norfolk. This includes processing:
- Identifiable data – containing personal data that can identify individuals, such as name, date of birth, gender, address, postcode and NHS number.
- Pseudonymised data – this contains information about individuals but with the identifiable details replaced with a unique code.
- Anonymised data – this information about individuals has had all identifying details removed.
- Aggregated data – this is when all anonymised information has been grouped together so that it doesn’t identify individuals.
How is my information used in Public Health?
We hold the following data collections that contain various different types of data about individuals and populations:
- Hospital Episode Statistics (HES) – We hold pseudonymised records about health care and treatment you may have received in any English hospital in the form of Hospital Episode Statistics. This includes inpatient and day case admissions, outpatient appointments and Accident and Emergency attendances. This data is supplied by NHS Digital (previously the Health and Social Care Information Centre) to us under license. We do not hold identifiable HES data.
- Primary Care Mortality Database (PCMD) – The PCMD provides us with access to identifiable mortality data as provided at the time of the registration of the death, along with additional General Practice details, geographical indexing and coroner details where applicable. This includes the address, postcode of residence of the deceased, postcode of the place of death, NHS number, date of birth, date of death, name of certifier, and cause of death. Our access to the data is based on our geographical boundaries as an Upper Tier Local Authority and Clinical Commissioning Groups within Norfolk and Waveney. We are only able to securely access the database by use of the NHS Open Exeter system via an N3 internet connection.
- Births data tables – This dataset provides us with access to identifiable data about the number of births that occur within our geographical boundaries as an Upper Tier Local Authority and Clinical Commissioning Groups within Norfolk and Waveney. It includes the address of usual residence of mother, place of birth, postcode of usual residence of the mother, postcode of place of birth of child, NHS number of child and the date of birth of the child. This data is only supplied to us by NHS Digital under strict license and data disclosure controls.
- Vital statistics tables – This dataset is aggregated together so that it does not identify individuals. It contains data on live and still births, fertility rates, maternity statistics, death registrations and cause of death analysis by our geographical boundaries as an Upper Tier Local Authority and Clinical Commissioning Groups within Norfolk and Waveney. This data is only supplied to us by NHS Digital under strict license and data disclosure controls.
What is the legal basis for the flow of Public Health data?
We have different legal responsibilities for different types of information we hold and analyse in the Public Health Information team. We follow Section 42(4) of the SRSA (2007) as amended by section 287 of the Health and Social Care Act (2012) and Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002.
How is my data kept safe and secure?
All the data we process and hold is kept safely and securely within our IT systems. When not in use our PCMD data is encrypted to AES standard 256 level.
We do not disclose any data to a third party who is not identified on our license agreement with NHS Digital. Any data requests received from a third party will only receive anonymised and aggregated data to a level that complies with the Office of National Statistics Disclosure Guidance or, we are required to do so for legal reasons
Can I opt out of Public Health datasets?
You have the right to opt out of Norfolk County Council Public Health receiving and processing your personal identifiable information. There are occasions where service providers will have a legal duty to share information, for example for safeguarding or criminal issues. The process for opting out will depend on what the specific data is and what programme it relates to. You can choose not to have information about you shared or used for any purpose beyond providing your own treatment or care. In order to opt out of your data being used contact the Information Commissioners Officer via email at firstname.lastname@example.org or visit their website. Alternatively, contact your GP for further information about registering an opt-out or to end an opt-out you have already registered. The NHS Choices website explains how your personal information is held, accessed and shared with organisations, such as Norfolk County Council.
Access to your personal information
To make a request for personal information you will need to put the request in writing to:
Information Compliance Team
For independent advice about the use of your data, contact the Information Commissioners Office.