Public Health privacy notice
Find out more about the types of information collected by Public Health, how it is stored, displayed, used and retained.
Published: 8 October 2021
Last updated: 23 March 2022
The Public Health Directorate has a duty to improve the health of residents of The Royal Borough of Kensington and Chelsea and Westminster City Council.
To help us do this, we use information from a range of sources including the Office for National Statistics, NHS Digital, GP practices, Clinical Commissioning Groups, and hospitals to understand more about the causes of disease and ill health in local population. The following sections explain more about the types of information we hold and the purpose for use.
The Public Health Team based at Westminster City Council process these data on behalf of residents of The Royal Borough of Kensington and Chelsea and Westminster.
Who do we hold information about?
We hold information about people we directly provide a service to and about people we have a responsibility for, as part of our Public Health and health improvement functions. This will include residents of Kensington and Chelsea and Westminster, people receiving health and care services in Kensington and Chelsea, and Westminster and people who work for or attend school in Kensington and Chelsea and Westminster.
As part of our statutory obligation to provide a public health advice services to our local NHS clinical commissioning group (CCG), we also hold information on people resident within the boundaries of Central London who are registered with one of the CCG’s general practices.
What information do we hold?
Information that relates to an identifiable living individual is called personal data. This could be one piece of data, e.g. a person’s name or a collection of data, such as name, address and date of birth.
We collect some data to enable us to provide direct care services to you. The precise details held will depend on the services you are receiving from Public Health or an organisation commissioned to provide services on our behalf. The specific details collected will be explained when you start the relevant service. The standard information that is used to identify you will be: NHS number, Name, Date of Birth and Postcode.
We also receive some data that may identify you, which will enable us to carry out Public Health functions that are not related to direct care. Some of these types of data are provided to us under specific data access agreements and an example of this is provided below in section 7 about Access to Office for National Statistics (ONS) births and deaths data.
How do we collect this information?
This information is collected in two ways. It may be provided to us directly by a member of the public when they sign up to use a service we are providing. In some cases it may be shared with us by another organisation due to us having a role in a service they are providing, or as part of providing local data analysis to support decisions like the commissioning of services or improving and protecting the public’s health. This will include organisations such as national and local NHS bodies, the Office for National Statistics, NHS Digital, other local authorities and schools.
How do we use this information?
Primary use of data (for direct care services)
This is where a service collects and uses information that identifies individual residents and users of Public Health services in Kensington and Chelsea and Westminster and is known as ‘personal data’. This personal data is required to enable us to carry out specific functions and services. There are five public health functions we must deliver by law that can involve the collection of personal data, which are:
- helping protect people from the dangers of communicable diseases and environmental threats
- organising and paying for sexual health services
- providing specialist public health advice to primary care services: for example GPs and community health professionals
- organising and paying for height and weight checks for primary school children
- organising and paying for regular health checks for people from Kensington and Chelsea and Westminster
Secondary use of data
The Public Health Directorate also uses data and information as part of the planning, commissioning and monitoring of services. We do this to help ensure that services meet the needs of people now and in the future, we take steps to improve and protect the public’s health, we work to reduce inequalities in health outcomes and support our local NHS commissioners (NHS Central London). Examples of our work include:
Producing assessments of the health and care needs of the population, in particular to support the statutory responsibilities of the:
- Joint Strategic Needs Assessment (JSNA)
- the Director of Public Health’s Annual report
- the local Health and Wellbeing Strategy
- identifying priorities for local action
- informing decisions on (for example) the design and commissioning of services
- to assess the performance of the local health and care system and to evaluate and develop them
- to report summary statistics to national organisations
- undertaking equity analysis of trends, particular for vulnerable groups
- to support clinical audits
- to provide the mandated healthcare public health advice service to the local Clinical Commissioning Group
In secondary use cases, the information is used in such a way that individuals cannot be identified and personal identifiable details are removed as soon as possible in the processing of the data. Further, results are presented at a summary or aggregated to a level to prevent identification, particular where a condition is rare and the numbers in the population are small.
Anonymised data is information which does not identify an individual directly and which cannot reasonably be used to determine identity. Anonymisation does not allow information about the same individual to be linked in the same way that pseudonymisation does and is therefore more likely to be used for ‘one-off queries’ of data rather than consistent trend analysis.
Pseudonymisation (also known as de-identification) refers to the process of replacing personally identifiable information relating to a patient/service user with an alternative ‘identifier’ (such as a randomised reference number instead of their unique NHS number) in order that their data can be analysed appropriately (for example as part of trend analysis) without their personal identifiable data being disclosed unnecessarily.
How do we keep information secure and who do we share it with?
We are required to comply with the Data Protection Act (2018) to ensure information is managed securely and this is reviewed every year as part of Data Security and Protection Toolkit assessment submission. Information is strictly made available only to key professionals who have a clear and legal need to see it. All staff are required to undertake regular training and to comply with policies and procedures around Data Protection, information security, confidentiality and the safe handling of information.
We hold information for as long as is necessary in line with the councils’ statutory and service delivery obligations as enshrined in our respective retention policies.
Information is only shared with other organisations where their involvement is required to provide a service, for us to comply with our Public Health responsibilities or where we are under a legal requirement to share it. The organisations we may need to share information with include organisations such as national and local NHS bodies, the Office for National Statistics, NHS Digital, other local authorities and schools. Any sharing will be assessed to ensure the organisations will meet the same standards of security and confidentiality as we do. We commit to publish a list of these organisations we share this data with.
Access to ONS births and deaths data
NHS Digital require us to further detail how we access, and use, ONS Births and deaths (mortality) data. ONS mortality data are supplied to us via a link to the Primary Care Mortality Database (PCMD). The PCMD holds data about people who have died in our areas, as provided at the time of registration of the death, along with additional GP details, geographical information, details about the cause of death and associated administrative details. ONS births data hold information about births in our areas, collected at birth registration and is supplied to us in securely emailed text files.
Our access to these data is by application to NHS Digital for use by Public Health analysts in local authorities for statistical purposes to support our functions. Data supply and management is covered by a Data Access Agreement (DAA) with NHS Digital.
The terms of the DAA stipulate that data are supplied to us under specific legislation and for specific purposes. Access is permitted under section 42 (4) of the Statistics and Registration Service Act 2007, as amended by section 287 of the Health and Social Care Act 2012, for the purpose of statistical analysis for Local Authority Public Health purposes. NHS Personal Confidential Data (PCD) is released under regulation 3 of the Health Service (Control of Patient Information) Regulations 2002 and can only be used for Public Health purposes.
This ONS births and deaths data are of significant value to the Local Authority as it enables our analysts to respond to:
- measure the health, mortality or care needs of the population, for specific geographical area or population group
- plan, evaluate and monitor health and social care policies, services or interventions; and,
- protect and/or improve the public’s health, including such subjects as the incidence of disease, the characteristics (e.g. age, gender, occupation) of persons with disease, the risk factors pertaining to sections of the population, or the effectiveness of medical treatments
Identifiers included in data relating to deaths (PCMD)
The PCMD includes the following fields:
- deceased’s address
- postcode of usual residence of the deceased
- postcode of place of death
- NHS number
- date of birth
- date of death
- maiden name (PID field specified by NHS Digital / ONS but not present in current PCMD).
- name of certifier
- name of coroner
- cause of death (ICD10 coded cause of death will be retained in the data set used by PCMD data processors and analysts, all having completed the relevant approvals)
Identifiers included in data relating to births
Data related to the birth, the mother of the new born and administrative details about the birth and include:
- address of usual residence of mother
- place of birth
- postcode of usual residence of mother and postcode of birth of child
- NHS number of child
- date of birth of child
Registrar deaths data
To be able to understand if resident death rates differ by ethnicity the Public Health team shares borough death registration data with the local NHS. Public Health shares the Name, date of birth sex and postcode of the deceased, this enables the ethnicity of the deceased to be obtained from their medical record.
Data processing and secondary analysis
In order to gain access to, process, store and analyse births and deaths data appropriately and safely we do the following:
- access to the births and deaths data, whether identifiable data or anonymised data, is restricted to those staff members who have signed the appropriate NHS Digital data access agreements. The data are stored on our IT network at a location that is restricted to those staff
- data are encrypted and are password protected
- access to the source identifiable data is restricted to those staff who have been nominated as data processors for the births and deaths data
- for those staff engaged in secondary analysis, we have removed the identifiable data, as this is not routinely required for the permitted uses of the data
- should we need to link data sets we request NHS Digital – our permitted third party data processor - to undertake the data linking
- publication of the results of secondary data analysis are limited to the permitted purposes aggregated in line with our Data Access Agreement with NHS DigitalONS rules on the uses of health based statistical data and disclosure
- the information are only used for the purpose(s) described above and use will meet the criteria and principles established in the ONS Disclosure Control Guidance for Birth and Death Statistics
- we are not permitted to, or have no business need to, link the deaths and births data directly with any other data. We do, however, assimilate the data with other sources of data, information and evidence in order to carry out our Public Health responsibilities. Further details about the deaths data (PCMD) can be found at NHS Digital
You have a right to request that the Public Health team stop processing your personal data in relation to any council service. Where possible we will seek to comply with your request but may need to retain and/or continue to process your information in order to a) meet a statutory/legal obligation or b) maintain the integrity of the council’s information. Prior to any such decision the Public Health team will endeavour to work with you to come to a common understanding and agreement over how your data is being used by the service, including how it is safeguarded to ensure your privacy is maintained
You have the right to opt out of the Public Health team receiving or holding your personal identifiable information. There are occasions where service providers will have a legal duty to share information, for safeguarding or criminal issues. The process for opting out will depend on what the specific data is and what programme it relates to. For further information, please contact the Corporate Information Management Team email: [email protected]
Accessing your data and further enquiries
The Public Health Directorate is part of Kensington and Chelsea and Westminster Council services. These Councils are registered as a Data Controllers with the Information Commissioner’s Office (Registration Numbers Kensington & Chelsea Z8525658; Westminster Council Z5674504 respectively) under the Data Protection Act (1998). Further details about how the Council processes personal data can be found in our registration on the Information Commissioners website.
If you would like to see the information that is held about you, you can make a request for this to the councils’ Information Governance Team at [email protected].
They can also be contacted if you have a query or complaint about the use of your information.
The Information Commissioner’s Office is the national regulator for compliance with the Data Protection Act who can provide independent guidance.
Issue date: 6 October 2021
Review date: 5 October 2022