The Public Health Directorate has a duty to improve the health of residents of The Royal Borough of Kensington and Chelsea, The London Borough of Hammersmith and Fulham and Westminster City Council.
To help us do this, we use information from a range of sources including the Office for National Statistics, NHS Digital, GP practices, Clinical Commissioning Groups, and hospitals to understand more about the causes of disease and ill health in local population. The following sections explain more about the types of information we hold and the purpose for use.
The Public Health Team based at Westminster City Council process these data on behalf of residents of The Royal Borough of Kensington and Chelsea, The London Borough of Hammersmith and Fulham and Westminster.
We hold information about people we directly provide a service to and about people we have a responsibility for, as part of our Public Health and health improvement functions. This will include residents of Kensington and Chelsea, Hammersmith and Fulham and Westminster, people receiving health and care services in Kensington and Chelsea, Hammersmith and Fulham and Westminster and people who work for or attend school in Kensington and Chelsea, Hammersmith and Fulham and Westminster.
As part of our statutory obligation to provide a public health advice services to our local NHS clinical commissioning group (CCG), we also hold information on people resident within the boundaries of Central London, Hammersmith and Fulham and West London CCG areas or who are registered with one of the CCG’s general practices.
Information that relates to an identifiable living individual is called personal data. This could be one piece of data, e.g. a person’s name or a collection of data, such as name, address and date of birth.
With your consent, we collect some data to enable us to provide direct care services to you. The precise details held will depend on the services you are receiving from Public Health or an organisation commissioned to provide services on our behalf. The specific details collected will be explained when you start the relevant service. The standard information that is used to identify you will be: NHS number, Name, Date of Birth and Postcode.
We also receive some data that may identify you, which will enable us to carry out Public Health functions that are not related to direct care. Some of these types of data are provided to us under specific data access agreements and an example of this is provided below in section 7 about Access to Office for National Statistics (ONS) births and deaths data.
This information is collected in two ways. It may be provided to us directly by a member of the public when they sign up to use a service we are providing. In some cases it may be shared with us by another organisation due to us having a role in a service they are providing, or as part of providing local data analysis to support decisions like the commissioning of services or improving and protecting the public’s health. This will include organisations such as national and local NHS bodies, the Office for National Statistics, NHS Digital, other local authorities and schools.
Primary use of data (for direct care services)
This is where a service collects and uses information that identifies individual residents and users of Public Health services in Kensington and Chelsea, Hammersmith and Fulham and Westminster and is known as ‘personal data’. This personal data is required to enable us to carry out specific functions and services. There are 5 public health functions we must deliver by law that can involve the collection of personal data, which are:
The Public Health Directorate also uses data and information as part of the planning, commissioning and monitoring of services. We do this to help ensure that services meet the needs of people now and in the future, we take steps to improve and protect the public’s health, we work to reduce inequalities in health outcomes and support our local NHS commissioners (NHS Central London, NHS Hammersmith and Fulham and NHS West London Clinical Commissioning Groups). Examples of our work include:
Producing assessments of the health and care needs of the population, in particular to support the statutory responsibilities of the:
In secondary use cases, the information is used in such a way that individuals cannot be identified and personal identifiable details are removed as soon as possible in the processing of the data. Further, results are presented at a summary or aggregated to a level to prevent identification, particular where a condition is rare and the numbers in the population are small.
Anonymised data is information which does not identify an individual directly and which cannot reasonably be used to determine identity. Anonymisation does not allow information about the same individual to be linked in the same way that pseudonymisation does and is therefore more likely to be used for ‘one-off queries’ of data rather than consistent trend analysis.
Pseudonymisation (also known as de-identification) refers to the process of replacing personally identifiable information relating to a patient/service user with an alternative ‘identifier’ (such as a randomised reference number instead of their unique NHS number) in order that their data can be analysed appropriately (for example as part of trend analysis) without their personal identifiable data being disclosed unnecessarily.
We are required to comply with the Data Protection Act (1998) to ensure information is managed securely and this is reviewed every year as part of our NHS Information Governance Toolkit assessment. Information is strictly made available only to key professionals who have a clear and legal need to see it. All staff are required to undertake regular training and to comply with policies and procedures around Data Protection, information security, confidentiality and the safe handling of information.
We hold information for as long as is necessary in line with the councils’ statutory and service delivery obligations as enshrined in our respective retention policies.
Information is only shared with other organisations where their involvement is required to provide a service, for us to comply with our Public Health responsibilities or where we are under a legal requirement to share it. The organisations we may need to share information with include organisations such as national and local NHS bodies, the Office for National Statistics, NHS Digital, other local authorities and schools. Any sharing will be assessed to ensure the organisations will meet the same standards of security and confidentiality as we do. We commit to publish a list of these organisations we share this data with
NHS Digital require us to further detail how we access, and use, ONS Births and deaths (mortality) data. ONS mortality data are supplied to us via a link to the Primary Care Mortality Database (PCMD). The PCMD holds data about people who have died in our areas, as provided at the time of registration of the death, along with additional GP details, geographical information, details about the cause of death and associated administrative details. ONS births data hold information about births in our areas, collected at birth registration and is supplied to us in securely emailed text files.
Our access to these data is by application to NHS Digital for use by Public Health analysts in local authorities for statistical purposes to support our functions. Data supply and management is covered by a Data Access Agreement (DAA) with NHS Digital.
The terms of the DAA stipulate that data are supplied to us under specific legislation and for specific purposes. Access is permitted under section 42 (4) of the Statistics and Registration Service Act 2007, as amended by section 287 of the Health and Social Care Act 2012, for the purpose of statistical analysis for Local Authority Public Health purposes. NHS Personal Confidential Data (PCD) is released under regulation 3 of the Health Service (Control of Patient Information) Regulations 2002 and can only be used for Public Health purposes.
This ONS births and deaths data are of significant value to the Local Authority as it enables our analysts to respond to:
Identifiers included in data relating to deaths (PCMD)
The PCMD includes the following fields:
Identifiers included in data relating to births
Data related to the birth, the mother of the new born and administrative details about the birth and include:
Data processing and secondary analysis
In order to gain access to, process, store and analyse births and deaths data appropriately and safely we do the following:
You have a right to request that the Public Health team stop processing your personal data in relation to any council service. Where possible we will seek to comply with your request but may need to retain and/or continue to process your information in order to a) meet a statutory/legal obligation or b) maintain the integrity of the council’s information. Prior to any such decision the Public Health team will endeavour to work with you to come to a common understanding and agreement over how you data is being used by the service, including how it is safeguarded to ensure your privacy is maintained
You have the right to opt out of the Public Health team receiving or holding your personal identifiable information. There are occasions where service providers will have a legal duty to share information, for safeguarding or criminal issues. The process for opting out will depend on what the specific data is and what programme it relates to. For further information, please contact the Corporate Information Management Team email: PHIEnquiries@westminster.gov.uk
The Public Health Directorate is part of Kensington and Chelsea, Hammersmith and Fulham and Westminster Council services. These Councils are registered as a Data Controllers with the Information Commissioner’s Office (Registration Numbers Kensington & Chelsea Z8525658; Hammersmith & Fulham Z5124889; Westminster Council Council Z5674504 respectively) under the Data Protection Act (1998). Further details about how the Council processes personal data can be found in our registration on the Information Commissioners website.
If you would like to see the information that is held about you, you can make a request for this to the councils’ Information Governance Team at email@example.com.
They can also be contacted if you have a query or complaint about the use of your information.
The Information Commissioner’s Office is the national regulator for compliance with the Data Protection Act who can provide independent guidance.
Issue date: 2 June 2017
Review date: 1 June 2018