Go to navigation

Public Health privacy notice

All Local Authorities have a duty to improve the health of the population they serve. To help with this, our Public Health team uses data and information from a range of sources including information collected at the registration of a birth or a death and customer use of services as commissioned by Medway Council.

This helps us to understand more about the health and care needs of the populations in our area. We can use the data to measure the health, deaths (mortality), illness (morbidity) and care requirements of our population, allowing us to plan and deliver health and care services in a coordinated and efficient way.

We act as a ‘data processor’ for some data and ‘data controller’ for other data. This means that we collect and process information. We also follow the information governance standards and instructions as set by the ‘data controller’. Our data controller is NHS Digital and it's their responsibility to make sure we are keeping the data safe and monitoring what we use it for.

Types of information we use

We work with many types of data to be able to promote health and support improvements in health and care services in Medway. This includes processing:

  1. Identifiable data – containing personal data that can identify individuals, such as name, date of birth, gender, address, postcode and NHS number.
  2. Pseudonymised data – this contains information about individuals but with the identifiable details replaced with a unique code.
  3. Anonymised data – this information about individuals has had all identifying details removed.
  4. Aggregated data – this is when all anonymised information has been grouped together so that it doesn’t identify individuals.

How your information is used in Public Health

We hold or use the following data collections that contain various different types of data about individuals and populations:

  1. Secondary Uses Service (SUS) – We access pseudonymised records about health care and treatment you may have received in Medway Foundation Trust NHS Hospital. This includes in-patient and day-case admissions, out-patient appointments and Accident and Emergency attendances. We access this under license from NHS Digital (previously the Health and Social Care Information Centre). We do not access identifiable SUS data.
  2. Primary Care Mortality Database (PCMD) – This provides us with access to identifiable deaths (mortality) data as provided at the time of the registration of the death, along with additional General Practice details, geographical indexing and coroner details where applicable. This includes the address and postcode of the deceased, postcode of the place of death, NHS number, date of birth, date of death, name of certifier, and cause of death. Our access to the data is based on our geographical boundaries as a Unitary Authority and the Clinical Commissioning Group in Medway. We are only able to securely access the database by use of the NHS Open Exeter system via an N3 internet connection.
  3. Births data tables – This dataset provides us with access to identifiable data about the number of births that occur within our geographical boundaries as a Unitary Authority and Medway Clinical Commissioning Group. It includes the address, postcode and place of birth of the mother and the postcode of place of birth of child, NHS number of child and the date of birth of the child. This data is supplied to us by NHS Digital under strict license and data disclosure controls.
  4. Vital statistics tables – This dataset is aggregated together so that it does not identify individuals. It contains data on live and still births, fertility rates, maternity statistics, death registrations and cause of death analysis by our geographical boundaries as a Unitary Authority and Medway Clinical Commissioning Group. This data is supplied to us by NHS Digital under strict license and data disclosure controls.

    Legal responsibilities

    We have different legal responsibilities for different types of information we hold and analyse in the Public Health Information team. We follow Section 42(4) of the SRSA (2007) as amended by section 287 of the Health and Social Care Act (2012) and Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002.

How we keep data safe and secure

All the data we process and hold is kept safely and securely within our IT systems. When not in use our PCMD data is encrypted to AES standard 256 level.

We do not disclose any data to a third party who is not identified on our license agreement with NHS Digital. Any data requests received from a third party will only receive anonymised and aggregated data to a level that complies with the Office of National Statistics Disclosure Guidance or, we are required to do so for legal reasons.

Opting out of public health datasets

You have the right to opt out of Medway Council Public Health team receiving and processing your personal identifiable information. There are occasions where service providers will have a legal duty to share information, for example for safeguarding or criminal issues. The process for opting out will depend on what the specific data is and what programme it relates to. You can choose not to have information about you shared or used for any purpose beyond providing your own treatment or care. 

Simply contact your GP for further information about registering an opt-out or to end an opt-out you have already registered. The NHS Choices website explains how your personal information is held, accessed and shared with organisations, such as Medway Council.

Access to your personal information

To make a request for personal information you will need to put the request in writing to:

Email: freedom@medway.gov.uk

Post: Information Governance Team, Legal Services, Medway Council, Gun Wharf, Dock Road, Chatham, Kent, ME4 4TR

In order to process your request we require a fee of £10 and copies of documents to verify your identity, such as a birth certificate. The information you have asked for will be provided within the 40 calendar days limit set out by the data protection act.

When sending your request, it would be helpful if you specified the likely location of where the information may be held or narrow your request to specify dates. This will simplify the process for responding to the request.

For independent advice about the use of your data, contact the Information Commissioners Office.