Public Health privacy policy

Our contact details

  • Name: Professor David Whiting - Director of Public Health
  • Address: Gun Wharf, Dock Road, Chatham, Kent, ME4 4TR
  • Phone: 01634 332 636
  • Email: david.whiting@medway.gov.uk.

Types of personal information we collect

We work with many types of data to promote health and support improvements in health and care services in Medway. Personal information such as:

  • identifiable data - personal information that can identify individuals, including name, date of birth, gender, address, postcode and NHS number
  • special category data - including race or ethnic origin, data concerning health, sex life, sexual orientation or religion
  • pseudonymised data - information about individuals but with identifiable details replaced with a unique code
  • anonymised data - information about individuals has all identifying details removed
  • aggregated data - data about several individuals combined to show general trends or values without identifying individuals in the data. 

How we collect and receive personal information

Most of the personal information we collect is provided to us by you taking part in one of the following programmes or services:

  • the National Health Check Programme
  • working groups for mental health and emotional wellbeing services
  • A Better Medway health related programmes run by us. Examples include the stop smoking support service, Health Way weight management service and the NHS health check service.

We also receive personal information indirectly including:

  • information collected at registration of a birth or death
  • attendance at Medway Accident and Emergency Services
  • client and customer use of provider services commissioned by us
  • information provided by NHS Kent and Medway Integrated Care Board (ICB)
  • information provided by signatories to Kent and Medway Information Sharing Partnership. View full list of signatories
  • schools
  • GP practices
  • informing health funding arrangements between public health, ICB, children's social care (CSC) and education. 

How we use the personal information we collect

We use the information you have given us to understand more about the population of Medway by measuring the health and care needs of the resident population. 

This helps us to:

  • deliver more effective services and intervention
  • target hard to reach and high risk population groups
  • estimate projected need in the population for health conditions and care.

Some of the data sources and ways we do this include:

Birth data tables

This dataset provides us with access to identifiable data about the number of births occurring in our geographical boundaries as a unitary authority. Data includes the:

  • address and postcode
  • mother's place of birth
  • child's place of birth postcode
  • child's NHS number
  • child's date of birth.

This data is supplied to us by NHS Digital under strict licence and data disclosure controls.

Kent and Medway Care Record (KMCR)

This dataset is supplied by the Kent and Medway ICB providing us and healthcare professionals with a joined up view of an individuals care and treatment from multiple health providers. It contains automated, regular data feeds from:

  • acute hospital trusts
  • community services providers
  • mental health providers
  • GP practices
  • social care teams based in local authorities. 

National Child Measurement Programme (NCMP)

This dataset is collected by NHS nurses at Medway schools. It provides annual figures for height and weight measurements for children between the ages of 4 and 6 (year R) and 10 and 11 (year 6). The data is used to support local public health initiatives and to inform the planning and delivery of services for children. 

Medway Health and Wellbeing Survey

Our Public Health team conducted a health and wellbeing survey with a sample of the population in 2021 to 2022. The main aim of the survey was to provide estimates of key health states and risk factors in the Medway Ward and at the Primary Care Network (PCN) level.

National Institute of Healthcare Research (NIHR) Health Determinants Research Collaboration (HDRC)

HDRC is a collaboration between Medway Council, the lead organisation, the University of Kent and the people of Medway. The aim of the collaboration is to increase the capability and capacity to undertake health research. The research can be used to make better strategic and operational decisions to benefit local communities health and wellbeing and reduce health inequalities across the district. This work includes:

  • conducting internal research
  • data analysis
  • supporting policy development
  • providing training and profession development for staff and community researchers
  • developing better understanding of community needs and priorities. 

Medway Public Health Services Data

We collect data delivering our public health services, for example smoking cessation or healthy weight. The data collected includes basic demographic characteristics and items related to the delivery of the particular service. We ask for explicit content to collect and analyse the data. This data is stored in the PHAIR database management system. 

We do not routinely share personal identifiable information, except for direct care. We may on occasion share anonymised data collected by us with other organisation, for example research purposes. We will only share data only after conducting a privacy impact assessment and establishing a data sharing agreement with the organisation. 

Who we can share your personal information with

We may share your information with:

  • National Child Mortality Database (eCDOP)
  • your GP practice
  • Health Diagnostics (Commissioned Service Provider)
  • Expert Practitioner Network (EPN) Clinical Supervision
  • Healthwatch Medway (Commissioned Service Provider) 
  • Kent and Medway Information Sharing Partners.

We do not disclose any personal identifiable data to a third party who is not identified on our licence agreement with NHS Digital unless identified above. 

Any data requests from a third party will only receive anonymised and aggregated data to comply with the Office of National Statistics Disclosure Guidelines or we're legally required to do so. 

The legal basis

Under the UK General Data Protection Regulation (GDPR) the lawful bases we rely on for processing data include:

  • Your consent, you're able to withdraw your consent at any time. You can do this by emailing us at david.whiting@medway.gov.uk.
  • If we have a contractual obligation
  • If we have a legal obligation under:
    • Section 42(4) of the Statistics and Registration Act 2007 as amended by Section 287 of the Health and Social Care Act 2012
    • Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002
    • Article (6)(1)(c) The Children and Families Act 2014. 
  • If we have a vital interest
  • If we need to perform a public task.

How we store your personal information

Your information is stored securely within our internet data management systems. Only staff have access based on their role within the service. 

We keep your personal data in line with our internal data retention schedules. Our data retention schedule is reviewed regularly to ensure it's kept up to date with legislative and technology changes.

NHS England Records Management Code of Practice is used as guidance to determine the retention period for relevant services. You can contact us about individual projects and programmes retention periods. 

We do not transfer your data outside of the United Kingdom. 

National data opt-out

The national data opt-out (NDOO) is a service that allows patients to choose if they want to allow their data to be used for research and planning in line with the NDOO policy. This applies to disclosures requiring approval under Section 251 of the National Health Service Act 2006 and The Health Service (Control of Patient Information) Regulations 2002. This act and regulation enables the common law duty of confidentiality to be temporarily lifted so that confidential patient information can be disclosed without the data controller being in breach of the common law duty of confidentiality. 

We do not share data of this sort, and there are no plans to do this in the future. We only share confidential identifiable information with other organisations such as the NHS for the purpose of direct care. 

View our statement of compliance for NDOO

Your rights

Under the data protection law, your rights include:

  • your right to access - you have the right to ask for copies of your personal information
  • your right to rectification - you have the right to ask us to correct personal information you think is inaccurate and ask us to complete information you think is incomplete
  • your right to erase - you have the right to ask us to delete your personal information in certain situations
  • your right to restriction of processing - you have the right to ask us to restrict processing of your personal information in certain situations
  • your right to object to processing - you have the right to object to processing of your information in certain situations
  • your right to data portability - you have the right to ask us to transfer the personal information to another organisation or to you in certain situations.

You're not required to pay a charge for exercising your rights. 

If you make a request, we have one month to respond to you. 

Making a request

To make a request you can contact gdpr@medway.gov.uk.