Privacy Notice - Public Health Services

Privacy Notice for Public Health Services

Nature of work

Solihull Metropolitan Borough Council (SMBC) is a data controller for the purposes of data protection legislation. The Public Health team of SMBC also has a legal status allowing the processing of personal confidential information for certain public health purposes (as outlined below in this statement). The use of such information will be restricted for these legal purposes and in full adherence to the principles contained in data protection legislation

All local authorities have a duty to improve the health of the population they serve. To help with this we use information from a range of sources; including that collected at the registration of a birth or death, to understand more about the health and care needs in the area. Public Health teams within local authorities are also required to commission and manage services for their population.

Who do we process information about?

The Public Health team collects and holds information for public health purposes about:

  • residents of Solihull
  • people receiving health and care services in Solihull
  • people who work or attend education settings in Solihull

all of whom it has a public health duty of care.

How do we collect this information?

This information is collected in two ways:

  1. It may be provided to us directly by a member of the public when they sign up to use a service we are providing.
     
  2. It may be shared with us by another organisation due to us being part of a service they are providing, or as part of research and intelligence necessary for public health functions, such as informing decisions on the design and commissioning of services. This will include organisations such as Office for National Statistics, NHS England, national and local NHS bodies and Integrated Care Boards, local authorities and education settings.

What types/classes of information do we hold and how do we use it?

The Public Health team uses personal identifiable and special category information about residents and service users, to enable it to carry out specific functions for which it is responsible, such as:

  • Managements of risks to public health
  • Health protection, including infectious disease outbreak management
  • National Child Measurement Programme
  • Healthy Child Programme Service (0-19 years) incorporating Health Visiting, Family Nurse Partnership, Infant Feeding and School Nursing Services.
  • Mandated Health Visiting Checks (Antenatal, New Baby Visit, 6-8 weeks, 12 months and 2 years)
  • 0-5 Health Services, as per Mandated Health Checks above.
  • School Nursing Services (At 4 years)
  • Smoking Cessation
  • Lifestyle services provided by Solihull Active (part of the Solihull public health team)

Personal information means details which relate to a living individual, who can be identified from the information or from that and other information held by the data controller (i.e. it can be linked to become identifiable).

This information includes:

  • contact details
  • NHS number
  • geographic codes such as full postcodes for the analysis of health inequalities
  • date of birth
  • information from birth and death certifications (personal identifiable information from NHS England used for public health purposes)
  • ethnicity

The Public Health team also uses the information to derive statistics and intelligence for research and planning purposes, which include:

  • producing assessments of the health and care needs of the population, in particular to support the statutory responsibilities of the:
    • Joint Strategic Needs Assessment (JSNA)
    • Director of Public Health Annual report
    • Health and Wellbeing Strategy
  • identifying priorities for action
  • health protection, including infectious disease outbreak management
  • informing decisions on (for example) the design and commissioning of services
  • to assess the performance of the local health and care system and to evaluate and develop them
  • to report summary statistics to national organisations
  • undertaking equity analysis of trends, particularly for vulnerable groups
  • to support clinical audits

In these cases, the information is used in such a way that individuals cannot be identified and personal identifiable details are removed as soon as possible in the processing of intelligence.

  • Information about the provision of Public Health services including:
    • Immunisations; for example, influenza (flu)
    • Drug and alcohol treatment services
    • Sexual health services
    • 0-5 health services
    • Healthy Start Vitamins
    • School nursing services
    • Lifestyle and behaviour change services e.g. Health trainers, weight management and Solihull Active
    • Cancer screening
    • Other screening programmes
    • Public health initiatives
  • Information about lifestyle behaviours including information collected from surveys
  • Information on Domestic abuse
  • Information about disease prevalence including cancer registrations
  • Information about other health statuses including blood pressure
  • Information about infectious disease outbreak management
  • Information about health and social care use, including:
    • GP services
    • Hospital services
    • NHS community services
    • Mental health services
    • Social care services

How do we keep information secure and with whom do we share it?

We are required to comply with data protection legislation to ensure information is managed securely. This is reviewed every year as part of our NHS Information Governance Toolkit assessment.

Any personal identifiable information is sent or received using secure email. All information is stored electronically within the United Kingdom on secure equipment and is managed using the principles of medical confidentiality and data protection. The number of staff accessing and handling such information, is limited to only those key professionals named on relevant signed information sharing agreements (where applicable); all who of whom undertake regular training about data protection and managing personal information.

Confidential public health information will only be shared with other areas of the NHS, local authorities or care organisations with the permission of the Caldicott Guardian, once the necessary legal basis has been established and data protection safeguards have been verified; so that the information is managed and used under the same restrictions. Anyone who receives information from the SMBC Public Health team is also under a legal duty to keep it confidential.

In relation to births and deaths, the information will only be processed by local authority employees in fulfilment of their public health function. It will not be transferred, shared, or otherwise made available to any third party, including any organisations processing information on behalf of the local authority, or in connection with their legal function.

How long we will keep your information

It will be kept for the minimum period necessary and in line with legislation.

Transfers Overseas

Information is not transferred overseas.