From 1 April 2013, local authorities were given a new duty to improve the health of their residents.
The Public Health team in a local authority is required to commission and manage certain Public Health services for residents, and provide advice and intelligence about health and wellbeing to help the Council, NHS and other partners plan services that meet the needs of the people of Enfield. To fulfil this function, the Enfield Public Health team uses data and information from a range of sources.
The Enfield Public Health team has a legal status allowing the processing of Personal Confidential Data for Public Health purposes. The use of such data will be restricted so that the principles contained in the Data Protection Act 1998 are fully adhered to. The legal basis is section 42(4) of the Statistics and Registration Service Act (2007) as amended by section 287 of the Health and Social Care Act (2012) and regulation 3 of the Health Service (Control of Patient Information) Regulations 2002.
The data we collect
The Enfield Public Health team collects and holds information for public health purposes about:
- residents of Enfield
- people receiving health and care services in Enfield
- people who work or attend school in Enfield
all to whom it has a public health duty of care.
This information includes;
- information from birth and death certifications (personal identifiable information from NHS Digital used for public health purposes)
- information about the provision of Public Health related services including:
- control of infection
- drug and alcohol treatment services
- sexual health services
- 0-5 Health Visiting and Family Nurse Partnership services
- school nursing services
- National Child Measurement Programme
- lifestyle and behaviour change services
- cancer screening
- other screening programmes
- public health initiatives
- information about lifestyle behaviours, including data collected from surveys
- information about disease incidence and prevalence, including cancer registrations,
- information on other health issues such as blood pressure and diabetes,
- information about health and social care use, including
- GP services
- Hospital services
- NHS community services
- Mental health services
- Social care services
- Geographical codes such as postcodes for analyses of health inequalities
Types of information we use
We work with many types of data to be able to promote health and support improvements in the delivery of health and care services in Enfield. We can describe the data as follows:
- Personal Identifiable data (PID) – this is personal data that can identify individuals, such as name, date of birth, gender, address, postcode and NHS number.
- Pseudonymised data – this contains information about individuals but with the identifiable details replaced with a unique code.
- Anonymised data – All identifying details are anonymised so individuals can not be identified.
- Aggregated data – This is data that has been grouped together so that it doesn’t provide information on individuals, only groups of people.
Why do we collect this information and how do we use it?
Enfield Public Health team uses personal identifiable information about residents and users of health care, to enable it to carry out specific functions for which it is responsible, such as:
- control of infection
- management of risks to public health
- organising the National Child Measurement Programme
- organising the NHS Health Check Programme
- organising and supporting the 0-5 health visiting and Family Nurse Partnership Services and school nursing services
- organising sexual health services
- organising drug and alcohol treatment services.
The Public Health team also uses the information to derive statistics and intelligence for assessments and planning purposes, which include:
- producing assessments of the health and wellbeing needs of the population, in particular to support the statutory responsibilities of the:
- Joint Strategic Needs Assessment (JSNA)
- Director of Public Health Annual report
- Health and Wellbeing Strategy
- Pharmaceutical Needs Assessment
- identifying priorities for action
- informing decisions on (for example) the design and commissioning of services
- to assess the performance of the local health and care system and to evaluate and develop them
- to report summary statistics to national organisations
- undertaking equity analysis
- to support clinical audits, for example deaths from suicide or childhood deaths
- to provide intelligence to aid the Council in its duty to protect and improve the health of the population
These statistics are presented in such a way that individuals cannot be identified from them and personal identifiable details are removed as soon as is possible in the processing of intelligence.
How do we collect this information?
This information is collected in two ways:
It may be provided to us directly by a member of the public when they sign up to use a service we are providing.
It may be shared with us by another organisation due to us being part of a service they are providing, or as part of research and intelligence necessary for Public Health functions, such as informing decisions on the design and commissioning of services. This will include organisations such as Office for National Statistics, NHS Digital, national, regional and local NHS bodies, Clinical Commissioning Group, local authorities and schools.
How do we keep our information secure and who do we share it with?
We are required to comply with data protection regulations to ensure information is managed securely and this is reviewed every year as part of our NHS Information Governance Toolkit assessment.
Any personal identifiable data is sent or received using secure email. All data is stored electronically on secure equipment and is managed using the principles of medical confidentiality and data protection. The number of staff accessing and handling such data is limited to only those key professionals named on relevant signed information sharing agreements (where applicable), all who of whom undertake regular training about data protection and managing personal information.
Confidential public health data will only be shared with other areas of the NHS, local authorities or care organisations, once the necessary legal basis has been established and data protection safeguards have been verified, so that the data is managed and used under the same restrictions. Anyone who receives information from Enfield Council Public Health is also under a legal duty to keep it confidential.
In relation to births, deaths and hospital episode statistics, the data will only be processed by Local Authority employees in fulfilment of their public health function, and will not be transferred, shared, or otherwise made available to any third party, including any organisations processing data on behalf of the Local Authority or in connection with their legal function.
We only keep hold of information for as long as is necessary. This will depend on what the specific information is and the agreed period of time. Data is permanently disposed of after this period, in line with Enfield Council’s retention policy (PDF) or the specific requirements of the organisation who has shared the data with us.
How to opt out
You have the right to opt out of Enfield Council Public Health receiving or holding your personal identifiable information. There are occasions where service providers will have a legal duty to share information, for example for safeguarding or criminal issues. The process for opting out will depend on the specific data is and what programme it relates to. For more information, email email@example.com.
Where to find further information
The Council is registered as a Data Controller with the Information Commissioner’s Office (Registration Number Z5492012) under the Data Protection Act. Further details about how the Council processes personal data can be found in our registration via the Information Commissioner’s Office. You can also view the Council’s NHS Information Governance Toolkit status.