Public health - data specific purposes

From 1 April 2013, local authorities were given a new duty to improve the health of their residents.

The Public Health team in a local authority is required to commission and manage certain Public Health services for residents, and provide advice and intelligence about health and wellbeing to help the Council, NHS and other partners plan services that meet the needs of the people of Enfield. To fulfil this function, the Enfield Public Health team uses data and information from a range of sources.

The Enfield Public Health team has a legal status allowing the processing of Personal Confidential Data for Public Health purposes. The use of such data will be restricted so that the principles contained in the Data Protection Act 1998 are fully adhered to. The legal basis is section 42(4) of the Statistics and Registration Service Act (2007) as amended by section 287 of the Health and Social Care Act (2012) and regulation 3 of the Health Service (Control of Patient Information) Regulations 2002.

The data we collect

The Enfield Public Health team collects and holds information for public health purposes about:

all to whom it has a public health duty of care.

This information includes;

Types of information we use

We work with many types of data to be able to promote health and support improvements in the delivery of health and care services in Enfield. We can describe the data as follows:

Why do we collect this information and how do we use it?

Enfield Public Health team uses personal identifiable information about residents and users of health care, to enable it to carry out specific functions for which it is responsible, such as:

The Public Health team also uses the information to derive statistics and intelligence for assessments and planning purposes, which include:

These statistics are presented in such a way that individuals cannot be identified from them and personal identifiable details are removed as soon as is possible in the processing of intelligence.

How do we collect this information?

This information is collected in two ways:

It may be provided to us directly by a member of the public when they sign up to use a service we are providing.

It may be shared with us by another organisation due to us being part of a service they are providing, or as part of research and intelligence necessary for Public Health functions, such as informing decisions on the design and commissioning of services. This will include organisations such as Office for National Statistics, NHS Digital, national, regional and local NHS bodies, Clinical Commissioning Group, local authorities and schools.

How do we keep our information secure and who do we share it with?

We are required to comply with data protection regulations to ensure information is managed securely and this is reviewed every year as part of our NHS Information Governance Toolkit assessment.

Any personal identifiable data is sent or received using secure email. All data is stored electronically on secure equipment and is managed using the principles of medical confidentiality and data protection. The number of staff accessing and handling such data is limited to only those key professionals named on relevant signed information sharing agreements (where applicable), all who of whom undertake regular training about data protection and managing personal information.

Confidential public health data will only be shared with other areas of the NHS, local authorities or care organisations, once the necessary legal basis has been established and data protection safeguards have been verified, so that the data is managed and used under the same restrictions. Anyone who receives information from Enfield Council Public Health is also under a legal duty to keep it confidential.

In relation to births, deaths and hospital episode statistics, the data will only be processed by Local Authority employees in fulfilment of their public health function, and will not be transferred, shared, or otherwise made available to any third party, including any organisations processing data on behalf of the Local Authority or in connection with their legal function.

We only keep hold of information for as long as is necessary. This will depend on what the specific information is and the agreed period of time. Data is permanently disposed of after this period, in line with Enfield Council’s  retention policy (PDF) or the specific requirements of the organisation who has shared the data with us.

How to opt out

You have the right to opt out of Enfield Council Public Health receiving or holding your personal identifiable information. There are occasions where service providers will have a legal duty to share information, for example for safeguarding or criminal issues. The process for opting out will depend on the specific data is and what programme it relates to. For more information, email complaintsandinformation@enfield.gov.uk.

Where to find further information

The Council is registered as a Data Controller with the Information Commissioner’s Office (Registration Number Z5492012) under the Data Protection Act. Further details about how the Council processes personal data can be found in our registration via the Information Commissioner’s Office. You can also view the Council’s NHS Information Governance Toolkit status.