Public health privacy notice

All Local Authorities have a duty to improve the health of the population they serve. To help with this, our Public Health team use data and information from a range of sources including information collected at the registration of a birth or a death and client/customer use of provider services as commissioned by Gateshead Council.

Although not direct care, this helps us to understand more about the health and care needs of the population/s in our area. We can use the data to measure the health, mortality, morbidity and care requirements of our population, allowing us to plan and deliver health and care services in a coordinated and efficient way.

We act as a 'data processor and controller'. This means that we collect and process information. We also follow the high information governance standards and instructions as set by NHS Digital. 

Types of information we use

We work with many types of data to be able to promote health and support improvements in the delivery of health and care services in Gateshead. This includes processing:

1. Identifiable data - containing personal data that can identify individuals, such as name, date of birth, gender, address, postcode and NHS number.
2. Pseudonymised data - this contains information about individuals but with the identifiable details replaced with a unique code.
3. Anonymised data - this information about individuals has had all identifying details removed.
4. Aggregated data - this is when all anonymised information has been grouped together so that it doesn't identify individuals.

How your information is used in Public Health

We hold the following data collections that contain various different types of data about individuals and populations:

1. Hospital Episode Statistics (HES) - We hold pseudonymised records about health care and treatment you may have received in any English hospital in the form of Hospital Episode Statistics. This includes inpatient and day case admissions, outpatient appointments and Accident and Emergency attendances. This data is supplied by NHS Digital (previously the Health and Social Care Information Centre) to us under license. We do not hold identifiable HES data.
2. Births data tables - This dataset provides us with access to identifiable data about the number of births that occur within our geographical boundary. It includes the address of usual residence of mother, place of birth, postcode of usual residence of the mother, postcode of place of birth of child, NHS number of child and the date of birth of the child. This data is only supplied to us by NHS Digital under strict license and data disclosure controls.
3. Vital statistics tables - This dataset is aggregated together so that it does not identify individuals. It contains data on live and still births, fertility rates, maternity statistics, death registrations and cause of death analysis by our geographical boundary. This data is only supplied to us by NHS Digital under strict license and data disclosure controls. 

The legal basis for the flow of Public Health data

We have different legal responsibilities for different types of information we hold and analyse in the Public Health Information team. We follow Section 42(4) of the SRSA (2007) as amended by section 287 of the Health and Social Care Act (2012) and Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002.

Information about hospital activity is supplied to local authorities by NHS Digital. This contains data collected when someone is admitted to a hospital bed, attends as an inpatient, outpatient, or attends an urgent care centre. We have a data access agreement with NHS Digital. Data are supplied in accordance with section 261 of the Health and Social Care Act 2012, and Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002.

The lawful bases for processing under the GDPR are the public interest ones set out in Articles 6(1)(e) and 9(2)(g). That processing will be in proportion to the particular purpose, respect your basic rights, especially your privacy, and have proper regard for your interests.

How your data is kept safe and secure

All the data we process and hold is kept safely and securely within our IT systems. 

We do not disclose any data to a third party who is not identified on our license agreement with NHS Digital. Any data requests received from a third party will only receive anonymised and aggregated data to a level that complies with the Office of National Statistics Disclosure Guidance or, we are required to do so for legal reasons.

Opting out of Public Health datasets

You have the right to opt out of Gateshead Council Public Health receiving and processing your personal identifiable information. There are occasions where service providers will have a legal duty to share information, for example for safeguarding or criminal issues.  The process for opting out will depend on what the specific data is and what programme it relates to.  

You can choose not to have information about you shared or used for any purpose beyond providing your own treatment or care. In order to opt out of your data being used contact the Information Commissioners Officer via email at accessicoinformation@ico.org.uk or visit their website.  

Alternatively, contact your GP for further information about registering an opt-out or to end an opt-out you have already registered. The NHS website explains how your personal information is held, accessed and shared with organisations, such as Gateshead Council.

Access to your personal information

To make a request for personal information you please visit our data protection page.