Trafford Public Health Privacy Notice
Trafford Public Health is part of Trafford MBC. We moved from the NHS to join the local authority in April 2013 but still work very closely with the NHS.
Our core data protection obligations and commitments are set out in the Council’s primary privacy notice.
This notice provides additional privacy information for:
- People accessing Public Health Services
- Partners working with Trafford Council
It describes how we collect, use and share personal information about you
- In relation to Public Health Services
- The types of personal information we need to process, including information the law describes as ‘special’ because of its sensitivity
It is important that you read this notice, together with any other privacy information we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.
The information collected and held will vary dependent on the services used.
We collect your personal information for the following purpose(s):
- To measure the health, mortality or care needs of the local population
- To plan, evaluate or monitor public health programmes
- To protect and improve public health and wellbeing.
An example of this is shown in the Joint Strategic Needs Assessment, where data from various sources is used to help us understand patterns of disease and outcomes of our residents and what we can do to improve healthy life expectancy.
In bringing together information we have one aim – to protect and improve the health and wellbeing of people in Trafford.
Categories of personal data
In order to carry out these purposes we collect and obtain:
- Aggregated data – data which relates to groups of people rather than to individuals, so that individuals cannot be identified.
- Anonymised data – this is information about individual that has had identifying details removed
- Pseudonymised data – this contains information about individuals but with the identifiable details (e.g. NHS number) replaced with an alternative code or number so that we can link information about an individual without that individual being identified. This would allow us, for example, to understand how many people had one, two, or three or more admissions to hospital.
- Personal data – containing personal data that can identify individuals and may include name, address or postcode, date of birth, gender and NHS number. An example of why we might need this personal data is so that we can link it with another source of information. For example, we might link data about how many medical problems a person has with hospital admissions and social care data to better understand the impacts this has and enable future planning of services.
Where possible we always look to use aggregated, anonymised or pseudonymised data rather than using identifiable personal data. When we do need to use personal data we try to remove as much of the details as possible that could identify an individual. For example, we may need to use the NHS number but replace date of birth with age in years and addresses with codes that cover larger geographical areas.
As well as limiting the amount of personal information we hold to the minimum required to fulfil our functions, we make sure that our staff can only see information that is essential to their job. We take appropriate security measures to prevent the personal data we hold being accidentally or deliberately compromised. For example, only the people who use the data have the relevant security permissions to access the data through log in and password protection methods. These measures are backed up by reliable policies and procedures and well-trained staff. We ensure that we permanently delete any information that we no longer need to hold.
Legal basis for processing
The legal basis for processing your personal information for non-direct care purposes is contained in Section 42(4) of the Statistics and Registration Service Act (2007) as amended by section 287 of the Health and Social Care Act (2012) and Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002.
Article 2(9)(e) of the General Data Protection Regulation also applies.
If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you or we may be prevented from complying with our legal obligations.
We hold and share information for public health purposes about people we directly provide a service to and people for whom we have a responsibility for in respect of our public health functions to improve and protect the health of the population. .
This includes all Trafford residents, people receiving health and care services in Trafford and people who work or attend school in Trafford. Under out statutory obligation to provide a public health advice service to our local NHS clinical commissioning groups (CCGs), this also extends to people registered with a general practice within Trafford.
Organisations which may share data with us include the Office for National Statistics (ONS), NHS Digital, NHS providers and other local authorities.
We will not normally share your information with organisations other than our partner organisations; however, there may be certain circumstances where we would share without consent such as where we are required to do so by law, to safeguard public safety, and in risk of harm or emergency situations. Only the minimum information for the purpose will be shared.
Much of the information we produce is in the form of anonymous statistics published though our website and in reports and papers to the Health and Wellbeing Board, the governing bodies and performance boards. We never publish information that could be used to directly identify an individual.
For this service all the decisions we make about you involve human intervention.
Our Corporate Retention Schedule outlines how long we retain certain types of information. For further information on how long we retain your data in accordance with retention guidelines, please contact email@example.com
Rights of individuals
- exercising your rights
- contacting our Data Protection Officer
- raising a concern with us, or
- making a complaint to the Information Commissioner is accessible in our Guide to exercising your rights.
We may update or revise this Privacy Notice at any time so please refer back to this page for the most up-to-date version.
This page was last modified: Wednesday 24 July 2019 18:22