Cheshire East Public Health Team - Privacy notice

What personal information is being processed and what for

The Cheshire East Public Health Team has a duty to protect and improve the health of the residents of Cheshire East. The team focuses on preventing ill health and to do this it needs to understand how, why, where and when ill health occurs.  The key functions of the team are:

  • control of infectious diseases
  • specialist public health advice to Clinical Commissioning Groups (CCGs)
  • undertaking the National Child Measurement Programme (NCMP)
  • providing NHS Health Checks
  • providing sexual health services
  • providing health services for 0-19 year olds, including health visiting and school nursing

The Team must produce:

  • an Annual Report of the Director of Public Health
  • a Pharmacy Needs Assessment every four years

The Team also supports the Health and Wellbeing Board in the production of the Joint Strategic Needs Assessment for health and social care.

The majority of data analysis is undertaken by the Public Health Intelligence Team, but other members of the Public Health Team may occasionally process non-identifiable data for commissioning or health improvement.

Personal data is data relating to an identified living individual. Personal data can be made up of one item, such as a person’s name or a collection of data, such as name, address and date of birth. The public health team may collect identifiable data directly or the identifiable data may be shared with it by another organisation. 

Primary use of data means using data to provide direct care. In public health, this could include protecting people from communicable disease or environmental threats or providing the NCMP .

The Public Health Team also use data and information in the planning, commissioning and monitoring of services and to identify health inequalities. This is referred to as secondary use of data.

In secondary use of data, the data is used in such a way that individuals cannot be identified and personal identifiers are removed as soon as possible in the processing of data.

There is a clear separation between those people nominated to process the data and those that use the data for secondary analysis. Data is often anonymised or pseudonymised. Anonymised data has all personal identifiers removed such that they cannot be replaced.

When data is pseudonymised the identifiers are replaced either with an alternative identifier, so a unique code instead of an NHS number, or with an aggregated field, such as an age band or geographic code. Pseudonymised data can be re-identified with access to the source file.

Some data may also be aggregated (grouped) in different ways, e.g. by geography, sex, age group. Aggregated data may be supplied by separate categories in separate tables to ensure that individuals cannot be identified.

The Team receives the following data sets from other organisations which are classed as identifiable under GDPR :

  • Public Health Births File
  • NCMP Data
  • The Public Health Mortality File (PCMD) – The PCMD relates to deceased individuals but contains some identifiable information about living persons in relation to death certification (Medical professionals and Coroners)

Under the legislation, details relating to health, racial or ethnic origin, religious or other similar beliefs, sexual orientation and political affiliations are regarded as ‘sensitive personal data’. The Team receives the following datasets from other organisations which contain fields that are classed as being sensitive under GDPR :

  • Hospital Episode Statistics (HES) -pseudonymised
  • Data about services we commission from other providers – aggregated or anonymised

More detailed information regarding personal or sensitive data help by the Public Health Team is on the Information Assets Register.

The Team relies on births and deaths data to monitor the health of the population, for example, in identifying areas where low birth weight of babies is more common or where there are high numbers of deaths from heart disease.

This information helps us to provide services which might identify those at risk and prevent some of these events from happening in the future. Vital Statistics data consists of non-disclosive tabulated data about births and deaths in Cheshire East which allows us a deeper understanding of patterns of birth and mortality.

The Team uses Hospital Episode Statistics (HES) to monitor the health of the local population. HES data is valuable to us in being able to assess whether access to services is equitable and to monitor the health of the population, for example, looking at whether there is a higher number of A&E attendances in a certain area or identifying areas where admission for hip fracture is more common.

This information helps us to provide services and interventions which might improve things in these areas or provide an alternative to A&E for some conditions and in some circumstances.

The Team receives information about the height and weight of individual children in Reception and Year 6 from our provider.  This allows us to monitor trends in childhood overweight and obesity and to help provide services to address this for children and their families. 

The Team receives information about the number of health checks offered to and conducted for 40-74 year olds by our providers, which are mainly GP practices.

This information allows us to monitor our providers’ performance and to understand how many people are being invited and attending for health checks and whether this varies by area.

We receive data about sexual health services, substance misuse services and health services for 0-19 year olds. This data is not identifiable but it contains information about the people who use these services by the area that they live in, the age group they fall into, which services they receive and for which conditions.

This information allows us to monitor the performance of our commissioned services and assess whether they are meeting the needs of our population.

Information about the conditions people are presenting with allows us to monitor health in different areas of Cheshire East and to provide solutions tailored for local residents. Some of this data is considered sensitive due to protected characteristics under GDPR .

Why we are allowed to use your information

The Cheshire East Public Health Team collect and process personal data in order to carry out its statutory functions under the following articles of the GDPR: Article 6 (1)(c), Article 6(1)(e), Article 9 (2)(h), Article 9(2)(i). The legal sharing of this data is in accordance with:-

  • Statistics and Registration Services Act 2007, section 42(4)
  • Health and Social Care Act (2012), section 287
  • Health Service (Control of Patient Information) Regulations 2002, Regulation 3.

Births and deaths and Vital Statistics data are supplied to Public Health analysts in Local Authorities and NHS organisations for public health statistical purposes under the Statistics and Registration Service Act (2007) and Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002.

In order to receive these data, the team must fulfil the requirements of the Office for National Statistics (ONS) and NHS Digital. This is evidenced through the completion of a Data Access Request (DARS) form, satisfactory completion of the Information Governance (IG) Toolkit by Cheshire East Council, and individual agreement to be bound by the Terms and Conditions of ONS

HES data is supplied to Public Health analysts in Local Authorities and NHS organisations for public health statistical purposes under Section 261 – Other dissemination of information – of the Health and Social Care Act 2012..  The lawful basis for processing this data is considered to be provided by the following articles of the GDPR: Article 6(1)(e) and Article 9 (2)(h).  In order to receive this dataset, the Team must submit a DARS form to NHS Digital.  The Team is currently governed by NHS Digital DARS-NIC-00747-G8G0Z-v3.4.  NHS Digital reserves the right to audit the Public Health Team in relation to how it stores, processes and uses any of the above data sets.

NCMP data is collected under The Local Authority (Public Health, Health and Wellbeing Boards and Health Scrutiny) Regulations 2013. The processing of information on child height and weight is covered by the ‘exercise of official authority’ and data processing for ‘health or social care purposes’.

Data sets supplied to us by people who provide services to our residents on our behalf are supplied as part of our contract with the relevant organisation.

Health checks data is provided to us under our contract with the relevant provider.

All information is transferred securely through the practice information system EMIS .

Who we will share your information with

The public health team will only publish and share data which has been aggregated (grouped). We will routinely suppress (hide) numbers less than five and ensure that such figures cannot be obtained by differencing (adding and subtracting other figures to work out the missing one).

We will not link records in different datasets e.g. hospital and mortality files, unless we have been given express permission by ONS and NHS Digital to do so.

Under the terms of our agreement with ONS , we may not share data which identifies or may potentially identify an individual, living or dead. This agreement is enforceable by law.

Identifiable information will only be shared with other organisations where we have a legal duty to do this for safeguarding, to protect the health of an individual or group, or for criminal proceedings.

Where we get your information from

Data supplied in the Public Health Birth File is provided by ONS through NHS Digital and comprises information given at the registration of the birth, combined with information provided by the NHS.

The Primary Care Mortality Database (PCMD) is provided in the same way and holds mortality data as provided at the time of registration of the death along with additional GP details, geographical indexing and coroner details where applicable.

Vital Statistics data draws on these records to provide aggregated characteristics. Record level Hospital Episode Statistics (HES) are supplied by NHS Digital; the data is pseudonymised before the Public Health Intelligence Team receives it.

The Public Health Birth File is supplied by secure email and the PCMD , Vital Statistics and Hospital Episode Statistics (HES) Datasets arrive by secure file transfer.

NCMP data is collected by school nurses and transferred to NHS Digital. Public Health analysts receive cleaned data from NHS Digital, which is used for statistical purposes. This data is transferred via secure email.

Health Checks data is accessed via EMIS . Analysts can only access data covered in the data sharing agreement with the relevant practice and use of the system is audited.

Data supplied by our providers is gathered during patient consultations. The aggregated datasets are delivered by secure email.

How long we will keep your personal information

We will only keep hold of your personal information for as long as necessary. The actual time depends on the specific information and the agreed retention period. Some retention periods are specified by the organisations who have shared the data with us.

You can see details of our retention guidelines on our information asset register. Data will be disposed of permanently after the specified period.

How your information is stored

We comply with the Data Protection Act to ensure information is managed securely. This is reviewed every year as part of our NHS Information Governance Toolkit assessment.

Any personal identifiable data is sent or received using secure email. All identifiable, pseudonymised and sensitive datasets are stored electronically on secure servers which can only be accessed public health intelligence professionals.

These individuals are named on the relevant data sharing agreements and undertake regular data protection training.

What happens if you don’t provide us with your information

Information may be provided to us directly by you when you sign up to use a service we are providing. Additionally, information may be shared with us by another organisation due to us having a role in a service they are providing, or as part of providing local data analysis to support decisions related to Public Health functions like the commissioning of services or improving and protecting the public’s health. This will include organisations such as national and local NHS bodies, the Office for National Statistics, NHS Digital, other local authorities and schools.

If we rely on your consent to process your personal information, you have the right to withdraw that consent at any time. If you wish to withdraw your consent, please contact the service that asked for your consent in the first instance.

There are also occasions when service providers may have a legal duty to share information with us, for example, safeguarding, health protection or criminal proceedings.

Will your information be used to make automated decisions


Will this information be transferred abroad


Your rights

You have a number of rights regarding your personal data, including withdrawing your consent where we have asked for it.  You can ask for a copy of the information we hold about you and ask us to correct anything that is wrong.  For detailed information about your rights please see our privacy notice.

You can complain directly to the Council's Data Protection team by email or post.

Data Controller

Cheshire East Council
c/o Municipal Buildings, Earle Street, Crewe, Cheshire CW1 2BJ

Data Protection Officer

Julie Gibbs
Call 01270 686606
1st Floor, Westfields
c/o Municipal Buildings, Earle Street, Crewe, Cheshire CW1 2BJ

You also have the right to complain to the Information Commissioner’s Office using the following details:

Page last reviewed: 24 May 2019