The Council has the responsibility for delivering a range of public health services. There are many services we can provide without using personal data and we do this as much as we can. However, there are some services which require us to use information about individuals in order to deliver the service.
Local authority public health responsibilities are set out in the Health and Social Care Act 2012. In order to fulfil these statutory responsibilities we have a legal basis to process personal confidential data for certain public health purposes under Section 42(4) of the SRSA (2007) as amended by section 287 of the Health and Social Care Act (2012) and Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002. The UK Parliament website contains more information about local authorities' public health responsibilities in England.
Local authorities’ public health responsibilities (England) - Parliament.uk (external website)
We collect and hold information for public health purposes about:
We have a public health duty of care to all these people.
Personal information about births is supplied to local authorities by NHS DigitalOpens new window. This contains data provided at the time of registration of birth, along with additional geographic information. This includes the date of birth and NHS number of the child, place and postcode of birth, and address and postcode of usual residence of mother.
Personal information about deaths is supplied to local authorities by NHS Digital:
NHS Digital (external website)
This contains mortality data provided at the time of registration of death along with additional GP details, geographic information and coroner details where applicable. This includes the date of birth, date of death, the cause of death, place and postcode of death, usual address and postcode of the deceased, their NHS number and maiden name, the name of the certifier, and name of coroner (where relevant).
For both birth and mortality records, we have a data access agreement with NHS Digital and data are supplied under Section 42(4) of the SRSA (2007) as amended by section 287 of the Health and Social Care Act (2012) and Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002.
Information about hospital activity is supplied to local authorities by NHS Digital. This contains data collected when someone is admitted to a hospital bed, attends as an inpatient, outpatient, or attends an urgent care centre. We have a data access agreement with NHS Digital and data are supplied in accordance with section 261 of the Health and Social Care Act 2012, and Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002. Data supplied are pseudonymised, a process by which information within a data record that may identify an individual is replaced by artificial identifiers or pseudonyms which mean that individuals are no longer identifiable. Information held includes age, the method of admission, the source of admission, diagnosis codes, procedure and investigation codes, the area of residence, hospital attended, date of attendance, and GP practice of patient. More information on this NHS Digital dataset can be found here:
Hospital Episode Statistics – NHS Digital (external website)
This information is provided to the council either direct from the public or by national organisations like NHS Digital, the Office for National Statistics or NHS organisations such as hospitals, GP practices, clinical commissioning groups and local authorities.
We use this information to deliver our public health functions.
To achieve these functions we:
We publish a range of outputs in relation to public health, on the East Riding Data Observatory website:
East Riding Data Observatory (external website)
However, we will never publish public health information that identifies a group of fewer than five individuals, in order to protect the identities of individuals.
Data is provided to the public health service either direct by the public or by national and local NHS and local authority data services and organisations and shared with public health in accordance with the Data Protection Act 1998 principles. All data is stored securely in East Riding of Yorkshire Council systems and is managed using the principles of medical confidentiality and data protection. The number of staff handling such data is limited to key professionals, all who undertake regular training about data protection and managing personal information.
Confidential public health data will only be shared with other local NHS partners like clinical commissioning groups, local authorities or care organisations, once the necessary legal basis has been established and data protection safeguards have been verified, so that the data is managed and used under the same restrictions. Anyone who receives information from East Riding of Yorkshire Council public health is also under a legal duty to keep it confidential.
Information is held by the public health team at the council and is not shared with any other departments. We will not be disclose any public health information to anyone without appropriate permission, unless we have a legal reason to do so. For example disclosure may be necessary to protect a person from suffering significant harm or to prevent or detect crime. Such requests are allowed only from a senior police officer and above ranks.
You have the right to opt out of East Riding of Yorkshire Council public health receiving or holding your personally identifiable information. There are occasions where service providers will have a legal duty to share personal data, for example for safeguarding or criminal issues.
The process for opting out will depend on what the specific data is and what programme it relates to.
For further information, you can email public health intelligence at firstname.lastname@example.org
If you want to know more about how the Council uses information, your rights or how to complain visit the general privacy information page.