Privacy Notice – Public Health
Public health encompasses everything from national smoking and alcohol policies, the management of epidemics such as flu, the control of large scale infections such as TB and Hepatitis B to local outbreaks of food poisoning or Measles.
Public Health England (PHE) monitors the numbers of certain infections that occur in healthcare settings through routine surveillance programmes, and advises on how to prevent and control infection in establishments such as hospitals, care homes and schools. In order to allow PHE to carry out accurate monitoring of infections, it may rely on information held by the Integrated Care Board (ICB) with regards to Healthcare Acquired Infections (HCAIs).
This will mean the subjects personal and health information being shared with the Public Health organisations.
Some of the relevant legislation includes:
- Health Protection (Notification) Regulations 2010 (SI 2010/659)
- Health Protection (Local Authority Powers) Regulations 2010 (SI 2010/657)
- Health Protection (Part 2A Orders) Regulations 2010 (SI 2010/657)
- Public Health (Control of Disease) Act 1984
- Public Health (Infectious Disease) Regulations 1988 and
- The Health Service (Control of Patient Information) Regulations 2002
Data Controller contact
If you have any queries, concerns, or want to request that we change or delete your information, you may contact NHS Derby and Derbyshire ICB at the following address:
Information Governance Team, Scarsdale, Nightingale Close, Newbold, Chesterfield, Derbyshire, S41 7PF
Email: ddicb.igteam@nhs.net
Purpose of the processing
There are occasions when medical data needs to be shared with Public Health England, the Local Authority Director of Public Health, or the Health Protection Agency, either under a legal obligation or for reasons of public interest or their equivalents in the devolved nations.
Lawful basis for processing
The lawful justification for the processing and possible sharing of this data is under the following Article 6 and Article 9 of the UK General Data Protection Regulations (UK GDPR):
Article 6(1)(c) “processing is necessary for compliance with a legal obligation to which the controller is subject.”
Article 9(2)(i) “processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices,..”
Recipient or categories of recipients of the processed data
The data will be shared with Public Health England and equivalents in the devolved nations.
Right to object
You have the right to object to some or all the information being processed under Article 21 of UK GDPR. To object to the processing of your information, please contact the controller. You should be aware that this is a right to raise an objection, which is not the same as having an absolute right to have your wishes granted in every circumstance.
Right to access and correct
You have the right to access the data that is being shared and have any inaccuracies corrected. There is no right to have accurate medical records deleted except when ordered by a court of law.
Retention period
The data will be retained for active use during the period of the public interest and according to legal requirements and Public Health England’s criteria on storing identifiable data.
Right to complain
You have the right to complain to the Information Commissioner’s Office (ICO).
Contact the ICO online or call their helpline on 0303 123 1113 (local rate) or 01625 545 745 (national rate).
There are National Offices for Scotland, Northern Ireland and Wales.