We respect the privacy of residents and service users.
Sometimes we need to collect and use information about you so that we can provide you with a service. The information we collect will depend on the services you use, but we try to hold the minimum needed to provide the service.
When we ask you for personal information we will provide a Privacy Notice which explains the reason we need to collect it and the use we will make of it.
When we pay a contractor to provide a service, they will have access to the information they need to work for as long as the contract lasts. Our contractors are required to look after your information as carefully as our own staff and must only use it to provide that service.
We store personal data, and where necessary relevant sensitive personal data (such as data about race or ethnicity, sexual orientation and health conditions) securely within appropriate systems so that it can ensure access is controlled and audited. This may include storage on secured cloud services. Where we use cloud services we ensure they are as secure as our internal systems, however some cloud system providers may need to transmit data held on our behalf to a third country not providing protection to the legal requirements of current European legislation (Directive 95/46/EC).
All Local Authorities have a duty to improve the health of the population they serve. To help with this, the Public Health Evidence and Intelligence team use data and information from a range of sources including information collected at the registration of a birth or a death and information recorded at hospitals. This helps us to understand more about the nature and causes of disease and ill-health in the area. This data can contain person identifiable data (PID) which may identify people such as home address, date of birth, date of death and/or NHS Number.
The legal basis for the flow of data for the above purposes is set out in Section 42(4) of the Statistics and Registration Service Act (2007) as amended by section 287 of the Health and Social Care Act (2012) and Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002.
What we have access to and how it is used.
The public health intelligence team has access to the following data:
- Primary Care Mortality Database (PCMD) - The PCMD holds mortality data as provided at the time of registration of the death along with additional GP details (GP code and GP practice code), geographical indexing and coroner details (coroner name, coroner inquest area and date of inquest) where applicable. Information held includes date of birth, date of death, place of death, address of deceased, causes of death, age, sex, GP and practice, occupation and place of birth. More information on this dataset can be found here: www.content.digital.nhs.uk/pcmdatabase
- Births - Information held includes date of birth, sex of child, birth weight, a birth in marriage indicator, country of birth of parents, occupation of parents, address and postcode of mother, place of birth, a still birth indicator and age of mother.
- Hospital Episode Statistics (HES) - is a data warehouse containing details of all admissions, outpatient appointments and A&E attendances at NHS hospitals in England. This data is collected during a patient's time at hospital and is submitted to allow hospitals to be paid for the care they deliver. HES data is designed to enable secondary use, that is use for non-clinical purposes, of this administrative data. The HES data accessed by the public health intelligence team does not contain person identifiable data (PID).
How your data is used
All information accessed, processed and stored by public health staff will be used to measure the health, mortality or care needs of the population; for planning, evaluating and monitoring health; protecting and improving public health. It is used to carry out and support:
- commissioning and delivery of services to promote health and prevent ill health
- health equity analysis
- health needs assessments
- health protection and other partnership activities
- identifying inequalities in the way people access services
- joint strategic needs assessment
- public health surveillance
Statistics are presented in such a way that individuals cannot be identified from them and personal identifiable details are removed as soon as is possible in the processing of intelligence. In relation to births and deaths, the data will only be processed by Local Authority employees in fulfilment of their public health function, and will not be transferred, shared, or otherwise made available to any third party, including any organisations processing data on behalf of the Local Authority or in connection with their legal function.
How we keep information secure
Any information held by the public health team about individuals will be held securely and in compliance with the Data Protection Act 1998. Information will not be held for longer than required and will be disposed of securely. Information is stored in secure systems within the Council network in line with the NHS Information Governance framework and guidance from national NHS and Local Authority data services. These systems are access controlled, so only relevant analytical employees have access to them. All staff are regularly trained to understand the importance of and their duty towards protecting data and good information governance procedures.
You have the right to opt out of Hertfordshire Public Health receiving or holding your personal identifiable information. There are occasions where service providers will have a legal duty to share information, for example for safeguarding or criminal issues. The process for opting out will depend on the specific data is and what programme it relates to. For further information, please contact the Public Health team by email on PH.email@example.com or by phone on 01992 555137 or by post at Public Health, Hertfordshire County Council, County Hall, Pegs Lane, Hertford SG13 8DN.
If you have concerns about the use of your personal data, the Information Commissioners Office is an independent body set up to uphold information rights in the UK. Further information on how to exercise your rights under the Data Protection Act can be found on the Access the information we hold about you pages of this website.
Home safety visits
NHS England, the Royal College of General Practitioners and Fire and Rescue Services (FRS) in England work together to share information (where relevant, proportionate and necessary) to allow fire service personnel to undertake home safety assessments for those people who would most benefit from a visit.
The majority of fire deaths in the UK occur amongst the elderly population. Older people are most vulnerable to fire and a number of other risks. A home visit from the FRS is proven to make them safer and can reduce risk significantly.
In one area of the UK where this work has been piloted since 2007, there have been very significant reductions in fire deaths and injuries which has developed into a current trend well below the national average. Therefore we know this work can save many lives.
The FRS and NHS will continue to work together in the future to ensure the visits undertaken by the FRS are effective in helping to make people safe and well.
Sharing information and working in partnership
We work in partnership with other organisations to provide some of the services we offer, for example health services, schools, district and borough councils, police and probation services. We will only share relevant information when it’s necessary to provide the service or where the law requires it.
Usually we will tell you if your information is likely to be shared, and ask for your consent when you access the service. But we don’t have to tell you if:
- we are worried about the safety of children or adults
- we think a crime has been or may be committed.
If you want to refuse consent to us holding or sharing your data for a particular service you can, but this may affect how we can provide a service to you.
Many of our buildings and all of our fire appliances use CCTV. Images from these are only kept if an incident or damage is recorded which needs further investigation.
Some of our contractors such as school transport services may also use CCTV.
All vehicles and buildings where CCTV is used are required to display a notice stating this.
Planning and evaluating services
We receive data from external sources to help us plan our services to meet future levels of demand, such as school places, and social care.
We will also use data to ensure that the services we offer are effective for users and offer value for money.
We ask a research company to conduct residents’ surveys on our behalf so that we can get your views on our services and how money should be spent. None of this data is published in a way which will identify individuals. (Genuine researchers will only ask for information about our services and never ask for personal information relating to banks or other commercial services you may use.)