Skip to main content

Public Health privacy notice

This privacy notice tells you what information Public Health collects and uses, and your rights regarding your information.

All local authorities have a duty to improve the health of the population they serve. To help with this, our Public Health team use data and information from a range of sources, including information collected at the registration of a birth or a death and client/customer use of provider services as commissioned by Suffolk County Council.

We use this data and information to exercise our statutory public health functions. Although not direct care, this helps us to understand more about the health and care needs of the populations in our area. We can use the data to measure the health, mortality, morbidity and care requirements of our population, allowing us to plan and deliver health and care services in a coordinated and efficient way.

We act as a ‘data processor and controller’. This means that we collect and process information. We also follow the high information governance standards and instructions as set by NHS Digital.

Types of information we use

We work with many types of data to be able to promote health and support improvements in the delivery of health and care services in Suffolk. This includes processing:

  1. Identifiable data: containing personal data that can identify individuals, such as name, date of birth, gender, address, postcode and NHS number.
  2. Pseudonymised data: this contains information about individuals but with the identifiable details replaced with a unique code.
  3. Anonymised data: this information about individuals has had all identifying details removed.
  4. Aggregated data: this is when all anonymised information has been grouped together so that it doesn’t identify individuals.

How is my information used in Public Health?

We hold the following data collections that contain various different types of data about individuals and populations:

1. Hospital Episode Statistics (HES)

Suffolk County Council access Hospital Episode Statistics via the NHS Digital Data Access Environment (DAE). Aggregation of HES data is performed in the DAE and only aggregated HES data are downloaded and stored on Suffolk County Council computers. Downloaded data from HES are stored in the secure area of the network and small numbers of episodes are suppressed in all published outputs.

2. Primary Care Mortality Database (PCMD)

The Primary Care Mortality Database (PCMD) provides Suffolk County Council with access to identifiable mortality data as provided at the time of the registration of death. The PCMD includes residential address of the deceased, postcode of the place of death, NHS number, date of birth, date of death, name of certifier, and cause of death.  All data are stored in the secure area of the network and small numbers are suppressed in all published outputs.

3. Births data tables

This dataset provides Suffolk County Council with access to identifiable data about births, including. the baby’s NHS number and date of birth and residential address of the mother. All data are stored in the secure area of the network and small numbers are suppressed in all published outputs.

4. Vital statistics tables

This dataset is aggregated so that individuals cannot be identified. It contains data on live and still births, fertility rates, maternity statistics, death registrations and causes of death analysis. All data are stored in the secure area of the network and small numbers are suppressed in all published outputs.

5. Commissioned Services data

Public health commissioned services (such as Sexual Health Services and the Stop Smoking Service) send regular anonymised information to public health, which is used to performance manage contracts, to understand the quality and quantity of services provided to clients and to support service development. In a small number of cases person identifiable information is required to make decisions about onward referral to specialist services which some clients require to give them the additional care they need.

6. Specialised reviews

As part of improving services, public health run regular audits and reviews. Most of these use anonymised data but some, such as the annual suicide audit, drug related death audit and serious incidents requiring investigation, use person identifiable data. In these instances, use of person identifiable data is vital for understanding the circumstances of individual deaths and of serious incidents. Examination of this data with partners in multi-disciplinary discussions allows the system to determine whether there is any learning from these negative events which could be used to prevent future death or injury for other people.

What does the data help to do?

We use data to exercise our statutory public health functions, such as:

  • Planning and commissioning services
  • Improving the quality and effectiveness of commissioned services
  • Reviewing and assessing the performance of the local health and care system and to evaluate and develop them
  • Investigating incidents and in the management of risks to public health
  • Approving evidence based interventions
  • Controlling infection
  • The National Child Measurement Programme
  • The NHS Health Check Programme
  • Supporting health visiting and school nursing services

We will never publish public health information that identifies individuals, in order to protect the identities of individuals.

We do not use data for the purpose of automated decision making, such as profiling.

This information is used to produce data and intelligence about the health and care needs of Suffolk residents, in particular:

What is the legal basis for the flow of Public Health data?

We rely on Article 6 1 (e) of the General Data Protection Regulation (GDPR) as the lawful basis on which we use personal data. That is, processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

If there is a significant threat to health of the public, for instance an outbreak of an infectious disease, the Council has the legal right to use identifiable data under: 

Section 42(4) of the Statistics and Registration Service Act (2007) as amended by section 287 of the Health and Social Care Act (2012) and Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002.

How is my data kept safe and secure?

All the data we process and hold is kept safely and securely within our IT systems. 

We do not disclose any data to a third party who is not identified on our license agreement with NHS Digital. Any data requests received from a third party will only receive anonymised and aggregated data to a level that complies with the Office of National Statistics Disclosure Guidance or, we are required to do so for legal reasons.

We do not collect personal information, but we do obtain personal information from other sources. All data will be held in line with the retention schedules of the organisations sharing data with Suffolk county Council. These retention schedules determine the length of time data will be kept.

Can I opt out of Public Health datasets?

You have the right to opt out of Suffolk County Council Public Health receiving and processing your personal identifiable information.

There are occasions where service providers will have a legal duty to share information, for example for safeguarding or criminal issues. The process for opting out will depend on what the specific data is and what programme it relates to. You can choose not to have information about you shared or used for any purpose beyond providing your own treatment or care.

In order to opt out of your data being used, contact the Information Commissioners Officer via email at or visit the ICO website.  Alternatively, contact your GP for further information about registering an opt-out or to end an opt-out you have already registered. The NHS website explains how your personal information is held, accessed and shared with organisations, such as Suffolk County Council.

Suffolk County Council privacy and data

Read more about Suffolk County Council privacy and data protection including COVID-19 privacy notices.

Access to your personal information

If you wish to make a written request, please send it by email to or by post, to:

Data Protection Team,
Endeavour House,
8 Russell Road,

If you wish to make your request verbally, call the Data Protection Team on 01473 265352.

For independent advice about the use of your data, contact the Information Commissioners Office.