Public Health privacy notice

This privacy notice tells you what information Public Health collects and uses, and your rights regarding your information.

All local authorities have a duty to improve the health of the population they serve. To help with this, our Public Health team use data and information from a range of sources, including information collected at the registration of a birth or a death and client/customer use of provider services as commissioned by Suffolk County Council.

We use this data and information to exercise our statutory public health functions. Although not direct care, this helps us to understand more about the health and care needs of the population/s in our area. We can use the data to measure the health, mortality, morbidity and care requirements of our population, allowing us to plan and deliver health and care services in a coordinated and efficient way.

We act as a ‘data processor and controller’. This means that we collect and process information. We also follow the high information governance standards and instructions as set by NHS Digital.

Types of information we use

We work with many types of data to be able to promote health and support improvements in the delivery of health and care services in Suffolk. This includes processing:

  1. Identifiable data: containing personal data that can identify individuals, such as name, date of birth, gender, address, postcode and NHS number.
  2. Pseudonymised data: this contains information about individuals but with the identifiable details replaced with a unique code.
  3. Anonymised data: this information about individuals has had all identifying details removed.
  4. Aggregated data: this is when all anonymised information has been grouped together so that it doesn’t identify individuals.

How is my information used in Public Health?

We hold the following data collections that contain various different types of data about individuals and populations:

1. Hospital Episode Statistics (HES)

In Suffolk County Council the national Hospital Episode Statistics database is accessed via the NHS Digital Hospital Episode Statistics Data Interrogation System (HDIS). Aggregation of HES data is usually performed in HDIS and, although some small numbers of hospital episodes may be downloaded, individual-level pseudonymised HES data are not downloaded and stored on Suffolk County Council computers. Downloaded data from HES are stored in the secure area of the network. Small numbers of episodes (under 6) are suppressed in outputs from analysis.

2. Primary Care Mortality Database (PCMD)

The PCMD provides us with access to identifiable mortality data as provided at the time of the registration of the death, along with additional General Practice details, geographical indexing and coroner details where applicable.  This includes the address, postcode of residence of the deceased, postcode of the place of death, NHS number, date of birth, date of death, name of certifier, and cause of death. Our access to the data is based on our geographical boundaries as an Upper Tier Local Authority and Clinical Commissioning Groups within Suffolk.  We are only able to securely access the database by use of the NHS Open Exeter system via an N3 internet connection.

3. Births data tables

This dataset provides us with access to identifiable data about the number of births that occur within our geographical boundaries as an Upper Tier Local Authority and Clinical Commissioning Groups within Suffolk. The individual records of births do not contain names of mothers and babies, but each record includes NHS number and date of birth of baby and usual address and postcode of mother.  This data is only supplied to us by NHS Digital under strict license and data disclosure controls.

4. Vital statistics tables

This dataset is aggregated together so that it does not identify individuals. It contains data on live and still births, fertility rates, maternity statistics, death registrations and cause of death analysis by our geographical boundaries as an Upper Tier Local Authority and Clinical Commissioning Groups within Suffolk. This data is only supplied to us by NHS Digital under strict license and data disclosure controls.

5. Commissioned Services data

Public health commissioned services (such as Sexual Health Services and Stop Smoking Service) send regular anonymized information to public health, this is used to performance manage contracts, to understand the quality and quantity of services provided to clients and to support service development. In a small number of cases person identifiable information is required to make decisions about onward referral to specialist services which some clients require to give them the additional care they need.

6. Specialised reviews

As part of quality service improvement public health run regular audits and reviews, most of these use anonymized data, but some, such as the annual suicide audit, drug related death audit and serious incidents requiring investigation, use person identifiable data. Use of person identifiable data in these incidences is vital for understanding the circumstances of individual deaths and of serious incidents. Looking at this data with partners in multi-disciplinary discussions allows the system to determine whether there is any learning from these negative events which could be used to prevent death or injury for other people.

What does the data help to do?

We use data to exercise our statutory public health functions, such as:

  • Planning and commissioning services
  • Improving the quality and effectiveness of commissioned services
  • Reviewing and assessing the performance of the local health and care system and to evaluate and develop them
  • Investigating incidents and in the management of risks to public health
  • Approving evidence based interventions
  • Controlling infection
  • The National Child Measurement Programme
  • The NHS Health Check Programme
  • Supporting health visiting and school nursing services

We will never publish public health information that identifies individuals, in order to protect the identities of individuals.

This information is used to produce data and intelligence about the health and care needs of Suffolk residents, in particular:

What is the legal basis for the flow of Public Health data?

We have different legal responsibilities for different types of information we hold and analyse. We follow Section 42(4) of the Statistics and Registration Service Act 2007 as amended by section 287 of the Health and Social Care Act (2012) and Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002.

How is my data kept safe and secure?

All the data we process and hold is kept safely and securely within our IT systems. 

We do not disclose any data to a third party who is not identified on our license agreement with NHS Digital. Any data requests received from a third party will only receive anonymised and aggregated data to a level that complies with the Office of National Statistics Disclosure Guidance or, we are required to do so for legal reasons.

Can I opt out of Public Health datasets?

You have the right to opt out of Suffolk County Council Public Health receiving and processing your personal identifiable information.

There are occasions where service providers will have a legal duty to share information, for example for safeguarding or criminal issues. The process for opting out will depend on what the specific data is and what programme it relates to. You can choose not to have information about you shared or used for any purpose beyond providing your own treatment or care.

In order to opt out of your data being used, contact the Information Commissioners Officer via email at or visit the ICO website.  Alternatively, contact your GP for further information about registering an opt-out or to end an opt-out you have already registered. The NHS website explains how your personal information is held, accessed and shared with organisations, such as Suffolk County Council.

Access to your personal information

If you wish to make a written request, please send it by email to or by post, to:

Data Protection Team,
Constantine House,
5 Constantine Road,

If you wish to make your request verbally, call the Data Protection Team on 01473 265352.

For independent advice about the use of your data, contact the Information Commissioners Office.