Facebook Twitter Pinterest Google+ Addthis

New Care Model Planning: Privacy Notice

Data controller and purpose

Responsibility for commissioning many public health services has moved from the NHS to local authorities. This change requires local authorities to ‘protect and improve the health and wellbeing of its residents, and reduce health inequalities’. To help with this, we sometimes use linked information from a range of sources including hospitals and general practice as well as from our own departments (e.g. housing, education, benefits) to understand the nature and causes of ill-health in our area and where best to allocate our resources so as to better meet the needs of residents.

This is an innovative London Borough of Tower Hamlets project led by the Director of Public Health to process health, social care and local authority data to better understand the health and service needs of residents and the social and environmental factors that affect their needs. The project is intended to enable us to better direct our limited resources to those with the greatest need.

The public health department will link and then depersonalise (anonymise) health and local authority activity data before analysis and the production of a one off summary report to support population health management and commissioning. For this data will be sourced from NHS Digital, general practices and local authority services.

The work has gained Section 251 (of the NHS Act 2006) approval and will be overseen by the Secretary of State’s governance body, the Confidentiality Advisory Group to ensure management of information is to the highest of standards.

This work is a joint Tower Hamlets Together initiative led by the local authority working together with local service providers (e.g. hospitals, general practices, social care, housing, education and environmental services) in a whole systems manor.

The London Borough of Tower Hamlets is considered the Data Controller of the information being processed. The data processor (Queen Mary University London, Clinical Effectiveness Group) is required to work under the strict control of the local authority.

We use personal information (e.g. name, address, NHS Number, date of birth) to link the datasets within an NHS approved secure environment. After linkage the information will be depersonalised (name, address, NHS Number, date of birth etc. are removed), within a three month period. The personal information will be destroyed and the depersonalised information analysed to produce a one off summary report (no information will be published at individual level) to support service development for our residents.

Condition for processing personal data

Where we need to link data we do so within the law. Once information is linked, it will be de-personalised so that no individual can be identified before analysis. Individuals cannot be re-identified after depersonalisation (anonymisation). We will not use linked and de-personalised information to make decisions on a specific individual or family.

We have gained legal approval for the processing of personal information under Section 251 of the NHS Act 2006.

You have an option in how data collected about you is processed for non-statutory services. You have the right to opt-out of your data being used for planning and research purposes by contacting the Data Protection Officer.

Opting out of your data being used for such secondary purposes will not affect the services that we provide to you directly but it does affect our ability to better plan the services we provide for our residents.

If you have opted out of your health care data being used for not direct care services (e.g. at your general practice) we will not receive and process your information. We are also working on extending the opt out facilities in social care and wider local authority services.

You will be able to find out more on opting out options from your general practice. Furthermore, NHS Digital provides details on different types of opting out and terms used to describe them.

How long do we keep your information?

For this project, identifiable data will be held for three months (for data linkage) after which all personal identifiers (name, address, postcode etc.) are destroyed. The de-personalised data will be held for another 9 moths for analysis and reporting and subsequently for another 12 months to answer any queries on the report.

Information sharing

We have a duty to improve the health of the population we serve. To help with this, we use data and information from a range of sources including hospitals and general practices to understand more about the nature and causes of disease and ill-health in Tower Hamlets. This data will be  de-personalised (anonymised) before analysis and never used to make decisions on a specific individual or family.

We de-personalise your data you provide to us to ensure that you cannot be identified and use this for statistical analysis. Knowledge gained through this process enable the council to effectively plan the provision of its services.

No data will be transferred to non EEA territories. 

Your rights

You can find out more about your rights on our Data Protection page.

We process your data in accordance with the General Data Protection Regulation (GDPR) and UK privacy legislation. If you have any concerns the council’s Data Protection Officer can be contacted at:  

DPO@towerhamlets.gov.uk

a) You can contact the New Care Model Planning Project Lead:

abigail.knight@towerhamlets.gov.uk

b) Complaints and Information Team
Directorate of Governance
Town Hall
5 Clove Crescent
London
E14 2BG

Tel: 020 7364 4354
Email: complaints@towerhamlets.gov.uk 

c) If you are still not satisfied with the council’s response to your complaint, you have the option to raise the issue with the Information Commissioner at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow, Cheshire
SK9 5AF

Tel: 0303 123 1113
Visit the Information Commissioner's website.