Public health encompasses everything from national smoking and alcohol policies, the management of epidemics such as flu, the control of large scale infections such as TB and Hepatitis B to local outbreaks of food poisoning or Measles. Certain illnesses are also notifiable; the doctors treating the patient are required by law to inform the Public Health Authorities, for instance Scarlet Fever.
This will necessarily mean the subjects personal and health information being shared with the Public Health organisations.
Some of the relevant legislation includes: the Health Protection (Notification) Regulations 2010 (SI 2010/659), the Health Protection (Local Authority Powers) Regulations 2010 (SI 2010/657), the Health Protection (Part 2A Orders) Regulations 2010 (SI 2010/658), Public Health (Control of Disease) Act 1984, Public Health (Infectious Diseases) Regulations 1988 and The Health Service (Control of Patient Information) Regulations 2002
1) Data Controller contact details
The White Cliff Medical Centre, 143 Folkestone Road, Dover, Kent CT17 9SG
Tel: 01304 201705
2) Data Protection Officer contact details
Dr A Idowu
Tel: 01304 201705
3) Purpose of the processing
There are occasions when medical data needs to be shared with Public Health England, the Local Authority Director of Public Health, or the Health Protection Agency, either under a legal obligation or for reasons of public interest or their equivalents in the devolved nations.
4) Lawful basis for processing
The legal basis will be
Article 6(1)(c) “processing is necessary for compliance with a legal obligation to which the controller is subject.” Article 9(2)(i) “processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices,..”
5) Recipient or categories of recipients of the shared data
The data will be shared with Public Health England https://www.gov.uk/government/organisations/public-health-england and equivalents in the devolved nations.
6) Rights to object
You have the right to object to some or all of the information being shared with the recipients. Contact the Data Controller or the practice. Government policy allows some rights of objection; you have the right to object to information being shared with PHE for reasons other than your own direct care. This is called a ‘Type 1’ objection – you can ask your practice to apply this code to your record. This means none of your data will be shared with PHE, none will leave the practice. Type 1 objections will according to existing policy no longer be available after 2020. The Government has proposed a new national Opt Out scheme that is due to be launched soon. We will update this PN when details are available.
7) Right to access and correct
You have the right to access the data that is being shared and have any inaccuracies corrected. There is no right to have accurate medical records deleted except when ordered by a court of Law.
8) Retention period
The data will be retained for active use during the period of the public interest and according to legal requirements and Public Health England’s criteria on storing identifiable data https://www.gov.uk/government/organisations/public-health-england/about/personal-information-charter.
9) Right to Complain.
You have the right to complain to the Information Commissioner’s Office, you can use this link https://ico.org.uk/global/contact-us/
or calling their helpline Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
There are National Offices for Scotland, Northern Ireland and Wales, (see ICO website)/