Public health privacy statement


This statement should be read in addition to Council’s Global Privacy Notice, and gives more details about how personal data and information collected is used to improve the public's health.

All upper tier local authorities, including SCC, are now formally responsible for public health. Public health means services to help people to stay healthy and avoid getting ill. This includes a whole range of policy areas - everything from preventing substance misuse to reducing obesity and managing immunisation.

In order to improve the health of the population we serve, we use data and information from a range of sources, including hospitals, births and death information, commissioned services’ performance data, and public surveys.

The information enables us to understand more about the nature and causes of disease and ill-health in the area by measuring the health, mortality and care needs of the population, and ill-health in the area and how we live. This enables us to plan and evaluate services to monitor health and ensure the services are effective and working for the benefit of the population by improving or protecting public health.

How your data is used

We can use data for insight purposes to allow us to analyse patterns and trends of lifestyle behaviours and service usage or for service and financial planning, to help us create policy, strategies and inform decision making.

This data may be personal (include information such as your NHS number, postcode, date of birth), anonymised (does not include person identifiable information) or pseudonymised. Pseudonymising data means replacing personally identifiable information such as your NHS number with an alternative ‘identifier’ such as a random reference number so that individuals can't be identified.

We hold the following data collections that contain various different types of data about individuals and populations:

  1. Hospital Episode Statistics (HES) - We hold pseudonymised records about health care and treatment you may have received in any English hospital in the form of Hospital Episode Statistics (HES). This includes inpatient and day case admissions, outpatient appointments and Accident and Emergency attendances. This data is supplied by NHS Digital (previously the Health and Social Care Information Centre) to us under license. We do not hold identifiable hospital data.

  2. Primary Care Mortality Database (PCMD) - The PCMD provides us with access to identifiable mortality data as provided at the time of the registration of the death, along with additional General Practice details, geographical indexing and coroner details where applicable. This includes the address, postcode of residence of the deceased, postcode of the place of death, NHS number, date of birth, date of death, name of certifier, and cause of death. Our access to the data is limited to the geographical boundary of Southampton as an Upper Tier Local Authority and patients registered with Southampton Clinical Commissioning Group. We are only able to securely access the database by use of the NHS Open Exeter system via an N3 internet connection.

  3. Births data tables - This dataset provides us with access to identifiable data about the number of births that occur within our geographical boundary as an Upper Tier Local Authority and Southampton Clinical Commissioning Group. It includes the address of usual residence of mother, place of birth, postcode of usual residence of the mother, postcode of place of birth of child, NHS number of child and the date of birth of the child. This data is only supplied to us by NHS Digital under strict license and data disclosure controls.

  4. Vital statistics table - This dataset is aggregated together so that it does not identify individuals. It contains data on live and still births, fertility rates, maternity statistics, death registrations and cause of death analysis by our geographical boundaries as an Upper Tier Local Authority and Southampton Clinical Commissioning Group. This data is only supplied to us by NHS Digital under strict license and data disclosure controls.

What is the legal basis for the flow of Public Health data?

Data is supplied to us by NHS Digital under section 42 (4) of the Statistics and Registration Service Act 2007, as amended by section 287 of the Health and Social Care Act 2012, and Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002.

Keeping information safe and secure

All information is collected, stored and shared in accordance with data protection legislation. Information is held and transferred securely and only made available to authorised professionals for the purpose of carrying out their work. All staff are trained in data protection and comply with the Council’s information security, confidentiality, and safe information handling policies and procedures.

In order to use public health data appropriately and safely we:

  • Store the data on our IT network at a location that is restricted to those staff who have signed the appropriate NHS Digital data access agreements
  • Restrict access to data, whose source is identifiable, to those staff who have been nominated as data processors for the births and deaths data
  • Remove the identity from any data used for secondary analysis (referred to as ‘de-identified’ data).

Publication of the outcome of secondary analysis is limited to permitted purposes and is restricted to the aggregate results of that analysis in line with our Data Access Agreement and the Office of National Statistics Disclosure Guidance.

We only keep information for as long as is necessary and in accordance with the law and the Council’s records retention schedule.

Sharing information

Public Health information may be shared with our partners or service providers, such as government bodies, the Police, health and social care organisations, and educational establishments. We will only share your personal information when we are permitted to or are required to by law or we have your consent to do so, as required by the data protection legislation.

Opting out of the use of your information

You have the right to opt out of Southampton City Council Public Health receiving or holding your personal identifiable information. There are occasions where service providers will have a legal duty to share information, for example for safeguarding or criminal issues. The process for opting out will depend on what the specific data is and what programme it relates to.

You can choose not to have information about you shared or used for any purpose beyond providing your own treatment or care. Simply contact your GP for further information about registering an opt-out or to end an opt-out you have already registered. The NHS Choices website explains how your personal information is held, accessed and shared with organisations, such as Southampton City Council.

If you would like further information about opting out of the use of your information, please contact

Accessing your information or further queries

If you would like to see the information that is held about you, you can make a request for this. If you would like further information or have any concerns about any of the details in this notice, please contact

The Council’s Data Protection Officer can also be contacted if you have a query or complaint about the use of your information, whose contact details are available on the Global Privacy Policy.

Further information and independent advice can be found on the Information Commissioner's website.