Health and social care privacy notice

The London Borough of Redbridge, has different legal responsibilities for different types of information we collect. Some of these rules are set out in the Health and Social Care Act 2012, the Health and Social Care Act 2014Children Act 2004 and the Data Protection Act 1998

We will only process your personal data for the purposes stated when the information was collected and in accordance with the above mentioned legislation or where required to do so by other legislation.

Information will not be sold, rented or provided to anyone else, or used for any other purpose than that for which it was originally collected unless required to by law.

We are required under Section 6 of the Audit Commission Act 1998 to participate in the National Fraud Initiative data matching exercise. The data held will be used for cross-system and cross authority comparison for the prevention and detection of fraud. For further information see the National Fraud Initiative webpage

Since April 2013, The Health and Social Care Act 2012 has given local authorities the power to perform public health functions. This means that the London Borough of Redbridge has "A duty to improve the health of the people and responsibility for commissioning appropriate public health services" and the statutory responsibilities for public health services are clearly set out in the Health and Social Care Act 2012.

You have the right to opt out of Redbridge Council receiving or holding your personal identifiable information. There are occasions where service providers will have a legal duty to share information, for example for safeguarding or criminal issues.

Information the Health and Social Care service collects 

We collect and process your personal information for the following purposes:

  • to help us to provide you with direct care or other services you wish to receive from Redbridge Council, either provided by Redbridge Council or by its providers
  • to plan for services and for working out what care services are needed where and when
  • to promote health and finding better ways to prevent illness and treat conditions
  • to support improvements in the delivery of Redbridge Council’s health and care services
  • planning for health emergencies such as epidemics
  • personal data is only used for delivery for direct care purposes or for other Council services you have applied for or agreed to receive
  • we may also use your personal data where we have a legal duty to do so; such as for safeguarding of vulnerable adults or children, for the prevention and detection of crime or fraud, or other enforcement activities or where ordered by Her Majesty’s Court’s and Tribunal Services
  • for all other purposes listed above your information will, in most instances be used in anonymised or aggregated form (removing all identifiable data so that it doesn't identify individuals), where this is not possible it will be used in a pseudonymised form (only using a unique identifier/code)

Information the Public Health service collects 

To deliver public health, the Health and Social Care Act 2012, requires local authorities to use available health data sources to get relevant health and social care information. This data can contain person identifiable data (PID) which may identify patients such as name, address, age, sex, ethnicity, disease, use of hospital services, and/or NHS Number. Some data may not be obviously identifiable, however there may be the potential to deduce individuals’ identities through combinations of information, either by the people handling the data or by those who see published results.

Redbridge Council will have access to the following data:

  • Primary Care Mortality Database (PCMD) – The PCMD holds mortality data as provided at the time of registration of the death along with additional GP details, geographical indexing and coroner details where applicable
  • Births and Vital Statistics datasets - Births files include date of birth, sex, birthweight, address, postcode, place of birth, stillbirth indicators and age of mother. Deaths data includes: deaths broken down by age, sex, area and cause of death sourced from the deaths register
  • Hospital Episode Data (HES) – is a data warehouse containing details of all admissions, outpatient appointments and A&E attendances at NHS hospitals in England. This data is collected during a patient's time at hospital and is submitted to allow hospitals to be paid for the care they deliver. HES data is designed to enable secondary use, that is use for non-clinical purposes, of this administrative data

Redbridge Council’s Public Health team will access this data and health related information to analyse the health needs and outcomes of the local population and for monitoring trends and patterns of diseases and the associated risk factors.

The Public Health team is however committed to using pseudonymised or anonymised information as much as is practical, and in many cases this will be the default position. Pseudonymisation is a procedure by which the most identifying fields within a data record are replaced by one or more artificial identifiers, or pseudonyms. There can be a single pseudonym for a collection of replaced fields or a pseudonym per replaced field.

The purpose is to render the data record less identifying and therefore lower customer or patient objections to its use.

Anonymisation is the process of removing identifying particulars or details from (something, especially medical test results) for statistical or other purposes.

All information accessed, processed and stored by public health staff will be used to measure the health, mortality or care needs of the population; for planning, evaluating and monitoring health; protecting and improving public health.  It is used to carry out and support:

  • health needs assessments
  • health equity analysis
  • commissioning and delivery of services to promote health and prevent ill health
  • public health surveillance
  • identifying inequalities in the way people access services
  • joint strategic needs assessment
  • health protection and other partnership activities

The legal basis for the flow of data for the above purposes is set out in Section 42(4) of the Statistics and Registration.

Service Act (2007) as amended by section 287 of the Health and Social Care Act (2012)  and Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002. 

The process for opting out will depend on the specific data and what programme it relates to. For further information, please email the Public Health team 

Protecting your information

Any information held by the council about individuals is held securely and in compliance with the Data Protection Act 1998.

Redbridge Council is committed to protecting its service user’s personal data. We have put measures in place to ensure that our staff, service providers, partners and suppliers all look after your information in line with good practice and the law. These follow the rules and practices known as Information Governance (IG).

The information security measures we've put in place include:

  • following good Information Governance practice and the law when it comes to collecting, handling and giving access to information
  • training staff in their data protection responsibilities
  • putting processes in place to ensure good Information Governance practices for information we collect, hold or handle in both manual and electronic forms
  • access to your information is only given to those who need to know and where it is necessary
  • information will not be held for longer than required and will be disposed of securely

View the Council's Data Protection Policy

Subject Access Request

The Data Protection Act 1998 gives you the right to apply for a copy of information about yourself. This is called a ‘Subject Access Request'.

More on how to make a Subject Access Request

Your information choice

There are choices you can make about how information is used, and you can choose to opt out of your information being shared or used for any purpose beyond providing your care or for the services you agreed to receive. Where we use your personal data for other purposes other than what you have consented for then we will let you know so that you can make an informed choice about how your information is used.

For full definitions and details about types of information see the Data Protection Act 1998 and the Information Commissioner's Office publication Anonymisation: managing data protection risk code of practice.

If you do not want your information to be used for any purpose beyond providing your care or for the services you have agreed to receive, such as; sharing it with our partners or providers for service delivery planning or improvement of services or for research or statistical purposes (in such instance only minimum and necessary or pseudonymised data will be used), you can choose to opt-out of this.

Where you would like to opt-out, please write to the Caldicott Guardian at:

Caldicott Guardian
Adult Social Services (HASS)
Floor 6,
Lynton House,
255-259 High Road,

Or email to

If you would like to know more about your rights under the Data Protection Act, and what you should expect from us, visit the Information Commissioner’s website