Public health

NHS England works closely with Public Health England and the Department of Health to provide and commission a range of public health services. The NHS has a critical part to play in securing good population health. The public health functions agreement (Section 7A) is an annual agreement between the Secretary of State for Health and NHS England. The Agreements are underpinned by a set of service specifications, and national standards to support commissioning and contracting.

Immunisation

Purposes for processing and categories of personal data

As part of its Public Health commissioning functions, NHS England is responsible for commissioning a wide range of immunisation programmes throughout England – under the public health functions agreement. View information about the immunisation programmes that NHS England is responsible for commissioning.

By implementing the activities set out in the public health functions agreement, NHS England contributes significantly to the wider prevention agenda and implementation of the Five Year Forward View (FYFV).

The purposes for processing the above categories of personal data are:

  • To undertake serious clinical incident reviews
  • The investigation of complaints and concerns
  • Control outbreak management
  • For purposes of patient and public involvement, including the reimbursement of expenses
  • Enquiries in relation to access to neo-natal BCG immunisations
  • Enquiries in relation to access to neo-natal Hepatitis B immunisations

NHS England processes the following categories of personal data in relation to its immunisation programmes:

  • Name and contact details
  • Healthcare data
  • Personal financial information relating to expense claims

Sources of the data

  • Members of the public
  • Providers of immunisation services and clinicians
  • NHS improvement (via the Serious Incident Framework)
  • Public Health England (for purposes of control outbreak management)

Categories of recipients

  • Financial institutions (for the processing of expense payments)
  • Providers of immunisation services and clinicians

Screening

Purposes for processing and categories of personal data

As part of its Public Health commissioning functions, NHS England is responsible for commissioning national cancer and non-cancer screening programmes throughout England. NHS England is given responsibility for this function via an annual agreement between the Secretary of State for Health and NHS England known as the public health functions agreement (S7A). View information about the screening programmes that NHS England is responsible for commissioning.

NHS England process the following categories of personal data in relation to its screening programmes:

  • Name and contact details
  • Healthcare data
  • Personal financial information relating to expense claims

The purposes for processing the above categories of personal data are:

  • To undertake serious clinical incident reviews
  • The investigation of complaints and concerns
  • For purposes of patient and public involvement, including the reimbursement of expenses.

Sources of the data

Categories of recipients

  • Members of the public
  • Financial institutions (for the processing of expense payments)
  • Providers of screening services and clinicians.

Legal basis for processing

For GDPR purposes NHS England’s lawful basis for processing is Article 6(1)(e) – ‘…exercise of official authority…’; and for the reimbursement of expense claims for public patient involvement purposes, Article 6(1)(b) – ‘…for the performance of a contract to which the data subject is party…’.

For the processing of special categories (health) data the basis is 9(2)(h) – ‘…health or social care…’.