Public health

NHS England works closely with Public Health England and the Department of Health to provide and commission a range of public health services. The NHS has a critical part to play in securing good population health. The public health functions agreement (Section 7A) is an annual agreement between the Secretary of State for Health and NHS England. The Agreements are underpinned by a set of service specifications, and national standards to support commissioning and contracting.

Immunisation

Purposes for processing and categories of personal data

As part of its Public Health commissioning functions, NHS England is responsible for commissioning a wide range of immunisation programmes throughout England – under the public health functions agreement. View information about the immunisation programmes that NHS England is responsible for commissioning.

By implementing the activities set out in the public health functions agreement, NHS England contributes significantly to the wider prevention agenda and implementation of the Five Year Forward View (FYFV).

The purposes for processing the above categories of personal data are:

  • To undertake serious clinical incident reviews
  • The investigation of complaints and concerns
  • Control outbreak management
  • For purposes of patient and public involvement, including the reimbursement of expenses
  • Enquiries in relation to access to neo-natal BCG immunisations
  • Enquiries in relation to access to neo-natal Hepatitis B immunisations

NHS England processes the following categories of personal data in relation to its immunisation programmes:

  • Name and contact details
  • Healthcare data
  • Personal financial information relating to expense claims

Sources of the data

  • Members of the public
  • Providers of immunisation services and clinicians
  • NHS improvement (via the Serious Incident Framework)
  • Public Health England (for purposes of control outbreak management)

Categories of recipients

  • Financial institutions (for the processing of expense payments)
  • Providers of immunisation services and clinicians

Screening

Purposes for processing and categories of personal data

As part of its Public Health commissioning functions, NHS England is responsible for commissioning national cancer and non-cancer screening programmes throughout England. NHS England is given responsibility for this function via an annual agreement between the Secretary of State for Health and NHS England known as the public health functions agreement (S7A). View information about the screening programmes that NHS England is responsible for commissioning.

NHS England process the following categories of personal data in relation to its screening programmes:

  • Name and contact details
  • Healthcare data
  • Personal financial information relating to expense claims

The purposes for processing the above categories of personal data are:

  • To undertake serious clinical incident reviews
  • The investigation of complaints and concerns
  • For purposes of patient and public involvement, including the reimbursement of expenses.

Sources of the data

Categories of recipients

  • Members of the public
  • Financial institutions (for the processing of expense payments)
  • Providers of screening services and clinicians.

Legal basis for processing

For GDPR purposes NHS England’s lawful basis for processing is Article 6(1)(e) – ‘…exercise of official authority…’; and for the reimbursement of expense claims for public patient involvement purposes, Article 6(1)(b) – ‘…for the performance of a contract to which the data subject is party…’.

For the processing of special categories (health) data the basis is 9(2)(h) – ‘…health or social care…’.

Cervical Screening

The National Cervical Screening Programme aims to reduce the number of women developing cervical cancer by detecting pre-malignant changes in the uterine cervix. Women aged 25-64 years are eligible for inclusion in the National Cervical Screening Programme. Women aged 25 – 49 are called for screening every three years, whilst women aged 50 – 65 are called every five years.

NHS England processes the data to:

  • Produce prior notification lists of patients eligible for screening to GP practices.
  • Send out call and recall letters to patients eligible for cervical screening tests.
  • Notify patients of test results once we receive these from laboratories.

The source of the information to produce the notification lists is the list of patients registered with GP practices that NHS Digital hold on behalf of NHS England.

Legal basis for processing

For GDPR purposes NHS England’s lawful basis for processing is Article 6(1)(e) – ‘…exercise of official authority…’.

For the processing of special categories (health) data the basis is 9(2)(h) – ‘…health or social care…’.