Privacy notice

We have a duty to protect and improve the health and wellbeing of the population we serve. To support this, we use health and social care data from a range of sources including hospitals, births and deaths.


Why we use data

We only use data for these agreed purposes:

  • measure the health, mortality and care needs of specific geographical areas and population groups in Derbyshire
  • plan, evaluate and monitor our health and social care services, interventions and policies
  • protect and improve the health of people in Derbyshire by understanding more about the nature, causes and outcomes of disease and the effectiveness of medical treatments.

How we use and process data

The data we use and process is supplied to us at different levels and in some cases can contain personal data. Personal data is patient level information from which an individual can be identified such as NHS number, address, postcode, and date of birth. However, most of the data we use is already grouped into tables or anonymised. This means patient level information that has been de-identified, for example, by replacing date of birth with age or postcode with a geographical area.

Your privacy and confidentiality is always protected and we do not publish identifiable data. We do not directly link the data to any other sources. Access to our data is only granted to approved employees for whom it is essential to their work.

How we share data

We have a duty to comply with the common law Duty of Confidentiality. This means that all information about patients or members of the public, whether held on paper, computer, visually or audio recorded, must not normally be disclosed. Data is only ever disclosed if explicit consent has been given by the individual(s), or when there is a clear legal basis to do so, for example, to protect a person from suffering significant harm.

How we keep information secure

We have both a legal and professional obligation to protect the security and confidentiality of information, which we take very seriously. Safeguards are in place to ensure that we adhere to the principles of the Data Protection Act 1998 regarding the correct handling, use, storage, retention and disposal of information. Read more about how we look after your information (opens in a new window)

Access to information

You can request a copy of the information that we hold about you. Please contact the access to information officer:

How to opt out

You are entitled to opt out of Derbyshire Public Health receiving or holding your personal identifiable information. There are occasions where service providers will have a legal duty to share information, for example for safeguarding or criminal issues. The process for opting out will depend on which data and programme it relates to. For further information, please contact the public health team:

Further information

Data are legally supplied to us under Section 42(4) of the SRSA (2007) as amended by section 287 of the Health and Social Care Act (2012) (opens in a new window) and Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002 (opens in a new window)

Find out more about your information rights from the Information Commissioner's Office (opens in a new window)

Personal data supplied to us

Primary care mortality database:

  • address
  • postcode of usual residence of the deceased, post code of place of death
  • NHS number
  • date of birth
  • date of death
  • maiden name
  • name of certifier
  • name of coroner
  • cause of death.

Public health births files:

  • address and postcode of usual residence of mother 
  • place of birth text and postcode
  • NHS number of child
  • date of birth of child.