Public Health (UKHSA) Privacy Notice

Public health encompasses everything from national smoking and alcohol policies, the management of epidemics such as flu, the control of large scale infections such as TB and Hepatitis B to local outbreaks of food poisoning or Measles. Certain illnesses are also notifiable; the doctors treating the patient are required by law to inform the Public Health Authorities, for instance Scarlet Fever.

This will necessarily mean the subjects personal and health information being shared with the Public Health organisations. In the UK this is shared with UK Health Security Agency

Some of the relevant legislation includes:

Data Controller contact details

Cheam GP Centre, 322 Malden Road, Sutton SM3 8EP

Data Protection Officer contact details

Umar Sabat – [email protected]

Purpose of the processing

There are occasions when medical data needs to be shared with UK Health Security Agency, the Local Authority Director of Public Health, or the Health Protection Agency, either under a legal obligation or for reasons of public interest or their equivalents in the devolved nations.

Lawful basis for processing

The legal basis will be:

Article 6(1)(c) “processing is necessary for compliance with a legal obligation to which the controller is subject.” And Article 9(2)(i) “processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices,..”

Recipient or categories of recipients of the shared data

The data will be shared with UK Health Security Agency UK Health Security Agency – GOV.UK (www.gov.uk) and equivalents in the devolved nations.

Rights to object

You have the right to object to some or all of the information being shared with the recipients. Please contact the Data Controller.

Right to access and correct

You have the right to access the data that is being shared and have any inaccuracies corrected. There is no right to have accurate medical records deleted except when ordered by a court of Law.

Retention period

The data will be retained for active use during the period of the public interest and according to legal requirement.

Right to Complain

You have the right to complain to the Information Commissioner’s Office, you can use this link https://ico.org.uk/global/contact-us/ 

or calling their helpline Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate) There are National Offices for Scotland, Northern Ireland and Wales, (see ICO website)


Please note the National Data Opt Out does not apply to this sharing of information. For further information please see: https://www.nhs.uk/your-nhs-data-matters/

Date created: 13.03.2024 

Members area