Fair processing notices - Workplace NHS Health Check Pilot Programme Privacy Notice

How we use your data

Stoke-on-Trent City Council (the Council) has been awarded funding by the Department of Health and Social Care to commission this pilot programme.

The Workplace NHS Health Check programme is a pilot programme that aims to reduce the number of cardiovascular disease related illnesses in the city through providing an NHS Health Check in the workplace. Its aim is to support local people to remain in work, linking to the Council’s strategy to ensure that we have a fair and inclusive local economy.

This pilot will be an addition to the existing national NHS Health Check programme in the city, which is currently commissioned by the Council and delivered by GP practices, with eligible people invited to have a check once every five years.

The pilot will involve delivering NHS Health Checks in workplace settings around Stoke-on-Trent (the City), targeting employees working in routine and manual occupations in small, medium and large workplaces, who may not have had an NHS Health Check in the past.

The pilot will run from November 2024 to March 2025 and is being delivered a Service Provider appointed by the Council. A copy of their patient privacy notice can be found here, Patient-Privacy-Notice-leaflet-v2.0-1.pdf

 

How we use your data

Whereas the Council will receive all data anonymised, it may be possible in a small number of cases for individuals to be identifiable from a combination of their responses. There is also the potential that despite our request not to, the Service Provider may in error disclose personal data. Therefore, whilst the Council will redact and remove any such data when reviewing the data provided, it is necessary to issue a privacy notice.

Section 2B of the National Health Services Act 2006 gives local authorities power to perform the public health function. This means the Council has a ‘duty to improve the health of the people and will have responsibility for commissioning appropriate public health services.

The Service Provider is committed to protecting your privacy and will only use information collected lawfully in accordance with:

  • Data Protection Act 2018;
  • The GDPR 2016 and UK GDPR 2021;
  • The Human Rights Act 1998;
  • Common Law Duty of Confidentiality;
  • Health and Social Care Act 2012;
  • NHS Codes of Confidentiality, Information Security and Records Management; and
  • The Caldicott Principles

Following the delivery of Workplace NHS Health Checks by the Service Provider, anonymised patient data will be used to evaluate the effectiveness of the pilot by the Office for Health Improvement and Disparities and to inform the Council on it’s NHS Health Check strategy moving forward.

The Council will only be handling anonymised data, which will be anonymised and shared by the Service Provider.

The Service Provider will be collecting personally identifiable data, via the electronic patient record system and information provided by individuals attendings.

At the end of the pilot period, an anonymised search of the lifestyle interventions, further testing and clinical follow-up will be carried out by the Service Provider on behalf of The Council using the full Workplace NHS Health Check Minimum data set listed:

  • No. Workplace NHS Health Checks carried out;  
  • Method of delivery (face-to-face,);
  • Month and year of assessment;
  • Demographics: sex, gender, age, ethnicity, profession, GP registration status;
  • No. of patients with QRISK ≥10% (where recorded);
  • No. of patients with a BP over 140/90;
  • No. of patients who are current smoker;  
  • No. of patients who are overweight or obese;  
  • No. of patients referred to their own GP following a Workplace NHS Health Check;
  • No. of patients who can recall receiving an offer of an NHS Health Check (the national programme) in the last 5 years; and
  • Of those who recall having an offer of an NHS Health Check (national programme), the no. who received a check.  

 

Further, data will also be collected on the workplace setting, including:

  • Type of industry as per the ONS/UK Standard; 
  • Industrial Classification (SIC);
  • The size of workforce; and
  • The demographics of the workforce, including no. of employees, their sex, ethnic groups, professions, and estimated no. of employees eligible for a Workplace NHS Health Check

 

How we manage any personal data collected

As noted above the Council’s Public Health trained team of officers will redact and delete any personal data collected through the Service Provider.

Prior to its deletion, the lawful bases for processing this data under GDPR:

  • article 6 (1) (e): for the performance of a task carried out in the public interest;
  • article 9 (2) (h): for the provision of health or social care or the management of health and social care systems and services; and
  • article 9 (2) (i): for reason of public interest in the area of public health 

The Council is a data controller for any personal information collected in relation to the Workplace NHS Health Check pilot programme.

The Service Provider is the data processor, collecting and handling personally identifiable information as part of the delivery of the Workplace NHS Health Check pilot programme. They are also responsible for anonymising the data set before sharing with the Council.

In regards to the Council, any data received electronically regarding the Workplace NHS Health Check pilot programme, prior to being deleted, will be stored within a secure cloud network owned managed by the Council and will only be accessible by authorised public health staff and relevant regulatory authorities.

Where study data is collected on paper it will, prior to redaction and deletion, be held securely in a locked room or locked cabinet that is accessible only to the public health team and relevant regulatory authorities.

We may share data with our internal audit team to evaluate the effectiveness of the organisation’s risk management, control and governance processes. 

Data protection law provides you with certain rights, but not all of these rights will be available to you in all situations. Where we are under a legal duty to use data for a particular purpose you will not have the right to prevent it being used in that way:

  • you can ask to see the information we hold about you
  • you can ask what is being done with the information we hold about you
  • you can ask to have some of the data we hold about you deleted
  • you can ask us to review a decision made about you by a computer, and ask for a new decision to be made by a person
  • you can ask us to stop processing the data we hold about you
  • you can ask us to make changes to data about you that you believe is inaccurate
  • in some circumstances you can ask us to help you move your information to another organisation
  • you can ask us to restrict or limit what we do with your data, for example if you believe the data we hold is inaccurate, or if you believe the processing in unlawful
Who to contact if you have questions

If you wish to contact us in relation to any of your information rights, email foi@stoke.gov.uk or write to Information Rights Team, Floor 4, Civic Centre, Glebe Street, Stoke-on-Trent ST4 1HH.

If you wish to contact us in relation to the Workplace NHS Health Check Pilot Programme, email publichealth@stoke.gov.uk or write to Health Protection, Public Health, Floor 3, Civic Centre, Glebe Street, Stoke-on-Trent ST4 1HH.

https://www.stoke.gov.uk/homepage/117/feedback_form

If you wish to complain about how your personal information has been handled by Stoke-on-Trent City Council, contact the information rights team in the first instance using the details above. If you are not satisfied you can complain to the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, or call 03031231113

https://ico.org.uk/make-a-complaint/