HealthJobsUK

Detailed job description and main responsibilities

Key Responsibilities

• Responsible and accountable on a day-to-day basis for information governance work in the Trust, including information quality assurance, records management, Data Protection and confidentiality, information security and Freedom of Information.
• Manage and coordinate projects required for implementation of information governance and information security across the Trust.
• Establishing, maintaining, and monitoring the required security levels for accessing data held on both manual and electronic system records ensuring compliance with Data Protection Act and Caldicott recommendations.
• Act as the subject matter expert for information governance in supporting the Caldicott Guardian, the SIRO (Senior Information Risk Owner) and Associate Director of Records and Privacy on matters relating to national legislation, EU law and best practice.
• Support and advise the Trust's Data Protection Officer with their duties of ensuring that patient and staff rights are protected.
• Support the SIRO and Associate Director of Records and Privacy on the development of strategies, policies and guidance to promote and develop best practices as defined by the NHS Data Security and Protection Toolkit (DSPT) and to comply with national legislation.
• To shape and lead the Trust’s Information Governance team, managing the Trust’s information governance annual assessment, work programme and action/improvement plans in line with the Trust’s information governance strategy and policy and the evolving requirements of the NHS DSPT.
• To provide information governance advice within the Trust where service developments, changes, or closure of services may impact on compliance to legislation and national policy.
• Work with other providers, such as health, social services, police etc to comply with any information governance requirements.
• Ensure compliance with UK GDPR 2016 and Data Protection Act 2018 and any other legal/national requirements.
• Provide information security and EPR privacy support and advice to the Trust; Lead on ensuring compliance and conformance with the legal and regulatory framework covering information security and privacy and relevant Data Security and Protection Toolkit requirements.
• Lead on in ensuring the Trust's Policies and Procedures that cover information security and privacy are appropriate, up to date, and reflect the business practices of the Trust in accordance with current legislation and local requirements.
• Working with the Trust EPR System Administration Support function to investigate suspected and actual breaches of security and privacy and undertake reporting/remedial action, as instructed. Maintain a log of any incidents and remedial recommendations and actions and raise those on the Trust's Risk Management system by liaising with the Head of Risk.
• Continuously assess, via audit and review, the shortfall between both actual security measures in place and being effective and those established at a policy level thus highlighting deficiencies for remedial action.
• Provide regular briefings to the Associate Director of Records and Privacy prior to meetings of the Information Governance Steering Group (IGSG) or similar group/board on the effectiveness of information security and privacy functions.
• Contribute to decision making and carry through decisions made by the IGSG or other relevant group/boards or the Trust Board.
• Maintain currency with information security and security enhancing technologies and brief colleagues as needed to enable measures to be implemented where and when necessary/desirable.
• Developing and conducting regular audits to check on integrity of data security and privacy within the Trust and ensure robust reporting is in place and address any necessary breaches.
• To take forward the Trust’s current work programmes for the implementation of the Freedom of Information Act and ensure that the Trust meets its statutory requirements to deal with information requests and comply with all aspects of the Act.
• Head the IG team with management of IG staff, ensuring budgetary resources are used effectively.
• The purpose of this role is to provide the organisation independent risk-based advice to support its decision-making in the appropriateness of processing Personal and Special Categories of Data within the Principles and Data Subject Rights laid down in the General Data Protection Regulation (GDPR). This role will hold regular monthly meeting with the Caldicott Guardian who is a member of the Trust Board, to highlight and discuss relevant issues.