South West London and St Georges Mental Health NHS Trust

Information Governance Manager / Data Protection Officer

Information:

This job is now closed

Job summary

We are seeking to recruit an experienced hands-on professional to oversee our Information Governance work programme, manage the Information Services team and fulfil the role of Data Protection Officer.

The successful candidate will have an excellent knowledge of the UK GDPR / Data Protection Act 2018 and other associated legislation within an NHS environment, plus a track record of managing a team responsible for provision of access request services and provision of high quality guidance and advice to colleagues at all levels on topics including confidentiality, data sharing, information security and records management.

As part of the role the Trust will offer training in leadership, management and relevant legislation.

Main duties of the job

  • Provide professional guidance and leadership in matters of data protection and all aspects relating to the governance and security of patient, staff and corporate data.

  • Manage and support the Information Services team which process access requests to information from patients and third parties to strict deadlines.

  • Oversee compliance with the annual Data Security & Protection (DSP) Toolkit compliance work programme.

  • Ensure compliance with mandatory Information Governance training targets, including provision of face-to-face training for new starters as part of their Welcome Day induction.

  • Organise and attend bi-monthly meetings of the Data Protection Information Governance Group (DPIGG).

  • Be the Trust's named Data Protection Officer fulfilling all associated duties including being the Trust's immediate contact for the Information Commissioner's Office.

Flexible working:

We are proud to offer agile and flexible working opportunities as part of our new ways of working, and we are happy to talk flexible working at the interview stage, giving you the very best of good work life balance. The role can be home based for several days a week with an office base at Tolworth Hospital and occasional trips to Springfield Hospital in Tooting.

About us

We are Proud to Belong at South West London and St George's Mental Health NHS Trust.

We have expert services, a rich history and a clear commitment to providing the best quality care for those with mental ill-health. The Care Quality Commission already rates our services as 'good' - we aspire to be 'outstanding'.

This is a great time to join us. We are transforming the way we care for our communities to support our mission of Making Life Better Together. We have built two brand new mental health facilities at Springfield University Hospital, which are amongst the best in the world. More developments are planned across our sites and services.

We are inclusive and diverse and strive to be actively anti racist. We want to attract people from all backgrounds and experiences to enrich the work we do together. We are proud to co-produce and involve our local communities in all that we do.

We offer flexible working, career development and a variety ofbenefits to enable a positive, welcoming environment in which our people and their careers can thrive.

Come and join our inclusive teams and help our patients on their recovery journey.

Details

Date posted

30 November 2023

Pay scheme

Agenda for change

Band

Band 8a

Salary

£56,388 to £62,785 a year per annum inclusive outer London HCAS

Contract

Permanent

Working pattern

Full-time

Reference number

294-CORP-5848317-JB

Job locations

Tolworth Hospital

Red Lion Rd

Tolworth

KT6 7QU


Job description

Job responsibilities

  • Act as source of expertise on Information Governance Issues to the Trust providing specialist advice and assistance to staff where required on areas of complex information governance legislation, such as the UK GDPR / Data Protection Act 2018 and the Confidentiality: NHS Code of Practice; ensure that this specialist knowledge is kept up to date and changes in legislation or national and local policy are communicated effectively to staff at all levels within the organisation

  • Support the Trusts Data Protection Information Governance Group (DPIGG) and the Trusts Caldicott Guardian in the implementation of Information Governance policies and procedures, in particular, the recording, storage and exchange of person-identifiable information.

  • Lead maintenance of the Trusts Data Security Protection (DSP) Toolkit work programme, co-ordinating with and supporting key staff in meeting requirements and expectations of this governance framework; ensure compliance to deadline of the annual DSP Toolkit online assessment

  • Implement policies and procedures for the secure and efficient management of clinical records as required by the Data Protection Act 2018 and Caldicott Report recommendations.

  • Assist in the development and delivery of the information Governance Improvement/Action plan and audit of the DSP Toolkit submission to confirm score compliance; service and support the Trusts Data Protection Information Governance Group and other related meetings as appropriate both internal and external to the Trust.

  • Act as expert in regard to IG incidents leading the assessment, action planning and final signoff of information governance incidents.

  • Act as Trust nominated Information Security and Privacy Officer undertaking regular monitoring of system usage and compliance, development of security policies, controls and procedures in liaison with appropriate managers and ensuring appropriate documentation and guidance exists for members of staff.

  • Proactively work with operational managers, the Senior Information Risk Owner (SIRO), Information Asset Owners (IAOs), Information Asset Administrators (IAAs) and other stakeholders to ensure the information risk management structure processes meet the business and data security requirements of the organisation.

  • Be responsible for the administration of access to medical records, liaising between applicants and health professionals, ensuring that time limits and patients rights are adhered to; responsible for ensuring that there are documented requirements for access controls for all key information assets identified in the organisations asset register.

  • Lead the Information Governance training programme, including planning and liaison with the Trusts learning & Development department for the regular delivery of IG training sessions, both online and face to face as required; review content of training material.

  • Give face to face IG training to new starters as part of the Welcome Day / Induction programme.

  • Ensure secure processing of personal and otherwise confidential data by proactively monitoring activity, such as secure email, access request disclosure, physical checks of work stations.

  • Ensure that there are suitable mechanisms for access to and disclosure of records as per the Data Protection Act and other legal routes of access to data..

  • Be responsible for corresponding with external organisations and authorities regarding third party requests for mental health & social care records.

  • Ensure that the Trust has an accurate, complete and maintained Data Protection Registration, including annual renewal of the associated Information Commissioners Office (ICO) fee.

  • Ensure Information Governance documentation on the Trusts website and intranet (InSite) are accurate and kept up to date, including the Privacy Notices.

  • As Data Protection Officer (DPO) monitor internal compliance with the UK GDPR / Data Protection Act 2018, inform and advise on the Trusts data protection obligations, provide advice regarding and sign off Data Protection Imapct Assessments (DPISs), and act as a contact point for data subjects and the Information Commissioners Office (ICO).

Job description

Job responsibilities

  • Act as source of expertise on Information Governance Issues to the Trust providing specialist advice and assistance to staff where required on areas of complex information governance legislation, such as the UK GDPR / Data Protection Act 2018 and the Confidentiality: NHS Code of Practice; ensure that this specialist knowledge is kept up to date and changes in legislation or national and local policy are communicated effectively to staff at all levels within the organisation

  • Support the Trusts Data Protection Information Governance Group (DPIGG) and the Trusts Caldicott Guardian in the implementation of Information Governance policies and procedures, in particular, the recording, storage and exchange of person-identifiable information.

  • Lead maintenance of the Trusts Data Security Protection (DSP) Toolkit work programme, co-ordinating with and supporting key staff in meeting requirements and expectations of this governance framework; ensure compliance to deadline of the annual DSP Toolkit online assessment

  • Implement policies and procedures for the secure and efficient management of clinical records as required by the Data Protection Act 2018 and Caldicott Report recommendations.

  • Assist in the development and delivery of the information Governance Improvement/Action plan and audit of the DSP Toolkit submission to confirm score compliance; service and support the Trusts Data Protection Information Governance Group and other related meetings as appropriate both internal and external to the Trust.

  • Act as expert in regard to IG incidents leading the assessment, action planning and final signoff of information governance incidents.

  • Act as Trust nominated Information Security and Privacy Officer undertaking regular monitoring of system usage and compliance, development of security policies, controls and procedures in liaison with appropriate managers and ensuring appropriate documentation and guidance exists for members of staff.

  • Proactively work with operational managers, the Senior Information Risk Owner (SIRO), Information Asset Owners (IAOs), Information Asset Administrators (IAAs) and other stakeholders to ensure the information risk management structure processes meet the business and data security requirements of the organisation.

  • Be responsible for the administration of access to medical records, liaising between applicants and health professionals, ensuring that time limits and patients rights are adhered to; responsible for ensuring that there are documented requirements for access controls for all key information assets identified in the organisations asset register.

  • Lead the Information Governance training programme, including planning and liaison with the Trusts learning & Development department for the regular delivery of IG training sessions, both online and face to face as required; review content of training material.

  • Give face to face IG training to new starters as part of the Welcome Day / Induction programme.

  • Ensure secure processing of personal and otherwise confidential data by proactively monitoring activity, such as secure email, access request disclosure, physical checks of work stations.

  • Ensure that there are suitable mechanisms for access to and disclosure of records as per the Data Protection Act and other legal routes of access to data..

  • Be responsible for corresponding with external organisations and authorities regarding third party requests for mental health & social care records.

  • Ensure that the Trust has an accurate, complete and maintained Data Protection Registration, including annual renewal of the associated Information Commissioners Office (ICO) fee.

  • Ensure Information Governance documentation on the Trusts website and intranet (InSite) are accurate and kept up to date, including the Privacy Notices.

  • As Data Protection Officer (DPO) monitor internal compliance with the UK GDPR / Data Protection Act 2018, inform and advise on the Trusts data protection obligations, provide advice regarding and sign off Data Protection Imapct Assessments (DPISs), and act as a contact point for data subjects and the Information Commissioners Office (ICO).

Person Specification

Qualifications

Essential

  • Educated to Degree level
  • Evidence of Continuing Professional Development.
  • ECDL (or working towards it).

Desirable

  • Appropriate Health Informatics or other post-graduate qualification.
  • Project Management qualification.
  • Professional qualification in information governance

Knowledge & Skills

Essential

  • Management and team leadership.
  • Excellent interpersonal and communication skills.
  • Excellent report writing and presentation skills.
  • Ability to prioritise between competing demands.
  • Good understanding of the NHS Information Governance agenda and the DSP Toolkit.
  • Knowledge of the Data Protection and Freedom of Information Act.
  • Knowledge of the Caldicott requirements
  • Ability to work to deadlines and under pressure.

Desirable

  • Knowledge of the NHS National Programme for IT.
  • A good understanding of the NHS.

Experience

Essential

  • Experience of working in a project environment.
  • Drafting policy documents.
  • Experience of working on information governance issues.

Desirable

  • Experience of working in Health & Social Care Records Department.
  • Project management.
  • Working in an NHS environment.
Person Specification

Qualifications

Essential

  • Educated to Degree level
  • Evidence of Continuing Professional Development.
  • ECDL (or working towards it).

Desirable

  • Appropriate Health Informatics or other post-graduate qualification.
  • Project Management qualification.
  • Professional qualification in information governance

Knowledge & Skills

Essential

  • Management and team leadership.
  • Excellent interpersonal and communication skills.
  • Excellent report writing and presentation skills.
  • Ability to prioritise between competing demands.
  • Good understanding of the NHS Information Governance agenda and the DSP Toolkit.
  • Knowledge of the Data Protection and Freedom of Information Act.
  • Knowledge of the Caldicott requirements
  • Ability to work to deadlines and under pressure.

Desirable

  • Knowledge of the NHS National Programme for IT.
  • A good understanding of the NHS.

Experience

Essential

  • Experience of working in a project environment.
  • Drafting policy documents.
  • Experience of working on information governance issues.

Desirable

  • Experience of working in Health & Social Care Records Department.
  • Project management.
  • Working in an NHS environment.

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Additional information

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Employer details

Employer name

South West London and St Georges Mental Health NHS Trust

Address

Tolworth Hospital

Red Lion Rd

Tolworth

KT6 7QU


Employer's website

https://www.swlstg.nhs.uk/ (Opens in a new tab)

Employer details

Employer name

South West London and St Georges Mental Health NHS Trust

Address

Tolworth Hospital

Red Lion Rd

Tolworth

KT6 7QU


Employer's website

https://www.swlstg.nhs.uk/ (Opens in a new tab)

Employer contact details

For questions about the job, contact:

Associate Director Performance & Information

Jonathan Comfort

Jonathan.Comfort@swlstg.nhs.uk

02035135567

Details

Date posted

30 November 2023

Pay scheme

Agenda for change

Band

Band 8a

Salary

£56,388 to £62,785 a year per annum inclusive outer London HCAS

Contract

Permanent

Working pattern

Full-time

Reference number

294-CORP-5848317-JB

Job locations

Tolworth Hospital

Red Lion Rd

Tolworth

KT6 7QU


Supporting documents

Privacy notice

South West London and St Georges Mental Health NHS Trust's privacy notice (opens in a new tab)