Job summary
The purpose of this role is to lead, and co-ordinate the approach to the implementation of Data Security and Protection Toolkit (DSPT) to ensure that the Trust delivers the minimum standards laid down in the DSPT in order for the Trust to achieve the required rating in respect of this area of governance.
The position is the project lead for Information Governance within the Trust and is responsible for the development of long-term policies and plans that support the Strategic Direction of the Trust.
Information Governance has many strands and stretches across many areas. It is imperative that a single point of knowledge is available to senior management and staff to provide clear guidance and performance assessment and to ensure that the organisation meets both its statutory and legal obligations.
Non- clinical role, contact with patients is incidental.
Main duties of the job
To provide specialist knowledge on all aspects of information governance across the Organisation, including leading on Incident response and investigation, owning DPIA end-to-end process and submissions review, collating and managing the Information Assets and Data flows.
To take every reasonable opportunity to maintain and improve your professional knowledge and competence
Work on own initiative to prioritise workload and meet deadlines of the IG Services
To comment and provide expert guidance on information located/received/collated/sent and interpret impact on orgaisations goal, objectives and national priorities.
Responsible for upholding information governance standards throughout Trust procurement and selecting suppliers or authorising Information Governance related purchases, taking into account cost, quality, delivery time and reliability.
Interpret and comply with all relevant Trust policies
About us
The Royal Orthopaedic Hospital NHS Foundation Trust is one of the largest specialist orthopaedic units in Europe. We offer planned orthopaedic surgery to people locally, nationally and internationally.
Our Trust is a very special hospital; big enough to deliver world class services and small enough to offer exceptional patient and staff experience. We offer a working experience unique in the West Midlands and we're always on the lookout for passionate people to join our award-winning team.
The ROH is an equal opportunities employer. We employ people of difference and are committed to growing an inclusive culture, where difference is celebrated, and people feel able to bring their whole and authentic self to work.
We are a Disability Confident Leader and offer a range of inclusive, family friendly and flexible working arrangements and policies, to support our people in the workplace. Flexible working requests will be considered.
The Trust is committed to the Disability Confident Interview Scheme and will offer an interview to disabled applicants who meet the minimum criteria for a vacancy and consider them on their abilities.
If you have a disability and need any support with your application or require any reasonable adjustments to be implemented please do get in touch with the Recruiting Manager for this position so that the team can support you.
Job description
Job responsibilities
Information Governance
To lead and co-ordinate Information Governance continuous improvement work programmes within the Trust relating to the following areas:-
o Code of Confidentiality (Caldicott, Data Protection, Access to Health Records)
o Clinical Information Assurance
o Records Management
o Information Security Assurance (BS7799 / ISO17799)
o Freedom of Information
o Communications & Training and Awareness
To develop, review and implement all policies and procedures relating to Information Governance.
To ensure that the requirements of DSPT are integrated into the core business functions and plans for the Trust
To prepare and seek approval by the Executive Management Team for the annual plans to achieve the DSPT.
To ensure that the Trust has a managed and coordinated approach to the implementation of the DSPT and interpretation within the organisation.
Lead the development and implementation of policies and procedures to support the delivery of Information Governance.
To ensure that Freedom of Information training and awareness is included in the Information Governance training programme
Monitor the Trusts position against the Information Governance toolkit against the annual work plan for Information Governance.
Report to the Trust Management Executive on a regular basis, providing feedback on progress.
To organise and service the Information Governance Group.
To attend local, regional and national Information Governance related meetings on behalf of the Trust and feedback to the EMT, SIRO and other group eg. Information Governance Group/Data Quality Group as appropriate.
Information Security and Confidentiality
- To advise the Trusts management team with the implementation of policies and procedures to ensure that the organisation progresses towards compliance with the Caldicott requirements and the Confidentiality Code of Practice.
- Promoting the safe use of patient information and the production of returns as necessary.
- To advise the Head of IT, Information Manager and Director of Operations in order to ensure that information and records management strategies and polices are in line with current guidance and legislation.
- To provide expert advice on the legality and ethics of information related decisions in relation to confidentiality
Data Protection Act
To act as Data Controller for the Trust and ensure the Trusts data protection registration is completed and maintained.
To interpret the Data Protection Act in relation to the use of confidential information, providing expert advice and opinion on all Data Protection issues
- To provide advice and guidance on the Data Protection issues for all new projects that deal with the use of confidential information
- To manage the receipt, processing and review of DPIAs for new or changing systems
- To provide advice and guidance to the Trust on any new developments and legislative changes in relation to Data Protection.
- To keep up to date with new developments within the Law of Confidentiality
Records Management
- To provide guidance and advice on health records management issues to all Trust staff
- To audit corporate records and to ensure they are managed according to the records management code of practice and internal good practice guidelines particularly with regard to retention and disposal.
- To ensure that all new developments (with particular relevance to Connecting for Health) meet all Information, Records and Data Management arrangements.
Information Sharing
- To be the lead for developing and implementing information sharing arrangements and protocols with partner organisations
- To be the lead on documenting and risk assessing data flows in and out of the Trust
Information Quality
Review the programme of activities aimed at improving the quality of service and patient related data held in electronic and manual systems which accurately reflects the Trusts service delivery and patient care
Work with the Trust information management team and other IT & Records staff to provide and receive feedback which enable the proactive identification of local issues and areas of risk that impact on data quality and confidentiality, using judgement to implement preventive measures and taking remedial action as necessary.
Risk Management
Maintain an Information Asset Register and establish information asset owners (IAO) and administrators (IAS) for each one
Support data owners in their monitoring and control of person identifiable information by providing training, advice and guidance
Maintain a record of Trust data flows, and assess and implement risk mitigation controls of transmission methods. Review risks and controls on a periodic basis.
Establish and monitor the security levels of information systems in partnership with IT technical staff, undertaking periodic organisational Information risk assessments, ensuring these are linked to the IM&T risk register (and where appropriate to the corporate risk register)
Investigate suspected and actual information security and confidentiality incidents, in particular Serious Untoward Incidents, using and updating the Trusts Incident Management system working with other risk management staff as appropriate. Carry out remedial action as required.
Change Management
- Lead on the development of training and awareness documentation to promote Information Governance throughout the organisation (e.g. via posters, flyers, presentations etc.).
- To advise and support Directors, Senior Managers, Heads of Department, Service Managers and clinicians in their understanding of Information Governance and how it applies to their role in the organisation.
- Ensure latest guidance on the Information Governance programme is available to staff and patients via the Trusts intranet, internet and other available communication resources.
- To provide expert advice on Information Governance (legal and ethical issues) in relation to any new developments within the Trust.
Audit
- Develop, implement and monitor, audit programmes for
- Information Security
- Confidentiality
- Records (health and corporate)
- Information Quality
- And other Information Governance Related issues
- To be the trusts Information Governance audit lead in relation to new developments in the electronic patient record
- Agree audit plans in relation to Information Governance Group
- Ensure audit recommendations are implemented as appropriate.
- Provide the Information Governance related evidence for internal and external audits and for Care Quality Commission Outcome 21.
People Management
To develop partnership working with a range of internal and external colleagues in relation to IG Compliance
To co-ordinate, plan, direct and motivate the organisation on matters around IG and its overall importance.
Investigate and lead on data breach investigations, discussing and providing training to individuals and suggesting adaptions to team leaders, services and working practices to prevent future breaches.
To improve staff IG awareness through annual training, both in maintaining course material and the organisational levels of compliance
Job description
Job responsibilities
Information Governance
To lead and co-ordinate Information Governance continuous improvement work programmes within the Trust relating to the following areas:-
o Code of Confidentiality (Caldicott, Data Protection, Access to Health Records)
o Clinical Information Assurance
o Records Management
o Information Security Assurance (BS7799 / ISO17799)
o Freedom of Information
o Communications & Training and Awareness
To develop, review and implement all policies and procedures relating to Information Governance.
To ensure that the requirements of DSPT are integrated into the core business functions and plans for the Trust
To prepare and seek approval by the Executive Management Team for the annual plans to achieve the DSPT.
To ensure that the Trust has a managed and coordinated approach to the implementation of the DSPT and interpretation within the organisation.
Lead the development and implementation of policies and procedures to support the delivery of Information Governance.
To ensure that Freedom of Information training and awareness is included in the Information Governance training programme
Monitor the Trusts position against the Information Governance toolkit against the annual work plan for Information Governance.
Report to the Trust Management Executive on a regular basis, providing feedback on progress.
To organise and service the Information Governance Group.
To attend local, regional and national Information Governance related meetings on behalf of the Trust and feedback to the EMT, SIRO and other group eg. Information Governance Group/Data Quality Group as appropriate.
Information Security and Confidentiality
- To advise the Trusts management team with the implementation of policies and procedures to ensure that the organisation progresses towards compliance with the Caldicott requirements and the Confidentiality Code of Practice.
- Promoting the safe use of patient information and the production of returns as necessary.
- To advise the Head of IT, Information Manager and Director of Operations in order to ensure that information and records management strategies and polices are in line with current guidance and legislation.
- To provide expert advice on the legality and ethics of information related decisions in relation to confidentiality
Data Protection Act
To act as Data Controller for the Trust and ensure the Trusts data protection registration is completed and maintained.
To interpret the Data Protection Act in relation to the use of confidential information, providing expert advice and opinion on all Data Protection issues
- To provide advice and guidance on the Data Protection issues for all new projects that deal with the use of confidential information
- To manage the receipt, processing and review of DPIAs for new or changing systems
- To provide advice and guidance to the Trust on any new developments and legislative changes in relation to Data Protection.
- To keep up to date with new developments within the Law of Confidentiality
Records Management
- To provide guidance and advice on health records management issues to all Trust staff
- To audit corporate records and to ensure they are managed according to the records management code of practice and internal good practice guidelines particularly with regard to retention and disposal.
- To ensure that all new developments (with particular relevance to Connecting for Health) meet all Information, Records and Data Management arrangements.
Information Sharing
- To be the lead for developing and implementing information sharing arrangements and protocols with partner organisations
- To be the lead on documenting and risk assessing data flows in and out of the Trust
Information Quality
Review the programme of activities aimed at improving the quality of service and patient related data held in electronic and manual systems which accurately reflects the Trusts service delivery and patient care
Work with the Trust information management team and other IT & Records staff to provide and receive feedback which enable the proactive identification of local issues and areas of risk that impact on data quality and confidentiality, using judgement to implement preventive measures and taking remedial action as necessary.
Risk Management
Maintain an Information Asset Register and establish information asset owners (IAO) and administrators (IAS) for each one
Support data owners in their monitoring and control of person identifiable information by providing training, advice and guidance
Maintain a record of Trust data flows, and assess and implement risk mitigation controls of transmission methods. Review risks and controls on a periodic basis.
Establish and monitor the security levels of information systems in partnership with IT technical staff, undertaking periodic organisational Information risk assessments, ensuring these are linked to the IM&T risk register (and where appropriate to the corporate risk register)
Investigate suspected and actual information security and confidentiality incidents, in particular Serious Untoward Incidents, using and updating the Trusts Incident Management system working with other risk management staff as appropriate. Carry out remedial action as required.
Change Management
- Lead on the development of training and awareness documentation to promote Information Governance throughout the organisation (e.g. via posters, flyers, presentations etc.).
- To advise and support Directors, Senior Managers, Heads of Department, Service Managers and clinicians in their understanding of Information Governance and how it applies to their role in the organisation.
- Ensure latest guidance on the Information Governance programme is available to staff and patients via the Trusts intranet, internet and other available communication resources.
- To provide expert advice on Information Governance (legal and ethical issues) in relation to any new developments within the Trust.
Audit
- Develop, implement and monitor, audit programmes for
- Information Security
- Confidentiality
- Records (health and corporate)
- Information Quality
- And other Information Governance Related issues
- To be the trusts Information Governance audit lead in relation to new developments in the electronic patient record
- Agree audit plans in relation to Information Governance Group
- Ensure audit recommendations are implemented as appropriate.
- Provide the Information Governance related evidence for internal and external audits and for Care Quality Commission Outcome 21.
People Management
To develop partnership working with a range of internal and external colleagues in relation to IG Compliance
To co-ordinate, plan, direct and motivate the organisation on matters around IG and its overall importance.
Investigate and lead on data breach investigations, discussing and providing training to individuals and suggesting adaptions to team leaders, services and working practices to prevent future breaches.
To improve staff IG awareness through annual training, both in maintaining course material and the organisational levels of compliance
Person Specification
Qualifications
Essential
- Degree Qualification or Equivalent Experience
- Evidence of CPD or Equivalent Experience
Experience
Essential
- Experience within large or complex organisations
- Experience of managing projects/consultations
- Demonstrable expert knowledge of Data Protection, Information Security, Confidentiality and Information Quality Issues and Requriements
- Acts as a specialist source of advice for the Trust in respect of IG requirements
Desirable
- Analysis and interpretation of complex information from different sources
- Previous working experience of ISO Management Systems
Knowledge and Skills
Essential
- Knowledge of NHS Priorities
- Expert Knowledge of GDPR and Data Protection Act, Caldicott Principles
- Expert knowledge of DSPT
- Microsoft Packages
- Hands on willingness to learn
Person Specification
Qualifications
Essential
- Degree Qualification or Equivalent Experience
- Evidence of CPD or Equivalent Experience
Experience
Essential
- Experience within large or complex organisations
- Experience of managing projects/consultations
- Demonstrable expert knowledge of Data Protection, Information Security, Confidentiality and Information Quality Issues and Requriements
- Acts as a specialist source of advice for the Trust in respect of IG requirements
Desirable
- Analysis and interpretation of complex information from different sources
- Previous working experience of ISO Management Systems
Knowledge and Skills
Essential
- Knowledge of NHS Priorities
- Expert Knowledge of GDPR and Data Protection Act, Caldicott Principles
- Expert knowledge of DSPT
- Microsoft Packages
- Hands on willingness to learn
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
Additional information
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
Employer details
Employer name
The Royal Orthopaedic Hospital NHS Foundation Trust
Address
The Royal Orthopaedic Hospital NHS Foundation Trust
Bristol Road South
Birmingham
B31 2AP
Employer's website
https://www.roh.nhs.uk/ (Opens in a new tab)
