Information Governance Manager

Job summary

The purpose of this role is to lead, and co-ordinate the approach to the implementation of Data Security and Protection Toolkit (DSPT) to ensure that the Trust delivers the minimum standards laid down in the DSPT in order for the Trust to achieve the required rating in respect of this area of governance.

The position is the project lead for Information Governance within the Trust and is responsible for the development of long-term policies and plans that support the Strategic Direction of the Trust.

Information Governance has many strands and stretches across many areas. It is imperative that a single point of knowledge is available to senior management and staff to provide clear guidance and performance assessment and to ensure that the organisation meets both its statutory and legal obligations.

Non- clinical role, contact with patients is incidental.

Main duties of the job

To provide specialist knowledge on all aspects of information governance across the Organisation, including leading on Incident response and investigation, owning DPIA end-to-end process and submissions review, collating and managing the Information Assets and Data flows.

To take every reasonable opportunity to maintain and improve your professional knowledge and competence

Work on own initiative to prioritise workload and meet deadlines of the IG Services

To comment and provide expert guidance on information located/received/collated/sent and interpret impact on orgaisations goal, objectives and national priorities.

Responsible for upholding information governance standards throughout Trust procurement and selecting suppliers or authorising Information Governance related purchases, taking into account cost, quality, delivery time and reliability.

Interpret and comply with all relevant Trust policies

About us

The Royal Orthopaedic Hospital NHS Foundation Trust is one of the largest specialist orthopaedic units in Europe. We offer planned orthopaedic surgery to people locally, nationally and internationally.

Our Trust is a very special hospital; big enough to deliver world class services and small enough to offer exceptional patient and staff experience. We offer a working experience unique in the West Midlands and we're always on the lookout for passionate people to join our award-winning team.

The ROH is an equal opportunities employer. We employ people of difference and are committed to growing an inclusive culture, where difference is celebrated, and people feel able to bring their whole and authentic self to work.

We are a Disability Confident Leader and offer a range of inclusive, family friendly and flexible working arrangements and policies, to support our people in the workplace. Flexible working requests will be considered.

The Trust is committed to the Disability Confident Interview Scheme and will offer an interview to disabled applicants who meet the minimum criteria for a vacancy and consider them on their abilities.

If you have a disability and need any support with your application or require any reasonable adjustments to be implemented please do get in touch with the Recruiting Manager for this position so that the team can support you.

Job description

Job responsibilities

Information Governance

To lead and co-ordinate Information Governance continuous improvement work programmes within the Trust relating to the following areas:-

o Code of Confidentiality (Caldicott, Data Protection, Access to Health Records)

o Clinical Information Assurance

o Records Management

o Information Security Assurance (BS7799 / ISO17799)

o Freedom of Information

o Communications & Training and Awareness

To develop, review and implement all policies and procedures relating to Information Governance.

To ensure that the requirements of DSPT are integrated into the core business functions and plans for the Trust

To prepare and seek approval by the Executive Management Team for the annual plans to achieve the DSPT.

To ensure that the Trust has a managed and coordinated approach to the implementation of the DSPT and interpretation within the organisation.

Lead the development and implementation of policies and procedures to support the delivery of Information Governance.

To ensure that Freedom of Information training and awareness is included in the Information Governance training programme

Monitor the Trusts position against the Information Governance toolkit against the annual work plan for Information Governance.

Report to the Trust Management Executive on a regular basis, providing feedback on progress.

To organise and service the Information Governance Group.

To attend local, regional and national Information Governance related meetings on behalf of the Trust and feedback to the EMT, SIRO and other group eg. Information Governance Group/Data Quality Group as appropriate.

Information Security and Confidentiality

To advise the Trusts management team with the implementation of policies and procedures to ensure that the organisation progresses towards compliance with the Caldicott requirements and the Confidentiality Code of Practice. Promoting the safe use of patient information and the production of returns as necessary. To advise the Head of IT, Information Manager and Director of Operations in order to ensure that information and records management strategies and polices are in line with current guidance and legislation. To provide expert advice on the legality and ethics of information related decisions in relation to confidentiality

Data Protection Act

To act as Data Controller for the Trust and ensure the Trusts data protection registration is completed and maintained. To interpret the Data Protection Act in relation to the use of confidential information, providing expert advice and opinion on all Data Protection issues To provide advice and guidance on the Data Protection issues for all new projects that deal with the use of confidential information To manage the receipt, processing and review of DPIAs for new or changing systems To provide advice and guidance to the Trust on any new developments and legislative changes in relation to Data Protection. To keep up to date with new developments within the Law of Confidentiality

Records Management

To provide guidance and advice on health records management issues to all Trust staff To audit corporate records and to ensure they are managed according to the records management code of practice and internal good practice guidelines particularly with regard to retention and disposal. To ensure that all new developments (with particular relevance to Connecting for Health) meet all Information, Records and Data Management arrangements.

Information Sharing

To be the lead for developing and implementing information sharing arrangements and protocols with partner organisations To be the lead on documenting and risk assessing data flows in and out of the Trust

Information Quality

Review the programme of activities aimed at improving the quality of service and patient related data held in electronic and manual systems which accurately reflects the Trusts service delivery and patient care

Work with the Trust information management team and other IT & Records staff to provide and receive feedback which enable the proactive identification of local issues and areas of risk that impact on data quality and confidentiality, using judgement to implement preventive measures and taking remedial action as necessary.

Risk Management

Maintain an Information Asset Register and establish information asset owners (IAO) and administrators (IAS) for each one

Support data owners in their monitoring and control of person identifiable information by providing training, advice and guidance

Maintain a record of Trust data flows, and assess and implement risk mitigation controls of transmission methods. Review risks and controls on a periodic basis.

Establish and monitor the security levels of information systems in partnership with IT technical staff, undertaking periodic organisational Information risk assessments, ensuring these are linked to the IM&T risk register (and where appropriate to the corporate risk register)

Investigate suspected and actual information security and confidentiality incidents, in particular Serious Untoward Incidents, using and updating the Trusts Incident Management system working with other risk management staff as appropriate. Carry out remedial action as required.

Change Management

Lead on the development of training and awareness documentation to promote Information Governance throughout the organisation ( via posters, flyers, presentations etc.). To advise and support Directors, Senior Managers, Heads of Department, Service Managers and clinicians in their understanding of Information Governance and how it applies to their role in the organisation. Ensure latest guidance on the Information Governance programme is available to staff and patients via the Trusts intranet, internet and other available communication resources. To provide expert advice on Information Governance (legal and ethical issues) in relation to any new developments within the Trust. Audit Develop, implement and monitor, audit programmes for Information Security Confidentiality Records (health and corporate) Information Quality And other Information Governance Related issues To be the trusts Information Governance audit lead in relation to new developments in the electronic patient record Agree audit plans in relation to Information Governance Group Ensure audit recommendations are implemented as appropriate. Provide the Information Governance related evidence for internal and external audits and for Care Quality Commission Outcome 21.

People Management

To develop partnership working with a range of internal and external colleagues in relation to IG Compliance

To co-ordinate, plan, direct and motivate the organisation on matters around IG and its overall importance.

Investigate and lead on data breach investigations, discussing and providing training to individuals and suggesting adaptions to team leaders, services and working practices to prevent future breaches.

To improve staff IG awareness through annual training, both in maintaining course material and the organisational levels of compliance

Person Specification

Qualifications

Essential

Degree Qualification or Equivalent Experience Evidence of CPD or Equivalent Experience

Experience

Essential

Experience within large or complex organisations Experience of managing projects/consultations Demonstrable expert knowledge of Data Protection, Information Security, Confidentiality and Information Quality Issues and Requriements Acts as a specialist source of advice for the Trust in respect of IG requirements

Desirable

Analysis and interpretation of complex information from different sources Previous working experience of ISO Management Systems

Knowledge and Skills

Essential

Knowledge of NHS Priorities Expert Knowledge of GDPR and Data Protection Act, Caldicott Principles Expert knowledge of DSPT Microsoft Packages Hands on willingness to learn

---