Information Governance Manager (Information Rights&Records Management)

at  Royal Free London NHS Foundation Trust

This role forms part of the wider Information Governance service and has responsibility for the day to day management of the Information Rights and Records Management departments. This role will provide leadership and subject matter expertise to the departments and wider trust. This role will be required to undertake broader Information Governance duties in support of the Corporate Information Governance department.

Day to day management of the Information Rights and Records Management departments
Monitoring and improving department performance
Providing expert advice in all matters relating to Information Governance, in particular information rights and records management
Advising and leading on Data Protection Impact Assessments
Contract management
Supporting the trust’s wider Information Governance agenda
This is an exciting opportunity to join a large and highly skilled Information Governance department. The department continually invests in the professional development of team members, and works on complex local, national and regional projects which directly contributes to improved patient care.

This role is responsible for delivering compliance with information governance policies across complex areas of clinical and corporate services. This role is also responsible for the proactive management of the Records Management and Information Rights service.

• Delivery of the information governance assurance model, the delivery and operation of standardised tools, operational support and advice.
• Developing and supporting a culture of high-quality information governance management practice including providing advice and guidance on the operation of corporate policies where appropriate to staff.
• Implementing and supporting systems and practices which facilitate compliance with all legal, statutory and good practice requirements.
• Advising on best practice in compliance with policies and staff training on aspects of local information governance policy.
• Providing support to the Senior Information Risk Owner (SIRO) and Caldicott Guardian to ensure compliance with legal and ethical frameworks.
• Supporting data protection providing complex advice to ensure operations work within the policy framework.
• Delivering a programme of evidence gathering, monitoring, assessment and audit. This includes the management of assurance, evidence and audit of significant providers of services to the and the escalation of issues of quality, risk and management through the appropriate channels and in conjunction with the Senior Information Governance Manager and Senior Information Risk Owner.
• Implement an overarching Information Governance strategy to meet statutory and legal requirements and an associated development plan.
• Coordinate the management of and be responsible for the annual submission of the Data Security and Protection Toolkit assurance framework, ensuring that there is an auditable evidence base and to deliver satisfactory standard across all requirements.
• Promote and monitor required information governance policies, procedures and guidance.
• Liaise with the risk management function to ensure the mitigation of risk and financial loss to the by the disruption of services, including managing the information risk register.
• Develop the information governance culture, working across stakeholders to communicate information governance standards and constantly seek to raise awareness.
• Be an expert in the requirements of GDPR, FOI, EIR, and RPSI to facilitate best practice and ensure that this is communicated clearly and acted upon effectively.
• Work actively with partners and stakeholders to ensure that the information governance processes meet best practice.
• Undertake, and/or participate in the design, of local audits of compliance to information governance standards across stakeholders.
• To be specifically responsible for ensuring GDPR, Caldicott and information sharing governance issues are escalated, managed and responded to in a timely way.
• Provide specific advice and support to the Caldicott Guardian and SIRO to ensure the effective management, monitoring and audit of Information/Confidentiality risks throughout the organisation.
• Provide information; awareness material and training to key post holders within the organisation, including but not limited to Information Asset Owners, Privacy Officer, Registration Authority staff, Records Management leads, IG Group, Senior Management Team (as required).
• Manage the co-ordination of the Information Governance Group and collation of the documentation required to ensure the Information Governance Group meetings are scheduled, all documentation reviewed and approved prior to each meeting, then circulated in line with the Terms of Reference for the Group.
• Manage the investigation of suspected and actual information governance breaches and when required produce formal reports of findings on reported adverse information security and confidentiality incidents. Ensure that lessons learnt are disseminated, and that the recommendations are audited to ensure continuing compliance.
• Maintain a Caldicott issues log relating to all requests to share personally identifiable information and formally report these to the Information Governance Group along with trends.
• Ensure that risk, issue and change registers for information governance are maintained and actioned, as appropriate.
• Manage and support the delivery of an information asset register and embed the bespoke software and processes to map information assets and data flows.
• Support Information Asset Owners and the SIRO in the management of Risk, through the delivery of Information Risk Register and associated action plans. Monitor actions delivered by key stakeholders and escalate as necessary.
• Work with the nominated Information Security Officer in delivering the information security assurance programme. Provide updates to the organisation on key risks and priorities arising from ICT environment and changing requirements.
• Communicate advice and guidance on changes to be considered to improve patient outcomes and business efficiency, through process review and technology.
• Support staff and stakeholder in the provision of appropriate filing structures, access control and management of electronic information.
• Support the delivery de-identification/ pseudonymisation projects and processes from an information governance perspective. Liaise with Informatics and ICT to ensure legal compliance and governance standards are met and implemented.
• Responsible for the safe use of equipment in addition to personal equipment.
• Responsible for providing training in information governance and undertaking basic workplace assessments of practice.
• Setting the strategic direction of the FOI and/or Information Rights team and production of an annual work plan for the team.
• Continual development of the FOI and/or Information Rights service.
• Provide specialist FOI and/or Information Rights advice on legislation and application of exemptions.
• Responsibility, for ensuring a robust and comprehensive FOI and/or Information Rights service.
• Liaise with a wide range of external and internal stakeholders, assisting in the management of conflicting opinions to ensure clear FOI and/or Information Rights responses can be produced
• Work in partnership with stakeholder to respond to FOI and/or Information Rights requests.
• Work with Communications Leads to pre-empt communications issues arising from FOI and/or Information Rights requests and manage any reputational impact.
• Work with stakeholder to support them in responding to requests including providing advice on how to respond to FOI and/or Information Rights requests and advising on exemptions that might apply.
• Provide training on FOI/EIR/RPSI/information rights and approaches to developing responses.
• Produces regular reports on numbers and themes of FOI/EIR/RPSI/information rights requests and the resources used to complete them
• Develops relationships with NHS England and other stakeholders.
• Keep up to date with developments in relevant legislation.
• Responsibility for establishing and developing written procedures for the trust FOI and/or Information Rights service
• Responsible for developing a publication scheme for the trust.
• Responsibility for checking the quality of responses prior to release