Information Governance Manager

at  The Royal Orthopaedic Hospital NHS Foundation Trust

The purpose of this role is to lead, and co-ordinate the approach to the implementation of Data Security and Protection Toolkit (DSPT) to ensure that the Trust delivers the minimum standards laid down in the DSPT in order for the Trust to achieve the required rating in respect of this area of governance.
The position is the project lead for Information Governance within the Trust and is responsible for the development of long-term policies and plans that support the Strategic Direction of the Trust.
Information Governance has many strands and stretches across many areas. It is imperative that a single point of knowledge is available to senior management and staff to provide clear guidance and performance assessment and to ensure that the organisation meets both its statutory and legal obligations.

Non- clinical role, contact with patients is incidental.

• To provide specialist knowledge on all aspects of information governance across the Organisation, including leading on Incident response and investigation, owning DPIA end-to-end process and submissions review, collating and managing the Information Assets and Data flows.
• To take every reasonable opportunity to maintain and improve your professional knowledge and competence
• Work on own initiative to prioritise workload and meet deadlines of the IG Services
• To comment and provide expert guidance on information located/received/collated/sent and interpret impact on orgaisations goal, objectives and national priorities.
• Responsible for upholding information governance standards throughout Trust procurement and selecting suppliers or authorising Information Governance related purchases, taking into account cost, quality, delivery time and reliability.
• Interpret and comply with all relevant Trust policies

The Royal Orthopaedic Hospital NHS Foundation Trust is one of the largest specialist orthopaedic units in Europe. We offer planned orthopaedic surgery to people locally, nationally and internationally.
Our Trust is a very special hospital; big enough to deliver world class services and small enough to offer exceptional patient and staff experience. We offer a working experience unique in the West Midlands and we’re always on the lookout for passionate people to join our award-winning team.
The ROH is an equal opportunities employer. We employ people of difference and are committed to growing an inclusive culture, where difference is celebrated, and people feel able to bring their whole and authentic self to work.
We are a Disability Confident Leader and offer a range of inclusive, family friendly and flexible working arrangements and policies, to support our people in the workplace. Flexible working requests will be considered.
The Trust is committed to the Disability Confident Interview Scheme and will offer an interview to disabled applicants who meet the minimum criteria for a vacancy and consider them on their abilities.
If you have a disability and need any support with your application or require any reasonable adjustments to be implemented please do get in touch with the Recruiting Manager for this position so that the team can support you.

Information Governance

• To lead and co-ordinate Information Governance continuous improvement work programmes within the Trust relating to the following areas: -

o Code of Confidentiality (Caldicott, Data Protection, Access to Health Records)
o Clinical Information Assurance
o Records Management
o Information Security Assurance (BS7799 / ISO17799)
o Freedom of Information

o Communications & Training and Awareness

• To develop, review and implement all policies and procedures relating to Information Governance.
• To ensure that the requirements of DSPT are integrated into the core business functions and plans for the Trust
• To prepare and seek approval by the Executive Management Team for the annual plans to achieve the DSPT.
• To ensure that the Trust has a managed and coordinated approach to the implementation of the DSPT and interpretation within the organisation.
• Lead the development and implementation of policies and procedures to support the delivery of Information Governance.
• To ensure that Freedom of Information training and awareness is included in the Information Governance training programme
• Monitor the Trust’s position against the Information Governance toolkit against the annual work plan for Information Governance.
• Report to the Trust Management Executive on a regular basis, providing feedback on progress.
• To organise and service the Information Governance Group.
• To attend local, regional and national Information Governance related meetings on behalf of the Trust and feedback to the EMT, SIRO and other group eg. Information Governance Group/Data Quality Group as appropriate.

Information Security and Confidentiality
To advise the Trust’s management team with the implementation of policies and procedures to ensure that the organisation progresses towards compliance with the Caldicott requirements and the Confidentiality Code of Practice.
Promoting the safe use of patient information and the production of returns as necessary.
To advise the Head of IT, Information Manager and Director of Operations in order to ensure that information and records management strategies and polices are in line with current guidance and legislation.
To provide expert advice on the legality and ethics of information related decisions in relation to confidentiality

Data Protection Act

• To act as Data Controller for the Trust and ensure the Trust’s data protection registration is completed and maintained.
• To interpret the Data Protection Act in relation to the use of confidential information, providing expert advice and opinion on all Data Protection issues

To provide advice and guidance on the Data Protection issues for all new projects that deal with the use of confidential information
To manage the receipt, processing and review of DPIAs for new or changing systems
To provide advice and guidance to the Trust on any new developments and legislative changes in relation to Data Protection.
To keep up to date with new developments within the Law of Confidentiality
Records Management
To provide guidance and advice on health records management issues to all Trust staff
To audit corporate records and to ensure they are managed according to the records management code of practice and internal good practice guidelines particularly with regard to retention and disposal.
To ensure that all new developments (with particular relevance to Connecting for Health) meet all Information, Records and Data Management arrangements.
Information Sharing
To be the lead for developing and implementing information sharing arrangements and protocols with partner organisations
To be the lead on documenting and risk assessing data flows in and out of the Trust

Information Quality

• Review the programme of activities aimed at improving the quality of service and patient related data held in electronic and manual systems which accurately reflects the Trust’s service delivery and patient care
• Work with the Trust information management team and other IT & Records staff to provide and receive feedback which enable the proactive identification of local issues and areas of risk that impact on data quality and confidentiality, using judgement to implement preventive measures and taking remedial action as necessary.

Risk Management

• Maintain an Information Asset Register and establish information asset owners (IAO) and administrators (IAS) for each one
• Support data owners in their monitoring and control of person identifiable information by providing training, advice and guidance
• Maintain a record of Trust data flows, and assess and implement risk mitigation controls of transmission methods. Review risks and controls on a periodic basis.
• Establish and monitor the security levels of information systems in partnership with IT technical staff, undertaking periodic organisational Information risk assessments, ensuring these are linked to the IM&T risk register (and where appropriate to the corporate risk register)
• Investigate suspected and actual information security and confidentiality incidents, in particular Serious Untoward Incidents, using and updating the Trust’s Incident Management system working with other risk management staff as appropriate. Carry out remedial action as required.

Change Management
Lead on the development of training and awareness documentation to promote Information Governance throughout the organisation (e.g. via posters, flyers, presentations etc.).
To advise and support Directors, Senior Managers, Heads of Department, Service Managers and clinicians in their understanding of Information Governance and how it applies to their role in the organisation.
Ensure latest guidance on the Information Governance programme is available to staff and patients via the Trust’s intranet, internet and other available communication resources.
To provide expert advice on Information Governance (legal and ethical issues) in relation to any new developments within the Trust.
Audit
Develop, implement and monitor, audit programmes for
Information Security
Confidentiality
Records (health and corporate)
Information Quality
And other Information Governance Related issues
To be the trusts Information Governance audit lead in relation to new developments in the electronic patient record
Agree audit plans in relation to Information Governance Group
Ensure audit recommendations are implemented as appropriate.
Provide the Information Governance related evidence for internal and external audits and for Care Quality Commission Outcome 21.

People Management

• To develop partnership working with a range of internal and external colleagues in relation to IG Compliance
• To co-ordinate, plan, direct and motivate the organisation on matters around IG and its overall importance.
• Investigate and lead on data breach investigations, discussing and providing training to individuals and suggesting adaptions to team leaders, services and working practices to prevent future breaches.
• To improve staff IG awareness through annual training, both in maintaining course material and the organisational levels of compliance

• To provide specialist knowledge on all aspects of information governance across the Organisation, including leading on Incident response and investigation, owning DPIA end-to-end process and submissions review, collating and managing the Information Assets and Data flows.
• To take every reasonable opportunity to maintain and improve your professional knowledge and competence
• Work on own initiative to prioritise workload and meet deadlines of the IG Services
• To comment and provide expert guidance on information located/received/collated/sent and interpret impact on orgaisations goal, objectives and national priorities.
• Responsible for upholding information governance standards throughout Trust procurement and selecting suppliers or authorising Information Governance related purchases, taking into account cost, quality, delivery time and reliability.
• Interpret and comply with all relevant Trust policie