Information Governance Assurance Officer - Norfolk and Norwich University Hospital (NNUH)
Salary: £200 Per Day
Hours: 37 Hours
Working Schedule: Monday to Friday
Contract Length: 3 Month Contract
Location: Norfolk and Norwich University Hospital, NR4 7UY
Job Details
Key Working Relationships:
Internal
• Senior Information Risk Owner
• Caldicott Guardian
• Head of Governance/Data Protection Officer
• Head of Business Intelligence
• Digital Health’s Senior Managers
• Service Managers
• Risk Management Team
• Internal Auditors
• Caldicott and Information Governance Assurance Committee (CIGAC)
• Digital Transformation Committee (DTC)
External:
• NHS England/Improvement
• Regional Information Governance Leads
• Norfolk & Waveney ICB
• Information Commissioner’s Office (ICO)
• Clinical Commissioning Groups
• Members of the Public
Job Purpose:
The post holder will assist and deputise for the Information Governance Assurance Manager with activities related to the delivery and coordination of Data Security and Protection Toolkit(DSPT), CQC and assurance of
all information governance activities across the Trust including Subject Access Requests (SAR) and Data Protection Impact Assessments (DPIA).
Essential to this post is the requirement to be an advocate for a culture of a risk-based IG values and mechanisms to underpin improvement and assurance of legislative and policy requirements. They will offer expert IG advice and guidance to staff at all levels, departments and corporate / Clinical Functions.
The role will entail working alongside multidisciplinary teams (inclusive of Digital Health staff, Chiefs of Service; Service Directors; Matrons and Nursing Staff; Senior Managers and Corporate Staff) in order to support in the preparation, maintenance, and management of IG assurance context within the Trust. Ensuring that the department continues to meet regulatory and/or statutory requirements, including the provision of ‘Well Led’
CQC evidence, Policy Management and the Data Security and Protection Toolkit.
The post holder will be accountable for supporting the Trust IG function in achieving its governance responsibilities and ensuring that the Trust staff are directed and guided to identify and achieve the highest standards of IG activities in all areas.
A key job performance value and outcome required from the postholder is to support and nurture the delivery and assurance of a risk-based approach to IG reflective of the Trust’s “P.R.I.D.E.” values.
The post holder will also be responsible for facilitating communication with the Data Security and Protection Toolkit Team at NHSE, the Divisional Governance Managers, Information Governance team and issuing reports via the collation, analysis and presentation of IG assurance, compliance, and risks related information.
As well as Providng clear and accurate reports for the Caldicott and Information Governance Assurance Committee, relevant Divisional Governance Committees and the Hospital Management Board when required.
To support the delivery of a high quality, safe and compassionate healthcare service, all staff are expected to act as a role model to others in all aspects of their work and consistently demonstrate NNUH’s ‘PRIDE’ values of People focused, Respect, Integrity, Dedication and Excellence and demonstrate behaviours that support and encourage an inclusive culture.
Overview of Essential Responsibilities:
1. Works as a key member of the Digital Health, Information Governance team, supporting the teams overall delivery and assurance of the Trust IG work programme, Information governance objectives and DSPT.
2. Working within the IG strategic framework, manage the implementation and assurance of a comprehensive information governance framework and ensure that the Trust is complying with relevant IG legislation, regulations, standards, and guidelines.
3. Develop and manage the Trust Information Governance audit programme including participation in Trust spot checks audits.
4. Establish productive working relationships across Directorates and Divisional teams including liaising with a variety of internal and external stakeholders.
5. To complete Data Protection Impact Assessments (DPIA’s) and other information risk related activities to help staff identify and minimise any privacy risk associated with the implementation of new project initiatives, policies, or systems involving the use of personally identifiable.
6. To conduct, review and complete Subject Access Requests for Staff and patients, whilst maintaining confidentiality and integrity.
7. Identify and collate evidence to demonstrate assurance objectives pertaining to Data Protection and Security Toolkit (DSPT) and information Governance in general and all other internal/external visits and inspections.
8. Develop, manage, maintain, and assure Information Governance training and awareness programmes including e-learning and face-to-face training packages (data quality, security, confidentiality, and other relevant training) for all the Trust’s managers and staff as and when required and immediately where there are legislative changes and/or national NHS issued guidance changes.
9. The Post Holder will also be responsible for issuing reports via the collation, analysis and presentation of IG training assurance, compliance, and risks related information and as well as providing clear and accurate reports for the Caldicott and Information Governance Assurance Committee, relevant Divisional Governance Committees and to Managers on a need-to-know basis.
10. To implement and monitor appropriate information/data sharing agreements complying with data protection laws are established with partner organisations and third parties and develop initiatives for recording this
information in line with the requirements of the DSPT and the relevant CQC line of enquiries.
11. Produce responses to incidents/data breaches, liaising with divisional and corporate teams, escalating any reported potential harm to patients. Produce and analyse Datix reports identifying issues for escalation ,ensuring actions are completed and closure of incidents in a timely manner.
12. Monitor progress against all DSPT Assertions, CQC Key Lines of Enquiry, liaising with nominated leads in the Divisional Governance Team and the Divisional Governance Managers.
13. Support the Head of Information Governance & Data protection Officer and the Information Governance Assurance Manager with the management and assurance of the suite of IG policies, Process and Procedures
and guidance, the production of the DSPT action plan and associated audit programme action plan and the production of the Annual report ensuring it meets the required ICO regulatory standards, NHSE national guidance and the DSPT and timescales. Ensuring compliance issues are escalated and action plans devised with the relevant senior stakeholders and senior IG Decision makers e.g. the Board, the Senior Information Risk Owner, Caldicott Guardian, the Data Protection Officer, Divisional Directors, the respective Divisional Operational Managers and Divisional Governance Managers.
14. Support the Head of Information Governance & Data Protection Officer and the Information Governance Assurance Manager in the production of IG Reports ensuring that it meets the required Trust’s Standards and timescales, ensuring risk-based issues are escalated and action plan devised with the relevant senior staff.
15. Support the development, delivery and assurance of the Teams data flow mapping and information asset register activities, as well other outreach related IG activities such as confidentiality audits.
16. The Post holder will also deputise for the Information Governance Assurance Manager at the Caldicott and Information Governance Assurance Committee, monthly Divisional Governance Committee Meeting, Risk review meetings, Serious Incident Group, the Mandatory training committee and Digital Health Senior Managers meetings.
17. Undertake the consideration and satisfaction of data subject rights, as well as the monitoring of data subject rights processes and outcomes which can include but not limited to information governance incidents including data breaches, subject access requests and data protection complaints.
18. The role will deputise for the Information Governance Assurance Manager as an IG specialist in the Serious Incident Group meetings and the Caldicott and the Information Governance Assurance Committee, Divisional Governance meetings, the Complaints Department, reviewing response, reports and escalating issues that may arise.
19. Collate, analyse, interpret, and report on information risk management related qualitative and quantitative data and information intelligence for IG, identifying trends or themes.
20.Deliver and create clear and accurate complex multiple IG reports, registers, and documents for the IG Team and the Caldicott, the Information Governance Assurance Committee, groups, the Divisional Governance Committees, and the Trust Services. There will be a need to be able to adapt and design the information to meet the specification of others.
21.Produce and distribute regular (monthly, quarterly, annually) trend specific reports for the Information Governance Team and the Caldicott and Information Governance Assurance Committee, specifically in relation to identified risks in relation to DSPT related requirements and confidentiality audits.
22. Work across the Directorates and Divisions to ensure information governance related risk intelligence and related data, contributes to the whole system view of care delivery and is not seen in isolation.
23.Plan, develop and evaluate methods and processes for gathering, analysing, interpreting, and presenting highly complex data and information. Liaising with the IG Team and the Divisional Governance Managers to ensure that IG related activities actions are continually monitored, and issues escalated to Head of Information Governance and/or to the Information Governance Assurance Manager.
24. The role will also provide their expert specialist knowledge in the planning of the IG work programme for the DSPT year running July to June, annually coordinate the collation of evidence for the DSPT, analysing specifics gaps regarding IG activities trends, making recommendations of relevant mitigation controls, and escalating to the Information Governance Assurance Manager, Head of Information Governance and the Senior
Information Risk Owner, Caldicott Guardian and the Digital health Directors.
25. Propose changes to IG policies, guidelines, and standard operating procedures where necessary and supporting staff in achieving these outcomes.
26. Attend mandatory training, in-service and staff development training and any further training and courses of study relevant to the post as agreed with management.
27. Contribute to the on-going evaluation and development of the post and improve own knowledge utilising the appraisal system.
28. Be able to articulate and role model the Norfolk and Norwich University Hospitals NHS Foundation Trust’s values and behaviours.
29. Employees have a responsibility to themselves and others in relation to managing risk, health and safety and will be required to work within the policies and procedures.
30. Any other duties, commensurate with the grade, which may develop due to changing workloads. To assist in the smooth implementation of any such changes.
31. Manage the communication plan for information governance related activities to ensure that all users and stakeholders are fully apprised of required actions, progress, and developments in a timely manner.
32. Create, adapt, and update relevant databases related to information governance activities, in line with the Trust Information Governance Framework and the Information Governance work programme, the DSPT
action plan and assertions requirements, NHS England national guidance and requirements and the ICO and the data protection regulatory metrics ensuring ongoing audit and assurance is maintained as proof of
continuous improvement.
33. Communicate effectively by taking an active role through verbal, electronic or written methods with professional colleagues, attending departmental and Trust meetings, and to ensure that information is
disseminated throughout the whole team