Information Governance and Compliance Lead in Poole

Shore Medical Group is seeking an experienced Information Governance & Compliance Lead to join our Heatherview Medical Centre in Poole, Dorset. This role plays a vital part in safeguarding data integrity and ensuring our organisation meets National information governance standards. You will support compliance with the Data Protection Act, GDPR and the DSPT.

Hours: 37.5 per week. Monday to Friday 9.00am-5.00pm

Main duties of the job:

• To support Information Governance (IG) within the organisation
• Develop and maintain the IG framework to ensure compliance with the NHS Data Security and Protection Toolkit (DSPT)
• Responsible for the completion and submission of the DSP Toolkit annually
• Ensure compliance with the UK GDPR, Data Protection Act 2018, Calidicott principles and NHS information governance standards
• Write, review and update IG policies considering legal regulations and NHS standards
• Design and deliver training to new and existing staff on data protection, confidentiality and records management to ensure compliance in line with our IG policies
• Support our medical records team with the completion and compliance around Subject Access Requests (SARs) and Freedom of Information (FOI) requests
• Conduct Data Protection Impact Assessments (DPIAs) for new systems or data flows
• Responsible for logging any CQC registration changes and compiling an evidence log in preparation for any CQC inspections
• In conjunction with the senior management team, lead on the preparation for CQC inspections, internal audits and external reviews
• Oversee and manage data breach investigations by reporting to the relevant authorities such as on Data Toolkit or to the ICO
• Maintain the Information Asset Register and ensure Data Sharing Agreements are up to date
• Act as the primary point of contact with NHS Digital, regulators and partners regarding IG matters
• Work closely with the Clinical Governance Lead/Calidicott guardian to discuss any internal matters which may need review
• Attend and participate in Clinical Governance Meetings for any matters which may need Data Protection/GDPR considerations
• Responsible for creating, conducting and coordinating audits on our Practice Index platform
• Be the Freedom to Speak Up Guardian on behalf of the organisation
• Supporting the Patient Liaison Officer/Manager with the logging of feedback and complaints onto our in-house complaints log
• Liaise with our cleaning contractor to ensure compliance with cleaning across our facilities, ensuring that we are in receipt of monthly audit reports and coordinating the display of the cleaning standards across our surgeries with our site supervisors
• Oversee the logging, tracking and resolution of incidents and near misses
• Ensure root cause analysis and corrective actions are properly documented and communicated
• Ensure there is a robust audit trail of actions taken and responsible parties
• Provide quarterly reports to CG Board with summary/analysis
• Responsible for compiling board meetings and clinical governance agendas and action trackers/logs in preparation for monthly meetings
• The post-holder will be required to complete minutes for senior management meetings such as our board meeting which is carried out monthly
• Responsible for carrying out various monthly reports for the business to monitor compliance such as practice index mandatory training completion, incident reporting, complaints monthly reports, star rating cleaning reporting (from our contractor)

This list is not exhaustive.

Person Specification:

• Qualifications: Educated to Degree level or equivalent experience in information governance and compliance.
• Evidence of relevant training in data protection and information governance, including UK GDPR and The Data Protection Act 2018
• Recognised IG qualification or equivalent (such as BCS/ISEB)
• Data Protection Officer (DPO) training or certification
• NHS Specific training such as Data Security and Protection (DSP) Toolkit training

• Experience: Demonstrable experience of working in information governance, data protection, compliance or risk management
• Experience of applying legislation, national guidance and organisational policies within an operational setting
• Experience in managing data protection incidents/breaches or near misses and implementing learning outcomes
• Experience in handling highly sensitive and confidential personal and clinical information
• Experience supporting with CQC inspections, responding to CQC enquiries or providing assurance evidence relating to information governance and compliance
• Experience working in NHS General Practice, PCNs or wider health organisations
• Experience in liaising or supporting a Data Protection Officer
• Experience in creating/coordinating and actively managing audits, compliance reviews across multiple sites or teams
• Experience delivering IG and Compliance training to new and existing staff

Disclosure and Barring Service Check: This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.