Head of Digital Assurance

Job description

Job responsibilities

Lead the collation, completion and submission of the Data Security and Protection Toolkit submission.

Develop strategies and plans to promote and develop good digital assurance practice within the organisation and to embed such good practice in organisational culture.

Develop, manage and coordinate a robust IG programme of work within the organisation in line with the Data Protection Act 2018, Freedom of Information Act 2000, Caldicott requirements, Information Sharing Processes and other related legislation and guidance.

Promote the good IG practice based on the Trusts relevant strategies in key partnerships such the GM ICS, strategic regional and national groups and collaborative networks.

Provide updates and expert advice to senior leaders in the Trust and in strategic partnerships on issues that relate to information governance.

Work closely with the Caldicott Guardian, the Chief Clinical Information Officer, the SIRO, and the CIO to lead the development and delivery of the Trust digital assurance Framework in line with relevant legislation, health and social care standards.

Monitor and manage compliance with IG related national legislation (Data Protection Act, Freedom of Information Act etc), industry security standards (such as ISO27001, Cyber Essentials Plus) and health and social care IG standards.

Advise the organisation and key partnerships / strategic networks to design, develop and monitor processes, policies and strategies to enable effective, lawful and secure use of clinical information for secondary uses such as research to maximise the value of such information for the benefit of service users.

Lead the development of Trust-wide IG and other relevant Digital policies that are compliant, clear and easy to understand.

Ensure the organisation successfully manages the risk associated with information and technology through Trust wide standards and compliance with those standards.

Ensure processes and awareness are in place for information related incidents to be appropriately reported, escalated and investigated, lessons learnt are disseminated across the organisation.

Lead reviews and advise on breaches of information security and confidentiality.

Provide expert advice and guidance to members of staff and other stakeholders on digital assurance matters.

Provide expert advice on national strategies and complex legislation affecting the IG of the organisation ensuring the organisation is aware of changes that may require adjustments in the Trust approach.

Lead, participate and contribute in organisational, regional and national committees, groups and networks to determine and implement national and local policies, protocols and procedures.

Lead the monitoring of information processing against agreed standards by undertaking inspections and assurance audits of information security and confidentiality arrangements within the organisation.

Engage service users and carers in the development of organisational digital assurance policies to ensure increased awareness of information rights, purposes for which information is to be used and shared and obtaining consent.

Lead the development of regular reports and communications on digital assurance matters within and beyond the organisation.

Lead the development and delivery an IG awareness and training programme of activities that meets the needs of the Trust workforce, and complies with the requirements of the Data Protection and Security Toolkit (DSPT).

Promote professional and corporate responsibility to safeguard confidential clinical information handled and exchanged within the Trust and with partner organisations.

Lead the training of large groups of staff in confidentiality, information security, freedom of information and other digital assurance subjects.

Lead the investigation and response to formal information requests, complaints, regulatory notices from external organisations and regulators.

Provide lead point of contact with the Information Commissioners Office on behalf of the Trust.

Manage the processes to enable effective sharing of information within the organisation and with partner organisations in line with national legislation and policies.

Develop assurance checks on compliance to internal Digital Services and Trust processes and national best practice standards.

Contribute to the development of a culture of openness allowing appropriate information to flow freely.

Ensure the development and effective administration of a document management system.

Act as the Data Protection Officer fulfilling their statutory duties and responsibilities under the GDPR and the Data Protection Act 2018.

Monitor the compliance of the Trust with the data protection legislation and reporting any issues or risks to the Caldicott Guardian, the SIRO, and the IG Steering Group.

Provide advice and guidance to the Trust staff on data protection matters, such as data subject rights, data breach notification, data protection impact assessment, data sharing agreements, and data minimisation principles.

Raise awareness and promoting a data protection culture within the Trust through training, communication, and engagement activities.

Person Specification

Qualifications

• oEducated to masters level or equivalent level of work experience at senior level in a specialist area
• oEvidence of professional-development within the last 3 years.
• oAbility to demonstrate commitment of upskilling in Data Protection legislation and Information Governance within the Healthcare provision in the UK

• oProfessional certifications in project or change management (e.g. PRINCE2, Agile, APMG Change Management, MSP).
• oEvidence of professional development in Data Protection Officer, SIRO or Caldicott principles

Experience

• oConsiderable experience working in a Digital/patient information, information governance, digital clinical safety and quality management environment
• oExperience in stakeholder management, including engaging with clinicians, researchers, IT professionals, and external partners.
• oExperience of the development of clear and unequivocal standards, procedures and policies followed by successful implementation and review
• oPrevious experience in supporting the transformation and implementing digital technologies to improve healthcare services and patient outcomes.
• oExperience of working at a senior management level within a digital related role or relevant discipline
• oProven ability to manage budgets and human/financial resources effectively, demonstrating staff management and leadership skills
• oExperience of data quality management, including the collection and sharing of mandated data sets, such as the Mental Health Standard Data Set (MHSDS)
• oExperience of working for the public sector and/or a mental health provider.
• oExperience of the NHS Data Security and Protection Toolkit and the National Cyber Security Centre's Cyber Assesment Framework.

• oFamiliarity with project management methodologies and tools, such as Agile or PRINCE2, and their application to progressing work.
• oExperience of the Digital Technology Assurance Criteria (DTAC), and DCB0160 and DCB0129 digital clinical safety standards.
• oExperience of overseeing Clinical Coding activity.
• oExperience of undertaking the Data Protection Officer role in a health care organisation.

Knowledge

• oSpecialist knowledge, good understanding, and experience of applications of the Data Protection Act (2018), UK GDPR, Freedom of Information Act (2000), Records Management Code of Practice (2021) and other relevant legislation.
• oKnowledge of healthcare regulations, data privacy laws, and ethical considerations related to digital healthcare initiatives.
• oKnowledge of research and secondary use legislation (such as Confidentiality Advisory Group decisions and Section 251 of the Health and Social Care Act)
• oGood understanding of service user consent, knowledge of consent in relation to Mental Capacity Act, Mental Health Act and experience of practical consent models

• oUnderstanding of the challenges and opportunities in mental health services and how digital transformation can address them.
• oStrong knowledge of digital technologies and trends in healthcare, such as electronic health records, telemedicine, artificial intelligence, data analytics, and mobile health applications.
• oSpecialist knowledge, good understanding, and experience of applications of the national security standards set by the National Cyber Security Centre, Department of Health and NHS England

Skills and Abilities

• oAbility to handle highly complex and sensitive information for communication with staff at all levels, including senior managers, executive directors and the Trust Board.
• oExcellent communication and interpersonal skills, including the ability to engage and collaborate effectively with individuals at all levels of the organisation.
• oStrategic thinking and analytical capabilities to identify opportunities for improved digital assurance and align them with organisational goals.
• oAbility to manage budgets, allocate resources, and mitigate risks.
• oProblem-solving mindset, with the ability to think creatively and find innovative solutions to challenges.

• oStrong project management skills, with the ability to lead, plan, and execute complex projects with multiple stakeholders.

Qualities and Attributes

• o Strong leadership and team management skills, with the ability to inspire and motivate cross-functional teams.
• oResults-oriented and deadline-driven, with a focus on achieving measurable outcomes and delivering on time and within budget.
• oAdaptable and resilient, with the ability to thrive in a fast-paced and evolving healthcare environment.
• oEthical and trustworthy, with a commitment to maintaining confidentiality and ensuring the responsible use of digital technologies in healthcare.
• oExcellent organisational and time management skills, with the ability to prioritise and manage multiple tasks effectively

Other

• oThere is an occasional requirement to travel to relevant regional/national events. Also, to regularly attend the office and travel across the wide footprint of the Trust to attend meetings relevant to the role.

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website.

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants.

UK Registration

Applicants must have current UK professional registration. For further information please see NHS Careers website.

Employer details

Employer name

Greater Manchester Mental Health NHSFT

Address

Prestwich

Oakwood Building

Prestwich

M25 3BL

https://www.gmmh.nhs.uk/