Job Description
SPECIFICATION: INFORMATION GOVERNANCE SUPPORT OFFICER FOR HLP GROUP
The HLP Group
The HLP Group of companies is being developed around Psychiatry-UK, a leading provider of online mental health services in the United Kingdom (assessing and treating 2000+ patients each month, within the NHS and private sector, across all age groups). More information about Psychiatry-UK can be found at https://psychiatry-uk.com and see Appendix 1 for a summary of its vision, purpose, and values.
Before long, patients and customers of Psychiatry-UK will be served via a mobile app and will have access to pharmaceutical services and other health and lifestyle services, organised by other HLP Group companies.
PUK Management Services Ltd is the company within the HLP Group which engages all HLP Group employees, and which provides support services, including information governance to all parts of the HLP Group.
The Information Governance Team
Psychiatry-UK has been trading for approx. 12 years. The other HLP Group companies are younger. But the Group’s Information Governance Team only came into existence when the Group Head of Information Governance was tasked with the job of creating a whole new team. See Appendix 2 for a list of the team’s overall responsibilities.
The team must grow in size, in order to match the growth of the HLP Group, which is already entrusted with large quantities of patient data, staff data and confidential business information. The Group Head of Information Governance needs to recruit a suitably qualified Information Governance Support Officer, to join the team.
The Role/Responsibilities
Whilst working for the IG Support Officer must:
- Assist the Group Head of Information Governance, to develop, promote and monitor an information governance regime which combines personal data protection and cyber security, and which enables the HLP Group to meet its legal obligations and to manage its information risks.
- Develop a broad understanding of the HLP Group as a whole, and contribute your ideas, in a constructive way, for the improvement of information governance.
- Attend meetings as required by the Group Head of Information Governance and input proactively and confidently, providing advice and guidance on key and pertinent information governance issues.
- Work on organisational projects to provide Information Governance support, ensuring all undertaking meet compliant standards.
- Work closely with colleagues across all departments but especially IT, Cyber, Clinical Risk and Data Assurance, Contracts and Patient Experience teams to name but a few.
- To support with policy reviews and developing process maps to aid staff understanding.
- To support with the development and delivery of a bespoke training programme which focuses on specific modules to raise knowledge and awareness across the organisation.
- To support with key communications – a monthly newsletter is produced for all staff focusing on key and pertinent IG and data protection topics, so research is required to incorporate key and topical issues.
- To handle queries received through the Information Governance inbox both from staff and external parties, providing sufficient guidance ion line with legislative requirements and guidance from the regulatory authority.
- To assess and review third party supplier questionnaires and undertake due diligence exercises when assessing the suitability of any party.
- To support with the production of Data Protection Impact Assessments, supporting project leads with their requirements when the need has been identified.
- To support with the Information Risk Management programme, empowering staff to compete the organisational electronic Information Asset Register effectively and within requirements.
- To monitor and risk assess incidents in line with regulatory guidance alongside the Patient Experience Lead with the focus on actions and recommendations to mitigate risk of incidents occurring again.
- Undertake statutory and mandatory training as deemed appropriate by HLP Group and any other role-specific training to enhance knowledge.
- Develop effective and cordial working relationships with colleagues.
- Adhere to the relevant organisational policies and procedures, including the acceptable use policy when using organisational IT equipment.
- Work in line with the HLP Group’s values.
Candidate Requirements
- Demonstrable experience of undertaking information governance work, preferably within a healthcare environment;
- Qualifications and certifications to match experience;
- Demonstrable ability and willingness to work autonomously and to draft key compliance documentation such as Data Protection Impact Assessments, Data Sharing/Processing Agreements etc, without supervision.
- Experience of support with audits and self-assessments such as the Data Security and Protection Toolkit, Cyber Essential Plus Certification, ISO27001 support work etc
- Suitable home working facilities, e.g., desk, chair, ‘phone, broadband, heat, light;
- Familiarity with Microsoft 365 tools or similar;
- Confident communication skills (written and verbal)
- A clean DBS certificate
- Satisfactory references
Contract Information:
Contract Type: Permanent
Contract Length: Permanent
Location: The IG Support Officer will work from home, as do all HLP Group personnel. The IG Support Officer may be required to attend face-to-face meeting locations, occasionally (in which case travelling and accommodation expenses may be reclaimed).
Equipment: The IG Support Officer will be issued with a lap-top computer and any other required devices (monitor, portable mouse, keyboard as required), for use only in respect of HLP Group work.
Hours: 40 hours per week, worked from Monday to Friday (flexible arrangements will be considered).
APPENDIX 1
About Psychiatry-UK
Vision: We are THE online psychiatry service, enabling people to live their best lives.
Purpose: To improve access to medical expertise for people struggling with their mental health.
Values: Compassion Accessibility Innovation High-quality care
We believe in innovating and, being open to change ensures we can provide the best and most up-to-date care for our patients. We believe that anyone who is experiencing concerns about their mental health should be able to access the care they need, easily, quickly, and safely. Compassion is central to healthcare, and sits at the core of our organisation, as we strive to do the best we can to deliver the highest quality service possible.
At Psychiatry-UK, our values represent what we feel everyone in our organisation should do to provide the best care for our patients. Our values are important because they guide our behaviours in everything we do, from any action by an individual, to how we represent ourselves to other organisations.
APPENDIX 2
Information Governance Team’s Overall Responsibilities
- Promote and manage the Group’s compliance with the UK General Data Protection regulation (UKGDPR) and associated national legislation
- Promote and manage the Group’s work towards, achievement of and maintenance of appropriate standards (e.g., ISO27001)
- Manage the annual registration of personal data processing activities, by all Group companies, with the Information Commissioner’s Office (ICO)
- Own, review and maintain the Group’s information security and privacy policies and
accompanying standards, procedures, and guidance
- Promote information security and privacy awareness and practice by developing and
implementing an appropriate training programme
- Develop and deliver a programme of planned compliance
reviews, including privacy audits and to address any gaps which are identified
- Help each Group company and support function to develop and maintain practical information security and privacy standards (e.g., relating to access, permitted use, review, retention and destruction of data)
- Liaise with Psychiatry-UK’s Caldicott Guardian and to assist him/her to manage compliance with the Caldicott principles
- Maintain a record of the Group’s personal data processing operations, in accordance with Art. 30 UKGDPR
- Provide guidance and support for the production of personal data protection impact assessments (DPIAs), when necessary and for the appropriate and timely reaction to personal data subject access requests (DSARs)
- Serve, with or in the absence of the Group’s Data Protection Officer (DPO), as the primary point of contact for (a) the relevant supervisory authorities, (b) individuals who raise requests or concerns about the Group’s processing of their personal data and (c) anyone working for the Group who wishes to raise a query or concern about information security and/or privacy or to report a suspected or actual security/privacy incident
- Investigate, with or in the absence of the Group’s DPO, suspected and actual security/privacy incidents, in accordance with the Group’s incident management standards, produce reports with recommendations and ensure any remedial action is taken
- Produce reports, as required for management, including Information Asset Owners (IAOs) and the Senior Information Risk Owner (SIRO)
- Work with internal stakeholders to help promote and improve information security and privacy and provide advice on procurements, projects, and new initiatives, so that they incorporate information security and privacy by design
- Work with representatives of Group companies, Legal Support and IT Support (a) to negotiate effective and practical confidentiality, non-disclosure, information security and privacy terms in contracts with customers and suppliers, (b) to ensure that such terms are communicated and recorded effectively for reference, review and renewal and (c) to help monitor compliance by the obliged party/ies
- Provide input to the wider development of the Group’s information governance strategy and business planning process
- Maintain currency with emerging security and privacy trends, risks, new guidance, or standards (internal and external) and security enhancing technologies.
Job Types: Full-time, Permanent
Salary: £29,000.00-£45,000.00 per year
Benefits:
- Additional leave
- Casual dress
- Company events
- Company pension
- Flexitime
- Sick pay
- Wellness programme
- Work from home
Schedule:
- Flexitime
- Monday to Friday
Education:
- Certificate of Higher Education (preferred)
Experience:
- Information Governance: 1 year (required)
Work Location: Remote
Application deadline: 19/05/2023
Reference ID: IGSO-23230412-LG