Information Governance Specialist

Information Governance Specialist| Full Time| Permanent| Remote | Competitive Salary + Excellent Benefits

We are one of the UK’s leading independent hospital groups and the largest in terms of revenue. From our 39 hospitals and 33 clinics, medical centres and consulting rooms across England, Wales, and Scotland, we provide diagnostics, inpatient, day case and outpatient care in areas including orthopaedics, gynaecology, cardiology, neurology, oncology, and general surgery. We also operate a network of private GPs and provide occupational health services to over 700 corporate clients. We are the principal independent provider by volume of knee and hip operations in the United Kingdom.

The group was founded with the acquisition and re-branding of 25 Bupa hospitals in 2007. Since then, Spire Healthcare has made significant capital investments in its estate and continues to deliver successful and award-winning clinical outcomes and high levels of patient satisfaction. Spire is listed on the London Stock Exchange and is a member of the FTSE 250. We were the first private hospital provider to publish outcomes data on our website and we have received awards for our clinical quality and high levels of patient satisfaction.

Spire Healthcare is committed to the highest quality of patient care. Working in partnership with over 8,760 experienced consultants, we delivered tailored, personalised care to approximately 926,500 inpatients, outpatients, and day case patients in 2022.

Patients, consultants, and general practitioners trust Spire Healthcare to deliver the high-quality care they expect from a leading private healthcare provider. For us, it's more than just treating patients, it's about looking after people.

The Information Governance Risk and Compliance Specialist is an essential role within the Information Security team to support our Information Governance compliance requirements. The successful candidate will support and work alongside the Head of Information Security; the role will include management of the IG agenda across the Spire Healthcare group via a number of core strategies such as the completion of audits, providing sound IG input towards business strategy, supporting key IG-related data protection objectives, overseeing annual DSP Toolkit requirements and submission and maintaining ISO27001:2022 certification.

Key Responsibilities:

• Oversee IG standards across all Spire Healthcare hospitals and sites, to ensure high compliance levels towards IG and IS Policies;
• Maintenance of Information Security and Governance policies;
• Provide specialist advice and guidance to all levels of staff on IG issues;
• Ensure that all new developments undertaken by Spire Healthcare are compliant with all relevant information governance legislation and requirements;
• To provide specialist advice and technical support in relation to IG, the impact and implications of new systems, products and services;
• To take the lead particularly within the IT directorate on all matters relating to IG, and to coordinate and escalate appropriately with the Head of IT Security and DPO;
• System administration activities of several layers of Spire's information security defences that relate to information governance and security;
• To develop and implement appropriate Information Governance and Security audits within key elements of the Spire Healthcare Group;
• Monitor information handling activities to ensure compliance with law and guidance;
• Identify corporate level risks within the realms of Information Governance and Security;
• Ensuring Spire Healthcare's Data Security & Data Protection standards are in line with Data Security & Protection Regulations (DSPR), and seeing to the appropriate reporting and escalation for improvements in these areas where necessary;
• Ensure that the submission of the annual DSP Toolkit Assessment is completed;
• Maintaining security awareness and security training materials across the Group.
• Maintain Spire’s Risk Register.
• Support monitoring visits to Spire Healthcare’s hospitals;
• Support NHS relationships and services relating to Smartcards, ODS Codes, and hospital site audits.

Key Requirements:

• Specialist knowledge of Information Governance legislation and related national guidance including the Data Protection Act, GDPR, Caldicott principles, common law duty of confidentiality, records management, information security and information sharing;
• Demonstrate a good knowledge of Data Subject rights;
• In depth understanding of the application of Information Governance in a healthcare/research environment;
• Ability to manage complex corporate, clinical and operational situations that involve staff and patients from all levels within an organisation and across a range of professional boundaries;
• Able to work effectively in a team, supporting others and challenging colleagues' views and attitudes when necessary;
• Extensive judgement skills within Information Governance;
• Ability to work in a strictly confidentiality, highly classified and legally privileged capacity.
• Minimum of 3 years with Information Governance 
• Experience working with the NHS IG/DSP Toolkit
• Experience of communicating with hospital management at senior levels
• Experienced champion and Information Governance SME

Desirable:

• Specialist qualification in GDPR 
• ISEB Certificate in Data Protection or similar
• ISEB Certificate in Information Security or similar