Information Governance and Compliance Lead - Position has been filled

position details


Salary: £40,000 per annum

Job type: Administration

Contract type: Fixed Term

Location: Home-based

posted: 05/03/2019

closing date: today - 12/05/2019

position description

Employment Benefits

About Us

Established by our two GP directors in 2005 The Practice Group is one of the country’s leading providers of NHS primary, community and home-based care via our 6 divisions. We work extensively with clinical commissioning groups, local authorities and the wider NHS; together with private individuals and independent case managers.  As TPG General Practice we deliver a supported and sustainable quality service for GP surgeries. TPG Complex Care is focused in delivering high quality home-based complex healthcare services. TPG Eyes and TPG Dermatology provide a range of innovative community based services including Ophthalmology and Dermatology.  TPG Data Analytics and TPG Primary Care Support provide actionable insights, capacity and capability for healthcare providers.

TPG’s central support function, based in Amersham, provides support services to its operational activities including Quality Assurance, Information Governance, Human resources, Finance, Information Technology, Marketing and Operational functions.  The purpose of the central support centre is to provide a first-class service to operations such that local operations can focus primarily on:

The Practice Group are looking for an Information Governance and Compliance Lead for a 1 year fixed term contract. The Quality Assurance team leads in ensuring compliance regulating and monitoring service activities including clinical effectiveness, assessing and managing risk through internal auditing and driving continuous improvement.

Job Summary

Lead on The Practice Group’s approach to Information Governance (IG), ensuring compliance with the GDPR, Data Protection Act, NHS Data Security and Protection Toolkit.

Provide expert advice and operational delivery of all areas of IG

Support the Caldicott Guardian and SIRO functions and work with the DPO

Assist with Risk management and other duties to support the Head of Quality Assurance and team

The individual in the role will be required to:

Principle Accountabilities:


Lead on Information Governance, relevant data protection legislation, Freedom of Information (FoI)

Responsibility for completing and submitting the annual NHS Data Security Protection Toolkit assessment, and ensuring the organisation meets or exceeds the minimum standards set for compliance.

Support implementation and provide guidance on all areas of Information Governance, Data Protection Act 2018, GDPR, Confidentiality Code of Practice, Information Risk Management, Information Security, Records Management, Freedom of Information Act 2000 (FOI), Subject Access requests (SAR)

Manage the GDPR and DPA processes to ensure compliance including but not limited to the Controller matrix, Privacy notices, process flow mapping and Data Protection Impact Assessments.

Development and management of an information system and associated processes to record all FOI and SAR requests, including logs of response times and compliance with statutory deadlines

Assesses the Company’s position against the NHS Digital Data Security and Protection toolkit and prepare the annual Information Governance return

Undertake special investigations including investigation of information security breaches and chasing of uncompleted recommendations in sensitive areas

Reviews information systems and processes to ensure that they are compliant with the Company’s strategy for corporate governance and legislation

Reports issues and non-compliances, and proposes and monitors action for resolution

Monitor staff mandatory IG training for full compliance

Supports the Caldicott Guardian and SIRO with the implementation of policies and procedures to ensure progress towards compliance with the Caldicott requirements and the DH Confidentiality Code of Practice

Leads IG audit and monitoring to ensure continued compliance with IG policies and DSP regulations 

Reports review findings and recommendations for improvement in the effectiveness, efficiency and control of the IT architecture with regards to IG

Provide assurance and reporting on IG and DSP compliance

apply online now