Overview

Information Governance Lead - EPR Programme

The closing date is 01 October 2025. This role is only open to applicants that currently work within an NHS Trust within the Hampshire and Isle of Wight Integrated Care System (HIOW ICS).

Hampshire Hospitals NHS Foundation Trust is leading a shared Electronic Patient Record (EPR) initiative across four NHS Trusts as part of the Acute Provider Collaborative within the Integrated Care Board (ICB).

The post holder will oversee Information Governance activities related to the shared EPR across the participating Trusts, including leading the development of the Joint Controller Agreement (JCA) to define roles, responsibilities, and data protection obligations for joint data processing. The IG Lead will also lead Data Protection Impact Assessments (DPIAs) across the programme lifecycle and review/harmonise IG policies to ensure UK GDPR, the Data Protection Act 2018, and NHS guidance compliance.

Job summary

This role is only open to applicants that currently work within an NHS Trust within the Hampshire and Isle of Wight Integrated Care System (HIOW ICS).

Hampshire and the Isle of Wight Acute Care Collaborative have come together as part of the Integrated Care Board (ICB) as an Acute Provider Collaborative (APC) to invest in Electronic Patient Record (EPR) functionality to meet the needs of our ICS population. The post holder will oversee IG activities related to the shared EPR across four NHS Trusts, including the JCA and DPIAs, and will harmonise IG policies across participating Trusts in line with UK GDPR, DPA 2018, and NHS guidance.

Main duties of the job

The Information Governance (IG) Lead will lead preparatory IG activities underpinning the compliant implementation of the shared EPR across the four participating NHS Trusts. You will work with local IG leads, Digital teams, Data Protection Officers (DPOs), and the wider ICS to ensure governance that supports lawful, secure, and transparent use of patient data across organisational boundaries. The role involves a mix of home and cross-site working.

About us

Our vision is to provide outstanding care for every patient. Care is central at our sites: Basingstoke and North Hampshire Hospital, Royal Hampshire County Hospital in Winchester, and Andover War Memorial Hospital. Hampshire Hospitals NHS Foundation Trust serves a population of approximately 600,000 across Hampshire and parts of West Berkshire. We are committed to a culture of belonging, learning, improvement, and excellence, and we provide specialist services to national and international patients, including leadership in pseudomyxoma peritonei, tertiary liver cancer, and colorectal cancer. The trust employs more than 9,000 staff with a turnover of over £500 million a year.

We are committed to tackling climate change and embedding sustainability and net-zero principles in care delivery. For more, search HHFT Climate Action or contact climateaction@hhft.nhs.uk.

Job description

Job responsibilities

Please see the attached Job Description and Person Specification for more details, including main responsibilities.

Person Specification

Training and Qualifications

Essential

• Educated to Master's Degree in a relevant field such as Information Management, or Health Informatics (or equivalent level of experience).
• Certification in Information Governance, Data Protection, or GDPR (e.g., CIPP/E, GDPR Practitioner).
• Formal training in Data Protection Impact Assessments (DPIA) or Privacy Risk Management.
• Certification in Records Management or knowledge of NHS Records Management Code of Practice.

Desirable

• Training in developing business cases for change or aligning service models with Information Governance.
• Project or Programme Management certification (e.g., PRINCE2, Agile, MSP).
• Certification in Information Security or Cybersecurity frameworks (e.g., ISO 27001, Cyber Essentials).

Experience and Knowledge

Essential

• Extensive experience in managing Information Governance activities within a healthcare or similar regulated environment.
• In-depth knowledge of UK GDPR, the Data Protection Act 2018, and NHS guidance on data protection and privacy.
• Proven experience leading the development of JCAs and conducting DPIAs.
• Experience in managing and maintaining an Information Asset Register (IAR) for complex systems or collaborative projects.
• Knowledge of RBAC models and their implementation within healthcare IT systems.

Desirable

• Experience in leading IG policy harmonisation across multiple organisations or trusts.
• Knowledge of NHS Information Governance and Records Management Code of Practice.
• Experience in managing IG compliance monitoring initiatives across large, multi-stakeholder projects.

Skills and Ability

Essential

• Exceptional verbal and written communication skills with ability to motivate, negotiate, train, coach, and reassure in challenging environments.
• Able to assimilate multi-disciplinary information and develop solutions.
• Strong presentational abilities for senior leaders and clinicians.
• Highly-developed IT skills.
• Able to work under pressure, prioritise and deliver outcomes.
• Strong leadership and stakeholder management across multiple NHS Trusts.
• Ability to lead and implement IG training and awareness programmes at scale.
• Skilled in identifying and managing privacy risks with effective mitigation strategies.
• Strong organisational skills to manage multiple IG tasks and projects.

Desirable

• Ability to influence and drive cultural change around privacy and compliance in healthcare.
• Expertise in records management and secure digital record-keeping for clinical systems.
• Experience with privacy and security compliance frameworks in large IT projects.

Other Specific Requirements

Essential

• Able to work flexibly across all sites.
• Facilitative and inclusive management style.
• Charismatic team player with high energy levels.
• Self-motivated with a flexible and proactive approach.

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and requires a disclosure check by the Disclosure and Barring Service (DBS).

Certificate of Sponsorship

Applications from job seekers who require Skilled Worker sponsorship will be considered. For information visit the UK Visas and Immigration website. From 6 April 2017, skilled worker applicants may need to present a criminal records certificate from each country where they resided for 12 months or more in the past 10 years.

Employer details

Employer name

Hampshire Hospitals NHS Foundation Trust

Address

Basingstoke

Aldermaston Road

Basingstoke

RG24 9NA

Employer's website

https://www.hampshirehospitals.nhs.uk/

Salary: £64,455 to £74,896 a year per annum pro rata