Go back
Hampshire Hospitals NHS Foundation Trust

Information Governance Lead - EPR Programme

The closing date is 01 October 2025

Apply for this job

Job summary

This role is only open to applicants that currently work within an NHS Trust within the Hampshire and Isle of Wight Integrated Care System (HIOW ICS).

Hampshire and the Isle of Wight Acute Care Collaborative have come together as part of the Integrated Care Board (ICB) as an Acute Provider Collaborative (APC) to invest in Electronic Patient Record (EPR) functionality. This is to meet the needs of our whole ICS population, recognising that the organisation of clinical care needs to change and develop radically in order to meet the challenges we face.

The post holder will be responsible for overseeing the Information Governance activities related to the shared Electronic Patient Record (EPR) across four NHS Trusts. This includes leading the development of the Joint Controller Agreement (JCA) to define the roles, responsibilities, and data protection obligations of each Trust in relation to joint data processing. The IG Lead will also lead Data Protection Impact Assessments (DPIAs) across the programme lifecycle, ensuring privacy risks are proactively identified and mitigated. Additionally, the role involves reviewing and harmonising IG policies across all participating Trusts to ensure compliance with UK GDPR, the Data Protection Act 2018, and NHS national guidance.

Main duties of the job

The Information Governance (IG) Lead will be responsible for leading the preparatory IG activities that underpin the successful and compliant implementation of the shared Electronic Patient Record (EPR) across the four NHS Trusts participating in the Acute Provider Collaborative (APC). Working in close collaboration with local IG leads, Digital teams, Data Protection Officers (DPOs), and the wider Integrated Care System (ICS), the post holder will ensure robust governance arrangements are in place to support lawful, secure, and transparent use of patient data across organisational boundaries.

The role will include a mix of home and cross site working

About us

Our vision is to provide outstanding care for every patient. Patient care is at the heart of what we do at our three sites: Basingstoke and North Hampshire Hospital, Royal Hampshire County Hospital in Winchester and Andover War Memorial Hospital. Hampshire Hospitals NHS Foundation Trust provides medical and surgical services to a population of approximately 600,000 people across Hampshire and parts of West Berkshire.

Our cultural ambition is to have a culture that places people at the heart of all we do, where we all belong, and where learning, improvement and excellence thrive.

We provide specialist services to people across the UK and internationally. We are one of only two centres in the UK treating pseudomyxoma peritonei (a rare form of abdominal cancer) and we are leaders in the field of tertiary liver cancer and colorectal cancer.

The trust employs more than 9,000 staff and has a turnover of over £500 million a year. As a Foundation Trust, we are directly accountable to our members through the governors. The Council of Governors represent the interests of their constituencies and influence the future plans of the Foundation Trust.

Tackling Climate Change:Hampshire Hospitals aims to embed sustainability and net zero carbon principles into the delivery of care across all its services. To find out more, searchHHFT Climate Actionor contactclimateaction@hhft.nhs.uk.

Details

Date posted

18 September 2025

Pay scheme

Agenda for change

Band

Band 8b

Salary

£64,455 to £74,896 a year per annum pro rata

Contract

Secondment

Working pattern

Part-time

Reference number

251-TLEPR

Job locations

Basingstoke

Aldermaston Road

Basingstoke

RG24 9NA


Job description

Job responsibilities

Please see the attached Job Description and Person Specification for more details including main responsibilities.

Job description

Job responsibilities

Please see the attached Job Description and Person Specification for more details including main responsibilities.

Person Specification

Training and Qualifications

Essential

  • Educated to Master's Degree in a relevant field such as Information Management, or Health Informatics (or equivalent level of experience).
  • Certification in Information Governance, Data Protection, or GDPR (e.g., CIPP/E, GDPR Practitioner).
  • Formal training in Data Protection Impact Assessments (DPIA) or Privacy Risk Management.
  • Certification in Records Management or knowledge of NHS Records Management Code of Practice.

Desirable

  • Training in developing business cases for change or aligning service models with Information Governance.
  • Project or Programme Management certification (e.g., PRINCE2, Agile, MSP).
  • Certification in Information Security or Cybersecurity frameworks (e.g., ISO 27001, Cyber Essentials).

Experience and Knowledge

Essential

  • Extensive experience in managing Information Governance activities within a healthcare or similar regulated environment.
  • In-depth knowledge of UK GDPR, the Data Protection Act 2018, and NHS national guidance on data protection and privacy
  • Proven experience leading the development of Joint Controller Agreements (JCAs) and conducting Data Protection Impact Assessments (DPIAs).
  • Experience in managing and maintaining an Information Asset Register (IAR) for complex systems or collaborative projects.
  • Knowledge of Role-Based Access Control (RBAC) models and their implementation within healthcare IT systems.

Desirable

  • Experience in leading IG policy harmonisation across multiple organisations or trusts.
  • Knowledge of NHS Information Governance and Records Management Code of Practice.
  • Experience in managing and driving IG compliance monitoring initiatives across large, multi-stakeholder projects.

Skills and Ability

Essential

  • Exceptional verbal and written communication skills and evidence of ability to motivate, negotiate, train, coach and reassure in a difficult or uncertain environment and facilitation
  • Able to assimilate multi-disciplinary information and develop solutions
  • Exceptional presentational abilities including paper reporting and presenting to senior leaders and clinicians
  • Highly-developed IT skills
  • Able to work under pressure, prioritise and to deliver outcomes
  • Strong leadership and stakeholder management skills, with the ability to work collaboratively across multiple NHS Trusts
  • Ability to lead and implement IG training and awareness programmes across a large organisation or system.
  • Skilled in identifying and managing privacy risks, with the ability to implement effective mitigation strategies.
  • Strong organisational skills with the ability to manage multiple IG-related tasks and projects simultaneously.

Desirable

  • Ability to influence and drive cultural change around privacy, security, and compliance within a healthcare setting.
  • Expertise in records management practices and secure digital record-keeping for clinical systems.
  • Experience with the design and implementation of privacy and security compliance frameworks in large IT or digital projects.

Other Specific Requirements

Essential

  • Able to work flexibly across All Sites
  • A facilitative and inclusive approach to management
  • Charismatic team player with high energy levels
  • Self-motivated with a flexible and pro-active approach
Person Specification

Training and Qualifications

Essential

  • Educated to Master's Degree in a relevant field such as Information Management, or Health Informatics (or equivalent level of experience).
  • Certification in Information Governance, Data Protection, or GDPR (e.g., CIPP/E, GDPR Practitioner).
  • Formal training in Data Protection Impact Assessments (DPIA) or Privacy Risk Management.
  • Certification in Records Management or knowledge of NHS Records Management Code of Practice.

Desirable

  • Training in developing business cases for change or aligning service models with Information Governance.
  • Project or Programme Management certification (e.g., PRINCE2, Agile, MSP).
  • Certification in Information Security or Cybersecurity frameworks (e.g., ISO 27001, Cyber Essentials).

Experience and Knowledge

Essential

  • Extensive experience in managing Information Governance activities within a healthcare or similar regulated environment.
  • In-depth knowledge of UK GDPR, the Data Protection Act 2018, and NHS national guidance on data protection and privacy
  • Proven experience leading the development of Joint Controller Agreements (JCAs) and conducting Data Protection Impact Assessments (DPIAs).
  • Experience in managing and maintaining an Information Asset Register (IAR) for complex systems or collaborative projects.
  • Knowledge of Role-Based Access Control (RBAC) models and their implementation within healthcare IT systems.

Desirable

  • Experience in leading IG policy harmonisation across multiple organisations or trusts.
  • Knowledge of NHS Information Governance and Records Management Code of Practice.
  • Experience in managing and driving IG compliance monitoring initiatives across large, multi-stakeholder projects.

Skills and Ability

Essential

  • Exceptional verbal and written communication skills and evidence of ability to motivate, negotiate, train, coach and reassure in a difficult or uncertain environment and facilitation
  • Able to assimilate multi-disciplinary information and develop solutions
  • Exceptional presentational abilities including paper reporting and presenting to senior leaders and clinicians
  • Highly-developed IT skills
  • Able to work under pressure, prioritise and to deliver outcomes
  • Strong leadership and stakeholder management skills, with the ability to work collaboratively across multiple NHS Trusts
  • Ability to lead and implement IG training and awareness programmes across a large organisation or system.
  • Skilled in identifying and managing privacy risks, with the ability to implement effective mitigation strategies.
  • Strong organisational skills with the ability to manage multiple IG-related tasks and projects simultaneously.

Desirable

  • Ability to influence and drive cultural change around privacy, security, and compliance within a healthcare setting.
  • Expertise in records management practices and secure digital record-keeping for clinical systems.
  • Experience with the design and implementation of privacy and security compliance frameworks in large IT or digital projects.

Other Specific Requirements

Essential

  • Able to work flexibly across All Sites
  • A facilitative and inclusive approach to management
  • Charismatic team player with high energy levels
  • Self-motivated with a flexible and pro-active approach

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Additional information

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Employer details

Employer name

Hampshire Hospitals NHS Foundation Trust

Address

Basingstoke

Aldermaston Road

Basingstoke

RG24 9NA


Employer's website

https://www.hampshirehospitals.nhs.uk/ (Opens in a new tab)

Employer details

Employer name

Hampshire Hospitals NHS Foundation Trust

Address

Basingstoke

Aldermaston Road

Basingstoke

RG24 9NA


Employer's website

https://www.hampshirehospitals.nhs.uk/ (Opens in a new tab)

Employer contact details

For questions about the job, contact:

Programme Manager

Anna Wickenden

anne.wickenden1@nhs.net

07825960009

Details

Date posted

18 September 2025

Pay scheme

Agenda for change

Band

Band 8b

Salary

£64,455 to £74,896 a year per annum pro rata

Contract

Secondment

Working pattern

Part-time

Reference number

251-TLEPR

Job locations

Basingstoke

Aldermaston Road

Basingstoke

RG24 9NA


Supporting documents

Privacy notice

Hampshire Hospitals NHS Foundation Trust's privacy notice (opens in a new tab)