Go back
Norfolk Community Health and Care NHS Trust

Access to Records Officer

The closing date is 11 January 2026

Apply for this job

Job summary

The post-holder will have a good understanding of Information Governance (IG) and associated activities. As well as a general understanding of data protection laws, patient confidentiality, privacy, data security, social media and digital health and social care services.

The key objective of this role will be to provide assistance to data subjects (individuals) and/or their representatives to enable the lawful access to any and all data the organisation may hold about them (delivery of the Access to Health Records Act 1990). This will include where applicable, both clinical and corporate records.

The post holder will communicate with a range of stakeholders from across the organisation and externally, about complex Governance topics to non-experts and be able to use a range of communication skills including empathy, persuasion, tact, negotiation and influencing.

Main duties of the job

1. To support the function of and undertake tasks which follow standard processes with the occasional need to deviate for all areas of Access to Records (e.g. Information Governance (IG) queries including Subject Access Requests (SARs), cost recovery and Freedom of Information (FOI) requests, as well as Records Management requests and/or queries relating to both health and corporate records)

2. Responsible for having oversight of the processes and work demands for all areas of access to records to provide assurance to the Information Governance Manager and Head of Governance where necessary.

3. To liaise with the company solicitors to gain advice and guidance as directed by the Head of Governance amending internal processes where appropriate post receipt of advice

4. To liaise with data subjects (and/or their representatives) to give advice on the access to records process. Managing expectations of requestors both in terms of timescales as well as capabilities and responsibilities (on both sides). At times this will involve difficult and challenging discussions.

About us

Find out more about working for our organisation here:

https://heyzine.com/flip-book/2565ae62eb.html

Please note, the selection processes at Norfolk Community Health and Care NHS Trust are in place to ensure we recruit candidates with the right values and skills, please be advised that the use of AI in applications are monitored. We remain watchful of candidates who misuse these tools to generate an application that doesn't accurately reflect their skills.

Details

Date posted

30 December 2025

Pay scheme

Agenda for change

Band

Band 4

Salary

£27,485 to £30,162 a year Per Annum

Contract

Permanent

Working pattern

Full-time

Reference number

839-7708142-GP

Job locations

Norwich Community Hospital

Norwich

NR23TU


Job description

Job responsibilities

1. To support the function of and undertake tasks which follow standard processes with the occasional need to deviate for all areas of Access to Records (e.g. Information Governance (IG) queries including Subject Access Requests (SARs), cost recovery and Freedom of Information (FOI) requests, as well as Records Management requests and/or queries relating to both health and corporate records)

2. Responsible for having oversight of the processes and work demands for all areas of access to records to provide assurance to the Information Governance Manager and Head of Governance where necessary.

3. To liaise with the company solicitors to gain advice and guidance as directed by the Head of Governance amending internal processes where appropriate post receipt of advice

4. To liaise with data subjects (and/or their representatives) to give advice on the access to records process. Managing expectations of requestors both in terms of timescales as well as capabilities and responsibilities (on both sides). At times this will involve difficult and challenging discussions.

5. To provide accurate, appropriate and timely information about Trust services and non-clinical advice to patients, relatives and careers and if necessary, refer people on.

6. To provide administrative support and cover for the Governance team which will include communication with individuals from other organisations, other NHS organisation and NCH&C staff at a high level, provide clear information and guidance, exercising tact and judgement in dealing with and resolving routine enquiries, taking accurate messages and ensuring these are passed to the relevant person in a timely manner.

7. To provide detailed guidance and specialist advice on access to records related queries from both internal staff members as well as members of the public. This will involve the analysis of facts or situations. Escalating these where necessary whilst supporting the Subject Matter Expert to resolve the issue.

8. To be a point of escalation for access to records matters where necessary or where deviation from standard operating procedures is being requested. Analysis the situation and using own judgements, determine appropriate action or, in exceptional cases escalate to the Head of Governance for decision.

9. Day to day management of the access to records administration function, ensuring appropriate prioritisation of work to meet deadlines linked to a structured workplan for all governance functions.

10. Responsible for coordinating the access to records policies and procedures ensuring they are reviewed and updated in timely manner, complying with the trusts governance and approval processes.

11. The post holder will be expected to demonstrate independent working skills with minimum supervision with confidence and expertise to advise on issues that relate to data privacy, information assets information governance assurance, confidentiality, and legal basis for processing data as well as other Information Governance related topics.

12. To develop, create and produce reports regular (monthly) and ad-hoc (as and when needed) and to highlight anomalies for the team such as declarations of interest,. There may be need on occasion to explain the contents of the reports to groups of staff as learning and education and this will be supported by Management.

13. Act in an advisory role on best practice on access to records activities in line with the relevant legislation as well as specific health and social care standards.

14. Undertake work to support the Governance Team with the annual plan associated to Information Governance.

15. To support the customer focused and service user centred service model and culture

16. Undertake audits to review/test the effectiveness of procedures in own work area and highlight areas where service improvements could be made.

17. To implement, review and maintain standard operating procedures.

18. To assist in the development of policies and documents in line with legislation, ensuring the Trust remains compliant and up-to-date at all times.

19. Post holder will be required to demonstrate tasks to new members of the Governance team.

20. To be responsible for maintaining stationery and stock in the department and placing orders via PowerGate.

21. To provide admin support in typing up confidential reports and paperwork relating to investigations and disciplinary cases.

22. Arranging travel and accommodation for the Directorate and other department members when necessary.

23. To provide general administration support to the Governance team for example, ordering office equipment, regular minute/action log taking, diary management, maintaining stationery stock levels and assisting with the collection of data for performance reports.

24. To organise and administer several monthly and quarterly meeting on behalf of the Governance team which may require travel to and from other venues. This will include formulation of agendas, distributing papers, taking minutes and actions logs for the Chairs approval.

25. Running of scheduled reports as per established processes.

26. To support the function of and undertake tasks which follow standard processes with the occasional need to deviate for all areas of corporate/Trust governance (e.g. Risk Management (including Board Assurance Framework (BAF), declarations of interest, gifts & hospitality management, policy governance and compliance, internal and external audit facilitation, support the development of annual reports (such as annual report and quality account), support with both planned and unplanned inspections from regulators such as Care Quality Commission (CQC)).

27. To support the function of and undertake tasks which follow standard processes with the occasional need to deviate for all areas of Information Governance (e.g. Information Governance (IG) queries including Data Protection Impact Assessments (DPIA), individual privacy investigations, physical and digital records management and retention for both clinical and corporate records, audits linked to the Data Security and Protection Toolkit (DSPT) and guidance on effective record keeping (inline with trust policies and procedures))

28. The post holder will be required to assist the Governance team by processing Data in all areas of the workplan, using this data to create reports and documents for people at all levels of the organisation to understand and utilise.

29. The post holder will be required to attend meetings on behalf of the Governance Team and contribute in all areas linked to governance

30. The post holder will be required to deliver training on behalf of the governance team to members of internal NCHC staff (based on a training plan) ensuring all Trust staff are trained to the same standard

31. The post holder will be required to attend team meetings to deliver governance advice specific to that area of operation (e.g. attend a team meeting in finance and inform finance colleagues of all Governance related matters that impact them and how they can maintain compliance).

32. The post holder will undertake tasks required to maintain compliance with the Information Asset Register whilst supporting the overall governance operation program led by the Head of Governance.

Job description

Job responsibilities

1. To support the function of and undertake tasks which follow standard processes with the occasional need to deviate for all areas of Access to Records (e.g. Information Governance (IG) queries including Subject Access Requests (SARs), cost recovery and Freedom of Information (FOI) requests, as well as Records Management requests and/or queries relating to both health and corporate records)

2. Responsible for having oversight of the processes and work demands for all areas of access to records to provide assurance to the Information Governance Manager and Head of Governance where necessary.

3. To liaise with the company solicitors to gain advice and guidance as directed by the Head of Governance amending internal processes where appropriate post receipt of advice

4. To liaise with data subjects (and/or their representatives) to give advice on the access to records process. Managing expectations of requestors both in terms of timescales as well as capabilities and responsibilities (on both sides). At times this will involve difficult and challenging discussions.

5. To provide accurate, appropriate and timely information about Trust services and non-clinical advice to patients, relatives and careers and if necessary, refer people on.

6. To provide administrative support and cover for the Governance team which will include communication with individuals from other organisations, other NHS organisation and NCH&C staff at a high level, provide clear information and guidance, exercising tact and judgement in dealing with and resolving routine enquiries, taking accurate messages and ensuring these are passed to the relevant person in a timely manner.

7. To provide detailed guidance and specialist advice on access to records related queries from both internal staff members as well as members of the public. This will involve the analysis of facts or situations. Escalating these where necessary whilst supporting the Subject Matter Expert to resolve the issue.

8. To be a point of escalation for access to records matters where necessary or where deviation from standard operating procedures is being requested. Analysis the situation and using own judgements, determine appropriate action or, in exceptional cases escalate to the Head of Governance for decision.

9. Day to day management of the access to records administration function, ensuring appropriate prioritisation of work to meet deadlines linked to a structured workplan for all governance functions.

10. Responsible for coordinating the access to records policies and procedures ensuring they are reviewed and updated in timely manner, complying with the trusts governance and approval processes.

11. The post holder will be expected to demonstrate independent working skills with minimum supervision with confidence and expertise to advise on issues that relate to data privacy, information assets information governance assurance, confidentiality, and legal basis for processing data as well as other Information Governance related topics.

12. To develop, create and produce reports regular (monthly) and ad-hoc (as and when needed) and to highlight anomalies for the team such as declarations of interest,. There may be need on occasion to explain the contents of the reports to groups of staff as learning and education and this will be supported by Management.

13. Act in an advisory role on best practice on access to records activities in line with the relevant legislation as well as specific health and social care standards.

14. Undertake work to support the Governance Team with the annual plan associated to Information Governance.

15. To support the customer focused and service user centred service model and culture

16. Undertake audits to review/test the effectiveness of procedures in own work area and highlight areas where service improvements could be made.

17. To implement, review and maintain standard operating procedures.

18. To assist in the development of policies and documents in line with legislation, ensuring the Trust remains compliant and up-to-date at all times.

19. Post holder will be required to demonstrate tasks to new members of the Governance team.

20. To be responsible for maintaining stationery and stock in the department and placing orders via PowerGate.

21. To provide admin support in typing up confidential reports and paperwork relating to investigations and disciplinary cases.

22. Arranging travel and accommodation for the Directorate and other department members when necessary.

23. To provide general administration support to the Governance team for example, ordering office equipment, regular minute/action log taking, diary management, maintaining stationery stock levels and assisting with the collection of data for performance reports.

24. To organise and administer several monthly and quarterly meeting on behalf of the Governance team which may require travel to and from other venues. This will include formulation of agendas, distributing papers, taking minutes and actions logs for the Chairs approval.

25. Running of scheduled reports as per established processes.

26. To support the function of and undertake tasks which follow standard processes with the occasional need to deviate for all areas of corporate/Trust governance (e.g. Risk Management (including Board Assurance Framework (BAF), declarations of interest, gifts & hospitality management, policy governance and compliance, internal and external audit facilitation, support the development of annual reports (such as annual report and quality account), support with both planned and unplanned inspections from regulators such as Care Quality Commission (CQC)).

27. To support the function of and undertake tasks which follow standard processes with the occasional need to deviate for all areas of Information Governance (e.g. Information Governance (IG) queries including Data Protection Impact Assessments (DPIA), individual privacy investigations, physical and digital records management and retention for both clinical and corporate records, audits linked to the Data Security and Protection Toolkit (DSPT) and guidance on effective record keeping (inline with trust policies and procedures))

28. The post holder will be required to assist the Governance team by processing Data in all areas of the workplan, using this data to create reports and documents for people at all levels of the organisation to understand and utilise.

29. The post holder will be required to attend meetings on behalf of the Governance Team and contribute in all areas linked to governance

30. The post holder will be required to deliver training on behalf of the governance team to members of internal NCHC staff (based on a training plan) ensuring all Trust staff are trained to the same standard

31. The post holder will be required to attend team meetings to deliver governance advice specific to that area of operation (e.g. attend a team meeting in finance and inform finance colleagues of all Governance related matters that impact them and how they can maintain compliance).

32. The post holder will undertake tasks required to maintain compliance with the Information Asset Register whilst supporting the overall governance operation program led by the Head of Governance.

Person Specification

Qualifications

Essential

  • Educated to diploma level or equivalent experience

Desirable

  • Information Governance Specific Qualification

Experience

Essential

  • Experience of working in a patient information, confidentiality or information governance environment

Desirable

  • Experience processing and action on Subject Access Requests and Freedom of Information Requests

Skills, Abilities and Knowledge

Essential

  • Knowledge, good understanding and experience of applications of the Data Protection Act (2018), General Data Protection Regulation (GDPR) and the Freedom of Information Act (2000)
  • Specialist knowledge, good understanding and experience of applications of the national information governance and privacy standards set by the HSCIC
  • Knowledge and good understanding of the Data Security Standards
  • Good understanding of risks to privacy and experience of completing Data Protection Impact Assessments
  • Experience of risk assessment and mitigation
  • Standard keyboard skills
  • Excellent team skills and ability to work with members of own and other teams and departments at all levels of the organisation.
  • Confident, pro-active and self-motivated in completing work to a high standard in conjunction with other staff
  • Have the ability to organise and prioritise workload and be able to work under pressure dealing with complex issues
  • A logical and sensible approach to problem solving.
  • Ability to apply analytical skills to resolve complex issues and return with solutions that are clear and easy to understand
  • Ability to work to achieve agreed objectives independently working within broad organisational and departmental policies
  • Experience of dealing with a broad range of complex activities with adequate planning and organisational skills
  • Track record of successful project management
  • Experience of working and engaging with a variety of senior staff

Desirable

  • Experience of drafting Data processing agreements, data transfer agreements and non-disclosure agreements

Communication

Essential

  • Ability to handle highly complex and sensitive information for communication with staff at all levels, including senior managers
  • Ability to gain commitment from staff in a variety of settings to becoming stakeholders and / or active participants in Projects and assessments
  • Negotiation, influencing and persuading skills.

Desirable

  • Experience in handling complaints from members of the public

Personal and people development

Essential

  • Demonstrate tasks to new starters

Desirable

  • team leadership, completion of 1:1 supervision and support for team members
Person Specification

Qualifications

Essential

  • Educated to diploma level or equivalent experience

Desirable

  • Information Governance Specific Qualification

Experience

Essential

  • Experience of working in a patient information, confidentiality or information governance environment

Desirable

  • Experience processing and action on Subject Access Requests and Freedom of Information Requests

Skills, Abilities and Knowledge

Essential

  • Knowledge, good understanding and experience of applications of the Data Protection Act (2018), General Data Protection Regulation (GDPR) and the Freedom of Information Act (2000)
  • Specialist knowledge, good understanding and experience of applications of the national information governance and privacy standards set by the HSCIC
  • Knowledge and good understanding of the Data Security Standards
  • Good understanding of risks to privacy and experience of completing Data Protection Impact Assessments
  • Experience of risk assessment and mitigation
  • Standard keyboard skills
  • Excellent team skills and ability to work with members of own and other teams and departments at all levels of the organisation.
  • Confident, pro-active and self-motivated in completing work to a high standard in conjunction with other staff
  • Have the ability to organise and prioritise workload and be able to work under pressure dealing with complex issues
  • A logical and sensible approach to problem solving.
  • Ability to apply analytical skills to resolve complex issues and return with solutions that are clear and easy to understand
  • Ability to work to achieve agreed objectives independently working within broad organisational and departmental policies
  • Experience of dealing with a broad range of complex activities with adequate planning and organisational skills
  • Track record of successful project management
  • Experience of working and engaging with a variety of senior staff

Desirable

  • Experience of drafting Data processing agreements, data transfer agreements and non-disclosure agreements

Communication

Essential

  • Ability to handle highly complex and sensitive information for communication with staff at all levels, including senior managers
  • Ability to gain commitment from staff in a variety of settings to becoming stakeholders and / or active participants in Projects and assessments
  • Negotiation, influencing and persuading skills.

Desirable

  • Experience in handling complaints from members of the public

Personal and people development

Essential

  • Demonstrate tasks to new starters

Desirable

  • team leadership, completion of 1:1 supervision and support for team members

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Employer details

Employer name

Norfolk Community Health and Care NHS Trust

Address

Norwich Community Hospital

Norwich

NR23TU


Employer's website

https://www.norfolkcommunityhealthandcare.nhs.uk (Opens in a new tab)

Employer details

Employer name

Norfolk Community Health and Care NHS Trust

Address

Norwich Community Hospital

Norwich

NR23TU


Employer's website

https://www.norfolkcommunityhealthandcare.nhs.uk (Opens in a new tab)

Employer contact details

For questions about the job, contact:

Information Governance Manager

Shula Rawlings

shula.rawlings@nchc.nhs.uk

Details

Date posted

30 December 2025

Pay scheme

Agenda for change

Band

Band 4

Salary

£27,485 to £30,162 a year Per Annum

Contract

Permanent

Working pattern

Full-time

Reference number

839-7708142-GP

Job locations

Norwich Community Hospital

Norwich

NR23TU


Supporting documents

Privacy notice

Norfolk Community Health and Care NHS Trust's privacy notice (opens in a new tab)