Data Manager & Data Protection Officer
Job Description
Job summary
NHS England is launching a national lung cancer screening programme (formally, Targeted Lung Health Checks), aimed at early detection in areas with high lung cancer prevalence. The programme involves inviting at-risk patients for a lung health check risk assessment followed by a low-dose CT scan for those at higher risk. The goal is to improve early-stage lung cancer diagnosis and survival rates. TIC Health is proud to be delivering the full lung cancer screening programme in Norfolk and Waveney, starting early next year, working in partnership with the NHS.
To deliver this programme effectively, data is a key aspect, we are looking for a experienced Data Manager and Data Protection Office to join the dedicated team.
Main duties of the job
Data Manager
The Data Manager will be responsible for all aspects of a data associated with the effective delivery and monitoring of the programme. The full end-to-end pathway will include pulling relevant data from primary care, data cleansing, uploading into the service Patient Administration System, and producing reports on all relevant aspects of the service, developing additional reports as required. The Data Manager will also be responsible for all aspects data governance, including the agreement of the Data Sharing and Processing Agreement (DSPA) and Data processing and Data Protection Impact Assessment (DPIA) with the Commissioner, ICBs, PCNs (or representatives) and each GP practice. The role will also include developing the integration of data with other IT systems.
Data Protection Officer (DPO)
The DPO will be responsible for managing and organising the implementation of a data protection strategy for TIC Health. To act as the primary point of contact for data protection matters within the organisation, advising on compliance with GDPR, the Data Protection Act, and other relevant regulations. This will include monitoring TIC Health's data processing activities and practices to ensure compliance with data protection regulations
About us
TIC Health
TIC Health is a leading provider of healthcare services to the NHS and private sector. This includes the provision of high-quality diagnostic imaging services throughout the UK using state-of-the-art imaging equipment and highly trained healthcare professionals. Services are delivered in partnership with the NHS, with the aim of providing high quality integrated care for all patients.
TIC Health also provides GP services and healthcare screening from clinics in London. .
Job responsibilities
Key areas of responsibility will include:
Data Manager Lung Cancer Screening
Lead the discussions with GP practices/PCNs (or representatives) to identify the eligible cohort and extract the dataset from the practice system and import into the Patient Administration System.
Lead the agreement of the Data Sharing and Processing Agreement (DSPA) and Data processing and Data Protection Impact Assessment (DPIA) with the Commissioner, ICBs, PCNs (or representatives) and each GP practice.
Be responsible for ensuring that the DPIA and DSPA are signed by the GP practices before collecting data.
Ensure that the minimum dataset is imported for each patient and stored securely on the TIC Health Patient Administration System (PAS) in line with IG regulations.
To oversee the development of KPI data from the PAS for national and local submission.
To write reports for ad hoc data requirement using Sequel
Lead on the advanced analysis, interpretation and presentation of complex data to create plans and make decisions on improvements in service deliver.
Lead on investigations into causes of data variances and contribute to the implementation of solutions.
To support the service planning process and to review the performance of all aspects of the service.
Data Protection Officer (DPO)
Develop, implement, and maintain data protection policies and procedures, ensuring they are embedded across all departments.
Conduct data protection impact assessments (DPIAs) for new and existing projects, identifying and mitigating data privacy risks.
Facilitate data subject rights, including requests for access, rectification, and erasure of personal data.
Report data breaches to the ICO when required and manage internal breach response processes.
Provide regular data protection training and awareness programs for all staff members.
Keep up to date with changes in data protection law and regulations.
Information Governance Responsibilities
Develop and enforce an information governance framework that aligns with best practices and regulatory standards.
Oversee the data governance strategy and policies to ensure consistent and secure handling of data across the organisation.
Ensure the organisation adheres to Cyber Essentials Plus requirements and other information security standards, coordinating with the IT team for regular compliance audits.
Conduct regular data audits and quality assurance checks to ensure accuracy, consistency, and security of data assets.
Maintain records of processing activities (ROPA) and ensure proper documentation of data management processes.
Stakeholder Engagement
Collaborate with department heads to ensure alignment with data protection and information governance policies.
Work closely with IT, clinical, and operational teams to ensure robust data security and compliance practices.
Act as the main liaison with external auditors, regulatory bodies, and legal advisors on data protection and information governance matters.
Provide regular reports to senior management and the board on data protection, information governance, and data management performance.
Teamwork
To work collaboratively with other departments within the TIC group of companies, championing professional integrity
Personal Development
All Company employees are required to participate in the organisations annual appraisal review scheme. The end of year appraisal will include a personal development review where progress made over the last year is discussed and agreed. Focus on the following years departmental and personal objectives will be identified, discussed and agreed.
Health and SafetyIn addition to any responsibilities specified within your job description above, it is your duty to:
Take reasonable care of the health and safety of yourself and of the other people who may be affected by actions and omissions at work.
Co-operate with the employer in ensuring that all statutory and other requirements are complied with.
The Environment and EMSTIC Health is committed to protecting the local and global environment and supporting the development of the concept of sustainable healthcare.
Disclosure and Barring All appointments are subject to a satisfactory check by the Disclosure and Barring Service. Failure to disclose any previous convictions or cautions may result in the withdrawal of the post or termination of contract. ConfidentialityUnder no circumstances either during or after the end of your employment (however it is terminated) may you divulge to any unauthorised person confidential information relating to the Company. This includes, but is not limited to, information covering patients, individual staff records, industrial relations, financial affairs, contract terms and prices or business forecasts.
Equality and DiversityIt is the responsibility of all employees to support the Companys vision of promoting a positive approach to diversity and equality of opportunity, to eliminate discrimination and disadvantage in service delivery and employment, and to manage, support or comply through the implementation of Equality & Diversity Strategies and Policies.
Data ProtectionIf required to do so, to obtain, process and/or use information held on computer or other IT system in a fair and lawful way. To hold data only for specific registered purpose and not use or disclose it in any way incompatible with such purpose. To disclose data only to authorised persons or organisations as instructed.
Safeguarding
All employees have a duty and responsibility to protect and safeguard children, young people and vulnerable adults. They must therefore be aware of child and adult protection procedures to take appropriate and timely safeguarding action and reduce the risk of significant harm to adults and children from abuse or other types of exploitation.
Information Governance
You should be aware of all information governance policies and procedures, to ensure necessary safeguards are upheld for the appropriate use of patient and personal information.
This is an outline of the post-holder's duties and responsibilities. It is not intended as an exhaustive list and may change from time to time to meet the changing needs of the Company. This post is subject to the terms and conditions of employment of the Company .
Person Specification
Experience
Essential
- Post qualification experience in a senior ...