Title: Information Governance Assistant Manager Department: National Office of Clinical Audit (NOCA) Tenure: Permanent (full and part time options are available) Location: St Stephens Green, Dublin 2 - Hybrid working Reporting to: Information Manager Closing Date: 23:45pm Monday, 27th of October About National Office of Clinical Audit (NOCA) The National Office of Clinical Audit (NOCA) was established in **** as a key enabler of clinical effectiveness which in turn is a key component of patient safety and quality.
The integration of best evidence in service provision, through clinical effectiveness processes, promotes healthcare that is up to date, effective and consistent.
Clinical effectiveness processes include guidelines, audit, and practice guidance.
NOCA establishes and maintains national clinical audits across a number of clinical areas including Intensive Care, Obstetrics, major trauma, hip fractures, arthroplasty, and mortality.
NOCA is funded by the Health Service Executive Quality Improvement Division and operationally supported by the Royal College of Surgeons in Ireland.
The purpose of NOCA national clinical audits is to improve the quality of care provided to patients and to improve their outcomes.
Purpose of this Role - As NOCA's portofolio of audits and registers is expanding, so too is the Information Governance team.
This role will support the information governance activities at NOCA and will be a key member of the information governance team.
To ensure that NOCA meets its obligations under the EU General Data Protection Regulation (GDPR), Irish Data Protection Act(s), and related legislation; to protect patient, staff and third-party personal and sensitive data; to embed a culture of accountability and privacy by design; and to act as the point of contact for data protection matters.
To support NOCA in its preparation towards the European Health Dataspace (EHDS) regulations.
Specific duties include: Governance & Strategy Provide support to the Information Manager with the continous improvement, development, implementation and maintence of the Data Protection / Information Governance framework.
Ensure policies, procedures, and practices are GDPR/DPC compliant.
Embed privacy by design and default into projects, systems, and new technologies.
Maintain records of processing activities (RoPA) and logs of information governance activities to facilitate oversight, analysis, and reporting.
Day to day administration and support for information governance queries, tracking and responding to queries, data incident notification, ad hoc internal and external queries, assisting with root cause analysis and drafting solutions.
Drafting of data sharing and data processing agreements.
Risk Management & Impact Assessments Lead Data Protection Impact Assessments (DPIAs) for high-risk processing.
Identify risks related to data processing and advise on risk mitigation.
Participate in vendor/third-party contract reviews, ensuring compliance.
Work with IT team on technical & organisational measures.
Operational & Compliance Monitoring Monitor compliance with GDPR / Data Protection Acts and internal policies.
Oversee Subject Access Requests (SARs) and other rights requests.
Manage data breaches, reporting to DPC and communicating with affected persons.
Oversee data retention and deletion policies.
Training & Awareness Design and deliver staff training on data protection, confidentiality, and privacy.
Promote patient confidentiality and awareness among staff and patients.
Assist the Information Manager in the coordination of information governance policies and procedures, training, and administration of same.
Liaison & Reporting Act as a point of contact for hospitals, HSE and with Data Protection Commission (DPC).
Respond to data subject queries / complaints.
Report to Information Manager / NOCA Board on compliance, incidents, audits.
Audit & Policy Review Conduct internal audits of processing and access to data.
Review and update privacy policies, data sharing agreements, consent forms.
Technology / Systems Oversight Work with IT/EHR vendors to ensure secure systems.
Oversee lawful transfer and disposal of data.
Person Specification: Experience, Qualifications & Skills (Required) Experience in data protection / compliance roles Expert knowledge of GDPR, Irish Data Protection Acts, healthcare privacy regulations.
Understanding of information security and healthcare data flows.
Familiarity with healthcare regulations, confidentiality and consent.
Strong communication, organisational and analytical skills.
Experience with DPIAs, SARs, breach management.
Relevant qualifications (CIPP/E, CIPM, CDPO, law/compliance degree).
Desirable: Prior healthcare sector experience.
Knowledge of clinical systems, electronic health records, telehealth.
Experience with audits, risk management, project management.
Experience with Ethics and research.
Certification in information security (e.g. ISO *****, CISSP).
Track record of building positive working relationships with relevant stakeholders Strong communication skills (verbal and written) to engage with all stakeholders, both clinical and nonclinical Self-motivated individual with experience of leading change I.T. skills: Knowledge of MS Office suite, QPULSE, MS Project Competencies & Personal Attributes Strong ethical awareness and confidentiality commitment.
Attention to detail, thoroughness.
Ability to prioritise and manage multiple tasks.
Proactive risk anticipation and improvement mindset.
Ability to explain technical/legal issues to non-technical staff.
Resilience under pressure.
We are all too aware that imposter syndrome and the confidence gap can sometimes stop fantastic candidates putting themselves forward, so please do submit an application - we'd love to hear from you.
Application Process Please apply online with your CV and Covering Letter.
Informal enquiries can be directed to Brid Moran