EPR Information Governance Lead | South London and Maudsley NHS Foundation Trust
| Dyddiad hysbysebu: | 22 Rhagfyr 2025 |
|---|---|
| Cyflog: | Heb ei nodi |
| Gwybodaeth ychwanegol am y cyflog: | £72,921 - £83,362 per annum inclusive of HCAS |
| Oriau: | Llawn Amser |
| Dyddiad cau: | 21 Ionawr 2026 |
| Lleoliad: | Denmark Hill, SE5 8AD |
| Cwmni: | South London and Maudsley NHS Foundation Trust |
| Math o swydd: | Cytundeb |
| Cyfeirnod swydd: | 7618911/334-NCL-7618911-MU |
Crynodeb
This is an exciting opportunity to contribute to a major digital initiative designed to transform the delivery of care at South London and Maudsley NHS Foundation Trust (SLaM). The Electronic Patient Record (EPR) Programme stands as one of the most ambitious change projects in the Trust’s history. Its aim is to streamline staff workflows, enhance safety, and ultimately achieve improved outcomes for service users.
Career Progression pathways and development opportunities:
We are committed to get the very best out of our staff and support staff in their career aspirations. We have career pathways available, where you will be able to develop your skills and build on your experience to progress into other roles across different specialties. In addition, we offer ongoing training and development in conjunction with the BCS membership.
The EPR Information Governance Lead is central to the successful implementation and integration of a new Electronic Patient Record system. This pivotal role is responsible for leading on all information governance activity associated with the design, testing, implementation and adoption of the new EPR, working alongside the Trust Data Protection Officers (DPOs) and other colleagues to ensure that SLaM’s EPR Programme takes appropriate actions to enable the Trusts to continue to meet their statutory obligations with regards Information Governance and Data Protection.
As the programme’s IG subject matter expert, the post-holder will interpret National policy and guidance and will lead on the development and/or modification of IG related programme collateral including Data Privacy Impact Assessment documents, Data Sharing/Data Processing agreements and Data Security & Protection Toolkits (DSPTs). The post-holder will lead on the mitigation and oversee the management of data risks associated with the implementation of the EPR across the Trust.
Flexible working:
As one of the few Trusts in London we are proud to offer flexible working as part of our new ways of working, and we are happy to talk flexible working at the interview stage. In this role you will be able to work Monday to Friday in the time frames from 8am to 6pm, giving you the very best of good work life balance.
This role is in the Digital PMO which sits under the Digital Services Directorate. The Directorate utilises technology and digital solutions to empower our staff to work effectively and to improve the care our service users receive.
About our locations:
The Digital team are located across 3 main sites;
Maudsley Hospital (headquarters)
Our Trust headquarters is located at Denmark Hill less than 5 minutes from the train station (zone 2) and is within walking distance from the beautiful green spaces of Ruskin park and the vibrant high-street that offers great shopping opportunities and with a wide range restaurants.
St Pauls
St Pauls is located within the Bromley area and is less than 10 minutes from the train stations (Bromley South, Bromley North and Shortlands) It is within walking distance from the beautiful green spaces of Bromley Park and the vibrant high-street that offers great shopping opportunities and with a wide range restaurants.
Bethlem Royal Hospital
Bethlem Royal Hospital is based in a beautiful setting in over 200 acres of green space in the London Borough of Bromley, South East London. The hospital has easy access to nearby main roads and have offers free parking. The site is within walking distance from of Eden Park and West Wickham overland stations.
Key Responsibilities:
The postholder will act as the Information Governance lead and subject matter expert within the EPR Programme, providing strategic and operational oversight of all data protection and confidentiality matters. They will ensure that information governance principles are embedded across all programme workstreams, supporting the safe and compliant implementation of the new EPR. This includes advising on data protection by design, managing privacy risks, assuring supplier compliance, and supporting the Trust’s statutory obligations under the UK GDPR and Data Protection Act 2018. The role will also promote a culture of good information handling practices across the organisation, working closely with clinical, operational, and technical teams to enable the effective and lawful use of information within the new digital environment.
1. Information Governance Leadership
Support the DPO by leading on all IG-related activities across the EPR Programme lifecycle, from procurement and design to go-live and post-implementation.
Provide specialist advice and assurance to the EPR Programme Board, SRO, and Programme Director on IG and data protection risks, controls, and mitigations.
Develop and maintain programme-level IG artefacts including:
Data Protection Impact Assessments (DPIAs)
Data Sharing / Processing Agreements
Privacy Notices and Records of Processing Activities
IG Risk Registers and Mitigation Plans
Embed “data protection by design and by default” principles in all new workflows, integrations, and supplier relationships.
Ensure all IG artefacts gain appropriate internal approval
2. Data Protection Compliance
Ensure that the EPR Programme aligns with UK GDPR, the Data Protection Act 2018, and NHS guidance.
Support the DPO in monitoring and evidencing compliance, and ensure all relevant activities are reflected in the Trust’sData Security and Protection Toolkit (DSPT).
Review and assure supplier contracts to ensure robust data processing clauses and lawful data sharing arrangements.
Lead on the management of IG incidents and support Root Cause Analysis (RCA) in relation to the programme.
3. Liaison and Partnership
Act as the key point of contact for all IG and data protection matters within the EPR Programme.
Work collaboratively with:
The Trust’s DPO, SIRO, and Caldicott Guardian
Digital Security and Clinical Safety Officers
Legal and Procurement teams
Third-party suppliers (e.g., system vendors, integration partners)
Information Governance and Records Management teams across SLaM and the wider South London Partnership (SLP)
Ensure alignment with regional and national data protection standards and share best practice with other Trusts undertaking EPR implementations.
4. Assurance and Reporting
Develop and maintain programme-level IG dashboards and reports for governance forums (e.g. Programme Board, SIRO reports, and Trust Information Governance Group).
Provide expert input into programme risk registers and contribute to external assurance reviews (e.g., IG audits, compliance inspections).
Liaise with the Information Commissioner’s Office (ICO) where necessary, supporting the DPO in formal submissions.
5. Policy, Training, and Culture
Support the update and development of relevant Trust policies relating to data protection, confidentiality, and records management as they pertain to the EPR.
Promote an open and informed culture around data protection and IG awareness within the EPR Programme and wider clinical teams.
Develop and deliver IG training materials specific to the new EPR and associated change programmes.
Support embedding of the Caldicott and confidentiality principles within the system’s design and rollout.
This advert closes on Friday 9 Jan 2026