Skip to main content

Employer heading

Hertfordshire Partnership NHS Foundation Trust logo
Please wait, loading

Information Rights Officer

NHS AfC: Band 5

Main area
NHS AfC: Band 5
  • Full time
  • Flexible working
  • Compressed hours
37.5 hours per week
Job ref
99 Waverley Road
St Albans
£27,055 - £32,934 per annum, pro rata
Salary period
02/02/2023 23:59

Values Based Screener

At Hertfordshire Partnership Foundation Trust we are looking for people to join us who share our values and those of the NHS. Before your application can be considered please take part on our online values questionnaire, which you can find below. When you have finished you will be sent a 'completion code' by email, which will be valid for 6 months and required to submit your application form.


Job overview

We have an exciting opening for a flexible and experienced administrator to join the Information Rights and Compliance Team.  Information flow is at the heart of healthcare and this role provides a unique opportunity for an individual to move into the information governance arena. The successful applicant will be expected to manage their own caseload and to develop an understanding of the balance of information flow, data security and confidentiality.

Main duties of the job

This role requires excellent time management skills and the ability to communicate with staff across the Trust and various internal and external stakeholders. We’re looking for someone who can review complex clinical documents and make compassionate rational judgements about how to communicate difficult information to data subjects.

Key responsibilities:

  • Reading and redacting Subject Access Requests
  • Applying the UKGDPR and Data Protection Act 2018, and other associated legislation.
  • Liaising with Service Users, Police, Solicitors and Clinicians
  • Processing enquiries from staff at all levels of the organisation.
  • Oversight of caseload and group inbox
  • Responding to Freedom of Information and Environmental Information Requests.

Working for our organisation

Hertfordshire Partnership University NHS Foundation Trust (HPFT) is an outstanding organisation with ambitions to match. We are one of just five mental health trusts to achieve an overall rating of ‘Outstanding’ from the Care Quality Commission, and our aim is to be the leading provider of mental health and specialist learning disability services in the country.

Our family of over 3500 members of staff provide health and social care for over 400,000 people with mental ill health, physical ill health and learning disabilities across Hertfordshire, Buckinghamshire, and Norfolk, delivering these services within the community and several inpatient settings. We also deliver a range of nationally commissioned specialist services including Tier 4 services for children and young people, perinatal services, plus medium and low secure learning disabilities services.


The care we provide makes a fantastic difference to the lives of our service users, their families and carers - everything is underpinned by choice, independence and equality, with our Trust values embedded throughout:


Our Trust values are:

Welcoming. Kind. Positive. Respectful. Professional.

These values are at the core of who we are, everything we do, and how we do it!

Would you like to be part of the HPFT family? Would you like work with us to ensure our service users live the fullest lives possible they can? Would you like to be supported in your career to be the best that you can be?

Then please read on…

Detailed job description and main responsibilities

The post holder will undertake day to day responsibility for formal access to information requests under Data Protection Legislation, Freedom of Information Act 2000 and the Environmental Information Regulations 2000.

They will also manage requests from the Police, Courts, and other statutory bodies.

The post holder will highlight any legal or other queries with the Information Governance Manager and ensure that all requests are processed in line with Trust Policy, and the appropriate legislation.

All staff should comply with the Trust’s Anti-Discrimination Statement, Employee Charter, Trust Policies and Procedures, Code of Conduct and Equality and Diversity statement.

Job Responsibilities:

Provide advice to members of the public (including service users and carers) who may need assistance with an information request. This includes advise on the following Information Rights Law:

- Data Protection Act

- General Data Protection Regulation

- Access to Health Records

- Freedom of Information

- Environmental Information Regulations

  • Provide advice and guidance to all levels of staff on access to information processes e.g: the formal access to service user records process, Freedom of Information Act 2000 and Environmental Information Regulations
  • To be responsible for responding to requests under Data Protection laws in relation to a person’s care and treatment
  • To be responsible for the management of Freedom of Information requests, from receipt to closure
  • Identify and flag any issues that may arise through changes in legislation e.g. changes required to standard documents
  • Answer telephone and email queries in relation to information management and confidentiality issues
  • Update knowledge of new developments in legislation surrounding care records management systems technologies, Freedom of Information Act 2000 and Environmental Information Regulations 2000, Data protection legislation, and associated topics
  • Ensure requests from police are accompanied with appropriate paperwork e.g. consent from the service user, Section 212 exemption under the Data Protection Act 2018 or a Sealed Court Order
  • Manage and maintain the Trust’s hard copy archive, under instruction from the Information Governance Manager.

Working Relationships and Communication Requirements of the Job

Working relationships

  1. The post holder is required to develop and maintain sound professional relationships with internal and external stakeholders in order to successfully fulfil their job role
  2. The post holder will be required to liaise with clinicians and senior managers, Directors and Caldicott Guardian on issues concerning consent to sharing information under Freedom of Information Act 2000, Environmental Information Regulations 2005 and Data Protection legislation
  3. Track and request relevant information and documents from managers
  4. The post holder is expected to flag any requests which concern information held within another department with the appropriate manager / Head of Service to ensure the request is dealt with appropriately
  5. Expected to work with staff at all levels throughout the Trust and be prepared to deal with complex problems on a regular basis. This will entail working on their own initiative
  6. Liaise with Communications Department and service areas to ensure information regularly requested under the Freedom of Information Act 2000 is made available on the public website
  7. Liaise with other health and social care organisations on complex applications involving services managed by both organisations to ensure all necessary permissions are obtained
  8. Link with Trust solicitors in cases where legal advice is required

Internal Relationships

  • Clinicians
  • Risk Manager
  • Incidents and Complaints Manager
  • Caldicott Guardian
  • Directors and Senior Managers in service areas
  • Operational staff
  • Head of Communications
  • Head of Safeguardin

External Relationships

  • Service users/Carers
  • Solicitors
  • Members of the public.
  • Colleagues across the health and care community
  • Colleagues across Public authorities i.e. Police and Hertfordshire County Council regarding Access to information issues.
  • Information Commissioner’s Office
  • National Archives Office

Communication requirements

  1. Regular communication is required with members of the public, service users and carers who request access to service user records under the Data Protection legislation, Access to Health Records Act 1990 and other information requested under the Freedom of Information Act 2000 and Environmental Information Regulations 2000
  2. The post holder must have the ability to communicate complex scenarios to clinical and senior managers regarding Access to Records requests, Freedom of Information Act and Environmental Information Regulations requests
  3. The post holder will be required to work with very sensitive and highly confidential information
  4. Advise applicants to apply to other public body where it is evident that the information requested is not managed by HPFT.

Leadership and Staff Management Responsibility

At time of writing, this post does not have any line management responsibility.

However, the post holder may be asked to undertake line management of staff, subject to the needs of the service.

This will include:

  1. Undertake regular supervision sessions with line staff and manage staff performance
  2. Manage sickness and absence in accordance with Trust policy
  3. Undertake first line disciplinary procedures in accordance with Trust policy
  4. Provide safe working environment for the protection of staff, ensure equipment used is fit for purpose and maintained; comply with health and safety obligations.

Financial Responsibility 

  1. The post holder does not have any financial responsibility.

Service Development and Improvement

  1. Assist in ensuring information governance standards are complied with across the Trust.
  2. Assist in the development of policies on information rights law that require implementation throughout the organisation
  3. Implements departmental policies within own work area, proposes changes to working practices as a result of new guidelines or legislation.

Maintain Information Rights guidance pages on the HIVE


Analytical and Judgemental Skills

  1. High levels of concentration and judgement required, particularly when
  • Investigating whether we hold information for Freedom of Information Act and Data Protection Act requests
  • Analysing information to ensure that responses are not subject to an exemption either under to the Freedom of Information or Data Protection Acts.
  1. Scrutinize documents received from clinicians and service managers ensuring that any exemptions are applied and raise queries and Information Governance Manager
  2. Analyse, interpret  and  present  data  to  highlight  issues  and  risks  to  and Information Governance Manager
  3. The post holder will be required to ascertain which legislation applies to individual requests and apply the correct access regime.

Planning and Organisational Skills

  1. Plan and organise requests in order of complexity and timescale to ensure that requests are processed in accordance with time limits set under the Freedom of Information Act 2000 and Data Protection legislation
  2. Provide quarterly reports to the Information Governance Manager and Head of Information Rights and Compliance.

Physical Working Conditions and Environment

The post is based at 99 Waverley Road, St Albans and travel throughout Hertfordshire is required. During visits to acute mental health and learning disabilities units the post holder may encounter verbal or physical threats from service users.

The post holder will also be using a VDU for extended periods of time.

Information Resources

  1. Manage Ulysses Data Base for Freedom of Information and Subject Access Requests ensuring that all details relating to every request are logged effectively
  2. Draft reports summarising status on issues, appraising outcomes and providing progress reports to Head of Information Management & Compliance
  3. Responsible for creating application forms and templates for Access to Information processes for the Information Rights & Compliance team to use
  4. Update and develop the Freedom of Information Publication Scheme in accordance with best practice and national guidelines
  5. A high standard of IT skills is required for this post.

Person specification


Essential criteria
  • Knowledge of administrative procedures and information analysis
  • Minimum of 2 years’ experience of in relevant field.
Desirable criteria
  • Previously worked in similar position within the public sector


Essential criteria
  • High standard of IT skills including working knowledge of Microsoft Word, Excel and Access packages
  • Experience of working with staff at all levels including clinicians
  • Self-disciplined, proven ability to work with minimal supervision
  • Excellent organisational and prioritising skills
  • Able to work under pressure and complete tasks within agreed deadlines
Desirable criteria
  • Knowledge of audit and research
  • Evidence of training individuals and groups
  • Specialist knowledge of the Data Protection legislation
  • Specialist knowledge of the Access to Health Records Act 1990
  • Specialist knowledge of the Freedom of Information Act 2000
  • Environmental Information Regulations 2005


Essential criteria
  • Ability to be adaptable and work within a team.
  • Negotiating, networking and persuasive skills.
Desirable criteria
  • Ability to pull together comprehensive draft reports, data and letters.
  • Negotiating, networking and persuasive skills.


Essential criteria
  • An eye for detail, meticulous working practices
  • Problem solving skills and ability to respond to sudden unexpected demands.
Desirable criteria
  • Excellent time management skills with the ability to re prioritise.
  • Able to absorb and formulate new information quickly

Employer certification / accreditation badges

Trust IDMenopause Friendly EmployerMindful employer.  Being positive about mental health.Age positiveDisability confident employerCare quality commission - OutstandingStonewall equality policy. Equality and justice for lesbians, gay men, bisexual and trans people.

Documents to download

Apply online now

Further details / informal visits contact

Jennifer Chambers
Job title
Head of Information Rights and Compliance
Email address