Doug Kidd: February 17, 2020
As the Compliance Officer for NES Digital Service (NDS), the team creating the National Digital Platform for health and social care in Scotland, one of the first questions I was asked on joining was "what does a Compliance Officer do?" My response was a slightly muffled "make sure the platform and the applications NDS develop meet legal requirements and NHS Scotland guidance." A bit vague, but this was only day 2 and I hadn’t really got my head around the overall landscape.
Four months into the role and feeling more settled, I now have a framework to work from. A framework that is being used to create our first products. It requires the collaboration of colleagues to work successfully, has mandatory and optional items and will change over time to fill gaps, add and remove items as regulations or guidance change. It’s also aligned to the qualities of an NDS product. Our framework will help to protect the privacy of patient data that enters into NDS processes.
At first glance it looks relatively straightforward. Only 19 boxes to work through and, hey presto, you’re compliant. If only things were that easy…
However, each box comes with a different level of work and complexity that should not be underestimated. For example:
Some boxes hide a wider set of things to consider.
So now when I get asked "what does a Compliance Officer do?" I can confidently state "make sure the platform and the applications NDS develop meet legal requirements and NHS Scotland guidance." The same statement as on day 2 (!) but with a framework to back it up.