Title Legislation Practical Application and Clinical Impact
Type Stage One
Code HBI104
Requirement Compulsory

Module objective

The Clinical Scientist in HSST will be required to lead and develop high-quality, safe health informatics services to ensure that all actions and decisions comply with the requirements of current and contemporaneous national and international legislation. In particular, Clinical Scientists will focus on the legal and governance challenges of developing eHealth solutions and using health data to gain insights for improvement of healthcare delivery and outcomes.

By the end of this module the Clinical Scientist in HSST will be able to analyse, synthesise and apply their knowledge and understanding of the legislation, policies and guidance relating to: (i) medical devices; (ii) infrastructure development; (iii) information security; (iv) privacy and physical security; and (v) use of personal and sensitive information in a range of environments, including hospitals, primary care and the patients home. They will identify and, where appropriate, contribute feedback during the development of local, national and international guidelines, and lead their implementation and monitoring in their area of clinical practice.

In addition, they will have a thorough understanding of the legal and governance issues surrounding the design and use of technologies for data collection and sharing as well as those around the access and use of health data. Clinical Scientists will be able to use current legislation, guidance and best practice for the development of high-quality health informatics services, policy and solutions as well as contribute to development of future guidance. The Clinical Scientist in HSST will understand reporting structures in relation to incidents involving potential breaches of standards, legislation and guidance, including how to prevent, manage and investigate the cause of such incidents.

The Clinical Scientist in HSST will also be expected to consistently demonstrate the attitudes and behaviours necessary for the role of a CCS leading safe, high-quality healthcare services.

Knowledge and understanding

By the end of this module the Clinical Scientist in HSST will be able to analyse, synthesise, evaluate and critically apply their expert knowledge of standards, legislation and guidance, including:

  • Differences between guidance, policy, standards, legislation (including directives) and regulations.
  • Current reports and processes to support secure information exchange, access, sharing and usage.
  • Current organisational and healthcare policies that will impact Health Informatics.
  • Current NHS safety and quality reporting requirements and recommendations to support quality of care and patient safety.
  • How to promote a culture underpinned by the NHS Constitution that values quality and safety centred on the patient.
  • How to apply appropriate data/information/IT standards to support the delivery of a safe and secure health informatics service.
  • How to identify gaps in service delivery, process the results and discuss appropriate actions to address them.

Quality and audit

  • The purpose and structure of a clinical governance framework to unite a range of quality improvement activities to safeguard standards and facilitate improvements in clinical services.
  • The role of risk management in the delivery of a safe, high-quality service.
  • The principles of and need for quality and safety improvement in healthcare.
  • How care plans can be used to improve patient safety.
  • Safety and governance issues in the framework of case-based discussions.
  • The purpose, generation and review of clinical guidelines.
  • The benefits and limitations of guidelines and care pathways and plans.
  • Systems of quality assurance and clinical improvement in clinical and scientific work and training.
  • The audit and quality improvement process and how they relate to the improvement of clinical care in health informatics services and the wider healthcare environment.
  • Opportunities for improving the reliability of care following audit, adverse events, or ‘near misses’.
  • The importance of reporting, discussing and learning from all incidents and concerns related to patient safety.
  • Features of an effective clinical or organisational audit that leads to real and sustained changes in practice.
  • Certification and accreditation schemes.

Synthesising the relevance of standards and their use in healthcare

  • International and national standards for quality management, software deployment, medical devices and interoperable systems (e.g. ISO9001, ISO80001 family).
  • Discuss the implications of new rising standards around medical devices and other systems.
  • Awareness and understanding of IT standards to ensure interoperable systems (e.g. HL7).

Legislation and guidance

  • Legislation relating to medical devices, data security, network management, information storage, exchange and access, sharing and interoperability, plus associated guidance documents.
  • Implications of the legal requirements for clinical data storage and use, and non-compliance critical incident reporting.
  • Mechanisms required to maintain privacy, confidentiality, integrity and access for clinical data held electronically, as applied in healthcare.
  • The uses, value and risk for access to data/information in:
    • virtualisation and in cloud computing, including third party storage of clinical data;
    • mobile computing and applications (both between professionals and involving citizens);
    • integration with social media and other streamed data sources.

Technical and clinical skills

By the end of this module the Clinical Scientist in HSST will be able to demonstrate a critical understanding of quality, standards, legislation and guidance in their area of clinical practice. They will apply their knowledge in Health Informatics, performing and mastering the following technical and clinical skills and will be able to:


  • Initiate and co-lead a system of quality assurance and service improvement in a clinical and informatics setting.
  • Design, implement and evaluate a quality improvement/audit project and disseminate the findings, instigating changes in practice as necessary.
  • Critically reflect on the challenges of implementing, maintaining and improving services, building on a critique of an available evidence base.
  • Identify the need for, undertake and document a risk assessment, and implement the actions of a clinical scientifically lead procedure.
  • Evaluate personal learning with respect to quality and safety improvement and the role of audit as part of personal professional development, and be able to apply that for staff for whom they will have responsibility.
  • Ensure that staff and non-staff resources are assessed and deployed to obtain high-quality services while offering best value for money without clinical risk.
  • Lead discussions on improving technical clinical practice in a multiprofessional setting, defending and justifying proposals.
  • Actively participate and/or lead trust or directorate on data/information governance processes and meetings.
  • Evaluate the recommendations of an audit or health improvement project related to a patient safety issue, disseminate findings and introduce improvements into service.


  • Direct and/or manage a health informatics service to ensure compliance with local, national and internationally accepted guidelines, governance and legislation.
  • Create, implement and audit compliance with legislation within their own area of practice.
  • Critically review current hospital policies relevant to their own work area, identify gaps and contribute to the development of revised or new hospital policies.
  • Advise on the impact of implementation of legislation and guidance within an area of health informatics.
  • Critically evaluate how effectively legislation and guidance are implemented within the organisation; write a report and present and defend findings and recommendations.
  • Manage the reporting of non-compliance with legislation and investigation of incidents that breach statutory requirements, including actionable recommendations
  • Generate auditable records/reports of compliance with regulation and standards.
  • Advise on and analyse issues regarding data security, data sharing, data confidentiality and governance.


  • Analyse clinical data transfer processes currently in place or required for higher management and other agencies, including the appropriate use of anonymisation, pseudo- anonymisation, encryption and deletion tools where patient data are concerned, and report on compliance with legislation, standards and guidance.
  • Ensure compliance with the appropriate legislation in commissioning health informatics services and solutions.


  • Ensure health informatics services reflect the needs and preferences of patients, their families and carers as well as the public health requirements of the populations they serve.
  • Build links and collaborate widely with users of health informatics and shared technological services both internal and external.

In addition Clinical Scientists in HSST will be expected to reflect on the challenges of applying research to practice in relation to these areas of practice and suggest improvements, building on a critique of available evidence.

Attitudes and behaviours

This module has no attitude and behaviours information.


Code Title Action
HBI-1-3-20 Clinical Bioinformatics - Health Informatics [v1] View