Healthcare Security & Privacy






It all started in 2003…


when Tom Walsh founded Tom Walsh Consulting, LLC.


His goal was to build a healthcare IT security and privacy consulting firm founded on the Certified Information Systems Security Professional (CISSP) Code of Ethics. The Code commits the professional to “Act honorably, honestly, justly, responsibly, and legally.”


Known for his energetic style, Tom conducted multiple HIPAA programs – remember T.E.A? Training, Education, and Awareness. He became well known as a public speaker throughout the state of Kansas and nationally, spreading the “HIPAA mission”. “One of my greatest honors occurred when HIMSS asked me to be one of the “Views from the Top” speakers at the 2003 HIMSS Annual conference”.


HIMSS: What advice would you give professionals just entering the healthcare or IT field?


Walsh: “People, process, and technology – in that order.” I got this from the IT Infrastructure Library (ITIL). But it is the mantra I use when advising clients. Security and privacy are important, but the primary mission is the care of patients. IT needs to support the mission by making it easier for caregivers to do their job rather than constructing barriers. Just remember—if your loved one is in a hospital bed in critical condition, waiting for the lab results or the orders of a specialist – security and privacy become a lower priority.


Anyone who is new in healthcare IT needs to spend at least a half-day just observing what goes on in the clinical care areas. It will change his or her perspective on their job in IT. It will give them a bigger picture. As the old saying goes, “Are you laying bricks, or building a cathedral?”


Another primary goal in building his business: to provide cost-effective solutions using proven methodologies and tools that prioritize real-world risks. Customers saw the benefits of this approach, and the business grew rapidly through word-of-mouth referrals.


In 2013 the firm was restructured as tw-Security, LLC. tw-Security is dedicated solely to helping healthcare organizations (covered entities and business associates) protect their information resources. Today, tw-Security enjoys a reputation for providing affordable, deliverable-oriented services that equal those of much larger consulting firms. In response to a growing demand for his services, Tom has recruited a team of former Chief Information Security Officers (CISOs) and Privacy Officers. A qualifying criterion was large healthcare system expertise and an understanding of how to scale solutions for small hospitals.  Consultants who join the tw-Security team share his commitment to quality and customer service. The team is sought after for its expert perspective on current cybersecurity, data privacy, and compliance trends and issues by industry organizations and the media.