(913) 396-8321

Privacy and Breach Management

The Business Challenge

The role of the Privacy Officer continues to grow in importance. Over time we have seen the Privacy Officer take on additional responsibilities as health care organizations face increasing challenges.

When there is a complaint or potential breach that compromises the security or privacy of protected health information, the privacy officer's day to day job duties are immediately reprioritized to the time-consuming task of investigation, triage, documentation, and complying with the Breach Notification Rule. The cost of a healthcare data breach is about $380 per individual patient record, according to the Ponemon Institute's 2017 Cost of Data Breach Study: Global Overview. The time it takes to process and recover from a large breach can be overwhelming to most healthcare organizations.

As healthcare moves to a patient-centric consumer model, healthcare must plan for an increase in privacy concerns and complaints. These complaints must be handled timely, and with the level of "care" for every individual that extends the promise of patient care beyond the physician encounter.

Icon Building strong relationships with the workforce, business associates, customers, and "friends" while ensuring that the right people have the right access to the right resources at the right time is more important than ever due to the continual rise in cybersecurity threats, smart technology, and social media.

Today, the privacy officer needs to understand security safeguards. You can't have privacy without security!

The tw-Security Solution

tw-Security offers experienced, certified privacy professionals to support your privacy program to preserve the overall confidentiality of protected health information (PHI).

Our privacy professionals can support the ongoing activities related to the development, implementation, maintenance, and adherence to the organization's policies and procedures covering the privacy, access, and patient health information in compliance with federal and state laws.

Customized to accommodate diverse organizations, from a large academic medical center to a start-up business associate, the flexible offering includes Virtual Privacy Officer (VPO), and disciplined recurring support - aimed at developing, maintaining, or advancing the privacy program. This service provides ongoing documented efforts supporting your "Book of Evidence."

We quickly assess your current capabilities and resources and assist in the development of a plan for ongoing management activities and projects. We monitor your program and if desired, we provide hands-on support working behind the scenes on remediation tasks as an extension of your workforce.

Our virtual service is a cost-effective solution to having responsive access to experienced, certified privacy and security professionals when you need us.
We also offer On Demand support intended to address one-time support issues or help as needed inclusive of emergency virtual privacy and security certified professionals.

Privacy Program Support Services

Serving as a consultant, we follow your direction to improve and maintain your privacy and breach notification programs. We provide guidance to keep your programs moving forward and aid ongoing compliance efforts. Our Virtual Privacy Officer (VPO) service provides accountability to the corporate compliance committee and executive management in alignment with strategic compliance initiatives. In addition, we document ongoing compliance efforts and track remediation efforts to support your "Book of Evidence."

Core to our services is providing knowledge to stay abreast of changes that impact your privacy program.

Our privacy services include:

  • Virtual Privacy Officer / Interim Privacy Officer
  • Privacy and Breach compliance program development and / or review
  • Policy and procedure development (privacy, security, breach)
  • HIPAA educational presentations (with assessment of learning and tracking log)
  • Business Associate Agreement and vetting of compliance levels
  • Breach Response planning
  • Breach Management consulting review and support
  • Office for Civil Rights (OCR) audit preparation
  • General Data Protection Regulation (GDPR) compliance support
Introducing tw-Security Privacy Experts

Joe D. Gillespie, MHS, RHIA, CHPS
Senior Privacy/Security Consultant

  • Over 40 years of patient privacy experience; 20 years' experience with HIPAA Security; Certified in Healthcare Privacy and Security (CHPS) through the American Health Information Management Association (AHIMA)
  • Recently retired as the Associate Director/Information Management, Watkins Health Services, served as the HIPAA Privacy and Security Compliance Officer for the facility and HIPAA Privacy Official for the University of Kansas in Lawrence, KS (the main campus)
  • Experienced consultant providing HIPAA Privacy assessments, OCR audit preparation, and Health Information Management (HIM) contract management in hospitals
  • Active member in AHIMA at the national and local level since 1974
  • Clinical Assistant Professor at Kansas University Medical Center and Professor, Honors Program, University of Kansas, Lawrence Campus; Former adjunct professor at Johnson County Community College, Overland Park, KS in the Health Information Technology program

Senior Privacy/Security Consultant

  • Nationally recognized industry expert, speaker, and author with over 35 years of health information management (HIM) and HIPAA compliance experience in leadership and staff positions with broad knowledge of a diverse healthcare organizational landscape
  • Certified in both health information management (RHIA) and healthcare privacy and security (CHPS) by the American Health Information Management Association (AHIMA). She is a Certified Healthcare Documentation Specialist (CHDS), and a Fellow in the Association for Healthcare Documentation Integrity (AHDI)
  • Held the role of privacy officer for nationally based organizations for over the past 10 years
  • Former - Chief Privacy Officer/Senior Manager for Just Associates, Inc., five years, responsible for leading the workforce in delivering HIM project work (4 Supervisors, and workforce of 60+ individuals), HIPAA compliance program development and implementation. Lead and provided HIPAA privacy and security tactical and strategic consulting services; OCR audit preparation, policies and procedures, breach management consulting review and support, and privacy officer liaison
  • Currently serving on the Privacy and Security Council for AHIMA, past member of AHDI's National Board of Directors 2006-2014 and past President 2009 - 2010 (15,000 members worldwide)
  • Author of numerous articles for publications such as For the Record, Advance, Plexus and the Journal of AHIMA. Author of AHDI HIPAA Compliance Guide and Quick Reference 2014 and 2nd edition - 2017, AHIMA Breach Management Toolkit - 2014, contributing Author: HIMSS 2013 Book, Implementing Information Security in Healthcare


Latest News