Healthcare's Biggest Security ThreatsNew HIMSS Security, Privacy Leader Discusses Challenges
"With the proliferation of mobile devices, such as smart phones, laptops and tablets, and the use of outsourcing, information and applications on the cloud, and the addition of connected devices and systems, obviously organizations have a lot to wrap their arms around in terms of where their information is," says Kim, who recently joined the leadership team at the Healthcare Information and Management Systems Society.
"That's a foundational consideration in terms of understanding how to keep your information both private and secure and compliant with various regulations, including HIPAA," she notes.
Many healthcare organizations also need to ramp up their breach detection efforts, she says. "Organizations unfortunately don't always know they might have had a security incident," she says.
Better breach detection opens the door to identifying a security vulnerability that needs to be addressed, she notes.
And when it comes to breaches, insider threats are a growing concern, she says. "Unfortunately ... there are increasingly sophisticated means for getting access to information," she says.
Some organizations are not prepared to comply with the HIPAA Omnibus Rule and other regulations because of "a lack of organizational culture in terms of promoting security and privacy measures," she says. For example, they may offer insufficient workforce training on the importance of following best practices, she notes.
In the interview, Kim also discusses:
- Suggestions for healthcare entities to overcome various privacy and security challenges, including HIPAA Omnibus compliance;
- The changes likely to occur after the Sept. 23 enforcement date for HIPAA Omnibus;
- Her priorities in her post at HIMSS.
An attorney, Kim has more than 13 years of professional experience in information technology, healthcare technology and intellectual property and technology law. Most recently, she practiced law in the areas of IT, healthcare technology, intellectual property, and privacy and security law. She also previously worked in the healthcare technology field. She is a licensed attorney in the District of Columbia and Pennsylvania and is admitted to practice before the Federal Circuit and the United States Patent and Trademark Office as a registered patent attorney.