HIMSS privacy lead: When working in healthcare security, 'be like a sponge'

As threats quickly change in healthcare, those looking to a career in privacy and security in the industry should "be like a sponge," says Lee Kim, director of privacy and security at the Healthcare Information and Management Systems Society.

Kim, in an interview with HealthcareInfoSecurity.com, said that we've passed the juncture where super experts are needed for specific one-off areas. "[W]e need to be flexible to address those threats and stay ahead of them."

Kim, before becoming a member of HIMSS, practiced law in the areas of healthcare technology, intellectual property and privacy and security.

When it comes to the biggest threats to security, Kim says providers have to look both inside and outside the organization. However, there is no immunization against such threats, she adds, though larger organizations may have more resources and funds to help fight against security breaches.

Smaller practices may want to consider hiring a consultant to do regular risk assessments and reviews and offer up a plan to manage risks, she says.

"The more holistic you can get in terms of your computer security the better," Kim says.

The need for proper security and privacy solutions is growing as more breaches of healthcare providers occur. The biggest one to date includes a breach of Community Health Systems, which exposes the data for 4.5 million patients' data and could cost CHS between $75 million and $150 million. 

Mac McMillan, chair of the HIMSS privacy and security task force, recently told FierceHealthIT that he thinks too many entities in healthcare are concerned with HIPAA compliance rather than trying to be secure.

"Compliance and security are two different animals," McMillan said. "You can have a totally compliant program and still have vulnerabilities."

To learn more:
- listen to Kim's interview