With cybersecurity becoming more of a priority in healthcare, a leader discusses what she's doing to improve it.
Jenn Behrens (She/Her/Hers), PhD, is partner and executive vice president of privacy and security at Kuma.
Dr. Behrens will serve on the panel "Big Focus for Cybersecurity Teams in 2023 and Beyond" at Becker's 7th Annual Health IT + Digital Health + RCM Annual Meeting: The Future of Business and Clinical Technologies. As part of an ongoing series, Becker's is talking to healthcare leaders who plan to speak at the conference, which will take place Oct. 4-7 in Chicago.
To learn more and register, click here.
Question: What are you most excited about right now?
Dr. Jenn Behrens: Privacy and security in healthcare is becoming more approachable for organizations of all sizes. Maintaining privacy and security used to be something really expensive or significantly impacted a business. For example, encryption technology was costly, took a long time, and slowed down other programs significantly while processing. Today, better tech is available, and it's more affordable to obtain. We're moving into an era when organizations of any size can approach meaningful privacy and security through different technologies and approaches to services (like using a virtual CISO rather than paying a full-time salary for one in-house). It is now possible to bring digital health solutions and applications to a stronger privacy and security position without compromising business profitability. Business and security/privacy can now win together — it's not one or the other.
Q: What challenges do you anticipate over the next two years?
JB: There is and will continue to be a growing need for application security and privacy. In the wake of the pandemic, many digital health and health IT platforms that aren't governed by HIPAA were created. Still, with rising state and government regulations, they will have to rework that to meet compliance standards and remain appealing to users. Consent management and privacy, with their many nuances, will be a huge part of this; everybody's talking about it, but nobody's got it figured out yet. Digital health applications are increasingly created for patients as consumers to access through their phones and tablets, and evolving how consent is managed will be necessary and fascinating over the next few years.
Q: Where are the best opportunities for disruption in healthcare today?
JB: The interaction of AI and data science with data harnessed by digital health solutions/applications is rapidly evolving to shake up the traditional healthcare machine, and the way we deal with this in terms of privacy and security will need to be something completely fresh. The technologies and use cases are going to start exploding in utilization and application, and we will need to figure out how to balance the business rationale for using them with the security of our systems and privacy preferences and rights afforded to and legislated for patients and consumers. This is completely new territory, filled with layers of nuance as all privacy and security landscapes are, and there will be increasing opportunities for those who are innovative and practical to craft creative solutions.
Q: How is your role as a CIO evolving? How are IT teams changing?
JB: Although my role is not CIO, the biggest evolution I see in all roles like this is that they are not so siloed away from other lines of business. No longer cloistered in a dark back room full of computers, IT and privacy/security teams are increasingly collaborating with other lines of business to ensure the maturation and saturation of a culture of privacy and security while continuing to implement privacy and security controls. Businesses are learning that increased communication and openness between departments helps everyone. IT and privacy/security teams are learning more about what drives the people in other parts of the enterprise, and those people in other departments are learning more about how privacy and security touch on their line of work and where and how they play a role in the privacy and security of the company. Everybody wins by adopting a collaborative approach to teaching and learning more on both sides. It's really exciting to see this happening.