Updated on 14 February 2014
Available worldwide, the HCISPP credential is aimed at providing healthcare employers and those in the industry with validation that a healthcare security and privacy practitioner has the core level of knowledge and expertise required by the industry to address specific security concerns.
The HCISPP credential is based on direct feedback from the (ISC)2 membership and industry luminaries from around the world working in healthcare who observed the evolving complexity of information risk management in the industry as online system migration and regulations have increased. At the Forefront of Healthcare Security & Privacy To attain the HCISPP certification, applicants must have a minimum of two years of experience in one knowledge area of the credential that includes security, compliance, and privacy.
Legal experience may be substituted for privacy. One of the two years of experience must be in the healthcare industry. All candidates must be able to demonstrate competencies in each of the following domains:
Healthcare Industry: Understand diversity of healthcare industry, types of technologies, flow of information, and levels of protection.
Regulatory Environment: Identify and under- stand relevant legal and regulatory requirements and ensure organization's policies and procedures are in compliance.
Privacy and Security in Healthcare: Basic understanding of security and privacy concepts and principles, types of information to protect.
Information Governance and Risk Manage- ment: How organizations manage information risk through security and privacy governance, risk management lifecycles, principle risk activities likely to support.
Information Risk Assessment: Understand risk assessment concepts, identify and participate in risk assessment practices and procedures.
Third Party Risk Management Identify third parties based on use of information, help manage third party relationships, determine when additional secu- rity and privacy assurances are required.
The HCISPP credential is a demonstration of knowledge by security and privacy practitioners regarding the proper controls to protect the privacy and security of sensitive patient health information as well as their commitment to the healthcare privacy foundation.
It is a foundational credential that reflects internation- ally accepted standards of practice for healthcare infor- mation security and privacy. For executives accountable for protecting sensitive healthcare data, HCISPP demon- strates a proactive commitment to ensure that an organi- zation is making the necessary human resources invest- ment for information security.