Banner

HealthCare Information Security and Privacy Practitioner (HCISPP)

Live Classroom
Duration: 3 days
Live Virtual Classroom
Duration: 3 days
Pattern figure

Overview

The HealthCare Information Security and Privacy Practitioner (HCIPP) is targeted towards those with the core knowledge and experience needed to implement, manage or assess the appropriate security and privacy controls  of a healthcare organization. The certification speaks for the certification holder’s knowledge of best practices and techniques to protect organizations and sensitive data against emerging threats and breeches.

This training provides a comprehensive review of the knowledge required to implement, manage or assess the appropriate security and privacy controls of a healthcare organization. It covers the broad spectrum of topics included in the HCISPP Common Body of Knowledge (CBK) across the seven domains evaluated in the certification examination.

ISC2-partnerlogo

What You'll Learn

  • Understand healthcare environment components and third-party relationships
  • Explore foundational health data management concepts
  • Explore information governance frameworks
  • Identify information governance roles and responsibilities
  • Understand the impact of healthcare information technologies on privacy and security
  • Understand the data life cycle management
  • Identify regulatory requirements
  • Understand compliance frameworks
  • Understand security objectives and attributes, and general security definitions/concepts
  • Discover the relationship between privacy and security
  • Understand enterprise risk management and risk management process
  • Understand the role of third parties in the healthcare context

Curriculum

  • Understand the healthcare environment components
  • Understand third-party relationships
  • Understand foundational health data management concepts

  • Understand information governance frameworks
  • Identify information governance roles and responsibilities
  • Align information security and privacy policies, standards and procedures
  • Understand and comply with the Code of Conduct/Ethics in a healthcare information environment

    • Understand the impact of healthcare information technologies on privacy and security
    • Understand the Data Life Cycle Management
    • Understand third-party connectivity

    • Identify regulatory requirements
    • Recognize regulations and controls of various countries
    • Understand compliance frameworks

    • Understand security objectives/attributes
    • Understand general security definitions and concepts
    • Understand general privacy definitions and concepts
    • Understand the relationship between privacy and security
    • Understand sensitive data and handling

  • Understand enterprise risk management
  • Understand information risk management framework (RMF)
  • Understand risk management process
  • Identify control assessment procedures utilizing organization risk frameworks
  • Participate in risk assessment consistent with the role in organization
  • Understand risk response
  • Utilize controls to remediate risk
  • Participate in continuous monitoring
    • Understand the definition of third-parties in healthcare context
    • Maintain a list of third-party organizations
    • Apply management standards and practices for engaging third parties
    • Determine when a third-party assessment is required
    • Support third-party assessments and audits
    • Participate in third-party remediation efforts
    • Respond to notifications of security/privacy events
    • Respond to third-party requests regarding privacy/security events
    • Promote awareness of third-party requirements
    waves
    Ripple wave

    Prerequisites

    Participants must have a minimum of two years cumulative paid work experience in one or more knowledge areas of the HCISPP CBK that includes security, compliance and privacy. Legal

    experience may be substituted for compliance and information management experience may be substituted for privacy. Of the two years of experience, one of those years must be in the healthcare industry.

    If a participant does not have the required experience to become a HCISPP, they may become an Associate of (ISC)2 by successfully clearing the HCISPP examination. They will then have three years to earn the two years of required experience.

    Interested in this Course?

      Certification

      This course prepares the participants for the HCISPP examination. The details of the certification examination are as below –

      Duration of the examination 3 hours
      Number of questions 125
      Format of the questions Multiple choice questions
      Passing grade 700 out of 1000
      Exam availability English

       

      The examination evaluates the participant’s proficiency in seven specific domains. The weightage of these domains in the examination, are as below –

      Domain Weightage
      Healthcare industry 12%
      Information governance in healthcare 5%
      Information technologies in healthcare 8%
      Regulatory and standards environment 15%
      Privacy and security in healthcare 25%
      Risk management and risk assessment 20%
      Third party risk management 15%
      Total 100%

      Ready to recode your DNA for GenAI?
      Discover how Cognixia can help.

      Get in Touch
      Pattern figure
      Ripple wave