Overview
The HealthCare Information Security and Privacy Practitioner (HCIPP) is targeted towards those with the core knowledge and experience needed to implement, manage or assess the appropriate security and privacy controls of a healthcare organization. The certification speaks for the certification holder’s knowledge of best practices and techniques to protect organizations and sensitive data against emerging threats and breeches.
This training provides a comprehensive review of the knowledge required to implement, manage or assess the appropriate security and privacy controls of a healthcare organization. It covers the broad spectrum of topics included in the HCISPP Common Body of Knowledge (CBK) across the seven domains evaluated in the certification examination.
What You'll Learn
- Understand healthcare environment components and third-party relationships
- Explore foundational health data management concepts
- Explore information governance frameworks
- Identify information governance roles and responsibilities
- Understand the impact of healthcare information technologies on privacy and security
- Understand the data life cycle management
- Identify regulatory requirements
- Understand compliance frameworks
- Understand security objectives and attributes, and general security definitions/concepts
- Discover the relationship between privacy and security
- Understand enterprise risk management and risk management process
- Understand the role of third parties in the healthcare context
Curriculum
- Understand the healthcare environment components
- Understand third-party relationships
- Understand foundational health data management concepts
- Understand information governance frameworks
- Identify information governance roles and responsibilities
- Align information security and privacy policies, standards and procedures
- Understand and comply with the Code of Conduct/Ethics in a healthcare information environment
- Understand the impact of healthcare information technologies on privacy and security
- Understand the Data Life Cycle Management
- Understand third-party connectivity
- Identify regulatory requirements
- Recognize regulations and controls of various countries
- Understand compliance frameworks
- Understand security objectives/attributes
- Understand general security definitions and concepts
- Understand general privacy definitions and concepts
- Understand the relationship between privacy and security
- Understand sensitive data and handling
- Understand the definition of third-parties in healthcare context
- Maintain a list of third-party organizations
- Apply management standards and practices for engaging third parties
- Determine when a third-party assessment is required
- Support third-party assessments and audits
- Participate in third-party remediation efforts
- Respond to notifications of security/privacy events
- Respond to third-party requests regarding privacy/security events
- Promote awareness of third-party requirements
Prerequisites
Participants must have a minimum of two years cumulative paid work experience in one or more knowledge areas of the HCISPP CBK that includes security, compliance and privacy. Legal
experience may be substituted for compliance and information management experience may be substituted for privacy. Of the two years of experience, one of those years must be in the healthcare industry.
If a participant does not have the required experience to become a HCISPP, they may become an Associate of (ISC)2 by successfully clearing the HCISPP examination. They will then have three years to earn the two years of required experience.
Interested in this Course?
Certification
This course prepares the participants for the HCISPP examination. The details of the certification examination are as below –
| Duration of the examination | 3 hours |
| Number of questions | 125 |
| Format of the questions | Multiple choice questions |
| Passing grade | 700 out of 1000 |
| Exam availability | English |
The examination evaluates the participant’s proficiency in seven specific domains. The weightage of these domains in the examination, are as below –
| Domain | Weightage |
| Healthcare industry | 12% |
| Information governance in healthcare | 5% |
| Information technologies in healthcare | 8% |
| Regulatory and standards environment | 15% |
| Privacy and security in healthcare | 25% |
| Risk management and risk assessment | 20% |
| Third party risk management | 15% |
| Total | 100% |
