HCISPP Certified Healthcare Information and Privacy Practitioner

View cart
HCISPP Certified Healthcare Information and Privacy Practitioner

Healthcare Info Security and Privacy Practitioner (HCISSP) Training – ISC2

Credential to be awarded: Certificate of Completion

Total Hours:  40

ALL Included: Fees, Itemized: Course book $66; Optional ISC2 Certification Voucher $349

Total tuition & fees: $5500


Course Description

This certification preparation program Healthcare Information Security and Privacy Practitioner (HCISPP) program is open to individuals involved in the process of implementing, managing, or assessing security and privacy controls that address the unique data protection needs of healthcare information. HCISPPs are the practitioners whose foundational knowledge and experience unite healthcare information security and privacy best practices and techniques under one credential to protect organizations and sensitive patient data against emerging threats and breaches. HCISPPs are instrumental to a variety of employers, including: hospitals, health centers and clinics, group medical practices, claims processors and regulatory agencies.


Day 1: Healthcare Industry 

  • Topic A: Understand the Healthcare Environment
  • Topic B: Understand Third-Party Relationships
  • Topic C: Understand Foundational Health Data Management Concepts

Day 2: Regulatory Environment 

  • Topic A: Identify Applicable Regulations
  • Topic B: Understand International Regulations and Controls
  • Topic C: Compare Internal Practices Against New Policies and Procedures
  • Topic D: Understand Compliance Frameworks (e.g., ISO, NIST, Common Criteria, IG Toolkit, Generally Accepted Privacy Principles [GAPP])
  • Topic E: Understand Responses for Risk-Based Decision
  • Topic F: Understand and Comply with Code of Conduct/Ethics in a Healthcare Information Environment

Day 3: Privacy and Security in Healthcare 

  • Topic A: Understand Security Objectives/Attributes
  • Topic B: Understand General Security Definitions/Concepts
  • Topic C: Understand General Privacy Principles (e.g., OECD Privacy Principles, GAPP, PIPEDA, UK Data Protection Act 1998)
  • Topic D: Understand the Relationship Between Privacy and Security
  • Topic E: Understand the Disparate Nature of Sensitive Data and Handling Implications

Day 4: Information Governance and Risk Management, and Information Risk Assessment 

  • Topic A: Understand Security and Privacy Governance
  • Topic B: Understand Basic Risk Management Methodology
  • Topic C: Understand Information Risk Management Life Cycles (e.g., NIST, CMS, ISO)
  • Topic D: Participate in Risk Management Activities
  • Topic E: Understand Risk Assessment
  • Topic F: Identify Control Assessment Procedures from Within Organization Risk Frameworks
  • Topic G: Participate in Risk Assessment Consistent with Role in Organization
  • Topic H: Participate in Efforts to Remediate Gaps

Day 5: Third Party Risk Management

  •  Topic A: Understand the Definition of Third Parties in Healthcare Context
  • Topic B: Maintain a List of Third-Party Organizations
  • Topic C: Apply Third-Party Management Standards and Practices for Engaging Third Parties Based Upon the Relationship with the Organization
  • Topic D: Determine When Third-Party Assessment Is Required
  • Topic E: Support Third-Party Assessments and Audits
  • Topic F: Respond to Notifications of Security/Privacy Events
  • Topic G: Support Establishment of Third-Party Connectivity
  • Topic H: Promote Awareness of the Third-Party Requirements (internally and externally)
  • Topic I: Participate in Remediation Efforts
  • Topic J: Respond to Third-Party Requests Regarding Privacy/Security Events


Recommendations and Prerequisites

OrganizationCertification Recommendations/
HCISPP Certification candidates must have a minimum of two years of cumulative paid full-time work experience in one domain of the credential with the exception that one year of the cumulative experience must be in any combination of the first three domains in Healthcare (Healthcare Industry, Regulatory Environment, and Privacy and Security in Healthcare). The remaining one year of experience can be optionally in any of the remaining three HCISPP domains (Information Governance and Risk Management, Information Risk Assessment, and Third-Party Risk Management), and does not have to be related to the healthcare industry.

If students don’t have the required work experience they may still sit for the exam and become an Associate of (ISC)² once successfully passing the HCISPP exam. Associate of (ISC)² students will then be able to become HCISPP certified once the required work experience has been completed.

OrganizationCertification Exam Requirements
To be certified, students must complete the certification exam with a minimum passing grade of 700 or higher on a scale of 1000 in the allotted 3-hour timeframe on the 125 question exam. Once students are notified that they have successfully passed the examination, students will be required to subscribe to the (ISC)² Code of Ethics and have their application endorsed before the credential can be awarded. An endorsement form for this purpose must be completed and signed by an (ISC)² certified professional who is an active member, and who is able to attest to their professional experience.


Course Features

  • Lectures 0
  • Quizzes 0
  • Duration 40 hours
  • Skill level All levels
  • Language English
  • Students 10
  • Assessments Self
Curriculum is empty
View cart