Insurance fraud. Identity theft. Financial fraud. These are just a few of the risks associated with storing personal healthcare information online. Healthcare organizations hold some of the most private and sensitive information, and if it were to be comprised, a breach of this data could have serious repercussions for individuals and organizations alike.

To address the need for qualified healthcare IT professionals, the International Information Systems Security Certification Consortium, Inc., (ISC)2 , has launched a new certification, the HealthCare Information Security and Privacy Practitioner (HCISPP).

The global, not-for-profit leader in educating and certifying information security professionals, the (ISC)HCISSP is the first foundational global standard for assessing information security expertise within the healthcare industry. The credential, now available worldwide, is a demonstration of knowledge by security and privacy practitioners regarding the proper controls to protect the privacy and security of sensitive patient health information as well as their commitment to the healthcare privacy profession.

The certification is aimed at practitioners who are responsible for safeguarding their organizations and sensitive patient data known as Protected Health Information (PHI) against emerging threats and breaches. This would include people in roles such as Medical Records Supervisor, Information Technology Manager, Privacy & Security Consultant, and Compliance Officer.

This is not an entry-level certification. To attain the HCISPP credential, applicants must have a minimum of two years of experience in one knowledge area of the credential that includes security, compliance and privacy. Legal experience may be substituted for compliance and information management experience may be substituted for privacy. One of the two years of experience must be in the healthcare industry. All candidates must be able to demonstrate competencies in each of the following six common body of knowledge (CBK) domains in order to achieve HCISPP:

  • Healthcare Industry
  • Regulatory Environment
  • Privacy and Security in Healthcare
  • Information Governance and Risk Management
  • Information Risk Assessment
  • Third Party Risk Management

The exam for the certification is available worldwide. Educational materials are currently being developed and will be ready in early 2014. The exam outline provides a self-study aid. It contains an overview of each domain and a list of key knowledge areas in each of the domains, as well as a list of references to aid candidates in studying the domains in depth.

Candidates may find more information about HCISPP, download the exam outline, and register for the exam at

Leave a Reply