(ISC)²® introduces Healthcare security and privacy certification

(ISC)² establishes global standard of competency for healthcare information security and privacy practitioners.

  • Wednesday, 6th November 2013 Posted 11 years ago in by Phil Alsop

(ISC)²® (“ISC-squared”) has launched a new certification, the HealthCare Information Security and Privacy Practitioner (HCISPPSM), the first foundational global standard for assessing both information security and privacy expertise within the healthcare industry. The credential, available worldwide beginning today, is designed to provide healthcare employers and those in the industry with validation that a healthcare security and privacy practitioner has the core level of knowledge and expertise required by the industry to address specific security concerns.


As with all its credentials, (ISC)² conducted a job task analysis (JTA) study to determine the scope and content of the HCISPP credential programme. Subject matter experts from the (ISC)² membership and other industry luminaires from organisations in Europe, Hong Kong, and the United States attended several exam development workshops and contributed to develop the Common Body of Knowledge (CBK®) that serves as the foundation for the credential.


The HCISPP is a demonstration of knowledge by security and privacy practitioners regarding the proper controls to protect the privacy and security of sensitive patient health information as well as their commitment to the healthcare privacy profession. It is a foundational credential that reflects internationally accepted standards of practice for healthcare information security and privacy. For executives accountable for protecting sensitive healthcare data, HCISPP demonstrates a proactive commitment to ensuring an organisation is making the necessary human resources investment in information security.


To attain the HCISPP, applicants must have a minimum of two years of experience in one knowledge area of the credential that includes security, compliance and privacy. Legal experience may be substituted for compliance and information management experience may be substituted for privacy. One of the two years of experience must be in the healthcare industry. All candidates must be able to demonstrate competencies in each of the following six CBK domains in order to achieve HCISPP:
· Healthcare Industry
· Regulatory Environment
· Privacy and Security in Healthcare
· Information Governance and Risk Management
· Information Risk Assessment
· Third Party Risk Management


“The HCISPP credential was developed based on direct feedback from our membership and industry luminaries from around the world working in healthcare who have observed the evolving complexity of information risk management in the industry as online system migration and regulations increase,” said W. Hord Tipton, CISSP, executive director of (ISC)². “Over the past few years, the healthcare industry has undergone a major transformation to adjust its compliance management practices and data protection requirements – moving from highly paper-based processes to a digital and more connected working environment. (ISC)² has introduced this new healthcare credential to help employers bring more qualified and skilled professionals into this industry who can help protect vital patient records and personal data.”


The HCISPP provides multiple benefits to healthcare security and privacy practitioners and the organisations that employ them. For practitioners, HCISPP helps them to:
· Validate their experience, skills, and competency as a healthcare security and privacy practitioner.
· Demonstrate the qualifications to implement, manage, and/or assess the appropriate security and privacy controls for healthcare organisations.
· Advance their career with a certification that establishes foundational knowledge and competency in health information security and privacy best practices.
· Enhance their credibility as a healthcare information security and privacy practitioner with a credential backed by (ISC)², the globally recognised Gold Standard in information security certification.
· Affirm your commitment to continued competence in the most current security and privacy practices through (ISC)² continuing professional education (CPE) requirement.


For organisations, HCISPP offers to:
· Provides reinforced defense with qualified, experienced, and credentialed healthcare information security and privacy practitioners.
· Demonstrate the organisation's proactive commitment to minimising the risk of breaches.
· Increase confidence that job candidates and employees can do the job right.
· Mitigate risk by exchanging Protected Health Information (PHI) with 3rd parties that employ HCISPPs.
· Increase credibility of the organisation when working with clients and vendors.
· Ensure privacy and security personnel are current and capable through HCISPP’s CPE credits requirement.
· Provide an added level of ethical adherence for their healthcare security and privacy practitioners.


“Within the NHS, Information Governance is the responsibility of every employee. The HCISPP encourages the appreciation of information governance as the healthcare sector across Europe strives towards a digital environment,” said Tim Wilson, CISSP, CITP FBCS, an NHS IT director. “In the UK alone, the current drive towards electronic patient records and eventually a paperless NHS makes it critical for professionals to have the skills and knowledge to grasp the intricacies and best practices of ensuring the security and privacy of healthcare patients. This initiative goes to the very heart of what we must ensure in health and social care anywhere – the provision of reliable information, public trust in the system and our ability to continuously use what we learn during the course of our day-to-day work for the benefit of everyone.”


“Recent trends towards stronger enforcement of security regulations have begun to change the healthcare industry’s perception of information security,” said Dr. Bryan Cline, CISSP-ISSEP, CISO and VP, CSF Development & Implementation, HITRUST. “There is a growing need in the industry for qualified professionals to help mature the current state of healthcare information security and improve regulatory compliance. (ISC)²'s HCISPP will help organisations streamline their hiring process by ensuring prospective candidates have a basic level of knowledge about the healthcare industry, the security and privacy concerns specific to healthcare, and the general risk management principles and concepts required of a healthcare information protection professional.”


"(ISC)² thanks HITRUST for its assistance in the development of the HCISPP credential,” said W. Hord Tipton. "(ISC)² recognises HITRUST’s commitment in the field of healthcare information security, and appreciates its guidance and support. HITRUST is an important voice in the healthcare information security field, and a key ally in the advancement of our healthcare credential. As both parties work in good faith toward the goals of our MOU, (ISC)² looks forward to future ventures with their organisation.”