Top of Page

(ISC)² Refreshes its Healthcare Security Certification Exam

Updates to HealthCare Information Security and Privacy Practitioner (HCISPP) exam reflect the changing landscape of healthcare security best practices

Clearwater, FL, September 9, 2019 – (ISC)² – the world’s largest nonprofit membership association of certified cybersecurity professionals – announced domain refreshes to its HCISPP certification exam, which took effect on September 1, 2019. This is the first update that has been made to the HCISPP exam since its introduction in 2013, and the enhancements are the result of a rigorous, methodical process that (ISC)² follows to routinely update its credential exams. The details of these changes are outlined in a HCISPP Domain Refresh FAQ on the association’s website. The changes follow a recent update to the CCSP exam for cloud security professionals made last month.

“Regular assessments of our certification exams help to ensure that each exam covers topics that are pertinent to the current roles and responsibilities of our certification holders in today’s evolving cybersecurity landscape,” said Casey Marks, chief product officer and vice president, (ISC)². “As organizations increasingly focus on protecting patient health information and navigating a complex regulatory environment, new skills are now required of HCISPP holders. These changes in healthcare cybersecurity have been factored into the knowledge base we’re testing during our exam process.”

As consumer data privacy laws like the California Consumer Privacy Act (CCPA) begin to take effect, the HCISPP is the only certification that combines cybersecurity skills with privacy best practices and techniques. It demonstrates that the holder has the knowledge and ability to implement, manage and assess security and privacy controls to protect healthcare organizations and it asserts a strong foundation in healthcare risk, security and privacy, and an understanding of important healthcare regulations like the Health Insurance Portability and Accountability Act (HIPAA).

The foundational elements of the HCISPP exam remain, however the domain names and weights have been refined, and a seventh domain – or core disciplinary areas of focus – has been added. The exam will have the same number of items, and the time required to take the exam will be the same. The result is an exam that most accurately reflects the deep knowledge and hands-on experience required of the healthcare industry, including its governance, regulation and standards. The content aligns with the Common Body of Knowledge (CBK®), which is a comprehensive framework of all the relevant subjects a security professional should be familiar with, including skills, techniques and best practices.

The HCISPP Certification Exam Outline can be viewed here: An updated Official (ISC)² HCISPP Training Course will be available starting on November 1, 2019.

About (ISC)²
Celebrating its 30th anniversary this year, (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, pragmatic approach to security. Our membership, more than 140,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education™. For more information on (ISC)², visit, follow us on Twitter or connect with us on Facebook and LinkedIn.

# # #

© 2019, (ISC)² Inc., (ISC)², CISSP, SSCP, CCSP, CAP, CSSLP, HCISPP, CCFP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP and CBK are registered marks, of (ISC)², Inc.

Media Contact:
Brian Alberti
Corporate Public Relations Manager
(617) 510-1540