HCISPP Experience Requirements
Candidates must have a minimum of two years cumulative paid work experience in one or more knowledge areas of the HCISPP CBK that includes security, compliance and privacy. Legal experience may be substituted for compliance and information management experience may be substituted for privacy. Of the two years of experience, one of those years must be in the healthcare industry.
A candidate who doesn’t have the required experience to become a HCISPP may become an Associate of ISC2 by successfully passing the HCISPP examination. The Associate of ISC2 will then have three years to earn the two years required experience.
Part-time work and internships may also count towards your experience.
Valid experience includes information systems security-related work performed for a healthcare organization or work that requires healthcare security and privacy controls and involves direct application of that knowledge. Experience must fall within one or more of the seven domains of the ISC2 HCISPP CBK:
- Domain 1. Healthcare Industry
- Domain 2. Information Governance in Healthcare
- Domain 3. Information Technologies in Healthcare
- Domain 4. Regulatory and Standards Environment
- Domain 5. Privacy and Security in Healthcare
- Domain 6. Risk Management and Risk Assessment
- Domain 7. Third-Party Risk Management
Full-Time Experience: Your work experience is accrued monthly. Thus, you must have worked a minimum of 35 hours/week for four weeks in order to accrue one month of work experience
Part-Time Experience: Your part-time experience cannot be less than 20 hours a week and no more than 34 hours a week.
- 1040 hours of part-time = 6 months of full time experience
- 2080 hours of part-time = 12 months of full time experience
Internship: Paid or unpaid internship is acceptable. You will need documentation on company/organization letterhead confirming your position as an intern. If you are interning at a school, the document can be on the registrar’s stationery.