HCISPP CBK Domains

The HCISPP examination domains and weights are:

Domains

Weight

1. Healthcare Industry

10%

2. Regulatory Environment

16%

3. Privacy and Security in Healthcare

26%

4. Information Governance and Risk Management

17%

5. Information Risk Assessment

16%

6. Third-Party Risk Management

15%

Total

100%


Healthcare Industry – Understand diversity of healthcare industry, types of technologies, flow of information, and levels of protection

  • Healthcare Environment
  • Third-Party Relationships
  • Health Data Management Concepts

Regulatory Environment – Entails identifying and understanding relevant legal and regulatory requirements and ensuring an organization’s policies and procedures are in compliance

  • Applicable Regulations
  • International Regulations and Controls
  • Internal Practices Compared to New Policies and Procedures
  • Compliance Frameworks
  • Risk-Based Decisions
  • Code of Conduct/Ethics

Privacy and Security in Healthcare – Basic understanding of security and privacy concepts and principles, and types of information to protect

  • Security Objectives/Attributes
  • Security Definitions/Concepts
  • Privacy Principles
  • Disparate Nature of Sensitive Data and Handling Implications

Information Governance and Risk Management – How organizations manage information risk through security and privacy governance, risk management lifecycles, and principle risk activities

  • Security and Privacy Governance
  • Risk Management Methodology
  • Information Risk Management Life Cycles
  • Risk Management Activities

Information Risk Assessment – Understand risk assessment concepts and identify and participate in risk assessment practices and procedures

  • Risk Assessment
  • Procedures from within Organization Risk Frameworks
  • Risk Assessment Consistent with Role in Organization
  • Efforts to Remediate Gaps

Third-Party Risk Management – Identify third parties based on use of information, help manage third-party relationships, and determine when additional security and privacy assurances are required

  • Definition of Third-Parties in Healthcare Context
  • Third-Party Management Standards and Practices
  • Third-Party Assessments and Audits
  • Security/Privacy Events
  • Third-Party Connectivity
  • Third-Party Requirements
  • Remediation Efforts

HCISPP candidates must have a minimum of two years of cumulative experience in one domain of the credential with the exception that one year of the cumulative experience must be in any combination of the first three domains in Healthcare (Healthcare Industry, Regulatory Environment in Healthcare, and Privacy and Security in Healthcare). The remaining one year of experience can be optionally in any of the remaining three HCISPP domains (Information Governance and Risk Management, Information Risk Assessment, and Third-Party Risk Management), and does not have to be related to the healthcare industry.

Download the Exam Outline for more information.

Logo HCISPP
HCISPP certification

Healthcare Webinars

Leveraging the Cloud for
Healthcare Security

Watch Now

SARS, MERS, Ebola Oh My!
The Privacy Impact of Disease Tracking in EHRs
Watch Now

 

Leading Practices in Securing EHRs
Watch Now 

  


 Top Reasons Why HCISPPs are in Demand 

HCISPP Hire White Paper Thumb

Click here to download