HCISPP CBK Domains

The HCISPP examination domains and weights are:

Domains

Weight

1. Healthcare Industry

10%

2. Regulatory Environment

16%

3. Privacy and Security in Healthcare

26%

4. Information Governance and Risk Management

17%

5. Information Risk Assessment

16%

6. Third-Party Risk Management

15%

Total

100%


Healthcare Industry – Understand diversity of healthcare industry, types of technologies, flow of information, and levels of protection

  • Healthcare Environment
  • Third-Party Relationships
  • Health Data Management Concepts

Regulatory Environment – Entails identifying and understanding relevant legal and regulatory requirements and ensuring an organization’s policies and procedures are in compliance

  • Applicable Regulations
  • International Regulations and Controls
  • Internal Practices Compared to New Policies and Procedures
  • Compliance Frameworks
  • Risk-Based Decisions
  • Code of Conduct/Ethics

Privacy and Security in Healthcare – Basic understanding of security and privacy concepts and principles, and types of information to protect

  • Security Objectives/Attributes
  • Security Definitions/Concepts
  • Privacy Principles
  • Disparate Nature of Sensitive Data and Handling Implications

Information Governance and Risk Management – How organizations manage information risk through security and privacy governance, risk management lifecycles, and principle risk activities

  • Security and Privacy Governance
  • Risk Management Methodology
  • Information Risk Management Life Cycles
  • Risk Management Activities

Information Risk Assessment – Understand risk assessment concepts and identify and participate in risk assessment practices and procedures

  • Risk Assessment
  • Procedures from within Organization Risk Frameworks
  • Risk Assessment Consistent with Role in Organization
  • Efforts to Remediate Gaps

Third-Party Risk Management – Identify third parties based on use of information, help manage third-party relationships, and determine when additional security and privacy assurances are required

  • Definition of Third-Parties in Healthcare Context
  • Third-Party Management Standards and Practices
  • Third-Party Assessments and Audits
  • Security/Privacy Events
  • Third-Party Connectivity
  • Third-Party Requirements
  • Remediation Efforts

Download the Exam Outline for more information.

Logo HCISPP
HCISPP certification

Healthcare Webinars

Leveraging the Cloud for
Healthcare Security

Watch Now

SARS, MERS, Ebola Oh My!
The Privacy Impact of Disease Tracking in EHRs
Watch Now

 

Leading Practices in Securing EHRs
Watch Now 

  


 Top Reasons Why HCISPPs are in Demand 

HCISPP Hire White Paper Thumb

Click here to download