The HCISPP examination domains and weights are:



1. Healthcare Industry


2. Regulatory Environment


3. Privacy and Security in Healthcare


4. Information Governance and Risk Management


5. Information Risk Assessment


6. Third-Party Risk Management




Healthcare Industry – Understand diversity of healthcare industry, types of technologies, flow of information, and levels of protection

  • Healthcare Environment
  • Third-Party Relationships
  • Health Data Management Concepts

Regulatory Environment – Entails identifying and understanding relevant legal and regulatory requirements and ensuring an organization’s policies and procedures are in compliance

  • Applicable Regulations
  • International Regulations and Controls
  • Internal Practices Compared to New Policies and Procedures
  • Compliance Frameworks
  • Risk-Based Decisions
  • Code of Conduct/Ethics

Privacy and Security in Healthcare – Basic understanding of security and privacy concepts and principles, and types of information to protect

  • Security Objectives/Attributes
  • Security Definitions/Concepts
  • Privacy Principles
  • Disparate Nature of Sensitive Data and Handling Implications

Information Governance and Risk Management – How organizations manage information risk through security and privacy governance, risk management lifecycles, and principle risk activities

  • Security and Privacy Governance
  • Risk Management Methodology
  • Information Risk Management Life Cycles
  • Risk Management Activities

Information Risk Assessment – Understand risk assessment concepts and identify and participate in risk assessment practices and procedures

  • Risk Assessment
  • Procedures from within Organization Risk Frameworks
  • Risk Assessment Consistent with Role in Organization
  • Efforts to Remediate Gaps

Third-Party Risk Management – Identify third parties based on use of information, help manage third-party relationships, and determine when additional security and privacy assurances are required

  • Definition of Third-Parties in Healthcare Context
  • Third-Party Management Standards and Practices
  • Third-Party Assessments and Audits
  • Security/Privacy Events
  • Third-Party Connectivity
  • Third-Party Requirements
  • Remediation Efforts

Download the Exam Outline for more information.

HCISPP certification

Healthcare Webinars

Leveraging the Cloud for
Healthcare Security

Watch Now

SARS, MERS, Ebola Oh My!
The Privacy Impact of Disease Tracking in EHRs
Watch Now


Leading Practices in Securing EHRs
Watch Now 


 Top Reasons Why HCISPPs are in Demand 

HCISPP Hire White Paper Thumb

Click here to download