HCISPP® - HealthCare Information Security and Privacy Practitioner

The Front-Line Defense for Protecting Patient Data

As the rapidly evolving healthcare industry faces increasing challenges to keeping personal health information protected, there is a growing need to ensure knowledgeable and credentialed security and privacy practitioners are in place to protect this sensitive information. 

HCISPPs provide the front-line defense in protecting health information. Backed by (ISC)², a global not-for-profit organization that delivers the gold standard for information security certifications, the HCISPP credential confirms a practitioner’s core knowledge and experience in security and privacy controls for personal health information.

What domains are in the HCISPP CBK?

 The HCISPP exam will test the candidate's knowledge in the 6 domains of the (ISC)² HCISPP CBK, which cover:

  • Healthcare Industry
  • Regulatory Environment
  • Privacy and Security in Healthcare
  • Information Governance and Risk Management
  • Information Risk Assessment
  • Third Party Risk Management

HCISPP candidates must have a minimum of two years of cumulative paid full-time work experience in one domain of the credential with the exception that one year of the cumulative experience must be in any combination of the first three domains in Healthcare (Healthcare Industry, Regulatory Environment, and Privacy and Security in Healthcare). The remaining one year of experience can be optionally in any of the remaining three HCISPP domains (Information Governance and Risk Management, Information Risk Assessment, and Third-Party Risk Management), and does not have to be related to the healthcare industry. Learn more.

Who should obtain the HCISPP certification?

HCISPPs are at the forefront of protecting patient health information. These are the practitioners whose foundational knowledge and experience unite healthcare information security and privacy best practices and techniques under one credential to protect organizations and sensitive patient data against emerging threats and breaches. HCISPPs are instrumental to a variety of job functions, including:

  • Compliance officer
  • Information security manager
  • Privacy officer
  • Compliance auditor
  • Risk analyst
  • Medical records supervisor
  • Information technology manager
  • Privacy and security consultant
  • Health information manager
  • Practice manager

Who should employ HCISPPs?

Solidify a frontline defense with qualified, experienced, and credentialed healthcare information security and privacy practitioners. HCISPPs are instrumental to a variety of employers, including:

  • Hospitals
  • Health centers and clinics
  • Group practices
  • Privacy and security consulting firms
  • Regulatory agencies
  • Claims processors
  • Health clearing houses


HCISPP Exam Information

Length of exam     3 hours
Number of questions 125
Question format Multiple choice questions
Passing grade 700 out of 1000 points
Exam Language English
Testing center Pearson Vue Testing Center
Study tools

Official (ISC)² Guide to the HCISPP CBK Textbook 

Official (ISC)² training seminar

Exam outline

Interactive Flashcards

Find out how becoming an HCISPP will benefit you and your employer. 


Need More Information?





HCISPP certification

Healthcare Webinars

Leveraging the Cloud for
Healthcare Security

Watch Now

SARS, MERS, Ebola Oh My!
The Privacy Impact of Disease Tracking in EHRs
Watch Now


Leading Practices in Securing EHRs
Watch Now 


 Top Reasons Why HCISPPs are in Demand 

HCISPP Hire White Paper Thumb

Click here to download