HCISPP Certification Exam

«« Previous
Next »»

Protect Those Who Are Counting on You

You do more than protect sensitive patient data. You protect lives. And every day, you have to be ready for new threats and breaches, changes to regulations and the growing complexities of healthcare IT.

Take on these challenges with confidence with the HCISPP! This global healthcare security certification proves you have what it takes to implement, manage and assess the proper security and privacy controls to protect healthcare organizations.

The HCISPP is unique because it combines information security skills with privacy best practices and techniques. No other certification addresses the foundational knowledge in healthcare security and privacy like the HCISPP.

As an HCISPP, you’re on the forefront of protecting patient health information.

1. Steps to Certification

1.1 Get the Needed Experience

To qualify for the HCISPP certification, you must have:

◈ A minimum of two years of cumulative, paid, full-time work experience
◈ In one or more knowledge areas of the HCISPP Common Body of Knowledge (CBK) that includes security, compliance and privacy

Legal experience may be substituted for compliance. Information management experience may be substituted for privacy.

Of your two years of experience, one of those years must be in the healthcare industry.

Don’t have the required work experience yet? You can take and pass the HCISPP exam to earn an Associate of (ISC)2 designation. Then, you’ll have up to three years to earn your required work experience for the HCISPP.

1.2 Create an Account at Pearson VUE and Schedule Your Exam

To schedule an exam, you must create an account at Pearson VUE.

Pearson VUE is the leading provider of global, computer-based testing for certification and licensure exams. You can find details on testing locations, policies, accommodations and more on their website.

Once you’ve set up your account and are ready to register, you’ll need to:

◈ Complete the Examination Agreement. You agree to the truth of your assertions regarding professional experience. You also legally commit to the adherence of the (ISC)² Code of Ethics.
◈ Review the Candidate Background Questions.
◈ Pay the exam fee.

1.3 Pass the Exam

This is the day to show your greatness! You’ll have three hours to complete the 125 exam questions.

You must pass the exam with a scaled score of 700 points or greater.

1.4 Subscribe to the (ISC)² Code of Ethics and Get Endorsed

Let’s say you pass the exam. Then what?

Before this healthcare security certification can be awarded, you have to:

◈ Subscribe to the (ISC)² Code of Ethics.
◈ Have your application endorsed.

Your endorsement form must be completed and signed by an (ISC)² certified professional. He or she needs to be an active member who can confirm your professional experience.

(ISC)² can endorse you if you can’t find a certified individual.

You have nine months from the date of the exam to complete these steps. If you don’t, you have to retake the exam to get certified.

2. Why Become an HCISPP

Yes, there are other certifications out there for healthcare IT, privacy or security. But the HCISPP is the only certification that proves you have the practical skills, foundational knowledge and experience in both security and privacy on an international level.

Here’s why you should take on the HCISPP certification:

◉ Credibility. The HCISPP sets you apart. It shows you know best practices and have real-world expertise in both healthcare information security and privacy. It gives you more authority and appeal.
◉ Growth and learning. From exam prep to continuing education, the HCISPP offers many ways to expand your knowledge. You can stay current with changes in healthcare security and privacy.
◉ Global expertise. The HCISPP exam covers current, global topics. This ensures you’re up-to-speed on evolving threats and regulations around the world. You’re better prepared to protect your organization and patient data.
◉ Versatile skills. The HCISPP isn’t product specific, so you can apply your skills to different technologies or initiatives — including mobile devices, single sign-on, cloud migration and electronic information exchange.
◉ Stronger collaboration. As an HCISPP, your knowledge spans security and privacy. You can bridge the gap between departments and better understand problems. In doing so, you can earn more respect and be more successful in your work.
◉ Increased compensation. While pay practices vary by employer, many HCISPPs find that this certification can lead to increases in pay.

The HCISPP is ANSI-Accredited

The HCISPP certification is accredited by the American National Standards Institute (ANSI). This means it complies with the International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) 17024 Standards. Why is accreditation important when choosing a certification program? Visit the Institute for Credentialing Excellence website for details

3. Should You Pursue the HCISPP?

Should You Pursue the HCISPP?

The HCISPP can add value whether you’re a consultant or a practitioner on the frontlines of healthcare security and privacy.

But is it right for you?

The HCISPP is a great fit for you if you:

◈ Have well-rounded skills. You have practical healthcare experience, as well as a foundation in information security, privacy or risk.
◈ Want to expand your knowledge and keep up with emerging threats and evolving regulations. You’re passionate about learning.
◈ Are looking for a powerful way to earn more respect, better opportunities and/or higher pay.
◈ Understand you’re the frontline defense in protecting patient health information. Everything you do matters. The HCISPP will make you better at protecting your organization and the patients counting on you.

While the HCISPP is designed for those in hands-on roles, many CISSPs pursue it too. It validates your healthcare security and privacy expertise, and gives you a greater level of credibility.

The HCISPP is ideal for those working in roles such as:

◈ Compliance officer
◈ Information security manager
◈ Privacy officer
◈ Compliance auditor
◈ Risk analyst
◈ Medical records supervisor
◈ Information technology manager
◈ Privacy and security consultant
◈ Health information manager
◈ Practice manager

Wondering whether the HCISPP makes sense for you? Talk to a certification consultant.

4. Mastering the Domains on the Exam

The HCISPP exam tests your skills in six domains. Think of the domains as specific knowledge areas you need to know based on your experience and education.

The domains draw from a range of healthcare security and privacy topics within the (ISC)² Common Body of Knowledge (CBK).

Here’s a closer look at the HCISPP domains and how they’re weighted on the exam:

Domains Weight
1. Healthcare Industry 10% 
2. Regulatory Environment   16% 
3. Privacy and Security in Healthcare  26% 
4. Information Governance and Risk Management  17% 
5. Information Risk Assessment  16% 
6. Third-Party Risk Management  15% 
Total  100% 

Healthcare Industry 

◈ Healthcare environment
◈ Third-party relationships
◈ Health data management concepts

Regulatory Environment

◈ Applicable regulations
◈ International regulations and controls
◈ Internal practices compared to new policies and procedures
◈ Compliance frameworks
◈ Risk-based decisions
◈ Code of conduct/ethics

Privacy and Security in Healthcare 

◈ Security objectives/attributes
◈ Security definitions/concepts
◈ Privacy principles
◈ Disparate nature of sensitive data and handling implications

Information Governance and Risk Management 

◈ Security and privacy governance
◈ Risk management methodology
◈ Information risk management life cycles
◈ Risk management activities

Information Risk Assessment 

◈ Risk assessment
◈ Procedures from within organization risk frameworks
◈ Risk assessment consistent with role in organization
◈ Efforts to remediate gaps

Third-Party Risk Management

◈ Definition of third-parties in healthcare context
◈ Third-party management standards and practices
◈ Third-party assessments and audits
◈ Security/privacy events
◈ Third-party connectivity
◈ Third-party requirements
◈ Remediation efforts


5. Getting HCISPP Training That’s Right for You

Prepare for your HCISPP exam through a combination of training courses and individual study. And learn from (ISC)2 — the creator of the HCISPP CBK!

Simply choose the best training format for your schedule, needs and learning style.

In-Person Training Seminars

HCISPP Certification Exam
Classroom-Based Training

◈ Ideal for hands-on learners. We offer the most thorough review of the HCISPP CBK, industry concepts and best practices.
◈ A three-day training event delivered in a classroom setting. Eight hours a day.
◈ Led by authorized instructors.
◈ Available at (ISC)² facilities and through (ISC)² Official Training Providers worldwide.
◈ Led by authorized instructors.

Get details on Classroom-Based Training.

HCISPP Certification Exam
Private On-Site Training

◈ A cost-effective and convenient training solution if your organization has 10 or more employees taking the exam.
◈ Tailored to your team’s schedule, budget and certification requirements.
◈ Conveniently taught in your office space or a local venue.
◈ Led by authorized instructors

Get details on Private On-Site Training.

Online Training Seminars

HCISPP Certification Exam
Instructor-Led Training

◈ Participate from the convenience of your computer. This saves you travel time and expense.
◈ Weekday, weekend and evening options to fit your needs.
◈ Comprehensive review of the CBK, so you’re ready for this healthcare security certification.
◈ Delivered in a variety of schedules with weekday, weekend, and evening options to suit your needs.
◈ Access to recordings of all course sessions for 60 days.
◈ Led by authorized instructors.

HCISPP Training Course Overview

Our training helps you fully prepare for this healthcare security certification. You will:

◉ Review, refresh and expand your healthcare security knowledge.
◉ Identify areas you need to study for the HCISPP exam.

You can expect an in-depth review of the six domains of the HCISPP CBK — including discussion of industry best practices and timely healthcare security and privacy concepts.

(ISC)² authorized instructors lead all our training. You’re learning from industry experts who understand you. They know how to make the content highly relatable. And they go through a rigorous process to teach to our CBK.

Plus, we use proven adult learning techniques to reinforce topics. This approach increases how much information you retain. Our techniques are highly interactive. They focus on real-world learning activities and scenarios, so you get the most out of training.

Self-Study Tools

In addition to training, we offer resources to help you with self-study. Our resources include the:

6. Taking Your HCISPP Exam

Length of exam Up to 3 hours 
Number of questions 125 questions 
Question format  Multiple Choice 
Passing grade  A passing score is 700 out of 1000 points 
Exam Languages  English 
Testing Center  Pearson Vue Testing Center 

7. Maintaining or Regaining HCISPP Certification

Maintain Your HCISPP Credential and Membership with (ISC)²

Once you’ve earned this world-class healthcare security certification, you become a member of (ISC)². You enter one of the largest communities of information security professionals in the world. You gain access to unparalleled global resources and networking.

Quite simply, you have endless opportunities to grow and refine your craft.

But certification is a privilege that must be earned and maintained.

To remain in good standing with your HCISPP, you need to:

◈ Abide by the (ISC)² Code of Ethics.
◈ Earn and post Continuing Professional Education (CPE) credits.
◈ Pay your Annual Maintenance Fee (AMF).

Here’s a closer look at each.

Abiding by the (ISC)² Code of Ethics

You agree to fully support and follow the (ISC)² Code of Ethics.

Earning and Posting CPE Credits

Healthcare security is constantly changing. (You know this well!) You need to earn CPE hours to stay well-rounded and keep up your expertise.

For the HCISPP, you need to earn and post a minimum of 20 CPE credits per year. You need to do so before your certification annual anniversary date.

CPEs may sound like a big task. However, (ISC)² makes it easy for you to earn your CPE credits on a regular basis.

We offer access to:

◈ Live educational events around the world.
◈ Online seminars that can be taken in the comfort of your home or office. They’re available exclusively to (ISC)² members.
◈ And many more learning opportunities.

Paying Annual Maintenance Fees (AMFs)

Once you earn this healthcare security certification, you must pay USD$65 each year of your three-year certification cycle. Your payment is due before your certification or recertification annual anniversary date.

Your payments help ensure that (ISC)² has the financial resources to:

◈ Be a functional, dynamic entity for leading information security and IT professionals (like you) far into the future.
◈ Develop more CPE opportunities.
◈ Continue to meet the certification needs and requirements of information security and IT professionals.
◈ Maintain member records.

How to Regain Membership if Your HCISPP Ends

If you wish to regain membership, you’ll need to:

◈ Pay any outstanding AMF payments. (This needs to take place before you sit for the exam.)
◈ Retake and pass the exam to become certified again.
◈ Contact Member Services to reactivate your certification after you pass the exam.

«« Previous
Next »»


Post a Comment