(ISC)2
As with all its credentials, (ISC)2 conducted a job task analysis (JTA) study to determine the scope and content of the HCISPP. Subject matter experts from the (ISC)” membership and other industry luminaires from organisations in Europe, Hong Kong, and the United States attended several exam development workshops and contributed to develop the Common Body of Knowledge (CBK) that serves as the foundation for the credential.
To attain the HCISPP, applicants must have a minimum of two years of experience in one knowledge area of the credential that includes security, compliance and privacy. Legal experience may be substituted for compliance and information management experience may be substituted for privacy. One of the two years of experience must be in the healthcare industry. All candidates must be able to demonstrate competencies in each of the following six CBK domains in order to achieve HCISPP:
· Healthcare Industry
· Regulatory Environment
· Privacy and Security in Healthcare
· Information Governance and Risk Management
· Information Risk Assessment
· Third Party Risk Management
Candidates may find more information about HCISPP, download the exam outline, and register for the exam at https://www.isc2.org/hcispp/default.aspx.
W Hord Tipton, CISSP, executive director of (ISC)2 said: “The HCISPP credential was developed based on direct feedback from our membership and industry luminaries from around the world working in healthcare who have observed the evolving complexity of information risk management in the industry as online system migration and regulations increase. Over the past few years, the healthcare industry has undergone a major transformation to adjust its compliance management practices and data protection requirements – moving from highly paper-based processes to a digital and more connected working environment. (ISC)2 has introduced this new healthcare credential to help employers bring more qualified and skilled professionals into this industry who can help protect vital patient records and personal data.”