What is a Healthcare Information Security and Privacy Practitioner?

A healthcare information security and privacy practitioner (HCISPP) is a certified professional with expertise in the privacy and security of healthcare information. HCISPP-designated professionals can confidently protect patient health information for large-scale organizations. They are equipped with the experience and technical knowledge to proactively manage and protect sensitive healthcare data from threats and breaches.

HCISPP exam covers the following seven domain areas:

  1. Healthcare Industry
  2. Information Governance in Healthcare
  3. Information Technologies in Healthcare
  4. Regulatory and Standards Environment
  5. Privacy and Security in Healthcare
  6. Risk Management and Risk Assessment
  7. Third-Party Risk Management

Why is the HCISPP Certification Important?

The HCISPP certifies a professional’s experience and competency in applying best practices for health information security and privacy. The credential is reputable and recognized globally as the gold standard certification for information security. It offers credibility for both the practitioner and the healthcare organization. 

Who Needs a HCISPP Credential?

HCISPP is at the forefront of securing patient health information. The credential is suitable for any person working in information security in the healthcare industry.

The HCISPP certification is often associated with roles such as:

  • Risk Analyst
  • Privacy Officer
  • Privacy and Security Consultant
  • Practice Manager
  • Medical Records Supervisor
  • Information Technology Manager
  • Information Security Manager
  • Health Information Manager
  • Compliance Officer
  • Compliance Auditor

How to Get HCISPP Certified

To qualify for the exam, HCISPP candidates should have at least two years of cumulative work experience in one of more of the seven domain areas. At least one of the two years needs to be in the healthcare industry. 

Who is the Certifying Association?

The HCISPP certification is offered through (ISC)², a global community of certified cybersecurity professionals. (ISC)² is also known as the International Information System Security Certification Consortium.

Requirements to Stay Certified

Candidates are required to be recertified every three years by earning at least 20 CPE credits annually and maintaining 60 CPE credits over the three-year cycle.