The ‘HealthCare Information Security and Privacy Practitioner’ (HCISPPSM) is the world’s first foundational standard for evaluating assessing information security and privacy expertise within the healthcare industry launched by (ISC)²® (“ISC-squared”).
The world’s largest not-for-profit information security professional body and administrators of the CISSP® are making the credential available worldwide. This seal will offer validation to healthcare employers and those in the industry that a healthcare security and privacy practitioner has the essential knowledge, competency and expertise required by the industry to address specific security concerns.
Based on a a job task analysis (JTA) study to determine the scope and content of the HCISPP credential program, the Common Body of Knowledge (CBK®), which serves as the foundation for the accreditation, was developed during several exam development workshops by subject matter experts from the (ISC)² membership and other industry luminaires from global organizations.
The HCISPP is a foundational credential that reflects internationally accepted standards of practice for healthcare information security and privacy, aiming to protect the privacy and security of sensitive patient health information and documenting an organisation’s commitment towards making the necessary human resources investment in information security.
In applying for HCISPP accreditation a minimum of two years of experience (one of which must be in the healthcare industry) in security, compliance and privacy is required, with all candidates having to be able to demonstrate competencies the six CBK , namely the Healthcare Industry, Regulatory Environment, Privacy and Security in Healthcare, Information Governance and Risk Management, Information Risk Assessment and Third Party Risk Management.
W. Hord Tipton, CISSP, executive director of (ISC)², explains that the HCISPP credential was developed based on direct feedback from membership and global healthcare industry luminaries. According to him, the increase of online system migration and regulations have led to the evolving complexity of information risk management in the industry, which has recently undergone significant transformation to adjust its compliance management practices and data protection requirements in a move from highly paper-based processes to a digital and more connected working environment. He goes on to say that “(ISC)2 has introduced this new healthcare credential to help employers bring more qualified and skilled professionals into this industry who can help protect vital patient records and personal data.”
The HCISPP certification offers a number of benefits to healthcare security and privacy practitioners and the organisations that employ them. With the HCISPP seal professionals can further their career with a certification that validates their skills and establishes foundational knowledge and competency in health information security and privacy best practices, whereas organizations can demonstrate their proactive commitment to minimizing the risk of breaches by exchanging Protected Health Information (PHI) with 3rd parties that employ HCISPPs.
Tim Wilson, CISSP, CITP FBCS is an NHS IT director who confirms that within the NHS, every employee is responsible for information governance. He welcomes the initiative which aims to promote public trust in the system.
Dr. Bryan Cline, CISSP-ISSEP, CISO and VP, CSF Development & Implementation, HITRUST agrees that recent trends towards stronger enforcement of security regulations have begun to change the healthcare industry’s perception of information security. He sees a growing need for qualified industry professionals to help mature the current state of healthcare information security and compliance, and believes (ISC)2’s HCISPP will be a valuable recruitment tool.
Acknowledging HITRUST’s assistance in the development of the HCISPP credential, W. Hord Tipton said that the company recognised HITRUST’s commitment in the field of healthcare information security and looked forward to future collaborative ventures.
Candidates may find more information about HCISPP, download the exam outline, and register for the exam at http://sa.r.mailjet.com/redirects/rch0hw4qrr0yp0okpz38wc/www.isc2.org/hcispp/default.aspx.
7 November 2013