A healthcare information security and privacy practitioner, or HCISPP, certifies you as an expert on the privacy and security of healthcare information.
This guide will cover the basics of earning your HCISPP certification and its potential impact on your career. Read on to decide if this certification is a good fit for you.
An HCISPP certification confirms that you are qualified to handle and protect sensitive healthcare information, focusing specifically on privacy, compliance, and security. It blends cybersecurity with best practices related to privacy and is a suitable certification for anyone working with medical records.
The certification is issued by the Internation Information Systems Security Certification Consortium (ISC),2 a non-profit security organization. Once you earn your certification, you become a member of the (ISC)2.
You qualify for the HCISPP Certification after completing two years of related experience and passing the certification exam. If you pass the exam first, you can become an “associate” of (ISC)2 until you earn full endorsement at the end of your required years of experience.
You must have two years of paid experience in any of the following areas:
One of your two years of experience must be in the healthcare industry. Your experience must include security, compliance (including legal), and privacy (including information management). You can learn more about these requirements on the (ISC)2 website.
The HCISPP certification exam is three hours and includes 125 multiple-choice questions. You must score at least 700 out of 1000 points to pass.
You can take the exam at any Pearson VUE Testing Center.
The HCISPP covers 7 domains:
Focus on the following information within each domain when studying for the exam.
Questions related to the healthcare industry will cover different components of the healthcare environment, third-party relationships in healthcare, and the foundational health data management concepts.
Understand the information governance frameworks (security and privacy), information governance roles and responsibilities, and how to align information security and privacy policies, standards, and procedures.
You should know the basic principles of healthcare security and privacy, including the impact of technologies, third-party connectivity, and data life cycle management.
The exam includes questions on domestic and international regulations and compliance frameworks.
You should learn general privacy and security objectives, definitions, and concepts. You will also need to understand the relationship between privacy and security, and how to handle sensitive data.
The information risk assessment questions will test you on your ability to identify, manage, monitor, and assess risks, as well as your ability to respond to them. You should be familiar with the Risk Management Framework.
The final domain of the exam tests knowledge of working with third parties, including maintaining privacy and security as you work with them.
Access a full breakdown of the exam on the (ISC)2’s website.
You will need to study enough to learn the information listed above within each domain tested on the exam. You can purchase study materials and training online to help you understand the information.
While an HCISPP certification can benefit people in many positions, it is most significant for those who regularly work with sensitive healthcare data.
An HCISPP certification can help you get any of the following positions:
Most people who earn an HCISPP certification work in healthcare organizations, such as regulatory agencies, privacy/security consulting firms, hospitals, health centers, or claims processing.
You can take the HCISPP certification exam anytime in your career. Getting certified as early as possible makes the most sense.
You will need two years of experience to earn your full endorsement and become a member of the (ISC)2, but you do not need to complete it before passing your exam.
This means that you can decide to take the certification exam before you begin working in the healthcare industry or get a job in the industry before taking your exam. Whichever order you choose to complete the requirements, your full certification will issue once you meet your two years of work experience and pass your exam.
An HCISPP certification shows your employer that you are competent in the basic principles of cybersecurity and privacy guidelines. This makes you an ideal hire for positions that work with sensitive healthcare information and generally a more marketable person when job hunting.
An HCISPP certification can show your employer that you are committed to doing your job well. This can help you advance your career by making you more likely to earn raises, promotions, or other benefits.
In completing your certification, you will also learn more about your field and how to best respond to privacy and security risks in the healthcare industry.
The HCISPP certification can improve your salary and make you eligible for a higher pay grade. There is a potential salary increase that comes with earning the HCISPP certification. Being HCISPP certified can also make you more eligible for higher-paying positions and raises because you will be better qualified for related jobs.
The HCISPP certification is an excellent choice for anyone working with sensitive information in the healthcare industry. You will need to pass an exam and complete two years of paid work experience to earn your certification. Once you are fully certified, you will be more qualified and seen as an expert in the field, leading to better job opportunities and higher salaries.