HealthCare Information Security and Privacy Practitioner (HCISPP)
HCISPP or HealthCare Information Security and Privacy Practitioner is a professional educational course to get a certification from the International Information Systems Security Certification Consortium (ISC2) and intended to communicate to the audiences about the basic structures, essentiality of legal basis and the information as well as issues of the security and privacy particulars within the explained circumstance of the American healthcare delivery system. The main part of this course is to prepare the attendee for the examination to get the ISC2 certification.
With the rapid growth of healthcare industry, they are facing increasing challenges to keep all the personal health information secured and protected and thus, where it needs to ensure knowledgeable and experienced security as well as privacy of practitioners to protect such sensitive information of the people. HCISPP works as defense in protecting such health information. HCISPP credential confirms that a practitioner’s experience and core knowledge in privacy and security can control personal health information with proper care and safety.
HCISPP Course Overview:
With the HCISPP certification course, you can gain knowledge and experience in the privacy and security control s for personal health information in an official ISC2 course certification. With our certification course you can polish your skills and knowledge related to healthcare security and also helps you a lot for preparing in the HCISPP exam. You will also learn legal, regulatory requirements as well as concept for the security privacy concept for healthcare information as it is really necessary to understand about your organizations and how they manage all information risk assessment practices and procedures.
The training course will help candidates to review and refresh their healthcare related information, security and privacy knowledge and also help them to identify the area for which they need to study and focus more HCISPP exams. Our course is your one source exam preparation which includes:
- Official guide to the HCISPP Common body of knowledge
- Official HCISPP Flash Cards
- Official HCISPP Training Student Handbook
- HCISPP Certification Exam Voucher
- Collaboration with Classmates
- Taught by an Authorized Instructor
- Real-world learning activities an scenarios.
HCISPP Training Learning Objectives: In-depth coverage of six domains required to pass HCISPP exam for ISC2 certification:
- Healthcare Industry
- Regulatory Environment
- Information Risk Assessment
- Information Governance and Risk Management
- Third Party Risk Management
- Security and Privacy Control in Healthcare
- Able to describe the associated practices, importance and value to another person, mainly for their coworkers and supervisors.
- Be able to evaluate vulnerabilities, mitigations, risks and trade-offs while assessing third party sourced risks to healthcare contractual arrangements.
Our HCISSP training course prepares all its students for:
- Have the concept on the diversity in healthcare industry. To achieve this, learner needs to gain knowledge from different types of health organizations with various types of technologies, information, dataflow and also how to manage, exchange data with the protection levels to keep the data safe.
- Identify the relevant legal and regulatory needs related to healthcare information. It will be required in order to ensure that the policies and procedures of any organizations are in observance and following the proper data exchange procedures.
- Have to describe the security as well as privacy concept as they are related to the Healthcare industry and also learners need to understand the relationship of security and privacy and how to handle and manage all the information properly.
- Need to describe the risk assessment and risk assessment procedures for an organization.
- Also, identify how organizations are managing the risk and what type of security and privacy governance required.
- Identify the concepts to manage the third party relationships. Learners can gain knowledge regarding the concepts to use of their information, know about the third party assessment, security and privacy events and also recognize the improvement process of third party risks.
Several different types of activities are being used throughout the course to strengthen all the topics and increase knowledge retention. The activities may start from open ended questions from the instructors to the students, poll questions and matching, open or closed questions, group discussions and group activities too. This is a great way of interactive learning technique which is based on the adult learning theories.
1. Healthcare Industry: In this, you need to understand the Healthcare environment, foundational health data management and also third party relationships.
2. Regulatory Environment: The outline of this course is:
- a. Identify the applicable regulations
- b. Need to understand the international regulations and controls
- c. Understand compliance frameworks.
- d. Compare the internal practices with new policies and procedures
- e. Need to understand the responses on risk based decision.
- f. Comply with code of ethics in Healthcare information.
3. Information Risk Assessment: In this domain, you need to understand about the risk assessment and identify the control assessment procedures within the organizational risk frameworks. Also, need to participate in the risk assessment which consists with the role in the organization. Make proper efforts to remediate gaps.
4. Information Governance and Risk Management:
- a. This domain is needed to understand the security and privacy of governance.
- b. Also, require knowing about the basic risk management methodology.
- c. Understand the information risk management life cycles and also need to participate in the risk management activities.
5. Third Party Risk Management: The outline course of this domain includes:
- Definition of third parties in Healthcare concept.
- Determine or willing to know when third party assessment would required.
- Maintain the lists of the third party organizations
- Support their assessments and audits
- Support the establishment of third party connectivity.
- Respond to the notification of privacy and security events.
- Need to promote the awareness of the requirement of such organizations internally as well as externally too.
- Participate in remediation efforts.
6. Security and Privacy Control in Healthcare: This is one of the most important domains of this course where you need to understand the security attributes or objectives. Also,
- Get the knowledge of general security concepts.
- Need to understand general privacy principles.
- Should understand the nature of sensitive data handling implications.
- d. Understand the relationship between privacy and security.
Course Outline for HCISPP
The draft outline for this course makes allowance for the six domains of the HCISPP as described in the ISC2 Official CBK Guide (sourcebook and accompanying text) for the material, with slide counts varying according to the quantity of information to be delivered in each domain’s module; outlined as
Introduction and Overview
Domain 1: Healthcare Industry
- Understand the Healthcare environment
- Types of Organizations in the Healthcare Sector (e.g. providers, pharma, payers, business associates)
- Health Information Technology (e.g., computers, medical devices, networks, health information exchanges, Electronic Health Record [EHR], Personal Health Record [PHR]
- Health Insurance (e.g., claims processing, payment models)
- Coding (e.g., SNOMED CT, ICD-9/10)
- Billing, Payment, and Reimbursement
- Workflow Management
- Regulatory Environment (e.g., security, privacy, oversight)
- Public Health Reporting
- Clinical Research (e.g., process)
- Healthcare Records Management
- Understand Third-party relationships
- Business Partners
- Data Sharing
- Understand foundational health data management concepts
- Information Flow and Life Cycle in the Healthcare Environments
- Health Data Characterization (e.g. classification, taxonomy, analytics)
- Data Interperability and Exchange (e.g. HL7, HIE, DICOM)
- Legal Medical Records
Domain 2: Regulatory Environment
- Identify applicable regulations
- Legal issues that Pertain to Information Security and Privacy for Healthcare Organizations
- Data Breach Regulations
- Personally Identifiable Information
- Information Flow Mapping
- Jurisdiction Implications
- Data Subjects
- Data Owners/Controllers/Custodians/Processors
- Understand international regulations and controls
- Treaties (e.g., Safe Harbor)
- Industry Specific Laws
- Legislative (e.g., EU Data Privacy Directive, HIPAA/HITECH)
- Compare internal practices against new policies and procedures
- Policies (information security and privacy)
- Standards (information security and privacy)
- Procedures (information security and privacy)
- Understand compliance frameworks
- Understand responses for risk-based decision
- Compensating Controls
- Control Variance Documentation
- Residual Risk Tolerance
- Understand and comply with Code of Conduct/Ethics in HealthCare information
- Organizational Code of Ethics
- (ISC)2 Code of Ethics
Domain 3: Privacy and Security in HealthCare
- Understand security objectives/attributes
- Understand general security definitions/concepts
- Access Control
- Data Encryption
- Training and Awareness
- Logging and Monitoring
- Vulnerability Management
- Systems Recovery
- Segregation of Duties
- Least Privilege (Need to Know)
- Business Continuity
- Data Retention and Destruction
- Understand general privacy principles
- Limited Collection/Legitimate Purpose/Purpose Specification
- Disclosure Limitation/Transfer to Third Parties/Trans-Border Concerns
- Access Limitation
- Accuracy, Completeness, Quality
- Management, Designation of Privacy Officer, Supervisor Re-authority, Processing Authorization, Accountability
- Transparency, Openess
- Proportionality, Use and Retention, Use Limitation
- Access, Individual Participation
- Notice, Purpose Specification
- Additional Measures for Breach Notification
- Understand the relationship between privacy and security
- Understand the disparate nature of sensitive data handling implications
- Personal and Health Information protected by Law
- Sensitivity mitigation (e.g., de-identification, anonymization)
- Categories of sensitive data (e.g., mental health)
- Understand Security and Privacy Terminology Specific to Healthcare
Domain 4: Information Governance and Risk Management
- Understand Security and Privacy Governance
- Information governance
- Governance structures
- Understand basic risk management methodology
- Approach (e.g., qualitative, quantitative)
- Information Asset Identification
- Asset Valuation
- Residual Risk
- Understand information risk management life cycles
- Participate in risk management activities
- Remediation Action Plans
- Risk Treatment (e.g. mitigation/remediation, transfer, acceptance, avoidance)
- Exception Handling
- Reporting and Metrics
Domain 5: Information Risk Assessment
- Understand risk assessment
- Lifecycle/Continous Monitoring
- Desired Outcomes
- Role of Internal and External Audit/Assessment
- Identify control assessment procedures from within organizational risk frameworks
- Participate in risk assessment consistent with role in organization
- Information Gathering
- Risk Assessment Estimated Timeline
- Gap Analysis
- Corrective Action Plan
- Mitigation Actions
- Participate in efforts to remediate gaps
- Types of Controls
- Controls Related to Time
Domain 6: Third-party Risk Management
- Understand the definition of third parties in Healthcare context
- Maintain a list of third-party organizations
- Health Information Use (e.g., processing, storage, transmission)
- Third-Party Role/Relationship With the Organization
- Apply Third-Party Management Standards and Practices for Engaging Third Parties Based upon the relationship with the organization
- Relationship Management
- Comprehend Compliance Requirements
- Determine when third-party assessment is required
- Organizational Standards
- Triggers of Third-Party Assessment
- Support third-party assessments and audits
- Information Asset Protection Controls
- Compliance with Information Asset Protection Controls
- Communication of Findings
- Respond to notifications of security/privacy events
- Internal Process for Incident Response
- Relationship between Organization and Third-Party Incident Response
- Breach Recognition, Notification, and Initial Response
- Support establishment of third-party connectivity
- Trust Models for Third-Party interconnections
- Technical Standards (e.g., physical, logical, network connectivity)
- Connection Agreements
- Promote awareness of the third-party requirements (internally and externally)
- Information Flow Mapping and Scope
- Data sensitivity and classification
- Privacy Requirements
- Security Requirements
- Risks Associated with Third Parties
- Participate in remediation efforts
- Risk Management Activities
- Risk Treatment Identification
- Corrective Action Plans
- Compliance Activities Documentation
- Respond to third-party requests regarding privacy/security event
- Organizational Breach Notification Rules
- Organizational Information Dissemination Policies and Standards
- Risk Assessment Activities
- Chain of Custody Principles
Domain 7: Practice questions
Who Can Attend the Course?
This training course is mainly preferable for those who have at least 2 years of experience or having full time professional work experience in one or more of the above 6 domains of HCISPP course and also those who are taking the training and certification course of HCISPP to implement, manage and assess the appropriate privacy and security controls of healthcare. Ideally, the candidate must already hold CISSP certification from ICS2 but it would not required for the material to be available to the attendee. The training course is ideal for those working in such positions but not limited to:
- HealthCare Compliance Officers
- Information security Officers
- Privacy Officers of HealthCare companies
- Risk Managers/Analyst
- Information Technology Manager
- Privacy and Security Consultant
- Practice Manager
- Medical Records Supervisors
Three learning Methods for HCISPP Credential Training:
Online Anytime HCISPP Certification Training
Many busy individuals cannot spend 4 days in the classroom-based or private on-site seminars. This option is great for candidates who cannot take time off of work to attend the classroom seminar. This is the most cost effective option.
Course Duration: 22 Hours
Special Discount of $600 if bought with CHPSE Package of $1700
FINAL PRICE AFTER DISCOUNT: $600 (when bought with CHPSE package of $1700)
Additional products and services to buy (Official ISC2 manual: $100, Two-hour Instructor’s time by Phone: $250, CHPSE package which includes CHPSE Course, Printed Manuals and Unlimited CHPSE exam attempts: $1700)
Instructor led Classroom HCISPP Seminar
This is a 4 days class offered in 8 hours session with breaks in between. Registration cost includes the official HCISPP manual and breakfast, lunch and snacks during the training. This training is ideal if you are a hands-on learner, like to interact with your instructor and classmates in a live setting, or want to finish the training by dedicated full 4-5 days for training and exam then this is ideal option for you.
Course Duration: 4 days class offered in 8 hours session
Mar 4-7, 2019
Jun 3-6, 2019
Sep 9-12, 2019
Dec 2-5, 2019
Online Live with Instructor-led Course for HCISPP Credential
This is a 4-day class offered in 5-7 hour session with breaks in between. You are the ONLY student with the instructor in this training. Registration cost includes the official HCISPP manual. This training is ideal if you want the convenience of being in your office and doing the training with the instructor and getting a personalized training to meet your specific goals.
Course Duration: 4-day class offered in 5-7 hour session
Customized Onsite Training for HCISPP
We offer customized on-site training that saves money and time. The program can be scheduled at your location on a date that is convenient for you. We deliver training of 4 to 5 days depending on your training goals and learning objectives. We can also combine CHPSE and HCISPP course training if needed. Our course outline is flexible and can be customized to meet your requirements.
The training program can also be tailored to meet your specific requirements ensuring that your employees gain the fundamental knowledge required to meet your organization’s specific goals and objectives of compliance and audit.
The dates for the training are flexible, based on instructor availability. Our instructors have backgrounds in healthcare background with many combined years of expertise in HIPAA, IT security and are HIPAA consultant who helps our clients with their compliance processes. Our training is updated for the HITECH Act, Omnibus rule and regularly updated as HIPAA privacy and security rules changes.
Contact us for more details to discuss which option is best suited to meet your learning objectives. Call Bob Mehta at 515-865-4591 or email firstname.lastname@example.org