Enjoy the best in HealthCare Information Security and Privacy Practitioner (HCISPP) Training

The HealthCare Information Security and Privacy Practitioner (HCISPP) educational course are intended to communicate to the audience the basic structure, the essentials of the legal basis, the issues of and the information security and privacy particulars within the described context of the American healthcare delivery system.


ISC2 CAP Certified Authorization Professional

HCISPP – HealthCare Information Security and Privacy Practitioner

An integral part of this course is to prepare the attendee (with the required minimum experience) to sit for the (ISC)² HCISPP certification examination.

    ISC2 CAP Certified Authorization Professional

    Course Outline

    Domain 1: Healthcare Industry
    • Understand the Healthcare environment
      • Types of Organizations in the Healthcare Sector (e.g. providers, pharma, payers, business associates)
      • Health Information Technology (e.g., computers, medical devices, networks, health information exchanges, Electronic Health Record [EHR], Personal Health Record [PHR]
      • Health Insurance (e.g., claims processing, payment models)
      • Coding (e.g., SNOMED CT, ICD-9/10)
      • Billing, Payment, and Reimbursement
      • Workflow Management
      • Regulatory Environment (e.g., security, privacy, oversight)
      • Public Health Reporting
      • Clinical Research (e.g., process)
      • Healthcare Records Management
    • Understand Third-party relationships
      • Vendors
      • Business Partners
      • Data Sharing
      • Regulators
    • Understand foundational health data management concepts
      • Information Flow and Life Cycle in the Healthcare Environments
      • Health Data Characterization (e.g. classification, taxonomy, analytics)
      • Data Interoperability and Exchange (e.g. HL7, HIE, DICOM)
      • Legal Medical Records
    Domain 2: Regulatory Environment
    • Identify applicable regulations
      • Legal issues that Pertain to Information Security and Privacy for Healthcare Organizations
      • Data Breach Regulations
      • Personally Identifiable Information
      • Information Flow Mapping
      • Jurisdiction Implications
      • Data Subjects
      • Data Owners/Controllers/Custodians/Processors
    • Understand international regulations and controls
      • Treaties (e.g., Safe Harbor)
      • Regulations
      • Industry-Specific Laws
      • Legislative (e.g., EU Data Privacy Directive, HIPAA/HITECH)
    • Compare internal practices against new policies and procedures
      • Policies (information security and privacy)
      • Standards (information security and privacy)
      • Procedures (information security and privacy)
    • Understand compliance frameworks
    • Understand responses for risk-based decision
      • Compensating Controls
      • Control Variance Documentation
      • Residual Risk Tolerance
    • Understand and comply with Code of Conduct/Ethics in HealthCare information
      • Organizational Code of Ethics
      • (ISC)2 Code of Ethics


    Domain 3: Privacy and Security in Healthcare
    • Understand security objectives/attributes
      • Confidentiality
      • Integrity
      • Availability
    • Understand general security definitions/concepts
      • Access Control
      • Data Encryption
      • Training and Awareness
      • Logging and Monitoring
      • Vulnerability Management
      • Systems Recovery
      • Segregation of Duties
      • Least Privilege (Need to Know)
      • Business Continuity
      • Data Retention and Destruction
    • Understand general privacy principles
      • Consent/Choice
      • Limited Collection/Legitimate Purpose/Purpose Specification
      • Disclosure Limitation/Transfer to Third Parties/Trans-Border Concerns
      • Access Limitation
      • Security
      • Accuracy, Completeness, Quality
      • Management, Designation of Privacy Officer, Supervisor Re-authority, Processing Authorization, Accountability
      • Transparency, Openness
      • Proportionality, Use, and Retention, Use Limitation
      • Access, Individual Participation
      • Notice, Purpose Specification
      • Additional Measures for Breach Notification
    • Understand the relationship between privacy and security
      • Dependency
      • Integration
    • Understand the disparate nature of sensitive data handling implications
      • Personal and Health Information protected by Law
      • Sensitivity mitigation (e.g., de-identification, anonymization)
      • Categories of sensitive data (e.g., mental health)
      • Understand Security and Privacy Terminology Specific to Healthcare


    Domain 4: Information Governance and Risk Management
    • Understand Security and Privacy Governance
      • Information governance
      • Governance structures
    • Understand basic risk management methodology
      • Approach (e.g., qualitative, quantitative)
      • Information Asset Identification
      • Asset Valuation
      • Exposure
      • Likelihood
      • Impact
      • Threats
      • Vulnerability
      • Risk
      • Controls
      • Residual Risk
      • Acceptance
    • Understand information risk management life cycles
    • Participate in risk management activities
      • Remediation Action Plans
      • Risk Treatment (e.g. mitigation/remediation, transfer, acceptance, avoidance)
      • Communications
      • Exception Handling
      • Reporting and Metrics


    Domain 5: Information Risk Assessment
    • Understand risk assessment
      • Definition
      • Intent
      • Lifecycle/Continuous Monitoring
      • Tools/Resources/Techniques
      • Desired Outcomes
      • Role of Internal and External Audit/Assessment
    • Identify control assessment procedures from within organizational risk frameworks
    • Participate in risk assessment consistent with a role in the organization
      • Information Gathering
      • Risk Assessment Estimated Timeline
      • Gap Analysis
      • Corrective Action Plan
      • Mitigation Actions
    • Participate in efforts to remediate gaps
      • Types of Controls
      • Controls Related to Time


    Domain 6: Third-party Risk Management
    • Understand the definition of third parties in the Healthcare context
    • Maintain a list of third-party organizations
      • Health Information Use (e.g., processing, storage, transmission)
      • Third-Party Role/Relationship with the Organization
    • Apply Third-Party Management Standards and Practices for Engaging Third Parties Based upon the relationship with the organization
      • Relationship Management
      • Comprehend Compliance Requirements
    • Determine when the third-party assessment is required
      • Organizational Standards
      • Triggers of Third-Party Assessment
    • Support third-party assessments and audits
      • Information Asset Protection Controls
      • Compliance with Information Asset Protection Controls
      • Communication of Findings
    • Respond to notifications of security/privacy events
      • Internal Process for Incident Response
      • Relationship between Organization and Third-Party Incident Response
      • Breach Recognition, Notification, and Initial Response
    • Support establishment of third-party connectivity
      • Trust Models for Third-Party interconnections
      • Technical Standards (e.g., physical, logical, network connectivity)
      • Connection Agreements
    • Promote awareness of the third-party requirements (internally and externally)
      • Information Flow Mapping and Scope
      • Data sensitivity and classification
      • Privacy Requirements
      • Security Requirements
      • Risks Associated with Third Parties
    • Participate in remediation efforts
      • Risk Management Activities
      • Risk Treatment Identification
      • Corrective Action Plans
      • Compliance Activities Documentation
    • Respond to third-party requests regarding privacy/security event
      • Organizational Breach Notification Rules
      • Organizational Information Dissemination Policies and Standards
      • Risk Assessment Activities
      • Chain of Custody Principles
    Domain 7: Practice questions

    HCISPP Training Course Target Audience:

    The audience for whom this course is intended would be made up of mid-level to senior security and privacy practitioners who have 5 or more years of professional practice, of which at least 2 should be in such a role in a healthcare environment.  Ideally, the candidate would already hold the CISSP certification from ISC2, but this is not required for the material to be accessible to the attendee.  The roles normally occupied by such persons would include:

    • HealthCare Compliance Officers
    • Privacy Officers of HealthCare companies
    • Security Managers
    • Auditors
    • IT Management
    • Risk Managers
    • Industry consultants in Security and Privacy
    Toggle Filters
    Want to run this course in-house?
    None of these dates work for you?

    Achieve your HealthCare Information Security and Privacy Practitioner (HCISPP) Certifications Today!

    Whether you are simply seeking a knowledge based IT course, or are working towards passing the exam for your next IT certification, we offer the courses you are looking for as daytime classes, evening classes, boot camps and on-demand. 

    We know that the instructor is the key to our students’ success and we have taken over a decade to build one of the best teams in the country.  Our instructors have decades of cumulative real world experience and they bring that to every class they teach!

    ISC2 CAP Certified Authorization Professional

    Client Testimonials

    Be wary of companies that pay external vendors to farm and post reviews, many of them are not authentic. Ours come straight from Google, you can’t alter reviews on Google Maps in any way. Don’t take our word for who we are – hear from our clients:

    We offer more than just HealthCare Information Security and Privacy Practitioner (HCISPP) Training

    We offer more than just HealthCare Information Security and Privacy Practitioner (HCISPP) Training

    Our successful training results keep our corporate and military clients returning. That’s because we provide everything you need to succeed. This is true for all of our courses.

    A+ training in panama beach


    From Lean Six Sigma to PMI Project Management Professional, Agile and SCRUM , we offer the best-in-class strategic planning and project management training available.  We are here to train your team!

    A+ training in panama beach


    As the leading Offensive Security US training provider, and a CompTIA and EC-Council award-winning training partner.  We offer the best cybersecurity and vendor driven IT training and certification courses to keep your team ahead of the technology skills curve.

    A+ training in panama beach


    Let us teach your team the high-level traits and micro-level tools & strategies of effective 21st-century leadership.  Empower your team to play to each others’ strengths, inspire others, and build a culture that values communication, authenticity, and community. 

    Looking for HealthCare Information Security and Privacy Practitioner (HCISPP) Training and Certifications?

    And no, we will not relentlessly hound you with sales calls, we promise! Please reach out to us with any questions you might have. We welcome the opportunity to talk through your individual training needs, or that of your team. We are a no pressure, service oriented company. Reach out – you’ll be glad you did!