ISC2 HCISPP Exam Syllabus

HCISPP PDF, HCISPP Dumps, HCISPP PDF, HCISPP VCE, HCISPP Questions PDF, ISC2 HCISPP VCE, ISC2 HCISPP Dumps, ISC2 HCISPP PDFUse this quick start guide to collect all the information about ISC2 HCISPP Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the HCISPP ISC2 HealthCare Information Security and Privacy Practitioner exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual ISC2 HCISPP certification exam.

The ISC2 HCISPP certification is mainly targeted to those candidates who want to build their career in HealthCare Security domain. The ISC2 Certified HealthCare Information Security and Privacy Practitioner (HCISPP) exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of ISC2 HCISPP.

ISC2 HCISPP Exam Summary:

Exam Name ISC2 Certified HealthCare Information Security and Privacy Practitioner (HCISPP)
Exam Code HCISPP
Exam Price $599 (USD)
Duration 180 mins
Number of Questions 125
Passing Score 700 / 1000
Schedule Exam Pearson VUE
Sample Questions ISC2 HCISPP Sample Questions
Practice Exam ISC2 HCISPP Certification Practice Exam

ISC2 HCISPP Exam Syllabus Topics:

Topic Details

Healthcare Industry (12%)

Understand the Healthcare Environment Components - Types of Organizations in the Healthcare Sector (e.g., providers, pharma, payers)
- Health Insurance (e.g., claims processing, payment models, health exchanges, clearing houses)
- Coding (e.g., Systematized Nomenclature of Medicine Clinical Terms (SNOMED CT), International Classification of Diseases (ICD) 10)
- Revenue Cycle (i.e., billing, payment, reimbursement)
- Workflow Management
- Regulatory Environment
- Public Health Reporting
- Clinical Research (e.g., processes)
- Healthcare Records Management
Understand Third-Party Relationships - Vendors
- Business Partners
- Regulators
- Other Third-Party Relationships
Understand Foundational Health Data Management Concepts - Information Flow and Life Cycle in the Healthcare Environments
- Health Data Characterization (e.g., classification, taxonomy, analytics)
- Data Interoperability and Exchange (e.g., Health Level 7 (HL7), International Health Exchange (IHE), Digital Imaging and Communications in Medicine (DICOM))
- Legal Medical Records

Information Governance in Healthcare (5%)

Understand Information Governance Frameworks - Security Governance (e.g., charters, roles, responsibilities)
- Privacy Governance (e.g., charters, roles, responsibilities)
Identify Information Governance Roles and Responsibilities  
Align Information Security and Privacy Policies, Standards and Procedures - Policies
- Standards
- Processes and Procedures
Understand and Comply with Code of Conduct/Ethics in a Healthcare Information Environment - Organizational Code of Ethics
- (ISC)² Code of Ethics

Information Technologies in Healthcare (8%)

Understand the Impact of Healthcare Information Technologies on Privacy and Security - Increased Exposure Affecting Confidentiality, Integrity and Availability (e.g., threat landscape)
- Oversight and Regulatory Challenges
- Interoperability
- Information Technologies
Understand Data Life Cycle Management (e.g., create, store, use, share, archive, destroy)  
Understand Third-Party Connectivity - Trust Models for Third-Party Interconnections
- Technical Standards (e.g., physical, logical, network connectivity)
- Connection Agreements (e.g., Memorandum of Understanding (MOU), Interconnection Security Agreements (ISAs))

Regulatory and Standards Environment (15%)

Identify Regulatory Requirements - Legal Issues that Pertain to Information Security and Privacy for Healthcare Organizations
- Data Breach Regulations
- Protected Personal and Health Information (e.g., Personally Identifiable Information (PII), Personal Health Information (PHI))
- Jurisdiction Implications
- Data Subjects
- Research
Recognize Regulations and Controls of Various Countries - Treaties
- Laws and Regulations (e.g., European Union (EU) Data Protection Directive, Health Insurance Portability and Accountability Act /Health Information Technology for Economic and Clinical Health (HIPAA/HITECH), General Data Protection Regulation (GDPR), Personal Information Protection and Electronic Documents Act (PIPEDA))
Understand Compliance Frameworks - Privacy Frameworks (e.g., Organization for Economic Cooperation and Development (OECD) Privacy principles, Asia-Pacific Economic Cooperation (APEC), Generally Accepted Privacy Principles (GAPP))
- Security Frameworks (e.g., International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST), Common Criteria (CC))

Privacy and Security in Healthcare (25%)

Understand Security Objectives/Attributes - Confidentiality
- Integrity
- Availability
Understand General Security Definitions and Concepts - Identity and Access Management (IAM)
- Data Encryption
- Training and Awareness
- Logging, Monitoring and Auditing
- Vulnerability Management
- Segregation of Duties
- Least Privilege (Need to Know)
- Business Continuity (BC)
- Disaster Recovery (DR)
- System Backup and Recovery
Understand General Privacy Definitions and Concepts - Consent/Choice
- Limited Collection/Legitimate Purpose/Purpose Specification
- Disclosure Limitation/Transfer to Third-Parties/ Trans-border Concerns
- Access Limitation
- Accuracy, Completeness and Quality
- Management, Designation of Privacy Officer, Supervisor Re-authority, Processing Authorization and Accountability
- Training and Awareness
- Transparency and Openness (e.g., notice of privacy practices)
- Proportionality, Use and Disclosure, and Use Limitation
- Access and Individual Participation
- Notice and Purpose Specification
- Events, Incidents and Breaches
Understand the Relationship Between Privacy and Security - Dependency
- Integration
Understand Sensitive Data and Handling - Sensitivity Mitigation (e.g., de-identification, anonymization)
- Categories of Sensitive Data (e.g., behavioral health)

Risk Management and Risk Assessment (20%)

Understand Enterprise Risk Management - Information Asset Identification
- Asset Valuation
- Exposure
- Likelihood
- Impact
- Threats
- Vulnerability
- Risk
- Controls
- Residual Risk
- Acceptance
Understand Information Risk Management Framework (RMF) (e.g., International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST))  
Understand Risk Management Process - Definition
- Approach (e.g., qualitative, quantitative)
- Intent
- Life Cycle/Continuous Monitoring
- Tools/Resources/Techniques
- Desired Outcomes
- Role of Internal and External Audit/Assessment
Identify Control Assessment Procedures Utilizing Organization Risk Frameworks  
Participate in Risk Assessment Consistent with the Role in Organization - Information Gathering
- Risk Assessment Estimated Timeline
- Gap Analysis
Understand Risk Response (e.g., corrective action plan) - Mitigating Actions
- Avoidance
- Transfer
- Acceptance
- Communications and Reporting
Utilize Controls to Remediate Risk (e.g., preventative, detective, corrective) - Administrative
- Physical
- Technical
Participate in Continuous Monitoring  

Third-Party Risk Management (15%)

Understand the Definition of Third-Parties in Healthcare Context  
Maintain a List of Third-Party Organizations - Third-Party Role/Relationship with the Organization
- Health Information Use (e.g., processing, storage, transmission)
Apply Management Standards and Practices for Engaging Third-Parties - Relationship Management
Determine When a Third-Party Assessment Is Required - Organizational Standards
- Triggers of a Third-Party Assessment
Support Third-Party Assessments and Audits - Information Asset Protection Controls
- Compliance with Information Asset Protection Controls
- Communication of Results
Participate in Third-Party Remediation Efforts - Risk Management Activities
- Risk Treatment Identification
- Corrective Action Plans
- Compliance Activities Documentation
Respond to Notifications of Security/Privacy Events - Internal Processes for Incident Response
- Relationship Between Organization and Third-Party Incident Response
- Breach Recognition, Notification and Initial Response
Respond to Third-Party Requests Regarding Privacy/Security Events - Organizational Breach Notification Rules
- Organizational Information Dissemination Policies and Standards
- Risk Assessment Activities
- Chain of Custody Principles
Promote Awareness of Third-Party Requirements - Information Flow Mapping and Scope
- Data Sensitivity and Classification
- Privacy and Security Requirements
- Risks Associated with Third-Parties

To ensure success in ISC2 HCISPP certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for ISC2 HealthCare Information Security and Privacy Practitioner (HCISPP) exam.

Rating: 5 / 5 (81 votes)