HCISPP Certification Prep Course



In this course, you will hone your knowledge and skills related to healthcare security and privacy, and also helps you prepare for the (ISC)2 HCISPP exam. HCISPPs provide the front-line defense in protecting health information.

As the healthcare industry faces increasing challenges to keeping personal health information protected, there is a growing need to ensure knowledgeable and credentialed security and privacy practitioners are in place to protect this sensitive information.

You will learn legal and regulatory requirements and security privacy concept principles regarding healthcare information. It is important to understand and know how organizations manage information risk through risk assessment practices and procedures.

This course is your one source for exam preparation that includes:

  • Official (ISC)2 Guide to the HCISPP Common Body of Knowledge� (CBK)
  • Official (ISC)2 HCISPP Training Handbook
  • Official (ISC)2 HCISPP Flash Cards
  • HCISPP Certification Exam Voucher


  • Applications security professionals
  • Information risk owners
  • Clinical researchers
  • Compliance personnel
  • Health information management specialists
  • Risk analyst
  • Security operations personnel
  • Medical records supervisors
  • Wellness program directors
  • Individuals pursuing HCISPP� certification


A minimum of two years of experience in one knowledge area of the credential that includes security, compliance, and privacy

Learning Objectives

In-depth coverage of the six domains required to pass the HCISPP exam:

  1. Healthcare Industry
  2. Regulatory Environment
  3. Privacy and Security in Healthcare
  4. Information Governance and Risk Management
  5. Information Risk Assessment
  6. Third-party Risk Management

1. Domain 1: Healthcare Industry

  • Understand the healthcare environment
  • Understand third-party relationships
  • Understand foundational health data management concepts

2. Domain 2: Regulatory Environment

  • Identify applicable regulations
  • Understand international regulations and controls
  • Compare internal practices against new policies and procedures
  • Understand compliance frameworks
  • Understand responses for risk-based decision
  • Understand and comply with code of conduct/ethics in healthcare information

3. Domain 3: Privacy and Security in HealthCare

  • Understand security objectives/attributes
  • Understand general security definitions/concepts
  • Understand general privacy principles
  • Understand the relationship between privacy and security
  • Understand the disparate nature of sensitive data handling implications

4. Domain 4: Information Governance and Risk Management

  • Understand security and privacy governance
  • Understand basic risk management methodology
  • Understand information risk management life cycles
  • Participate in risk management activities

5. Domain 5: Information Risk Assessment

  • Understand risk assessment
  • Identify control assessment procedures from within organizational risk frameworks
  • Participate in risk assessment consistent with role in organization
  • Participate in efforts to remediate gaps

6. Domain 6: Third-party Risk Management

  • Understand the definition of third parties in healthcare context
  • Maintain a list of third-party organizations
  • Determine when third-party assessment is required
  • Support third-party assessments and audits
  • Respond to notifications of security/privacy events
  • Support establishment of third-party connectivity
  • Promote awareness of the third-party requirements (internally and externally)
  • Participate in remediation efforts
  • Respond to third-party requests regarding privacy/security event