The HealthCare Information Security and Privacy Practitioner (HCISPP) course is designed for individuals who elect to take this training course to hone their knowledge and skills related to HealthCare Security and Privacy and/or to prepare for the (ISC)_ HCISPP exam. The program is comprised of a total of 6 domains. The modular format is designed to organize and chunk information in order to assist with learning retention as participants are guided through the HCISPP course materials.
Upon completing this course, the student will be able to meet these overall objectives:
- Conceptualize the diversity in the healthcare industry. In order to achieve this, learners will gain knowledge of the diverse types of healthcare organizations, types of technologies, how information and data flows and is managed, how data is exchanged, and the levels of protection required for that data.
- Identify and describe the relevant legal and regulatory requirements regarding healthcare information. These requirements are necessary in order to ensure that the organizations policies and procedures are in compliance and that all trans-border data exchange procedures are followed.
- Describe security and privacy concept principals as they relate to the Healthcare industry. Learners will be able to understand the relationship of security and privacy, and how to manage and handle all information requiring data protection in the healthcare industry.
- Identify how organizations manage information risk, and what security and privacy governance means for that information. The learners will be introduced to basic risk management methods and lifecycles, and the activities that support these concepts.
- Describe risk assessment, and the risk assessment practices and procedures for an organization.
- Identify concepts for managing third-party relationships. Learners will gain knowledge regarding concepts pertaining to their use of information, any additional security and privacy assurances, third-party assessments, third-party security and privacy events, and recognize the mitigation process of third-party risks.