ISC2 HCISPP Exam Syllabus Topics:
| Topic | Details |
|---|---|
Healthcare Industry (12%) | |
| Understand the Healthcare Environment Components | - Types of Organizations in the Healthcare Sector (e.g., providers, pharma, payers) - Health Insurance (e.g., claims processing, payment models, health exchanges, clearing houses) - Coding (e.g., Systematized Nomenclature of Medicine Clinical Terms (SNOMED CT), International Classification of Diseases (ICD) 10) - Revenue Cycle (i.e., billing, payment, reimbursement) - Workflow Management - Regulatory Environment - Public Health Reporting - Clinical Research (e.g., processes) - Healthcare Records Management |
| Understand Third-Party Relationships | - Vendors - Business Partners - Regulators - Other Third-Party Relationships |
| Understand Foundational Health Data Management Concepts | - Information Flow and Life Cycle in the Healthcare Environments - Health Data Characterization (e.g., classification, taxonomy, analytics) - Data Interoperability and Exchange (e.g., Health Level 7 (HL7), International Health Exchange (IHE), Digital Imaging and Communications in Medicine (DICOM)) - Legal Medical Records |
Information Governance in Healthcare (5%) | |
| Understand Information Governance Frameworks | - Security Governance (e.g., charters, roles, responsibilities) - Privacy Governance (e.g., charters, roles, responsibilities) |
| Identify Information Governance Roles and Responsibilities | |
| Align Information Security and Privacy Policies, Standards and Procedures | - Policies - Standards - Processes and Procedures |
| Understand and Comply with Code of Conduct/Ethics in a Healthcare Information Environment | - Organizational Code of Ethics - (ISC)² Code of Ethics |
Information Technologies in Healthcare (8%) | |
| Understand the Impact of Healthcare Information Technologies on Privacy and Security | - Increased Exposure Affecting Confidentiality, Integrity and Availability (e.g., threat landscape) - Oversight and Regulatory Challenges - Interoperability - Information Technologies |
| Understand Data Life Cycle Management (e.g., create, store, use, share, archive, destroy) | |
| Understand Third-Party Connectivity | - Trust Models for Third-Party Interconnections - Technical Standards (e.g., physical, logical, network connectivity) - Connection Agreements (e.g., Memorandum of Understanding (MOU), Interconnection Security Agreements (ISAs)) |
Regulatory and Standards Environment (15%) | |
| Identify Regulatory Requirements | - Legal Issues that Pertain to Information Security and Privacy for Healthcare Organizations - Data Breach Regulations - Protected Personal and Health Information (e.g., Personally Identifiable Information (PII), Personal Health Information (PHI)) - Jurisdiction Implications - Data Subjects - Research |
| Recognize Regulations and Controls of Various Countries | - Treaties - Laws and Regulations (e.g., European Union (EU) Data Protection Directive, Health Insurance Portability and Accountability Act /Health Information Technology for Economic and Clinical Health (HIPAA/HITECH), General Data Protection Regulation (GDPR), Personal Information Protection and Electronic Documents Act (PIPEDA)) |
| Understand Compliance Frameworks | - Privacy Frameworks (e.g., Organization for Economic Cooperation and Development (OECD) Privacy principles, Asia-Pacific Economic Cooperation (APEC), Generally Accepted Privacy Principles (GAPP)) - Security Frameworks (e.g., International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST), Common Criteria (CC)) |
Privacy and Security in Healthcare (25%) | |
| Understand Security Objectives/Attributes | - Confidentiality - Integrity - Availability |
| Understand General Security Definitions and Concepts | - Identity and Access Management (IAM) - Data Encryption - Training and Awareness - Logging, Monitoring and Auditing - Vulnerability Management - Segregation of Duties - Least Privilege (Need to Know) - Business Continuity (BC) - Disaster Recovery (DR) - System Backup and Recovery |
| Understand General Privacy Definitions and Concepts | - Consent/Choice - Limited Collection/Legitimate Purpose/Purpose Specification - Disclosure Limitation/Transfer to Third-Parties/ Trans-border Concerns - Access Limitation - Accuracy, Completeness and Quality - Management, Designation of Privacy Officer, Supervisor Re-authority, Processing Authorization and Accountability - Training and Awareness - Transparency and Openness (e.g., notice of privacy practices) - Proportionality, Use and Disclosure, and Use Limitation - Access and Individual Participation - Notice and Purpose Specification - Events, Incidents and Breaches |
| Understand the Relationship Between Privacy and Security | - Dependency - Integration |
| Understand Sensitive Data and Handling | - Sensitivity Mitigation (e.g., de-identification, anonymization) - Categories of Sensitive Data (e.g., behavioral health) |
Risk Management and Risk Assessment (20%) | |
| Understand Enterprise Risk Management | - Information Asset Identification - Asset Valuation - Exposure - Likelihood - Impact - Threats - Vulnerability - Risk - Controls - Residual Risk - Acceptance |
| Understand Information Risk Management Framework (RMF) (e.g., International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST)) | |
| Understand Risk Management Process | - Definition - Approach (e.g., qualitative, quantitative) - Intent - Life Cycle/Continuous Monitoring - Tools/Resources/Techniques - Desired Outcomes - Role of Internal and External Audit/Assessment |
| Identify Control Assessment Procedures Utilizing Organization Risk Frameworks | |
| Participate in Risk Assessment Consistent with the Role in Organization | - Information Gathering - Risk Assessment Estimated Timeline - Gap Analysis |
| Understand Risk Response (e.g., corrective action plan) | - Mitigating Actions - Avoidance - Transfer - Acceptance - Communications and Reporting |
| Utilize Controls to Remediate Risk (e.g., preventative, detective, corrective) | - Administrative - Physical - Technical |
| Participate in Continuous Monitoring | |
Third-Party Risk Management (15%) | |
| Understand the Definition of Third-Parties in Healthcare Context | |
| Maintain a List of Third-Party Organizations | - Third-Party Role/Relationship with the Organization - Health Information Use (e.g., processing, storage, transmission) |
| Apply Management Standards and Practices for Engaging Third-Parties | - Relationship Management |
| Determine When a Third-Party Assessment Is Required | - Organizational Standards - Triggers of a Third-Party Assessment |
| Support Third-Party Assessments and Audits | - Information Asset Protection Controls - Compliance with Information Asset Protection Controls - Communication of Results |
| Participate in Third-Party Remediation Efforts | - Risk Management Activities - Risk Treatment Identification - Corrective Action Plans - Compliance Activities Documentation |
| Respond to Notifications of Security/Privacy Events | - Internal Processes for Incident Response - Relationship Between Organization and Third-Party Incident Response - Breach Recognition, Notification and Initial Response |
| Respond to Third-Party Requests Regarding Privacy/Security Events | - Organizational Breach Notification Rules - Organizational Information Dissemination Policies and Standards - Risk Assessment Activities - Chain of Custody Principles |
| Promote Awareness of Third-Party Requirements | - Information Flow Mapping and Scope - Data Sensitivity and Classification - Privacy and Security Requirements - Risks Associated with Third-Parties |
Customer aimed company culture
We are the living examples for clients, because we are selling HCISPP exam study material as well as promote our images of company. Our cultural pendulum has always swung to customers benefits, which explains why we provide you excellent HCISPP exam study material with reasonable price and discounts. So we serve as a companion to help you resolve any problems you may encounter in your review course. Furthermore, we indemnify your money from loss and against all kinds of deceptive behaviors, which is impossible to happen on you at all. You can trust our HCISPP practice questions as well as us.
Considerate service
We have aftersales apartment who dedicated to satisfy your needs and solve your problems 24/7. It is quite rare to have failures who chose our HCISPP exam study material, so our HCISPP exam study material are with bountiful means and resources to satisfy users' needs who always impressed by their functional advantages. Besides, we give you full refund service as a precaution in case you fail the test unluckily, which is rate situation, but is also shows our considerate side of the services, or we will still offer your other exam study material for free. All these choices are useful for you reference. We offer HCISPP free demo for you to download and take a simple but general look of the contents before buying our HCISPP exam study material.
In consideration of the quick changes happened in this area, we remind ourselves of trying harder to realize our job aims such as double even triple the salary, getting promotion or better job opportunity by possessing more meaningful certificates. This kind of trend is international, and the right HCISPP exam pdf vce is crucial to pass the test smoothly. But there emerges a lot of similar study material in the market. Users are confused by them and splurged money on them without satisfying outcome, which is quite disappointing results. Now, we promise here that is not true to our HCISPP latest practice materials. Let us see the benefits of choosing our HCISPP exam questions as follows and let me make some main features unfold.
High quality products
We have always been received positive compliments on high quality and accuracy of our HCISPP study questions free. And we treat those comments with serious attitude to improve the level of our HCISPP practice questions even better. Although we have collected the data and made the conclusion that passing rate of the customers has reached up to 95 to 100 percent, we never stop the pace of making our HCISPP exam pdf vce do better.
Experts who devoted to HCISPP exam pdf
There are a group of experts who devoted to IT area for many years. The HCISPP test prep material may be quite complicated and difficult for you, but with our HCISPP latest practice materials, you can pass it easily. Because our company sincerely invited many professional and academic experts form the filed who are diligently keeping eyes on accuracy and efficiency of HCISPP exam training materials for many years more than we can do, which means the study material are truly helpful and useful.
Instant Download ISC HCISPP Exam Braindumps: Upon successful payment, Our systems will automatically send the product you have purchased to your mailbox by email. (If not received within 12 hours, please contact us. Note: don't forget to check your spam.)
ISC2 HCISPP Exam Certification Details:
| Sample Questions | ISC2 HCISPP Sample Questions |
| Schedule Exam | Pearson VUE |
| Exam Price | $599 (USD) |
| Exam Code | HCISPP |
| Number of Questions | 125 |
| Exam Name | ISC2 Certified HealthCare Information Security and Privacy Practitioner (HCISPP) |
| Passing Score | 700 / 1000 |
| Duration | 180 mins |
Reference: https://www.isc2.org/Certifications/HCISPP
Derrick 
Zona 
Benjamin 
Wendell 
Viola 
Stephanie 
Lindsay 
Aldrich 
Brook 
Tabitha 
Rosemary 
Joy 
Sandy 
Stan 
Sharon 
Poppy 
