(ISC)² intros program to certify security, privacy pros in health care

Share this article:

A new certification program aims to widen the pool of professionals with needed health care and data security experience.

On Monday, the HealthCare Information Security and Privacy Practitioner (HCISPP) credential was introduced to ensure healthcare and IT workers obtain a “core level of knowledge and expertise” to address the industry's expanding security concerns.

(ISC)2, a Clearwater, Fla.-based consortium that educates and certifies information security professionals around the globe, launched the program in response to feedback from its membership.

To obtain the certification, candidates must demonstrate their knowledge in six main areas: the health care industry, regulatory issues, privacy and security in healthcare, information governance and risk management, information risk assessment and third party risk management.

Candidates desiring to take the HCISPP exam must enter the program with a minimum of two years of experience in security, compliance and privacy. In addition, one year of experience must have been gained in the health care industry.

Hospitals, clinics, practices and privacy and consulting firms, among other organizations, are expected to be aided by the certification opportunity, which is designed to train a wide range of professionals internationally, from information security managers and privacy officers to medical records supervisors and compliance auditors, a description of the program on the (ISC)2 website said.

On Monday, Dennis Seymour, chief security architect at Ellumen, an Arlington, Va.-based consulting and IT solutions firm that services federal and commercial health enterprises, spoke to SCMagazine.com about the need for a security and privacy-centric certification that was “health care specific.”

“The premise of the exam itself it not entered around being an IT person,” Seymour said. “Maybe they are looking to up their career, and getting a certification like this might be a way for advancement within their organization or an external organization."

The certification comes at time where employers are especially in need of proof that job candidates have the experience needed to take on the expanding threats affecting the industry, he added.

“With the proliferation of technical devices where individuals can get access to data, the chances of risks or disclosure are considerably higher,” Seymour said. “You could potentially walk away [from an organization] with hundreds or thousands of medical records on one device."

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.