(ISC)² intros program to certify security, privacy pros in health care
A new certification program aims to widen the pool of professionals with needed health care and data security experience.
On Monday, the HealthCare Information Security and Privacy Practitioner (HCISPP) credential was introduced to ensure healthcare and IT workers obtain a “core level of knowledge and expertise” to address the industry's expanding security concerns.
(ISC)2, a Clearwater, Fla.-based consortium that educates and certifies information security professionals around the globe, launched the program in response to feedback from its membership.
To obtain the certification, candidates must demonstrate their knowledge in six main areas: the health care industry, regulatory issues, privacy and security in healthcare, information governance and risk management, information risk assessment and third party risk management.
Candidates desiring to take the HCISPP exam must enter the program with a minimum of two years of experience in security, compliance and privacy. In addition, one year of experience must have been gained in the health care industry.
Hospitals, clinics, practices and privacy and consulting firms, among other organizations, are expected to be aided by the certification opportunity, which is designed to train a wide range of professionals internationally, from information security managers and privacy officers to medical records supervisors and compliance auditors, a description of the program on the (ISC)2 website said.
On Monday, Dennis Seymour, chief security architect at Ellumen, an Arlington, Va.-based consulting and IT solutions firm that services federal and commercial health enterprises, spoke to SCMagazine.com about the need for a security and privacy-centric certification that was “health care specific.”
“The premise of the exam itself it not entered around being an IT person,” Seymour said. “Maybe they are looking to up their career, and getting a certification like this might be a way for advancement within their organization or an external organization."
The certification comes at time where employers are especially in need of proof that job candidates have the experience needed to take on the expanding threats affecting the industry, he added.
“With the proliferation of technical devices where individuals can get access to data, the chances of risks or disclosure are considerably higher,” Seymour said. “You could potentially walk away [from an organization] with hundreds or thousands of medical records on one device."