(ISC)² intros program to certify security, privacy pros in health care

Share this article:

A new certification program aims to widen the pool of professionals with needed health care and data security experience.

On Monday, the HealthCare Information Security and Privacy Practitioner (HCISPP) credential was introduced to ensure healthcare and IT workers obtain a “core level of knowledge and expertise” to address the industry's expanding security concerns.

(ISC)2, a Clearwater, Fla.-based consortium that educates and certifies information security professionals around the globe, launched the program in response to feedback from its membership.

To obtain the certification, candidates must demonstrate their knowledge in six main areas: the health care industry, regulatory issues, privacy and security in healthcare, information governance and risk management, information risk assessment and third party risk management.

Candidates desiring to take the HCISPP exam must enter the program with a minimum of two years of experience in security, compliance and privacy. In addition, one year of experience must have been gained in the health care industry.

Hospitals, clinics, practices and privacy and consulting firms, among other organizations, are expected to be aided by the certification opportunity, which is designed to train a wide range of professionals internationally, from information security managers and privacy officers to medical records supervisors and compliance auditors, a description of the program on the (ISC)2 website said.

On Monday, Dennis Seymour, chief security architect at Ellumen, an Arlington, Va.-based consulting and IT solutions firm that services federal and commercial health enterprises, spoke to SCMagazine.com about the need for a security and privacy-centric certification that was “health care specific.”

“The premise of the exam itself it not entered around being an IT person,” Seymour said. “Maybe they are looking to up their career, and getting a certification like this might be a way for advancement within their organization or an external organization."

The certification comes at time where employers are especially in need of proof that job candidates have the experience needed to take on the expanding threats affecting the industry, he added.

“With the proliferation of technical devices where individuals can get access to data, the chances of risks or disclosure are considerably higher,” Seymour said. “You could potentially walk away [from an organization] with hundreds or thousands of medical records on one device."

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.