NEWS FOR IMMEDIATE RELEASE

Media Contact:
Michelle Schafer
Merritt Group, Inc.
703-390-1525
schafer@merrittgrp.com


(ISC)

Introduces New Healthcare Security and Privacy Certification

(ISC) Establishes Global Standard of Competency for Healthcare Information Security and
Privacy Practitioners

Clearwater, FL., U.S.A., November 4, 2013 (ISC) (ISC-squared), the worlds largest not-
for-profit information security professional body and administrators of the CISSP, today
announced it has launched a new certification, the HealthCare Information Security and Privacy
Practitioner (HCISPP
SM
), the first foundational global standard for assessing both information
security and privacy expertise within the healthcare industry. The credential, available
worldwide beginning today, is designed to provide healthcare employers and those in the
industry with validation that a healthcare security and privacy practitioner has the core level of
knowledge and expertise required by the industry to address specific security concerns.

As with all its credentials, (ISC) conducted a job task analysis (JTA) study to determine the scope
and content of the HCISPP credential program. Subject matter experts from the (ISC)
membership and other industry luminaires from organizations in Hong Kong, Europe, and the
United States attended several exam development workshops and contributed to develop the
Common Body of Knowledge (CBK) that serves as the foundation for the credential.
The HCISPP is a demonstration of knowledge by security and privacy practitioners regarding the
proper controls to protect the privacy and security of sensitive patient health information as
well as their commitment to the healthcare privacy profession. It is a foundational credential
that reflects internationally accepted standards of practice for healthcare information security
and privacy. For executives accountable for protecting sensitive healthcare data, HCISPP
demonstrates a proactive commitment to ensuring an organization is making the necessary
human resources investment in information security.

To attain the HCISPP, applicants must have a minimum of two years of experience in one
knowledge area of the credential that includes security, compliance and privacy. Legal
experience may be substituted for compliance and information management experience may be
substituted for privacy. One of the two years of experience must be in the healthcare industry.
All candidates must be able to demonstrate competencies in each of the following six CBK
domains in order to achieve HCISPP:
o Healthcare Industry
o Regulatory Environment
o Privacy and Security in Healthcare

o Information Governance and Risk Management
o Information Risk Assessment
o Third Party Risk Management
Candidates may find more information about HCISPP, download the exam outline, and register
for the exam at https://www.isc2.org/hcispp/default.aspx.

The HCISPP credential was developed based on direct feedback from our membership and
industry luminaries from around the world working in healthcare who have observed the
evolving complexity of information risk management in the industry as online system migration
and regulations increase, said W. Hord Tipton, CISSP, executive director of (ISC). Over the
past few years, the healthcare industry has undergone a major transformation to adjust its
compliance management practices and data protection requirements moving from highly
paper-based processes to a digital and more connected working environment. (ISC)
2
has
introduced this new healthcare credential to help employers bring more qualified and skilled
professionals into this industry who can help protect vital patient records and personal data.

The HCISPP provides multiple benefits to healthcare security and privacy practitioners and the
organizations that employ them. For practitioners, HCISPP helps them to:
Validate their experience, skills, and competency as a healthcare security and
privacy practitioner.
Demonstrate the qualifications to implement, manage, and/or assess the
appropriate security and privacy controls for healthcare organizations.
Advance their career with a certification that establishes foundational knowledge
and competency in health information security and privacy best practices.
Enhance their credibility as a healthcare information security and privacy
practitioner with a credential backed by (ISC)
2
, the globally recognized Gold
Standard in information security certification.
Affirm your commitment to continued competence in the most current security and
privacy practices through (ISC)
2
continuing professional education (CPE)
requirement.

For organizations, HCISPP offers to:
Provides reinforced defense with qualified, experienced, and credentialed
healthcare information security and privacy practitioners.
Demonstrate the organization's proactive commitment to minimizing the risk of
breaches.
Increase confidence that job candidates and employees can do the job right.
Mitigate risk by exchanging Protected Health Information (PHI) with 3rd parties that
employ HCISPPs.
Increase credibility of the organization when working with clients and vendors.

Ensure privacy and security personnel are current and capable through HCISPPs CPE
credits requirement.
Provide an added level of ethical adherence for their healthcare security and privacy
practitioners.

Recent trends towards stronger enforcement of security regulations have begun to change the
healthcare industrys perception of information security, said Dr. Bryan Cline, CISSP-ISSEP, CISO
and VP, CSF Development & Implementation, HITRUST. There is a growing need in the industry
for qualified professionals to help mature the current state of healthcare information security
and improve regulatory compliance. (ISC)
2
s HCISPP will help organizations streamline their
hiring process by ensuring prospective candidates have a basic level of knowledge about the
healthcare industry, the security and privacy concerns specific to healthcare, and the general
risk management principles and concepts required of a healthcare information protection
professional.

(ISC)
2
thanks HITRUST for its assistance in the development of the HCISPP credential, said W.
Hord Tipton. (ISC)
2
recognizes HITRUSTs commitment in the field of healthcare information
security, and appreciates its guidance and support. HITRUST is an important voice in the
healthcare information security field, and a key ally in the advancement of our healthcare
credential. As both parties work in good faith toward the goals of our MOU, (ISC)
2
looks forward
to future ventures with their organization.
"Healthcare organizations face significant and evolving challenges for the proper design,
implementation, and administration of effective privacy and security protection programs, said
Marc Schandl, CISSP-ISSAP, ISSMP, CSSLP, enterprise architect, Blue Cross and Blue Shield of
Minnesota. The HCISPP will benefit organizations by having a much greater chance for success
in tackling these and other opportunities because they will have a contextual understanding for
the appropriate application of essential practices and controls that meet organizational,
legislative, and directive mandates for the correct handling, processing, and securing of
healthcare information. Additionally, this shows that the healthcare practitioner is serious about
enhancing their career path and it provides greater confidence and assurance of their skills in
their chosen profession. That can provide the critical edge that an individual or an organization
needs to be successful in today's highly competitive market. The potential consequences for
failing to have this type of knowledge in-house can be great, so I strongly recommend this; it
raises the bar for healthcare professionals worldwide."


About (ISC)


(ISC) is the largest not-for-profit membership body of certified information and software security
professionals worldwide, with over 92,000 members in more than 135 countries. Globally
recognized as the Gold Standard, (ISC) issues the Certified Information Systems Security
Professional (CISSP

) and related concentrations, as well as the Certified Secure Software Lifecycle

Professional (CSSLP

), the Certified Cyber Forensics Professional (CCFP

SM
), Certified Authorization
Professional (CAP

), HealthCare Information Security and Privacy Practitioner (HCISPP

SM
), and
Systems Security Certified Practitioner (SSCP

) credentials to qualifying candidates. (ISC)s

certifications are among the first information technology credentials to meet the stringent
requirements of ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel.

(ISC) also offers education programs and services based on its CBK

, a compendium of information
and software security topics. More information is available at www.isc2.org.

# # #

2013, (ISC) Inc., (ISC), CISSP, ISSAP, ISSMP, ISSEP, CSSLP, CAP, SSCP and CBK are registered
marks, and CCFP and HCISPP are service marks, of (ISC)
2
, Inc.

Follow (ISC) on Facebook, Twitter and YouTube.