A new certification to align skills and knowledge within healthcare has been launched by (ISC)².
The healthcare security and privacy certification has been established as a global standard of competency for healthcare information security and privacy practitioners. According to (ISC)², it is designed to provide healthcare employers and those in the industry with validation that a healthcare security and privacy practitioner has the core level of knowledge and expertise required by the industry to address specific security concerns.
Tim Wilson from (ISC)² told IT Security Guru that this is intentionally a global certification so that issues in the NHS and private providers in the US can be considered. He said: “Information governance is drummed into everyone in the NHS and it is part of your everyday duties, and a security manager must exist in every trust so there is a need for this formal certification to form a true international standard.
“This covers areas like sending details of patients to the US for healthcare treatment and it is important for here and overseas as well. We have the same requirements in health as financial services as there is a need to understand the requirements for transferring safely and it is providing training for the UK too.”
Wilson explained that to gain this certification, professionals have to demonstrate that they have worked in security for two years in this area, one year of which must be within healthcare, and there is a 125 question, three hour exam. “People can answer questions based on their own knowledge,” he said. “This is also an international test so you have to know about HIPAA and Safe Harbor. There are 1.4 million people working in the NHS, so this will cover a lot of people who can take the exam and anyone who practices can take the exam.”
All candidates must be able to demonstrate competencies in each of the following domains in order to achieve the HealthCare Information Security and Privacy Practitioner (HCISPP): healthcare industry; regulatory environment; privacy and security in healthcare; information governance and risk management; information risk assessment; and third party risk management.
(ISC)² said that HCISPP allows a company to demonstrate its proactive commitment to minimising the risk of breaches, increase confidence that job candidates and employees can do the job right and provide an added level of ethical adherence for their healthcare security and privacy practitioners.
W. Hord Tipton, CISSP, executive director of (ISC)², said: “The HCISPP credential was developed based on direct feedback from our membership and industry luminaries from around the world working in healthcare who have observed the evolving complexity of information risk management in the industry as online system migration and regulations increase.
“Over the past few years, the healthcare industry has undergone a major transformation to adjust its compliance management practices and data protection requirements – moving from highly paper-based processes to a digital and more connected working environment. (ISC)2 has introduced this new healthcare credential to help employers bring more qualified and skilled professionals into this industry who can help protect vital patient records and personal data.”