Online Training Course
(ISC)² HCISPP
Combine foundational cybersecurity skills with healthcare privacy. Train with confidence for the HCISPP certification with N2K. Looking to purchase training for yourself? View our individual Training Course.


Course Overview
The HealthCare Information Security and Privacy Professional, or HCISPP, certification from (ISC)² reflects an individual’s dedication to protecting patient health information and has a means of working within the inherently complex regulatory environment of the industry. It is unique among cybersecurity certifications in that it focuses on cybersecurity concepts with an emphasis on privacy and compliance specific to healthcare.
As of June 2021, the HCISPP credential is DoDD 8140/8570 approved.
As an (ISC)² Official Training Provider, N2K’s HCISPP Training Course enables practitioners to participate, learn, and partner with other professionals as they prepare for this specialized credential. Our 100% online format makes it easier for your workforce to accommodate training. Courses are available either live online, with weekly live instruction over six consecutive weeks, or video on-demand. Both modalities include six months of access to all learning tools and materials in our proprietary LMS. Private classes are available.
Prerequisites
According to (ISC)², a minimum of two (2) years of work experience in one or more knowledge areas concerning the HCISPP CBK, including security, compliance, and privacy, with one of those years in the healthcare industry is required. Legal experience may be substituted for compliance, and information management experience may be substituted for privacy.
Related Courses
For entry-level cybersecurity and IT talent or practitioners new to the healthcare industry, N2K offers an online course on Security Essentials for Health IT that provides foundational role-based training.
Equivalent certification courses to the HCISPP include the CISSP (Certified Information Systems Security Professional) and CISA (Certified Information Systems Auditor) from (ISC)² or CISM (Certified Information Security Manager) from ISACA.
Who should earn the HCISPP?
The HCISPP is an intermediate-level certification equivalent to 2 years of hands-on experience in a security or compliance and privacy role. Individuals in the following roles are excellent candidates for this certification.
- Systems or Network Administrators who assess the security posture of enterprise networks and implement appropriate security solutions
- Risk and Compliance Professionals who analyze or audit current organizational security practices to ensure compliance
- Security Professionals who implement and maintain security controls that meet regulation
- Information Security Managers
Benefits of Training
There are a great number of benefits to achieving the HCISPP certification, but a few highlights include:
- Validate baseline cybersecurity skills plus compliance expertise with regards to healthcare
- Applicable to multiple job roles
- DoDD 8140/8570 Approved for IASAE III and IAT II
Featured Instructor: Sean Murphy
N2K’s online HCISPP course is led by featured N2K instructor, Sean Murphy. Sean is a leading health IT expert and author of the Official HCISPP All-in-One Exam Guide.

Course Outline
The HCISPP spans seven major domains within cybersecurity and healthcare privacy. This course provides training for all domains. Click on the sections below to see the expanded topic areas within each domain.
Domain 1: Healthcare Industry
- 1.1 Understand the Healthcare Environment Components
- 1.1.1 Healthcare Players
- 1.1.2 Healthcare Processes
- 1.1.3 Healthcare Environment Regulation
- 1.1.4 Healthcare Environment Management
- 1.2 Understand Third-Party Relationships
- 1.2 Third-Party Healthcare Relationships
- 1.3 Understand Foundational Health Data Management Concepts
- 1.3.1 Health Data Flow and Characterization
- 1.3.2 Data Interoperability and Exchange
- 1.3.3 Legal Medical Records
- 1.1 Understand the Healthcare Environment Components
Domain 2: Information Governance in Healthcare
- 2.1 Understand Information Governance Frameworks
- 2.1.1 Security Governance
- 2.1.2 Privacy Governance
- 2.2 Identify Information Governance Roles and Responsibilities
- 2.2 Information Governance Roles and Responsibilities
- 2.3 Align Information Security and Privacy Policies, Standards and Procedures
- 2.3 Information Security Alignment
- 2.4 Understand and Comply with Code of Conduct/Ethics in a Healthcare Information Environment
- 2.4.1 Healthcare Code of Ethics/Conduct
- 2.4.2 (ISC)2 Code of Ethics
- 2.1 Understand Information Governance Frameworks
Domain 3: Information Technologies in Healthcare
- 3.1 Understand the Impact of Healthcare Information Technologies on Privacy and Security
- 3.1.1 Threat Landscape
- 3.1.2 Oversight, Regulatory, and Communication Challenges
- 3.2 Understand Data Life Cycle Management
- 3.2.1 Data Life Cycle Management
- 3.3 Understand Third-Party Connectivity
- 3.3.1 Trust Models for Third-Party Interconnections
- 3.3.2 Technical Standards for Third-Party Interconnection
- 3.3.3 Connection Agreements for Third-Parties
- 3.1 Understand the Impact of Healthcare Information Technologies on Privacy and Security
Domain 4: Regulatory and Standards Environment
- 4.1 Identify Regulatory Requirements
- 4.1.1 Jurisdictional Issues and Data Breach Regulations Related to Healthcare Resources
- 4.1.2 Protected Personal and Health Information
- 4.1.3 Data Subjects and Research
- 4.2 Recognize Regulations and Controls of Various Countries
- 4.2.1 Health Insurance Portability and Accountability Act (HIPAA)
- 4.2.2 Health Information Technology for Economic and Clinical Health (HITECH)
- 4.2.3 General Data Protection Regulation (GDPR), Data Protection Directive (DPD)
- 4.2.4 Personal Information Protection and Electronic Documents Act (PIPEDA)
- 4.2.5 California Consumer Privacy Act (CCPA)
- 4.2.6 International Treaties
- 4.3 Understand Compliance Frameworks
- 4.3.1 Privacy Frameworks
- 4.3.2 Security Frameworks
- 4.1 Identify Regulatory Requirements
Domain 5: Privacy and Security in Healthcare
- 5.1 Understand Security Objectives/Attributes
- 5.1.1 CIA Triad
- 5.2 Understand General Security Definitions and Concepts
- 5.2.1 Personnel Security Controls
- 5.2.2 Business Continuity and Disaster Recovery
- 5.2.3 Identity and Access Management
- 5.2.4 Logging, Monitoring, and Auditing
- 5.2.5 Data Encryption
- 5.3 Understand General Privacy Definitions and Concepts
- 5.3.1 Privacy Concepts
- 5.3.2 Events, Incidents and Breaches
- 5.3.3 Data Collection Communication
- 5.4 Understand the Relationship Between Privacy and Security
- 5.4.1 Relationship Between Privacy and Security
- 5.5 Understand Sensitive Data and Handling
- 5.5.1 Sensitive Data Categorization
- 5.5.2 Data Sensitivity Mitigation
- 5.1 Understand Security Objectives/Attributes
Domain 6: Risk Management and Risk Assessment
- 6.1 Understand Enterprise Risk Management
- 6.1.1 Enterprise Risk Management
- 6.2 Understand Information Risk Management Framework (RMF)
- 6.2.1 Information Risk Management Framework (RMF)
- 6.3 Understand Risk Management Process
- 6.3.1 Risk Management Process
- 6.3.2 Risk Management Life Cycle and Continuous Monitoring
- 6.3.3 Tools/Resources/Techniques
- 6.3.4 Internal and External Audit/Assessments
- 6.4 Identify Control Assessment Procedures Utilizing Organization Risk Frameworks
- 6.4.1 Control Assessment Procedures Utilizing Organization Risk Frameworks
- 6.5 Participate in Risk Assessment Consistent with the Role in Organization
- 6.5.1 Risk Assessment Set Up
- 6.5.2 Risk Assessment Follow Up
- 6.6 Understand Risk Response
- 6.6.1 Risk Response
- 6.7 Utilize Controls to Remediate Risk
- 6.7.1 Controls to Remediate Risk
- 6.8 Participate in Continuous Monitoring
- 6.8.1 Continuous Monitoring Roles
- 6.1 Understand Enterprise Risk Management
Domain 7: Third-Party Risk Management
- 7.1 Understand the Definition of Third-Parties in Healthcare Context
- 7.1.1 Third-Parties in the Healthcare Environment
- 7.2 Maintain a List of Third-Party Organizations
- 7.2.1 Third-Party Organizations Documentation
- 7.3 Apply Management Standards and Practices for Engaging Third-Parties
- 7.3.1 Engaging Third-Parties
- 7.4 Determine When a Third-Party Assessment Is Required
- 7.4.1 Third-Party Assessment Triggers
- 7.5 Support Third-Party Assessments and Audits
- 7.5.1 Third-Party Assessments and Audits
- 7.6 Participate in Third-Party Remediation Efforts
- 7.6.1 Third-Party Remediation Efforts
- 7.7 Respond to Notifications of Security/Privacy Events
- 7.7.1 Security/Privacy Events Notification and Response
- 7.8 Respond to Third-Party Requests Regarding Privacy/Security Events
- 7.8.1 Third-Party Requests Regarding Privacy/Security Events
- 7.9 Promote Awareness of Third-Party Requirements
- 7.9.1 Third-Party Requirements Awareness
- 7.1 Understand the Definition of Third-Parties in Healthcare Context
This course includes:
- CPE/CEUs: 20
- 75 question diagnostic exam
- 125 question final exam
- 60+ 5-15 minute on-demand training videos
- On-demand Lectures
- 300+ practice question bank
- Homework Quizzes
- Summary Notes
- Review Videos
- Healthcare Industry Expert Interviews
- Test Day Strategy
case study
Boosting Cybersecurity Expertise for 3,100 Clinical Engineers at TRIMEDX
Why N2K?
Data-Driven
Relevant
Efficient
Cost-Effective
Readiness guarantee – We offer an exam readiness or retake guarantee on all certification courses. If an individual completes the course and does not pass the exam on the first try, they can retake our course at no additional charge for up to one full year.
Request Pricing
Why N2K?

DATA-DRIVEN

EFFICIENT

RELEVANT

COST-EFFECTIVE
Request Pricing
Request more information on training options for your cybersecurity teams. Private classes are available.
"When I was training I found myself using N2K’s quiz bank a lot, plus they tested me in other ways such as the initial diagnostic exam, the midterm, and the final exam. Getting used to the wording and doing all those practice questions helped me prepare. There was also a system at N2K for figuring out my strengths and weaknesses – it honed in on the areas I needed to study more."
"Before N2K I was given an opportunity to attend a one-week boot camp. Since my employer was paying for it, I did not hesitate to take advantage of the offer. After that one-week boot camp, I came out of there with more questions than I had going in. I did not feel prepared and the training just simply wasn’t enough. N2K’s curriculum is an integration of live online lectures, on-demand videos, and an array of self-study tools–it was just what I needed."
"I started with a free self-study course and quickly found the accountability was missing. N2K’s live interactive course using the light board was a first for me and a great experience overall. It kept me accountable and engaged. The real-life experience of the instructors was evident and their ability to articulate concepts was great. The value of interacting with other students in this live environment was also a significant benefit. It’s not easy getting folks to participate, but N2K made it happen."