Online Training Course
(ISC)² HCISPP
NEW: CyberVista’s HCISPP Training Course enables practitioners to participate, learn, and partner with other professionals as they prepare to earn the healthcare-specific HCISPP cybersecurity certification.


Who should earn the HCISPP?
The HCISPP or HealthCare Information Security and Privacy Professional certification from (ISC)² reflects that an individual is dedicated to protecting patient health information and has a means of working within the inherently complex regulatory environment of the industry.
The HCISPP is unique among cybersecurity certifications in that it is dedicated to the healthcare industry and it also combines cybersecurity subject matter with additional coverage areas of privacy and compliance. Individuals who earn the HCISPP prove that they have the knowledge and ability to implement, manage and assess security and privacy controls to protect healthcare organizations.
Compliance Auditor
Compliance Officer
Information Security Manager
Health Information Manager
Information Technology Manager
Medical Records Supervisor
Privacy Officer
Privacy and Security Consultant
Practice Manager
Risk Analyst
Compliance Officer
Information Security Manager
Health Information Manager
Information Technology Manager
Medical Records Supervisor
Privacy Officer
Privacy and Security Consultant
Practice Manager
Risk Analyst
Course Overview
As (ISC)² Official Training Provider, CyberVista’s Live Online HCISPP Training Course enables practitioners to participate, learn, and partner with other professionals as they prepare to earn the HCISPP certification. Our courses train for the most up-to-date version of the HCISPP exam.
We offer HCISPP training in two delivery varieties based on the needs of the individual. The comprehensive Live Online HCISPP Course is taught online over six consecutive weeks with a live instruction once per week to complement the all of the tools and materials in the online portal. Likewise, we offer the Video On-Demand HCISPP Course that allows participating practitioners to move at their own pace.

Readiness guarantee – CyberVista offers a course readiness or retake guarantee on all Certify courses. If any individual taking this training course does not pass the exam on the first try or does not feel prepared following the completion of the course can retake the course at no additional charge for up to one full year.
Featured CyberVista Instructor: Sean Murphy
CyberVista’s online HCISPP course is led by featured CyberVista instructor, Sean Murphy. Sean is a leading health IT expert and author of the original and newly released Official HCISPP All-in-One Exam Guide.

This course includes:
- 75 question diagnostic exam
- 125 question final exam
- 60+ 5-15 minute on-demand training videos
- On-demand Lectures
- 300+ practice question bank
- Homework Quizzes
- Summary Notes
- Review Videos
- Healthcare Industry Expert Interviews
- Test Day Strategy
Course Outline
Domain 1: Healthcare Industry
- 1.1 Understand the Healthcare Environment Components
- 1.1.1 Healthcare Players
- 1.1.2 Healthcare Processes
- 1.1.3 Healthcare Environment Regulation
- 1.1.4 Healthcare Environment Management
- 1.2 Understand Third-Party Relationships
- 1.2 Third-Party Healthcare Relationships
- 1.3 Understand Foundational Health Data Management Concepts
- 1.3.1 Health Data Flow and Characterization
- 1.3.2 Data Interoperability and Exchange
- 1.3.3 Legal Medical Records
- 1.1 Understand the Healthcare Environment Components
Domain 2: Information Governance in Healthcare
- 2.1 Understand Information Governance Frameworks
- 2.1.1 Security Governance
- 2.1.2 Privacy Governance
- 2.2 Identify Information Governance Roles and Responsibilities
- 2.2 Information Governance Roles and Responsibilities
- 2.3 Align Information Security and Privacy Policies, Standards and Procedures
- 2.3 Information Security Alignment
- 2.4 Understand and Comply with Code of Conduct/Ethics in a Healthcare Information Environment
- 2.4.1 Healthcare Code of Ethics/Conduct
- 2.4.2 (ISC)2 Code of Ethics
- 2.1 Understand Information Governance Frameworks
Domain 3: Information Technologies in Healthcare
- 3.1 Understand the Impact of Healthcare Information Technologies on Privacy and Security
- 3.1.1 Threat Landscape
- 3.1.2 Oversight, Regulatory, and Communication Challenges
- 3.2 Understand Data Life Cycle Management
- 3.2.1 Data Life Cycle Management
- 3.3 Understand Third-Party Connectivity
- 3.3.1 Trust Models for Third-Party Interconnections
- 3.3.2 Technical Standards for Third-Party Interconnection
- 3.3.3 Connection Agreements for Third-Parties
- 3.1 Understand the Impact of Healthcare Information Technologies on Privacy and Security
Domain 4: Regulatory and Standards Environment
- 4.1 Identify Regulatory Requirements
- 4.1.1 Jurisdictional Issues and Data Breach Regulations Related to Healthcare Resources
- 4.1.2 Protected Personal and Health Information
- 4.1.3 Data Subjects and Research
- 4.2 Recognize Regulations and Controls of Various Countries
- 4.2.1 Health Insurance Portability and Accountability Act (HIPAA)
- 4.2.2 Health Information Technology for Economic and Clinical Health (HITECH)
- 4.2.3 General Data Protection Regulation (GDPR), Data Protection Directive (DPD)
- 4.2.4 Personal Information Protection and Electronic Documents Act (PIPEDA)
- 4.2.5 California Consumer Privacy Act (CCPA)
- 4.2.6 International Treaties
- 4.3 Understand Compliance Frameworks
- 4.3.1 Privacy Frameworks
- 4.3.2 Security Frameworks
- 4.1 Identify Regulatory Requirements
Domain 5: Privacy and Security in Healthcare
- 5.1 Understand Security Objectives/Attributes
- 5.1.1 CIA Triad
- 5.2 Understand General Security Definitions and Concepts
- 5.2.1 Personnel Security Controls
- 5.2.2 Business Continuity and Disaster Recovery
- 5.2.3 Identity and Access Management
- 5.2.4 Logging, Monitoring, and Auditing
- 5.2.5 Data Encryption
- 5.3 Understand General Privacy Definitions and Concepts
- 5.3.1 Privacy Concepts
- 5.3.2 Events, Incidents and Breaches
- 5.3.3 Data Collection Communication
- 5.4 Understand the Relationship Between Privacy and Security
- 5.4.1 Relationship Between Privacy and Security
- 5.5 Understand Sensitive Data and Handling
- 5.5.1 Sensitive Data Categorization
- 5.5.2 Data Sensitivity Mitigation
- 5.1 Understand Security Objectives/Attributes
Domain 6: Risk Management and Risk Assessment
- 6.1 Understand Enterprise Risk Management
- 6.1.1 Enterprise Risk Management
- 6.2 Understand Information Risk Management Framework (RMF)
- 6.2.1 Information Risk Management Framework (RMF)
- 6.3 Understand Risk Management Process
- 6.3.1 Risk Management Process
- 6.3.2 Risk Management Life Cycle and Continuous Monitoring
- 6.3.3 Tools/Resources/Techniques
- 6.3.4 Internal and External Audit/Assessments
- 6.4 Identify Control Assessment Procedures Utilizing Organization Risk Frameworks
- 6.4.1 Control Assessment Procedures Utilizing Organization Risk Frameworks
- 6.5 Participate in Risk Assessment Consistent with the Role in Organization
- 6.5.1Risk Assessment Set Up
- 6.5.2Risk Assessment Follow Up
- 6.6 Understand Risk Response
- 6.6.1 Risk Response
- 6.7 Utilize Controls to Remediate Risk
- 6.7.1 Controls to Remediate Risk
- 6.8 Participate in Continuous Monitoring
- 6.8.1 Continuous Monitoring Roles
- 6.1 Understand Enterprise Risk Management
Domain 7: Third-Party Risk Management
- 7.1 Understand the Definition of Third-Parties in Healthcare Context
- 7.1.1 Third-Parties in the Healthcare Environment
- 7.2 Maintain a List of Third-Party Organizations
- 7.2.1 Third-Party Organizations Documentation
- 7.3 Apply Management Standards and Practices for Engaging Third-Parties
- 7.3.1 Engaging Third-Parties
- 7.4 Determine When a Third-Party Assessment Is Required
- 7.4.1 Third-Party Assessment Triggers
- 7.5 Support Third-Party Assessments and Audits
- 7.5.1 Third-Party Assessments and Audits
- 7.6 Participate in Third-Party Remediation Efforts
- 7.6.1 Third-Party Remediation Efforts
- 7.7 Respond to Notifications of Security/Privacy Events
- 7.7.1 Security/Privacy Events Notification and Response
- 7.8 Respond to Third-Party Requests Regarding Privacy/Security Events
- 7.8.1 Third-Party Requests Regarding Privacy/Security Events
- 7.9 Promote Awareness of Third-Party Requirements
- 7.9.1 Third-Party Requirements Awareness
- 7.1 Understand the Definition of Third-Parties in Healthcare Context
"In 30 years in the Army this was the best training I've ever attended. Every Signal and Cyber soldier in the Army needs to take this course whether they need the certification or not."
“CyberVista has been an excellent education partner. In this case, the term ‘partner’ is meaningful and not an alternative for ‘vendor.’”
I’ve attained my share of certifications, and this CEH course was among the best exam prep classes that I’ve ever taken. The pacing and presentation of the content felt very much like a college class, which really aided in effective retention and understanding of the information.
The online resources that are available are also incredibly useful, especially the library of practice questions. Overall, this course would have been a worthy use of my time even if there were no test associated with it, which is the highest praise I can give a training program.I took the Certified Information Security Manager (CISM) course with CyberVista and was extremely surprised at how they captured all the key points and presented it to students using an easy to follow format. The instructor was amazing! His energy level seemed to power the lightboard at times. The information was well organized, concise, and in-depth during our class. I currently hold an ISACA certification and I am prepared to take the CISM to advance my cyber security career.
CyberVista CISM Courses are great for the working professional. You can take the classes with you in the car, office, or from the house. When taking the course from a computer, you can interact with the instructor, ask questions, chat with your classmates and CyberVista provide breaks as if you were sitting in an actual classroom.
Expect homework. When you start the class you will take a pretest to assess your current skills, every week you will complete a test, and you will have both a midterm and a final exam. CyberVista wants each student to succeed and provides supplemental learning material on areas former students have struggled with learning. Oh and don’t forget the homework which is videos covering the same topics as the course presented in a slightly different way to help the material stick. CyberVista Courses are the most realistic class you can take and still be in the comfort of your own home.I recently completed the online CISM course offered through Cybervista. I have had experience taking other courses through the government, academic institutions and other large international vendors and I can emphatically say that I have not been better prepared or more confident in taking an associated certification than with the CyberVista program.
The instructor was not only knowledgeable, but possessed the ability to convey the information in academic terms and from personal experiences. The content was well organized and thorough. The books were designed to really aid the student in putting the pieces together. The virtual classroom was cutting edge and first rate technology. Real time feedback, real time question and answers and quizzes. The staff had respect for those in the class who had other experiences and solicited others opinions.. I don’t see myself attending any other training at this point other than CyberVista."I would not have passed the CISSP exam without Cybervista! The instructors were knowledgeable and helpful in grasping the material... The weekly online lessons were extremely helpful in breaking down each of the domains covered on the exam. If you follow the study plan provided and put in the time required to understand the major concepts outlined by CyberVista, you’ll pass!"
"When I was training I found myself using CyberVista’s quiz bank a lot, plus they tested me in other ways such as the initial diagnostic exam, the midterm, and the final exam. Getting used to the wording and doing all those practice questions helped me prepare. There was also a system at CyberVista for figuring out my strengths and weaknesses – it honed in on the areas I needed to study more."
"Before CyberVista I was given an opportunity to attend a one-week boot camp. Since my employer was paying for it, I did not hesitate to take advantage of the offer. After that one-week boot camp, I came out of there with more questions than I had going in. I did not feel prepared and the training just simply wasn’t enough. CyberVista’s curriculum is an integration of live online lectures, on-demand videos, and an array of self-study tools–it was just what I needed."
Looking to train a team?
You’re not alone. Organizations everywhere are taking steps right now to get their cybersecurity workforce certified more effectively and on the path to success. We’re here to help.
Fill out this form to request more information on HCISPP training options for your entire IT and security teams and a CyberVista team member will touch base with you within 24 hours.