Online Training Course


Combine foundational cybersecurity skills with healthcare privacy. Train with confidence for the HCISPP certification with N2K. Looking to purchase training for yourself? View our individual Training Course.

N2K is an (ISC)2 Official Training Partner
(ISC)2 HCISPP Logo - N2K Certification Training Course

Course Overview

The HealthCare Information Security and Privacy Professional, or HCISPP, certification from (ISC)² reflects an individual’s dedication to protecting patient health information and has a means of working within the inherently complex regulatory environment of the industry. It is unique among cybersecurity certifications in that it focuses on cybersecurity concepts with an emphasis on privacy and compliance specific to healthcare.

As of June 2021, the HCISPP credential is DoDD 8140/8570 approved.

As an (ISC)² Official Training Provider, N2K’s HCISPP Training Course enables practitioners to participate, learn, and partner with other professionals as they prepare for this specialized credential. Our 100% online format makes it easier for your workforce to accommodate training. Courses are available either live online, with weekly live instruction over six consecutive weeks, or video on-demand. Both modalities include six months of access to all learning tools and materials in our proprietary LMS. Private classes are available.


According to (ISC)², a minimum of two (2) years of work experience in one or more knowledge areas concerning the HCISPP CBK, including security, compliance, and privacy, with one of those years in the healthcare industry is required. Legal experience may be substituted for compliance, and information management experience may be substituted for privacy.

Related Courses

For entry-level cybersecurity and IT talent or practitioners new to the healthcare industry, N2K offers an online course on Security Essentials for Health IT that provides foundational role-based training.

Equivalent certification courses to the HCISPP include the CISSP (Certified Information Systems Security Professional) and CISA (Certified Information Systems Auditor) from (ISC)² or CISM (Certified Information Security Manager) from ISACA.

Who should earn the HCISPP?

The HCISPP is an intermediate-level certification equivalent to 2 years of hands-on experience in a security or compliance and privacy role. Individuals in the following roles are excellent candidates for this certification. 

  • Systems or Network Administrators who assess the security posture of enterprise networks and implement appropriate security solutions
  • Risk and Compliance Professionals who analyze or audit current organizational security practices to ensure compliance
  • Security Professionals who implement and maintain security controls that meet regulation
  • Information Security Managers

Benefits of Training

There are a great number of benefits to achieving the HCISPP certification, but a few highlights include:

  • Validate baseline cybersecurity skills plus compliance expertise with regards to healthcare
  • Applicable to multiple job roles
  • DoDD 8140/8570 Approved for IASAE III and IAT II

Featured Instructor: Sean Murphy

N2K’s online HCISPP course is led by featured N2K instructor, Sean Murphy. Sean is a leading health IT expert and author of the Official HCISPP All-in-One Exam Guide.

Sean Murphy, featured instructor and author of HCISPP training guide

Course Outline

The HCISPP spans seven major domains within cybersecurity and healthcare privacy. This course provides training for all domains. Click on the sections below to see the expanded topic areas within each domain.

    • 1.1 Understand the Healthcare Environment Components
      • 1.1.1 Healthcare Players
      • 1.1.2 Healthcare Processes
      • 1.1.3 Healthcare Environment Regulation
      • 1.1.4 Healthcare Environment Management
    • 1.2 Understand Third-Party Relationships
      • 1.2 Third-Party Healthcare Relationships
    • 1.3 Understand Foundational Health Data Management Concepts
      • 1.3.1 Health Data Flow and Characterization
      • 1.3.2 Data Interoperability and Exchange
      • 1.3.3 Legal Medical Records
    • 2.1 Understand Information Governance Frameworks
      • 2.1.1 Security Governance
      • 2.1.2 Privacy Governance
    • 2.2 Identify Information Governance Roles and Responsibilities
      • 2.2 Information Governance Roles and Responsibilities
    • 2.3 Align Information Security and Privacy Policies, Standards and Procedures
      • 2.3 Information Security Alignment
    • 2.4 Understand and Comply with Code of Conduct/Ethics in a Healthcare Information Environment
      • 2.4.1 Healthcare Code of Ethics/Conduct
      • 2.4.2 (ISC)2 Code of Ethics
    • 3.1 Understand the Impact of Healthcare Information Technologies on Privacy and Security
      • 3.1.1 Threat Landscape
      • 3.1.2 Oversight, Regulatory, and Communication Challenges
    • 3.2 Understand Data Life Cycle Management
      • 3.2.1 Data Life Cycle Management
    • 3.3 Understand Third-Party Connectivity
      • 3.3.1 Trust Models for Third-Party Interconnections
      • 3.3.2 Technical Standards for Third-Party Interconnection
      • 3.3.3 Connection Agreements for Third-Parties
    • 4.1 Identify Regulatory Requirements
      • 4.1.1 Jurisdictional Issues and Data Breach Regulations Related to Healthcare Resources
      • 4.1.2 Protected Personal and Health Information
      • 4.1.3 Data Subjects and Research
    • 4.2 Recognize Regulations and Controls of Various Countries
      • 4.2.1 Health Insurance Portability and Accountability Act (HIPAA)
      • 4.2.2 Health Information Technology for Economic and Clinical Health (HITECH)
      • 4.2.3 General Data Protection Regulation (GDPR), Data Protection Directive (DPD)
      • 4.2.4 Personal Information Protection and Electronic Documents Act (PIPEDA)
      • 4.2.5 California Consumer Privacy Act (CCPA)
      • 4.2.6 International Treaties
    • 4.3 Understand Compliance Frameworks
      • 4.3.1 Privacy Frameworks
      • 4.3.2 Security Frameworks
    • 5.1 Understand Security Objectives/Attributes
      • 5.1.1 CIA Triad
    • 5.2 Understand General Security Definitions and Concepts
      • 5.2.1 Personnel Security Controls
      • 5.2.2 Business Continuity and Disaster Recovery
      • 5.2.3  Identity and Access Management
      • 5.2.4 Logging, Monitoring, and Auditing
      • 5.2.5 Data Encryption
    • 5.3 Understand General Privacy Definitions and Concepts
      • 5.3.1 Privacy Concepts
      • 5.3.2 Events, Incidents and Breaches
      • 5.3.3 Data Collection Communication
    • 5.4 Understand the Relationship Between Privacy and Security
      • 5.4.1 Relationship Between Privacy and Security
    • 5.5 Understand Sensitive Data and Handling
      • 5.5.1 Sensitive Data Categorization
      • 5.5.2 Data Sensitivity Mitigation
    • 6.1 Understand Enterprise Risk Management
      • 6.1.1 Enterprise Risk Management
    • 6.2 Understand Information Risk Management Framework (RMF)
      • 6.2.1 Information Risk Management Framework (RMF)
    • 6.3 Understand Risk Management Process
      • 6.3.1 Risk Management Process
      • 6.3.2 Risk Management Life Cycle and Continuous Monitoring
      • 6.3.3 Tools/Resources/Techniques
      • 6.3.4 Internal and External Audit/Assessments
    • 6.4 Identify Control Assessment Procedures Utilizing Organization Risk Frameworks
      • 6.4.1 Control Assessment Procedures Utilizing Organization Risk Frameworks
    • 6.5 Participate in Risk Assessment Consistent with the Role in Organization
      • 6.5.1 Risk Assessment Set Up
      • 6.5.2 Risk Assessment Follow Up
    • 6.6 Understand Risk Response
      • 6.6.1 Risk Response
    • 6.7 Utilize Controls to Remediate Risk
      • 6.7.1 Controls to Remediate Risk
    • 6.8 Participate in Continuous Monitoring
      • 6.8.1 Continuous Monitoring Roles
    • 7.1 Understand the Definition of Third-Parties in Healthcare Context
      • 7.1.1 Third-Parties in the Healthcare Environment
    • 7.2 Maintain a List of Third-Party Organizations
      • 7.2.1 Third-Party Organizations Documentation
    • 7.3 Apply Management Standards and Practices for Engaging Third-Parties
      • 7.3.1 Engaging Third-Parties
    • 7.4 Determine When a Third-Party Assessment Is Required
      • 7.4.1 Third-Party Assessment Triggers
    • 7.5 Support Third-Party Assessments and Audits
      • 7.5.1 Third-Party Assessments and Audits
    • 7.6 Participate in Third-Party Remediation Efforts
      • 7.6.1 Third-Party Remediation Efforts
    • 7.7 Respond to Notifications of Security/Privacy Events
      • 7.7.1 Security/Privacy Events Notification and Response
    • 7.8 Respond to Third-Party Requests Regarding Privacy/Security Events
      • 7.8.1 Third-Party Requests Regarding Privacy/Security Events
    • 7.9 Promote Awareness of Third-Party Requirements
      • 7.9.1 Third-Party Requirements Awareness
This course includes:
  • CPE/CEUs: 20
  • 75 question diagnostic exam
  • 125 question final exam
  • 60+ 5-15 minute on-demand training videos
  • On-demand Lectures
  • 300+ practice question bank
  • Homework Quizzes
  • Summary Notes
  • Review Videos
  • Healthcare Industry Expert Interviews
  • Test Day Strategy

case study

Boosting Cybersecurity Expertise for 3,100 Clinical Engineers at TRIMEDX

Why N2K?

When it comes to certification training, we know that you and your organization have several options to choose from. This is what separates N2K from the pack.


Measure improvements with robust performance analytics


Build the right knowledge and skills specific to roles


Foster long-term retention without wasting time on cramming


Total costs average 50% less per person compared to the leading bootcamp
Readiness guarantee – We offer an exam readiness or retake guarantee on all certification courses. If an individual completes the course and does not pass the exam on the first try, they can retake our course at no additional charge for up to one full year.

Request Pricing

Why N2K?

When it comes to certification training, we know that you and your organization have several options to choose from. This is what separates N2K from the pack.


Measure improvements with robust performance analytics


Foster long-term retention without wasting time on cramming


Build the right knowledge and skills specific to roles


Total costs average at least 50% less per person compared to the leading bootcamp

Request Pricing

Request more information on training options for your cybersecurity teams. Private classes are available.