HCISPP Certification Training Course: Online, Classroom and Onsite

ISC2 has decided to Sunset the HCISPP certification. Please do not take this training if your end goal is to get certified as HCISPP. The last date to take the HCISPP exam was Dec 1, 2023

If you are looking to gain knowledge from the HCISPP course, feel free to register for it. If you are taking this course for HIPAA compliance, do consider the CHPSE course.


HCISPP Certification Training Course

The HealthCare Information Security and Privacy Practitioner (HCISPP) educational course are intended to communicate to the audience the basic structure, the essentials of the legal basis, the issues of and the information security and privacy particulars within the described context of the American healthcare delivery system.  An integral part of this course is to prepare the attendee (with the required minimum experience) to sit for the (ISC)² HCISPP certification examination. 

HCISPP Certification Training Course Learning Objectives:

Upon completion of this course (22 contact hours), the attendee should

  1. Be able to define the standards in moderate to advanced terms
  2. Be able to describe the associated practices, their importance and value to another person; in particular their coworkers and supervisors
  3. Be able to discuss the relevant sections of the applicable regulations with their peers and with their workforce members
  4. Be able to illustrate the flow of a risk assessment project from initial steps to conclusions and recommendations for corrective actions based on findings
  5. Be able to evaluate vulnerabilities, risks, mitigations, and trade-offs when assessing third-party sourced risks to healthcare contractual arrangements

Course Overview

Total Course Duration: 22 Hours
Audio: Yes
Number of Total Slides:  886
Total Chapters: 31
Online course login expires in: 6 months from receiving the login details. You will not have access to online content after you complete the course.
Type of License: One user license cannot be transferred after login is assigned.

HCISPP Certification Training Course Outline

The draft outline for this course makes allowance for the six domains of the HCISPP as described in the ISC2 Official CBK Guide (sourcebook and accompanying text) for the material, with slide counts varying according to the quantity of information to be delivered in each domain’s module; outlined as

Domain 1: Healthcare Industry
  • Understand the Healthcare environment
    • Types of Organizations in the Healthcare Sector (e.g. providers, pharma, payers, business associates)
    • Health Information Technology (e.g., computers, medical devices, networks, health information exchanges, Electronic Health Record [EHR], Personal Health Record [PHR]
    • Health Insurance (e.g., claims processing, payment models)
    • Coding (e.g., SNOMED CT, ICD-9/10)
    • Billing, Payment, and Reimbursement
    • Workflow Management
    • Regulatory Environment (e.g., security, privacy, oversight)
    • Public Health Reporting
    • Clinical Research (e.g., process)
    • Healthcare Records Management
  • Understand Third-party relationships
    • Vendors
    • Business Partners
    • Data Sharing
    • Regulators
  • Understand foundational health data management concepts
    • Information Flow and Life Cycle in the Healthcare Environments
    • Health Data Characterization (e.g. classification, taxonomy, analytics)
    • Data Interoperability and Exchange (e.g. HL7, HIE, DICOM)
    • Legal Medical Records
Domain 2: Regulatory Environment
  • Identify applicable regulations
    • Legal issues that Pertain to Information Security and Privacy for Healthcare Organizations
    • Data Breach Regulations
    • Personally Identifiable Information
    • Information Flow Mapping
    • Jurisdiction Implications
    • Data Subjects
    • Data Owners/Controllers/Custodians/Processors
  • Understand international regulations and controls
    • Treaties (e.g., Safe Harbor)
    • Regulations
    • Industry-Specific Laws
    • Legislative (e.g., EU Data Privacy Directive, HIPAA/HITECH)
  • Compare internal practices against new policies and procedures
    • Policies (information security and privacy)
    • Standards (information security and privacy)
    • Procedures (information security and privacy)
  • Understand compliance frameworks
  • Understand responses for risk-based decision
    • Compensating Controls
    • Control Variance Documentation
    • Residual Risk Tolerance
  • Understand and comply with Code of Conduct/Ethics in HealthCare information
    • Organizational Code of Ethics
    • (ISC)2 Code of Ethics
Domain 3: Privacy and Security in Healthcare
  • Understand security objectives/attributes
    • Confidentiality
    • Integrity
    • Availability
  • Understand general security definitions/concepts
    • Access Control
    • Data Encryption
    • Training and Awareness
    • Logging and Monitoring
    • Vulnerability Management
    • Systems Recovery
    • Segregation of Duties
    • Least Privilege (Need to Know)
    • Business Continuity
    • Data Retention and Destruction
  • Understand general privacy principles
    • Consent/Choice
    • Limited Collection/Legitimate Purpose/Purpose Specification
    • Disclosure Limitation/Transfer to Third Parties/Trans-Border Concerns
    • Access Limitation
    • Security
    • Accuracy, Completeness, Quality
    • Management, Designation of Privacy Officer, Supervisor Re-authority, Processing Authorization, Accountability
    • Transparency, Openness
    • Proportionality, Use, and Retention Use Limitation
    • Access, Individual Participation
    • Notice, Purpose Specification
    • Additional Measures for Breach Notification
  • Understand the relationship between privacy and security
    • Dependency
    • Integration
  • Understand the disparate nature of sensitive data handling implications
    • Personal and Health Information protected by Law
    • Sensitivity mitigation (e.g., de-identification, anonymization)
    • Categories of sensitive data (e.g., mental health)
    • Understand Security and Privacy Terminology Specific to Healthcare
Domain 4: Information Governance and Risk Management
  • Understand Security and Privacy Governance
    • Information governance
    • Governance structures
  • Understand basic risk management methodology
    • Approach (e.g., qualitative, quantitative)
    • Information Asset Identification
    • Asset Valuation
    • Exposure
    • Likelihood
    • Impact
    • Threats
    • Vulnerability
    • Risk
    • Controls
    • Residual Risk
    • Acceptance
  • Understand information risk management life cycles
  • Participate in risk management activities
    • Remediation Action Plans
    • Risk Treatment (e.g. mitigation/remediation, transfer, acceptance, avoidance)
    • Communications
    • Exception Handling
    • Reporting and Metrics
Domain 5: Information Risk Assessment
  • Understand risk assessment
    • Definition
    • Intent
    • Lifecycle/Continuous Monitoring
    • Tools/Resources/Techniques
    • Desired Outcomes
    • Role of Internal and External Audit/Assessment
  • Identify control assessment procedures from within organizational risk frameworks
  • Participate in risk assessment consistent with a role in the organization
    • Information Gathering
    • Risk Assessment Estimated Timeline
    • Gap Analysis
    • Corrective Action Plan
    • Mitigation Actions
  • Participate in efforts to remediate gaps
    • Types of Controls
    • Controls Related to Time
Domain 6: Third-party Risk Management
  • Understand the definition of third parties in the Healthcare context
  • Maintain a list of third-party organizations
    • Health Information Use (e.g., processing, storage, transmission)
    • Third-Party Role/Relationship With the Organization
  • Apply Third-Party Management Standards and Practices for Engaging Third Parties Based upon the relationship with the organization
    • Relationship Management
    • Comprehend Compliance Requirements
  • Determine when the third-party assessment is required
    • Organizational Standards
    • Triggers of Third-Party Assessment
  • Support third-party assessments and audits
    • Information Asset Protection Controls
    • Compliance with Information Asset Protection Controls
    • Communication of Findings
  • Respond to notifications of security/privacy events
    • Internal Process for Incident Response
    • Relationship between Organization and Third-Party Incident Response
    • Breach Recognition, Notification, and Initial Response
  • Support establishment of third-party connectivity
    • Trust Models for Third-Party interconnections
    • Technical Standards (e.g., physical, logical, network connectivity)
    • Connection Agreements
  • Promote awareness of the third-party requirements (internally and externally)
    • Information Flow Mapping and Scope
    • Data sensitivity and classification
    • Privacy Requirements
    • Security Requirements
    • Risks Associated with Third Parties
  • Participate in remediation efforts
    • Risk Management Activities
    • Risk Treatment Identification
    • Corrective Action Plans
    • Compliance Activities Documentation
  • Respond to third-party requests regarding privacy/security event
    • Organizational Breach Notification Rules
    • Organizational Information Dissemination Policies and Standards
    • Risk Assessment Activities
    • Chain of Custody Principles
Domain 7: Practice questions


HCISPP Certification Training Course Target Audience:

The intended audience for this HCISPP Certification Training Course would be mid-level to senior security and privacy practitioners with 5 or more years of professional practice, of which at least 2 should be in such a role in a healthcare environment.  Ideally, the candidate would already hold the CISSP certification from ISC2, but this is not required for the material to be accessible to the attendee. The roles normally occupied by such persons would include:

  • HealthCare Compliance Officers
  • Privacy Officers of HealthCare companies
  • Security Managers
  • Auditors
  • IT Management
  • Risk Managers
  • Industry consultants in Security and Privacy

Four Learning Methods for HCISPP Certification Training Course:

1) Online Self-Paced HCISPP Certification Training

Many busy individuals cannot spend 4 days in the classroom-based course or private onsite seminars. This option is great for candidates who cannot take time off of work to attend classroom training.  This is the most cost-effective option.

This option also allows you to buy an instructor’s time so you can gather all your questions and at the end of the training, schedule your phone call with the instructor.

Cost: $1,200
Special Discount of $600 if bought with CHPSE Package of $1700
FINAL PRICE AFTER DISCOUNT: $600 (when bought with CHPSE package of $1700)

Course Duration: 22 Hours

Additional products and services to buy (Official ISC2 manual: $100, Two-hour Instructor’s time by Phone: $250, CHPSE package which includes CHPSE Course, Printed Manuals and Unlimited CHPSE exam attempts: $1700)

Register Now for Online Self-Paced HCISPP Certification Course


2) Instructor-led Classroom HCISPP Seminar

This is a 4 days class that offered 8 hours of sessions with breaks in between. Registration cost includes the official HCISPP manual and breakfast, lunch, and snacks during the training.  This training is ideal if you are a hands-on learner, like to interact with your instructor and classmates in a live setting or want to finish the training by dedicated full 4-5 days for training and exam then this is an ideal option for you.

Cost: $2,500

Course Duration: 4 days class offered in 8 hours session

Register Now for Instructor-led Classroom HCISPP Course

As COVID-19 (coronavirus) impacts our lives and workplaces around the United States, we are closely monitoring developments and guidance from organizations like the World Health Organization, U.S. Centers for Disease Control and Prevention, and other local and regional health authorities. Effective Immediately all classes scheduled in April for onsite and classroom-based training are canceled. We have moved many students to Instructor-led webcast training to ensure that student meets the learning goals and objectives as per their plans.

Training Dates:

3) Online Live with Instructor-led Course for HCISPP Credential

This is a 4-day class offered in 5-7 hour sessions with breaks in between. You are the ONLY student with the instructor in this training. Registration cost includes the official HCISPP manual.  This training is ideal if you want the convenience of being in your office and doing the training with the instructor and getting personalized training to meet your specific goals.

Cost: $2,800

Course Duration: 4-day class offered in 5-7 hour session

Register Now for Online Live with Instructor-led HCISPP Course


4) Customized Onsite Training for HCISPP

We offer customized on-site training that saves money and time. The program can be scheduled at your location on a date that is convenient for you. We deliver training of 4 to 5 days, depending on your training goals and learning objectives. We can also combine CHPSE and HCISPP course training if needed. Our course outline is flexible and can be customized to meet your requirements.

The training program can also be tailored to meet your specific requirements, ensuring that your employees gain the fundamental knowledge required to meet your organization’s specific goals and objectives of compliance and audit.

The dates for the training are flexible, based on instructor availability. Our instructors have backgrounds in healthcare background with many combined years of expertise in HIPAA, IT security and are HIPAA consultant who helps our clients with their compliance processes. Our training is updated for the HITECH Act, Omnibus rule, and regularly updated as HIPAA privacy and security rules change.

We have done several training in New York, California, Washington DC, Florida, Nevada, Texas, Virginia, Illinois, and other states. Contact us to find out more details.

Contact us for more details to discuss which option is best suited to meet your learning objectives. Call Bob Mehta at 515-865-4591 or email Bob@training-hipaa.net


Why should you take CHPSE followed by HCISPP if you are a security officer or Consultant?

The CHPSE and the HCISPP:  Which One?

Online HCISPP Training Course is rated 4.9 out of 5 by 69 users.