Information security body (ISC)2 has launched a certification for security practitioners in the healthcare industry.
The HealthCare Information Security and Privacy Practitioner (HCISPP) is the first foundational global standard for assessing information security and privacy expertise in the healthcare industry.
For the UK, the HCISSP reflects and builds on the principles outlined in the NHS Information Governance toolkit as a result of the contributions of (ISC)2 members who work in the NHS.
“In the NHS, information governance is the responsibility of every employee,” said Tim Wilson, an NHS IT director
“The HCISPP encourages the appreciation of information governance as the healthcare sector across Europe strives towards a digital environment,” he said.
In the UK alone, said Wilson, the current drive towards electronic patient records and eventually a paperless NHS makes it critical for professionals to have the skills and knowledge to grasp the intricacies and best practices of ensuring the security and privacy of healthcare patients.
Read more about electronic patient records
- Aintree NHS saves £1m a year with electronic patient records
- London trusts adopt BT electronic health records
- NHS patient database gets £1bn investment boost
- NPfIT legacy: NHS yet to spend £600m on CSC Lorenzo patient records
- Virtual assistants part of expanding patient engagement
- The future of electronic healthcare records
- NHS records investment could spur infrastructure spend
- Patients records to go digital by 2015
Experts from the (ISC)² membership and industry leaders from organisations in Hong Kong, Europe and the US have contributed to the knowledge foundation of the new credential.
The need for this certification has been driven by the healthcare industry’s move from paper-based processes to a connected electronic environment.
Security breaches related to the loss of patients' records highlight the need for new skills in the complex area of patient records security, which encompasses IT, security and regulatory compliance.
To attain the HCISPP, applicants must have a minimum of two years of experience in one knowledge area of the credential that includes security, compliance and privacy.
One of the two years of experience must be in the healthcare industry and all candidates must demonstrate competencies in six areas, including privacy and security in healthcare, information governance and risk management.
“The HCISPP credential was developed based on direct feedback from our membership and industry luminaries from around the world, working in healthcare who have observed the evolving complexity of information risk management in the industry as online system migration and regulations increase,” said Hord Tipton, executive director of (ISC)².
HCISPP helps security practitioners to:
- Validate their experience, skills, and competency as a healthcare security and privacy practitioner;
- Demonstrate the qualifications to implement, manage, and/or assess the appropriate security and privacy controls for healthcare organisations;
- Advance their career with a certification that establishes foundational knowledge and competency in health information security and privacy best practices;
- Enhance their credibility as a healthcare information security and privacy practitioner.
For organisations, HCISPP offers to: