New Credential for Health Care Security Professionals

By Brittany Ballenstedt

December 12, 2013

Health care information security and privacy practitioners both in government and private industry now have access to a new credential that allows them to validate their skills to protect the privacy and security of sensitive patient health information.

(ISC)2 announced the new Health Care Information Security and Privacy Practitioner credential (HCISPPSM), which will provide health care employers and those in the industry with validation that a health care security and privacy practitioner has the core level of knowledge and expertise to address specific security concerns.

As the health care industry has evolved over the past few years from a highly paper-based process to a digital and more connected environment, the new credential is key to helping employers bring more qualified and skilled professionals into the industry who can protect vital patient records and personal data, said W. Hord Tipton, executive director of (ISC)2.

“Many schools now are preparing people to enter the health care industry,” Tipton said. “We positioned this credential to integrate with the education that universities and schools are teaching and to take the role of continuing education to make sure that they stay current. It’s a partnership and a pathway for health care professionals to enter the field and get smarter and mature as they go.”

(ISC)2 conducted a job task analysis study as well as development workshops to determine the scope and the content of the program, which went live worldwide on Nov. 4. The task analysis identified 35 jobs that are candidates for the certification.

The certification applies to federal employees working at the Health and Human Services and Veterans Affairs departments and other agencies and private sector organizations that are responsible for processing and protecting health care data, Tipton said.

Professionals must have a minimum of two years of experience in one knowledge area of the credential that includes security, compliance and privacy, with one of those two years being in the health care industry. Candidates for the certification also must demonstrate competencies in one of six common knowledge areas, including health care security and privacy, information governance and risk management and information risk assessment.

With the implementation of President Obama's Affordable Care Act, the systems that are being developed to handle health care data are grabbing headlines, Tipton said. A separate credential – the Certification and Authorization Professional – is designed to avoid some of the mishaps with the website, he said.

“There’s a link there to the health care and security and privacy pieces because you need to have a system that even in the registration and data collection process is capable of demonstrating security and privacy protections,” Tipton said.  

And while the Affordable Care Act has increased the demand for health care security professionals to validate their skills, the law is not the only factor contributing to that trend, Tipton said.

“The demand for security and privacy is the fastest growing occupation and profession in the world,” Tipton said. “It reaches across all sectors, and the health care industry is just in the spotlight right now. It [ACA] applies to it, but it’s definitely not by itself.” 

(Image via Maksim Kabakou/

By Brittany Ballenstedt

December 12, 2013