Credentials to certify that a health worker has world class competencies to engage in the practice of assuring the security and privacy of patients' electronic health records are now available by means of qualifying exams, according to the Information System Security Certification Consortium or (ISC)2.
In a press statement, the global body of certified software and information security professionals said it had developed a set of qualifying examinations for the HCISPP or Health Care Information System Privacy Practitioner certificate, now available worldwide since early November. These exams are given through computer-based testing in designated centers in over 135 countries.
"The HCISSP is a demonstration of knowledge by security and privacy practitioners regarding the proper controls to protect the privacy and security of sensitive health information as well as their commitment to the healthcare profession," the (ISC)2 statement said.
Increased migration of patients' health records from paper to electronic storage formats along with the online sharing of these records by providers for more effective treatments spurred the certification's development.
Spurring it also was the need for a balance between enablement of online sharing by providers and protection of patients' rights to privacy. So too the need to comply with growing numbers of regulations worldwide with regard to information security.
The (ISC)2 statement described HCISSP as a "foundational credential that reflects internationally accepted standards of practice for healthcare information security and privacy."
A health worker who holds an HCISSP is certified to have a core level of knowledge and expertise required by the healthcare industry worldwide to address specific security concerns. Such a credential will have to be renewed every three years.
Qualifying examinations are given in designated centers worldwide and are done by computer-based testing. Registration for the exams is done through the (ISC)2 Website.
Tests are for the following competencies: healthcare industry, regulatory environment, privacy and security in healthcare, information governance and risk management, information risk assessment, and third party risk management.
A would-be exam taker must first have two years experience in one knowledge area of the credential that includes security, compliance, and privacy. Legal experience could serve as substitute for compliance and information management experience could serve as substitute for privacy.
(ISC)2 claims a worldwide membership of over 92,000. A non-profit, it has its head office in the US even as it has offices in London, Hong Kong, and Tokyo.
Sign up for CIO Asia eNewsletters.