HCISPP Study Guide

HCISPP Study Guide

1st Edition - December 10, 2014

Write a review

  • Authors: Timothy Virtue, Justin Rainey
  • eBook ISBN: 9780128020890
  • Paperback ISBN: 9780128020432

Purchase options

Purchase options
DRM-free (Mobi, PDF, EPub)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order


The HCISPP certification is a globally-recognized, vendor-neutral exam for healthcare information security and privacy professionals, created and administered by ISC². The new HCISPP certification, focused on health care information security and privacy, is similar to the CISSP, but has only six domains and is narrowly targeted to the special demands of health care information security. Tim Virtue and Justin Rainey have created the HCISPP Study Guide to walk you through all the material covered in the exam's Common Body of Knowledge. The six domains are covered completely and as concisely as possible with an eye to acing the exam. Each of the six domains has its own chapter that includes material to aid the test-taker in passing the exam, as well as a chapter devoted entirely to test-taking skills, sample exam questions, and everything you need to schedule a test and get certified. Put yourself on the forefront of health care information privacy and security with the HCISPP Study Guide and this valuable certification.

Key Features

  • Provides the most complete and effective study guide to prepare you for passing the HCISPP exam - contains only what you need to pass the test, and no fluff!
  • Completely aligned with the six Common Body of Knowledge domains on the exam, walking you step by step through understanding each domain and successfully answering the exam questions.
  • Optimize your study guide with this straightforward approach - understand the key objectives and the way test questions are structured.


IT security professionals, consultants, and administrators; network administrators and IT managers; security managers and analysts; Directors of Security; healthcare administrators and IT managers; privacy managers; anyone taking the HCISPP exam

Table of Contents

    • Dedication
    • Author Bio
    • Technical Editor Bio
    • Preface
    • Acknowledgments
    • Chapter 1: Introduction
      • Abstract
      • Background
    • Chapter 2: Healthcare Industry
      • Abstract
      • Healthcare systems
      • Healthcare organizations
      • Healthcare provider
      • Organized physician services
      • The National Provider Identifier (NPI)
      • Pharmaceutical industry
      • Payers
      • Electronic Data Interchange (EDI)
      • Value-Added Networks (VANs)
      • Health insurance exchanges
      • Business associates
      • Health Information Technology (HIT)
      • Medical devices
      • Meaningful use regulations
      • Electronic health record
      • Personal health record
      • Health insurance
      • Payment models
      • Healthcare coding
      • Systematized Nomenclature of Medicine (SNOMED) – Clinical Terms (CT)
      • Medical billing
      • HIPAA transaction and code sets
      • National Uniform Billing Committee (NUBC)
      • Healthcare clearinghouse
      • Workflow management
      • Regulatory environment
      • Public health reporting
      • Clinical research
      • Authorization and informed consent
      • Institutional review boards
      • Healthcare records management
      • Data sharing
      • Understanding external third-party relationships
      • Information flow and life cycle in the healthcare environments
      • Health data characterization
      • Healthcare Provider Taxonomy Codes
      • Data analytics
      • Data interoperability and exchange
      • Integrating the Healthcare Enterprise
      • Health Level Seven International
      • Digital Imaging and Communications in Medicine (DICOM)
      • Legal medical records
      • Definitions
      • Practice Exam
    • Chapter 3: Regulatory Environment
      • Abstract
      • Legal issues that pertain to information security and privacy for healthcare organizations
      • Health Insurance Portability and Accountability Act of 1996 (HIPAA)
      • Select elements and definitions
      • The American Recovery and Reinvestment Act (ARRA) of 2009
      • International standards
      • A culture of privacy and security
      • Organizational-level privacy and security requirements
      • Data breach regulations
      • Penalties and fees
      • 45 CFR 164.514: HIPAA Privacy Rule (the de-identification standard and its two implementation specifications)
      • Information flow mapping
      • Monitoring PHI information flows
      • Jurisdictional implications
      • Data Use and Reciprocal Support Agreement (DURSA)
      • Data subjects
      • Data ownership
      • Legislative and regulatory updates
      • Treaties
      • Industry-specific laws
      • Policies, procedures, standards, and guidelines
      • Common security and privacy compliance frameworks
      • ISO
      • National Institute of Standards and Technology (NIST)
      • NIST Interagency Reports (IRs)
      • Common Criteria
      • Common criteria–certified product categories
      • The Information Governance (IG) Toolkit
      • Generally Accepted Privacy Principles (GAPP)
      • Health Information Trust Alliance (HITRUST)
      • SANS critical security controls
      • Risk-based decision making
      • Compensating controls
      • Control variance documentation
      • Residual risk tolerance
      • Organizational code of ethics
      • (ISC)2 code of ethics
      • Sanctions
      • Definitions
      • Practice Exam
    • Chapter 4: Privacy and Security in Healthcare
      • Abstract
      • Introduction
      • Security principles
      • General privacy principles
      • Relationship between privacy and security
      • The disparate nature of sensitive data and handling implications
      • Key terms
      • Practice Exam
    • Chapter 5: Information Governance and Risk Management
      • Abstract
      • Introduction
      • Understanding security and privacy governance
      • Understanding risk management methodology
      • Information risk management life cycle and activities
      • Key terms
      • Practice Exam
    • Chapter 6: Information Risk Assessment
      • Abstract
      • Introduction
      • Understanding risk assessment
      • Assessment procedures
      • Risk assessment process
      • Risk response and remediation
      • Key terms
      • Practice Exam
    • Chapter 7: Third-Party Risk Management
      • Abstract
      • Introduction
      • Definition of third parties
      • Inventory
      • Management standards and practices
      • Risk assessment
      • Assessment and audit support
      • Incident notification and response
      • Establishing connectivity
      • Promoting awareness of requirements
      • Risk remediation
      • Key terms
      • Practice Exam
    • Index

Product details

  • No. of pages: 210
  • Language: English
  • Copyright: © Syngress 2014
  • Published: December 10, 2014
  • Imprint: Syngress
  • eBook ISBN: 9780128020890
  • Paperback ISBN: 9780128020432

About the Authors

Timothy Virtue

Tim Virtue (HCISPP, CISSP, CIPP/G, CISA, CCSK, CFE, CSM) is a global information security, privacy and risk management executive. Tim has extensive experience with publicly traded global corporations, privately held businesses, government agencies, and non-profit organizations of all types and sizes. Tim holds an Executive Master of Science in Information Systems Technology degree from George Washington University and a Bachelors of Science in Criminal Justice degree with a concentration in Security Management from Northeastern University.

He currently serves as the Chief Information Security Officer (CISO) for Texas.gov.

Affiliations and Expertise

Chief Information Security Officer (CISO) at Texas.gov.

Justin Rainey

Justin C. Rainey (CISSP, CIPP/US) is a global information security, privacy and technology risk management leader whose entire professional career has focused on the protection of non-public information. Justin began his career in 1998 providing security and technical support for an independent school district and over the past 16 years gained security and privacy experience in various areas including healthcare, research, education, telecommunications, retail, banking, insurance, and investment management. He currently serves as Information Security Manager for a global Investment Management firm and is pursuing a Bachelor of Science degree in Political Science at the University of Houston. Justin resides in Houston, Texas with his wife Jill and their two dogs Austin and Mariette.

Affiliations and Expertise

(CISSP, ISC2, CIPP/US, IAPP), Advisory Board Member at SecureWorld Expo

Ratings and Reviews

Write a review

There are currently no reviews for "HCISPP Study Guide"