You are previewing HCISPP Study Guide.
O'Reilly logo
HCISPP Study Guide

Book Description

The HCISPP certification is a globally-recognized, vendor-neutral exam for healthcare information security and privacy professionals, created and administered by ISC². The new HCISPP certification, focused on health care information security and privacy, is similar to the CISSP, but has only six domains and is narrowly targeted to the special demands of health care information security.

Tim Virtue and Justin Rainey have created the HCISPP Study Guide to walk you through all the material covered in the exam's Common Body of Knowledge. The six domains are covered completely and as concisely as possible with an eye to acing the exam. Each of the six domains has its own chapter that includes material to aid the test-taker in passing the exam, as well as a chapter devoted entirely to test-taking skills, sample exam questions, and everything you need to schedule a test and get certified. Put yourself on the forefront of health care information privacy and security with the HCISPP Study Guide and this valuable certification.

  • Provides the most complete and effective study guide to prepare you for passing the HCISPP exam - contains only what you need to pass the test, and no fluff!
  • Completely aligned with the six Common Body of Knowledge domains on the exam, walking you step by step through understanding each domain and successfully answering the exam questions.
  • Optimize your study guide with this straightforward approach - understand the key objectives and the way test questions are structured.

Table of Contents

  1. Cover
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Dedication
  6. Author Bio
  7. Technical Editor Bio
  8. Preface
  9. Acknowledgments
  10. Chapter 1: Introduction
    1. Abstract
    2. Background
  11. Chapter 2: Healthcare Industry
    1. Abstract
    2. Healthcare systems
    3. Healthcare organizations
    4. Healthcare provider
    5. Organized physician services
    6. The National Provider Identifier (NPI)
    7. Pharmaceutical industry
    8. Payers
    9. Electronic Data Interchange (EDI)
    10. Value-Added Networks (VANs)
    11. Health insurance exchanges
    12. Business associates
    13. Health Information Technology (HIT)
    14. Medical devices
    15. Meaningful use regulations
    16. Electronic health record
    17. Personal health record
    18. Health insurance
    19. Payment models
    20. Healthcare coding
    21. Systematized Nomenclature of Medicine (SNOMED) – Clinical Terms (CT)
    22. Medical billing
    23. HIPAA transaction and code sets
    24. National Uniform Billing Committee (NUBC)
    25. Healthcare clearinghouse
    26. Workflow management
    27. Regulatory environment
    28. Public health reporting
    29. Clinical research
    30. Authorization and informed consent
    31. Institutional review boards
    32. Healthcare records management
    33. Data sharing
    34. Understanding external third-party relationships
    35. Information flow and life cycle in the healthcare environments
    36. Health data characterization
    37. Healthcare Provider Taxonomy Codes
    38. Data analytics
    39. Data interoperability and exchange
    40. Integrating the Healthcare Enterprise
    41. Health Level Seven International
    42. Digital Imaging and Communications in Medicine (DICOM)
    43. Legal medical records
    44. Definitions
    45. Practice Exam
  12. Chapter 3: Regulatory Environment
    1. Abstract
    2. Legal issues that pertain to information security and privacy for healthcare organizations
    3. Health Insurance Portability and Accountability Act of 1996 (HIPAA)
    4. Select elements and definitions
    5. The American Recovery and Reinvestment Act (ARRA) of 2009
    6. International standards
    7. A culture of privacy and security
    8. Organizational-level privacy and security requirements
    9. Data breach regulations
    10. Penalties and fees
    11. 45 CFR 164.514: HIPAA Privacy Rule (the de-identification standard and its two implementation specifications)
    12. Information flow mapping
    13. Monitoring PHI information flows
    14. Jurisdictional implications
    15. Data Use and Reciprocal Support Agreement (DURSA)
    16. Data subjects
    17. Data ownership
    18. Legislative and regulatory updates
    19. Treaties
    20. Industry-specific laws
    21. Policies, procedures, standards, and guidelines
    22. Common security and privacy compliance frameworks
    23. ISO
    24. National Institute of Standards and Technology (NIST)
    25. NIST Interagency Reports (IRs)
    26. Common Criteria
    27. Common criteria–certified product categories
    28. The Information Governance (IG) Toolkit
    29. Generally Accepted Privacy Principles (GAPP)
    30. Health Information Trust Alliance (HITRUST)
    31. SANS critical security controls
    32. Risk-based decision making
    33. Compensating controls
    34. Control variance documentation
    35. Residual risk tolerance
    36. Organizational code of ethics
    37. (ISC)2 code of ethics
    38. Sanctions
    39. Definitions
    40. Practice Exam
  13. Chapter 4: Privacy and Security in Healthcare
    1. Abstract
    2. Introduction
    3. Security principles
    4. General privacy principles
    5. Relationship between privacy and security
    6. The disparate nature of sensitive data and handling implications
    7. Key terms
    8. Practice Exam
  14. Chapter 5: Information Governance and Risk Management
    1. Abstract
    2. Introduction
    3. Understanding security and privacy governance
    4. Understanding risk management methodology
    5. Information risk management life cycle and activities
    6. Key terms
    7. Practice Exam
  15. Chapter 6: Information Risk Assessment
    1. Abstract
    2. Introduction
    3. Understanding risk assessment
    4. Assessment procedures
    5. Risk assessment process
    6. Risk response and remediation
    7. Key terms
    8. Practice Exam
  16. Chapter 7: Third-Party Risk Management
    1. Abstract
    2. Introduction
    3. Definition of third parties
    4. Inventory
    5. Management standards and practices
    6. Risk assessment
    7. Assessment and audit support
    8. Incident notification and response
    9. Establishing connectivity
    10. Promoting awareness of requirements
    11. Risk remediation
    12. Key terms
    13. Practice Exam
  17. Index