Official (ISC)2 Guide to the HCISPP CBK: 1st Edition (Hardback) book cover

Official (ISC)2 Guide to the HCISPP CBK

1st Edition

Edited by Steven Hernandez

Auerbach Publications

392 pages | 74 B/W Illus.

Purchasing Options:$ = USD
Hardback: 9781482262773
pub: 2014-09-10
SAVE ~$16.19
eBook (VitalSource) : 9780429068171
pub: 2018-11-14
from $40.48

FREE Standard Shipping!


HealthCare Information Security and Privacy Practitioners (HCISPPSM) are the frontline defense for protecting patient information. These are the practitioners whose foundational knowledge and experience unite healthcare information security and privacy best practices and techniques under one credential to protect organizations and sensitive patient data against emerging threats and breaches.

The Official (ISC) Guide to the HCISPPSM CBK®is a comprehensive resource that provides an in-depth look at the six domains of the HCISPP Common Body of Knowledge (CBK). This guide covers the diversity of the healthcare industry, the types of technologies and information flows that require various levels of protection, and the exchange of healthcare information within the industry, including relevant regulatory, compliance, and legal requirements.

Numerous illustrated examples and tables are included that illustrate key concepts, frameworks, and real-life scenarios. Endorsed by the (ISC)² and compiled and reviewed by HCISPPs and (ISC)² members, this book brings together a global and thorough perspective on healthcare information security and privacy. Utilize this book as your fundamental study tool in preparation for the HCISPP certification exam.


As the rapidly evolving healthcare industry faces challenges to keep personal health information protected—including growing volumes of electronic health records, new government regulations, and a complex IT security landscape—there is an increasing need to ensure knowledgeable security and privacy practitioners are in place to protect this sensitive information. … This Official (ISC) Guide to the HCISPPSM CBK® textbook covers the diversity of the healthcare industry, the types of technologies and information flows that require various levels of protection, and the exchange of healthcare information within the industry, including relevant regulatory, compliance, and legal requirements.

—W. Hord Tipton, Executive Director, (ISC)2

Table of Contents

Domain 1–Healthcare Industry

The Healthcare Industry

Understand the Healthcare Environment

Understand External Third Parties

Foundational Health Data Management Processes

Domain 1 – Review Questions

Domain 2–Regulatory Environment

Identify Applicable Regulations

Understand International Regulations and Controls

Compare Internal Practices against New Policies and Procedures

Understand Compliance Frameworks

Understand Response for Risk-Based Decision

Understand and Comply with Code of Ethics/Conduct in a Health Information Environment

Domain 2 – Review Questions

Domain 3–Privacy and Security in Health Care

Understand Security Objectives/Attributes

Understand General Security Definitions and Concepts

Case Study

Case Study

General Privacy Principles

The Relationship between Privacy and Security

The Nature of Sensitive Data and Handling Implications

Case Study

Case Study

Security and Privacy Terminology Specific to Healthcare


Domain 3 – Review Questions

Domain 4–Information Governance andRisk Management

Understand Security and Privacy Governance

Information Governance

Governance Structures

Basic Risk Management Methodology

Understand Information Risk Management Lifecycles

Participate in Risk Management Activities

Domain 4 – Review Questions

Domain 5–Information Risk Assessment



Information Lifecycle and Continuous Monitoring

Tools, Resources, and Techniques

Role of Internal and External Audit/Assessment

Control Assessment Procedures from within Organizational Risk Frameworks

Risk Assessment Consistent with Roles within an Organization

Participate in Efforts to Remediate Gaps

Domain 5 – Review Questions

Domain 6–Third-Party Risk Management

What is a Third Party in Healthcare?

Case Study

Maintain a List of Third-Party Organizations

Third-Party Management Standards and Practices

Determine When Third-Party Assessment is Required

Third-Party Assessments and Audits

Notifications of Security/Privacy Events

Support Establishment of Third-Party Connectivity

Case Study

Case Study

Case Study

Case Study

Case Study

Third-Party Program Requirements (Internal and External)

Remediation Efforts

Third Party Requests regarding Privacy/Security Events


Domain 6 – Review Questions

Appendix A – Answers to Domain Review Questions

About the Editor

Steven Hernandez MBA, HCISPP, CISSP, CSSLP, SSCP, CAP, CISA, is a Chief Information Security Officer practicing in the U.S. Federal Government in Washington DC. Hernandez has over seventeen years of information assurance experience in a variety of fields including international healthcare, international heavy manufacturing, large finance organizations, educational institutions, and government agencies. Steven is an Honorary Professor at California State University San Bernardino and affiliate faculty at the National Information Assurance Training and Education Center located at Idaho State University. Through his academic outreach, he has lectured over the past decade on numerous information assurance topics including risk management, information security investment, and the implications of privacy decisions to graduate and postgraduate audiences.

In addition to his credentials from (ISC)2, Hernandez also holds six U.S. Committee for National Security Systems certifications ranging from systems security to organizational risk management. Steven also volunteers service to (ISC)2’s Government Advisory Board and Executive Writers Bureau. Steven enjoys relaxing and traveling with his wife, whose patience and support have been indispensable in his numerous information assurance pursuits.

About the Series

(ISC)2 Press

Learn more…

Subject Categories

BISAC Subject Codes/Headings:
BUSINESS & ECONOMICS / Industries / Service Industries
COMPUTERS / Information Technology
COMPUTERS / Security / General
COMPUTERS / Certification Guides / General
MEDICAL / Administration