HCISPP HealthCare Information Security and Privacy Practitioner All-in-One Exam Guide

Book description

HCISPP® HealthCare Information Security and Privacy Practitioner All-in-One Exam Guide

Prepare for the current release of the HealthCare Information Security and Privacy Practitioner (HCISPP) exam using the detailed information contained in this effective self-study resource. Written by a healthcare information security and privacy expert and a founding contributor to the HCISPP credential, HCISPP HealthCare Information Security and Privacy Practitioner All-in-One Exam Guide contains complete coverage of all seven security and privacy exam domains along with examples and practice questions that closely match those on the actual test. Designed to help you pass the rigorous exam with ease, this guide also serves as an ideal on-the-job reference.

Covers all exam domains:

  • Healthcare industry
  • Information governance in healthcare
  • Information technologies in healthcare
  • Regulatory and standards environment
  • Privacy and security in healthcare
  • Risk management and risk assessment
  • Third-party risk management

Online content includes:

  • 250 practice exam questions
  • Test engine that provides full-length practice exams and customizable quizzes


Table of contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Dedication
  5. About the Author
  6. Contents at a Glance
  7. Contents
  8. Acknowledgments
  9. Introduction
  10. Chapter 1 Healthcare Industry
    1. Types of Organizations in the Healthcare Sector
      1. Patients
      2. Providers
      3. Healthcare Clearinghouse
      4. Healthcare Organizational Behavior
      5. Health Insurance
    2. Healthcare Across the Globe
      1. United States
      2. Canada
      3. United Kingdom
      4. European Union
      5. Japan
    3. Stakeholders
    4. Coding and Classification Systems and Standards
      1. Diagnosis-Related Group (DRG)
      2. International Classification of Diseases (ICD)
      3. Systematized Nomenclature of Medicine Clinical Terms (SNOMED CT)
      4. Additional Coding Systems
    5. Revenue Cycle
      1. Claims Processing and Third-Party Payers
      2. Payment Models
      3. The US Evolving Payment Model
      4. Medical Billing
      5. Transaction Standards
      6. Reimbursement
    6. Workflow Management
      1. Clinical Workflow
      2. Business Process Reengineering (BPR)
      3. Value Stream Mapping (VSM)
    7. Regulatory Environment
      1. Patient Rights
      2. Patient Care and Safety
    8. Public Health Reporting
    9. Clinical Research
      1. Good Clinical Research Practice (GCP)
      2. De-identification of Patient Information
    10. Healthcare Records Management
      1. Record Retention
      2. Destruction of Patient Health Information
      3. Access Control
      4. Authentication, Authorization, and Accounting (AAA)
    11. Third-Party Relationships
      1. Vendors
      2. Regulators
      3. Other Third-Party Relationships
      4. Administering Third Parties
    12. Understand Foundational Health Data Management
    13. Managing Information Flow and Lifecycle in Healthcare Environments
      1. Data Lifecycle Management (DLM)
      2. Health Data Characterization
    14. Data Interoperability and Exchange
      1. Health Level 7 (HL7)
      2. Integrating the Healthcare Enterprise (IHE)
      3. Digital Imaging and Communications in Medicine (DICOM)
    15. Legal Medical Record
    16. Chapter Review
      1. Questions
      2. Answers
    17. References
  11. Chapter 2 Information Governance in Healthcare
    1. Security Governance
      1. Board of Directors
      2. Information Security Program
      3. Information Security Steering Committee
      4. Configuration Control Board
      5. Information Management Council
      6. Risk Management Steering Committee
      7. Data Incident Response Team
    2. Privacy Governance
      1. Generally Accepted Privacy Principles
      2. Data Governance Committee
      3. Audit Committee (Board of Directors)
      4. Institutional Review Board
    3. Information Governance Roles and Responsibilities
      1. Chief Information Security Officer
      2. Chief Privacy Officer
      3. Chief Data Officer
      4. Information System Owner
      5. Data Owner
      6. Data Steward
      7. Data Controller
      8. Data Processor
      9. Data Custodian
      10. End User
    4. Information Security and Privacy Policies and Procedures
      1. Policies
      2. Procedures
      3. Notable Policies and Procedures
    5. Sanction Policy
    6. Configuration Management Plan
    7. Code of Conduct or Ethics in a Healthcare Information Environment
      1. Organizational Codes of Conduct in Healthcare
      2. Organizational Codes of Ethics in Healthcare
      3. (ISC)2 Code of Ethics
    8. Chapter Review
      1. Questions
      2. Answers
    9. References
  12. Chapter 3 Information Technologies in Healthcare
    1. Fostering Privacy and Security with HIT
    2. Increased Exposure Affecting the Threat Landscape
      1. Internal Threats to HIT Privacy and Security
      2. External Threats to HIT Privacy and Security
    3. Oversight and Regulatory Challenges
      1. HIPAA and HIT
      2. GDPR and HIT
    4. Interoperability
      1. Software and System Development
      2. Levels of Interoperability
      3. Medicare Access and CHIP Reauthorization Act of 2015
    5. Information Technologies
      1. Electronic Health Records
      2. Internet of Medical Things
      3. Medical Devices
      4. Cloud Computing
      5. Mobile Device Management
      6. Health Information Exchange
    6. Data Lifecycle Management
      1. Phase 1: Create
      2. Phase 2: Store
      3. Phase 3: Use
      4. Phase 4: Archive
      5. Phase 5: Destroy
    7. Third-Party Connectivity
      1. Trust Models for Third-Party Interconnections
      2. Technical Standards: Physical, Logical, Network Connectivity
      3. Connection Agreements
    8. Chapter Review
      1. Questions
      2. Answers
    9. References
  13. Chapter 4 Regulatory and Standards Environment
    1. Identify Regulatory Requirements
      1. Legal Issues Regarding Information Security and Privacy
      2. Data Breach Regulations
      3. Protected Personal and Health Information
      4. Jurisdiction Implications
      5. Data Subjects
      6. Data Owners
      7. Data Steward
      8. Data Controller
      9. Data Custodians
      10. Data Processor
      11. Research
    2. Recognize Regulations and Controls of Various Countries
      1. Treaties
      2. Laws and Regulations
    3. Understand Compliance Frameworks
      1. Privacy Frameworks
      2. Security Frameworks
    4. Chapter Review
      1. Questions
      2. Answers
    5. References
  14. Chapter 5 Privacy and Security in Healthcare
    1. Guiding Principles of Information Security: Confidentiality, Integrity, and Availability
      1. Confidentiality
      2. Integrity
      3. Availability
      4. Accountability
    2. Understanding Security Concepts
      1. Identity and Access Management
      2. Access Control
      3. Training and Awareness
      4. Logging and Monitoring
      5. Vulnerability Management
      6. Segregation of Duties
      7. Least Privilege (Need to Know)
      8. Business Continuity
      9. Disaster Recovery
      10. System Backup and Recovery
      11. Configuration, or Change Management
      12. Incident Response
    3. Understanding Privacy Concepts
      1. US Approach to Privacy
      2. European Approach to Privacy
      3. Consent
      4. Choice
      5. Limited Collection
      6. Legitimate Purpose
      7. Purpose Specification
      8. Disclosure Limitation
      9. Transfer to Third Parties (or Countries)
      10. Transborder Concerns
      11. Access Limitation
      12. Accuracy
      13. Completeness
      14. Quality
      15. Management
      16. Privacy Officer
      17. Supervisory Authority
      18. Processing Authorization
      19. Accountability
      20. Training and Awareness
      21. Openness and Transparency
      22. Proportionality
      23. Use and Disclosure
      24. Access
      25. Individual Participation
      26. Notice
      27. Events, Incidents, and Breaches
    4. The Relationship Between Privacy and Security
      1. Dependency
      2. Integration
      3. Ownership of Healthcare Information
    5. Understand Sensitive Data and Handling
      1. Sensitivity Mitigation
      2. Categories of Sensitive Data
    6. Chapter Review
      1. Questions
      2. Answers
    7. References
  15. Chapter 6 Risk Management and Risk Assessment
    1. Understand Enterprise Risk Management
      1. Measuring and Expressing Information Risk
      2. Identifying Information Assets
      3. Asset Valuation Methods
      4. Risk Components
      5. Employing Security Controls
      6. Assessing Residual Risk
    2. Understand Information Risk Management Framework
      1. NIST Risk Management Framework (RMF)
      2. International Organization for Standardization
      3. Centers for Medicare and Medicaid Services
    3. Understand Risk Management Process
      1. Quantitative vs. Qualitative Approaches
      2. Intent
      3. Information Lifecycle and Continuous Monitoring
      4. Tools, Resources, and Techniques
      5. Desired Outcomes
      6. Role of Internal and External Audit and Assessment
    4. Identify Control Assessment Procedures Using Organization Risk Frameworks
    5. Participate in Risk Assessment According to Your Role
      1. Information Gathering
      2. Risk Assessment Estimated Timeline
      3. Gap Analysis
      4. Mitigating Actions
      5. Communications and Reporting
    6. Understand Risk Response
    7. Use Controls to Remediate Risk
      1. Administrative Controls
      2. Physical Controls
      3. Technical Controls
    8. Participate in Continuous Monitoring
    9. Chapter Review
      1. Questions
      2. Answers
    10. References
  16. Chapter 7 Third-Party Risk Management
    1. Understand the Definition of Third Parties in the Healthcare Context
    2. Maintain a List of Third-Party Organizations
    3. Third-Party Role and Relationship with the Organization
      1. Outsourcing
      2. Third-Party Risk in the Cloud
      3. Third-Party Risk in Data Disposition
      4. Third-Party Risk in Nonmedical Devices
    4. Health Information Use: Processing, Storage, Transmission
      1. International Regulations for Data Transfer to Third Parties
      2. Unauthorized Disclosure of Data Transferred to Third Parties
    5. Apply Management Standards and Practices for Engaging Third Parties
      1. Relationship Management
    6. Determine When a Third-Party Assessment Is Required
      1. Organizational Standards
      2. Triggers of a Third-Party Assessment
    7. Support Third-Party Assessments and Audits
      1. Information Asset Protection Controls
      2. Compliance with Information Asset Protection Controls
      3. Communication of Results
    8. Participate in Third-Party Remediation Efforts
    9. Respond to Notifications of Security/Privacy Events
      1. Internal Processes for Incident Response
      2. Relationship Between Organization and Third-Party Incident Response
      3. Breach Recognition, Notification, and Initial Response
    10. Respond to Third-Party Requests Regarding Privacy/Security Events
      1. Law Enforcement
      2. EU Data Authorities
      3. Affected Individuals
      4. Media
      5. Public Relations
      6. Health Information Exchanges
      7. Organizational Breach Notification Rules
      8. Organizational Information Dissemination Policies and Standards
      9. Risk Assessment Activities
      10. Chain of Custody Principles
    11. Promote Awareness of Third-Party Requirements
      1. Information Flow Mapping and Scope
      2. Data Sensitivity and Classification
      3. Privacy and Security Requirements
      4. Risks Associated with Third Parties
    12. Chapter Review
      1. Questions
      2. Answers
    13. References
  17. Appendix About the Online Content
    1. System Requirements
    2. Your Total Seminars Training Hub Account
      1. Privacy Notice
    3. Single User License Terms and Conditions
    4. TotalTester Online
    5. Technical Support
  18. Glossary
  19. Index

Product information

  • Title: HCISPP HealthCare Information Security and Privacy Practitioner All-in-One Exam Guide
  • Author(s): Sean P. Murphy
  • Release date: September 2020
  • Publisher(s): McGraw-Hill
  • ISBN: 9781260460070