Top of Page

HealthCare Information Security and Privacy Practitioner


Protect Those Who Are Counting on You

You do more than protect sensitive patient data. You protect lives. And every day, you have to be ready for new threats and breaches, changes to regulations and the growing complexities of healthcare IT.

Take on these challenges with confidence with the HCISPP! This global healthcare security certification proves you have what it takes to implement, manage and assess the proper security and privacy controls to protect healthcare organizations.

The HCISPP is unique because it combines information security skills with privacy best practices and techniques. No other certification addresses the foundational knowledge in healthcare security and privacy like the HCISPP.
As an HCISPP, you’re on the forefront of protecting patient health information. Start pursuing your HCISPP today.

Steps to Certification

  1. Step 1
  2. Step 2
  3. Step 3
  4. Step 4

Get the Needed Experience

To qualify for the HCISPP certification, you must have:

  • A minimum of two years of cumulative, paid, full-time work experience
  • In one or more knowledge areas of the HCISPP Common Body of Knowledge (CBK) that includes security, compliance and privacy

Legal experience may be substituted for compliance. Information management experience may be substituted for privacy. 

Of your two years of experience, one of those years must be in the healthcare industry.

Don’t have the required work experience yet? You can take and pass the HCISPP exam to earn an Associate of (ISC)2 designation. Then, you’ll have up to three years to earn your required work experience for the HCISPP.

Create an Account at Pearson VUE and Schedule Your Exam

To schedule an exam, you must create an account at Pearson VUE.

Pearson VUE is the leading provider of global, computer-based testing for certification and licensure exams. You can find details on testing locations, policies, accommodations and more on their website.

Once you’ve set up your account and are ready to register, you’ll need to:

  • Complete the Examination Agreement. You agree to the truth of your assertions regarding professional experience. You also legally commit to the adherence of the (ISC)² Code of Ethics.
  • Review the Candidate Background Questions.
  • Pay the exam fee.

Pass the Exam

This is the day to show your greatness! You’ll have three hours to complete the 125 exam questions.

You must pass the exam with a scaled score of 700 points or greater.

Want more details? Read our exam scoring FAQs.

Subscribe to the (ISC)² Code of Ethics and Get Endorsed

Let’s say you pass the exam. Then what?

Before this healthcare security certification can be awarded, you have to:

  • Subscribe to the (ISC)² Code of Ethics.
  • Have your application endorsed.

Your endorsement form must be completed and signed by an (ISC)² certified professional. He or she needs to be an active member who can confirm your professional experience.

(ISC)² can endorse you if you can’t find a certified individual.

You have nine months from the date of the exam to complete these steps. If you don’t, you have to retake the exam to get certified.

Want to learn more? Read our endorsement assistance guidelines.

Get to Know the HCISPP

  • Why Become an HCISPP Why Become an HCISPP

    Yes, there are other certifications out there for healthcare IT, privacy or security. But the HCISPP is the only certification that proves you have the practical skills, foundational knowledge and experience in both security and privacy on an international level.

    Here’s why you should take on the HCISPP certification:

    • Credibility. The HCISPP sets you apart. It shows you know best practices and have real-world expertise in both healthcare information security and privacy. It gives you more authority and appeal.
    • Growth and learning. From exam prep to continuing education, the HCISPP offers many ways to expand your knowledge. You can stay current with changes in healthcare security and privacy.
    • Global expertise. The HCISPP exam covers current, global topics. This ensures you’re up-to-speed on evolving threats and regulations around the world. You’re better prepared to protect your organization and patient data.
    • Versatile skills. The HCISPP isn’t product specific, so you can apply your skills to different technologies or initiatives — including mobile devices, single sign-on, cloud migration and electronic information exchange.
    • Stronger collaboration. As an HCISPP, your knowledge spans security and privacy. You can bridge the gap between departments and better understand problems. In doing so, you can earn more respect and be more successful in your work.
    • Increased compensation. While pay practices vary by employer, many HCISPPs find that this certification can lead to increases in pay.

    What the Industry Is Saying About the HCISPP

    The HCISPP is ANSI-Accredited

    The HCISPP certification is accredited by the American National Standards Institute (ANSI). This means it complies with the International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) 17024 Standards. Why is accreditation important when choosing a certification program? Visit the Institute for Credentialing Excellence website for details

  • Should You Pursue the HCISPP? Should You Pursue the HCISPP?

    Should You Pursue the HCISPP?

    The HCISPP can add value whether you’re a consultant or a practitioner on the frontlines of healthcare security and privacy.

    But is it right for you?

    The HCISPP is a great fit for you if you:

    • Have well-rounded skills. You have practical healthcare experience, as well as a foundation in information security, privacy or risk. 
    • Want to expand your knowledge and keep up with emerging threats and evolving regulations. You’re passionate about learning.
    • Are looking for a powerful way to earn more respect, better opportunities and/or higher pay.
    • Understand you’re the frontline defense in protecting patient health information. Everything you do matters. The HCISPP will make you better at protecting your organization and the patients counting on you.

    While the HCISPP is designed for those in hands-on roles, many CISSPs pursue it too. It validates your healthcare security and privacy expertise, and gives you a greater level of credibility. 

    The HCISPP is ideal for those working in roles such as:

    • Compliance officer
    • Information security manager
    • Privacy officer
    • Compliance auditor
    • Risk analyst
    • Medical records supervisor
    • Information technology manager
    • Privacy and security consultant
    • Health information manager
    • Practice manager
    Wondering whether the HCISPP makes sense for you? Talk to a certification consultant.
  • Get the HCISPP Exam Outline Get the HCISPP Exam Outline
    The exam outline is a free resource that details the major topics and subtopics within the domains that are covered on the HCISPP exam. Reviewing this outline will help you determine which topics you may feel less confident about and develop a study plan around those topics.

    HCISPP Exam Outline
  • Getting HCISPP Training That’s Right for You Getting HCISPP Training That’s Right for You

    Prepare for your HCISPP exam through a combination of training courses and individual study. And learn from (ISC)2 — the creator of the HCISPP CBK! 

    Simply choose the best training format for your schedule, needs and learning style.


    Classroom-Based Training

    • Ideal for hands-on learners. We offer the most thorough review of the HCISPP CBK, industry concepts and best practices.
    • A three-day training event delivered in a classroom setting. Eight hours a day.
    • Led by authorized instructors.
    • Available at (ISC)² facilities and through (ISC)² Official Training Providers worldwide.
    • Led by authorized instructors.

    Get details on Classroom-Based Training.


    Private On-Site Training

    • A cost-effective and convenient training solution if your organization has 10 or more employees taking the exam.
    • Tailored to your team’s schedule, budget and certification requirements.
    • Conveniently taught in your office space or a local venue.
    • Led by authorized instructors

    Get details on Private On-Site Training.


    Instructor-Led Training

    • Participate from the convenience of your computer. This saves you travel time and expense.
    • Weekday, weekend and evening options to fit your needs.
    • Comprehensive review of the CBK, so you’re ready for this healthcare security certification.
    • Delivered in a variety of schedules with weekday, weekend, and evening options to suit your needs.
    • Access to recordings of all course sessions for 60 days.
    • Led by authorized instructors.

    Get details on Instructor-Led Seminars.

    HCISPP Training Course Overview

    Our training helps you fully prepare for this healthcare security certification. You will:

    • Review, refresh and expand your healthcare security knowledge.
    • Identify areas you need to study for the HCISPP exam.

    You can expect an in-depth review of the six domains of the HCISPP CBK — including discussion of industry best practices and timely healthcare security and privacy concepts.

    (ISC)² authorized instructors lead all our training. You’re learning from industry experts who understand you. They know how to make the content highly relatable. And they go through a rigorous process to teach to our CBK.

    Plus, we use proven adult learning techniques to reinforce topics. This approach increases how much information you retain. Our techniques are highly interactive. They focus on real-world learning activities and scenarios, so you get the most out of training.

    Self-Study Tools

    In addition to training, we offer resources to help you with self-study. Our resources include the:

  • Taking Your HCISPP Exam Taking Your HCISPP Exam
    Length of exam

    Up to 3 hours

    Number of questions

    125 questions

    Question format

    Multiple Choice

    Passing grade

    A passing score is 700 out of 1000 points

    Exam Languages


    Testing Center

    Pearson Vue Testing Center


    Ready to sign up for the exam? Visit the Pearson VUE website to create an account and book your exam.

  • Maintaining or Regaining HCISPP Certification Maintaining or Regaining HCISPP Certification

    Maintain Your HCISPP Credential and Membership with (ISC)²

    Once you’ve earned this world-class healthcare security certification, you become a member of (ISC)². You enter one of the largest communities of information security professionals in the world. You gain access to unparalleled global resources and networking.

    Quite simply, you have endless opportunities to grow and refine your craft.

    But certification is a privilege that must be earned and maintained.

    To remain in good standing with your HCISPP, you need to:

    • Abide by the (ISC)² Code of Ethics.
    • Earn and post Continuing Professional Education (CPE) credits.
    • Pay your Annual Maintenance Fee (AMF).

    Here’s a closer look at each.

    Abiding by the (ISC)² Code of Ethics
    You agree to fully support and follow the (ISC)² Code of Ethics.

    Earning and Posting CPE Credits
    Healthcare security is constantly changing. (You know this well!) You need to earn CPE hours to stay well-rounded and keep up your expertise.

    For the HCISPP, you need to earn and post a minimum of 20 CPE credits per year. You need to do so before your certification annual anniversary date.

    CPEs may sound like a big task. However, (ISC)² makes it easy for you to earn your CPE credits on a regular basis. 

    We offer access to:

    • Live educational events around the world.
    • Online seminars that can be taken in the comfort of your home or office. They’re available exclusively to (ISC)² members.
    • And many more learning opportunities.

    Paying Annual Maintenance Fees (AMFs)
    Once you earn this healthcare security certification, you must pay USD$65 each year of your three-year certification cycle. Your payment is due before your certification or recertification annual anniversary date.

    Your payments help ensure that (ISC)² has the financial resources to:

    • Be a functional, dynamic entity for leading information security and IT professionals (like you) far into the future.
    • Develop more CPE opportunities.
    • Continue to meet the certification needs and requirements of information security and IT professionals.
    • Maintain member records.

    How to Regain Membership if Your HCISPP Ends
    If you wish to regain membership, you’ll need to:

    • Pay any outstanding AMF payments. (This needs to take place before you sit for the exam.)
    • Retake and pass the exam to become certified again.
    • Contact Member Services to reactivate your certification after you pass the exam.

    Do you have questions about maintaining your HCISPP certification? Ask Member Services. >

Free HCISPP Ultimate Guide

Show Them You’re the Health IT Security & Privacy Go-To

Download Your Free HCISPP Ultimate Guide