Online Training Course


CyberVista’s HCISPP Training Course enables practitioners to participate, learn, and partner with other professionals as they prepare to earn the healthcare-specific HCISPP cybersecurity certification.

Sean Murphy on a computer screen instructing the HCISPP course next to the book he wrote

Who should earn the HCISPP

The HCISPP or HealthCare Information Security and Privacy Professional certification from (ISC)² reflects that an individual is dedicated to protecting patient health information and has a means of working within the inherently complex regulatory environment of the industry.

The HCISPP is unique among cybersecurity certifications in that it is dedicated to the healthcare industry and it also combines cybersecurity subject matter with additional coverage areas of privacy and compliance. Individuals who earn the HCISPP prove that have the knowledge and ability to implement, manage and assess security and privacy controls to protect healthcare organizations.

Compliance Auditor
Compliance Officer
Information Security Manager
Health Information Manager
Information Technology Manager
Medical Records Supervisor
Privacy Officer
Privacy and Security Consultant
Practice Manager
Risk Analyst

Course Overview

As (ISC)² Official Training Provider, CyberVista’s HCISPP Training Course enables practitioners to participate, learn, and partner with other professionals as they prepare to earn the HCISPP certification. Our courses train for the most up-to-date version of the HCISPP exam.

We offer HCISPP training as a Video On-Demand HCISPP Course that allows participating practitioners to move at their own pace.

Readiness guarantee – CyberVista offers a course readiness or retake guarantee on all Certify courses. If any individual taking this training course does not pass the exam on the first try or does not feel prepared following the completion of the course can retake the course at no additional charge for up to one full year.

Featured CyberVista Instructor:
Sean Murphy

CyberVista’s online HCISPP course is led by featured CyberVista instructor, Sean Murphy. Sean is a leading health IT expert and author of the original and newly released Official HCISPP All-in-One Exam Guide.

Sean Murphy on a computer screen instructing the HCISPP course next to the book he wrote
This course includes:
  • 75 question diagnostic exam
  • 125 question final exam
  • 60+ 5-15 minute on-demand training videos
  • 300+ practice question bank
  • Performance Tracker
  • Homework Quizzes
  • Summary Notes
  • Review Videos
  • Healthcare industry expert interviews
  • Test Day Strategy

Course Outline

    • 1.1 Understand the Healthcare Environment Components
      • 1.1.1 Healthcare Players
      • 1.1.2 Healthcare Processes
      • 1.1.3 Healthcare Environment Regulation
      • 1.1.4 Healthcare Environment Management
    • 1.2 Understand Third-Party Relationships
      • 1.2 Third-Party Healthcare Relationships
    • 1.3 Understand Foundational Health Data Management Concepts
      • 1.3.1 Health Data Flow and Characterization
      • 1.3.2 Data Interoperability and Exchange
      • 1.3.3 Legal Medical Records
    • 2.1 Understand Information Governance Frameworks
      • 2.1.1 Security Governance
      • 2.1.2 Privacy Governance
    • 2.2 Identify Information Governance Roles and Responsibilities
      • 2.2 Information Governance Roles and Responsibilities
    • 2.3 Align Information Security and Privacy Policies, Standards and Procedures
      • 2.3 Information Security Alignment
    • 2.4 Understand and Comply with Code of Conduct/Ethics in a Healthcare Information Environment
      • 2.4.1 Healthcare Code of Ethics/Conduct
      • 2.4.2 (ISC)² Code of Ethics
    • 3.1 Understand the Impact of Healthcare Information Technologies on Privacy and Security
      • 3.1.1 Threat Landscape
      • 3.1.2 Oversight, Regulatory, and Communication Challenges
    • 3.2 Understand Data Life Cycle Management
      • 3.2.1 Data Life Cycle Management
    • 3.3 Understand Third-Party Connectivity
      • 3.3.1 Trust Models for Third-Party Interconnections
      • 3.3.2 Technical Standards for Third-Party Interconnection
      • 3.3.3 Connection Agreements for Third-Parties
    • 4.1 Identify Regulatory Requirements
      • 4.1.1 Jurisdictional Issues and Data Breach Regulations Related to Healthcare Resources
      • 4.1.2 Protected Personal and Health Information
      • 4.1.3 Data Subjects and Research
    • 4.2 Recognize Regulations and Controls of Various Countries
      • 4.2.1 Health Insurance Portability and Accountability Act (HIPAA)
      • 4.2.2 Health Information Technology for Economic and Clinical Health (HITECH)
      • 4.2.3 General Data Protection Regulation (GDPR), Data Protection Directive (DPD)
      • 4.2.4 Personal Information Protection and Electronic Documents Act (PIPEDA)
      • 4.2.5 California Consumer Privacy Act (CCPA)
      • 4.2.6 International Treaties
    • 4.3 Understand Compliance Frameworks
      • 4.3.1 Privacy Frameworks
      • 4.3.2 Security Frameworks
    • 5.1 Understand Security Objectives/Attributes
      • 5.1.1 CIA Triad
    • 5.2 Understand General Security Definitions and Concepts
      • 5.2.1 Personnel Security Controls
      • 5.2.2 Business Continuity and Disaster Recovery
      • 5.2.3  Identity and Access Management
      • 5.2.4 Logging, Monitoring, and Auditing
      • 5.2.5 Data Encryption
    • 5.3 Understand General Privacy Definitions and Concepts
      • 5.3.1 Privacy Concepts
      • 5.3.2 Events, Incidents and Breaches
      • 5.3.3 Data Collection Communication
    • 5.4 Understand the Relationship Between Privacy and Security
      • 5.4.1 Relationship Between Privacy and Security
    • 5.5 Understand Sensitive Data and Handling
      • 5.5.1 Sensitive Data Categorization
      • 5.5.2 Data Sensitivity Mitigation
    • 6.1 Understand Enterprise Risk Management
      • 6.1.1 Enterprise Risk Management
    • 6.2 Understand Information Risk Management Framework (RMF)
      • 6.2.1 Information Risk Management Framework (RMF)
    • 6.3 Understand Risk Management Process
      • 6.3.1 Risk Management Process
      • 6.3.2 Risk Management Life Cycle and Continuous Monitoring
      • 6.3.3 Tools/Resources/Techniques
      • 6.3.4 Internal and External Audit/Assessments
    • 6.4 Identify Control Assessment Procedures Utilizing Organization Risk Frameworks
      • 6.4.1 Control Assessment Procedures Utilizing Organization Risk Frameworks
    • 6.5 Participate in Risk Assessment Consistent with the Role in Organization
      • 6.5.1Risk Assessment Set Up
      • 6.5.2Risk Assessment Follow Up
    • 6.6 Understand Risk Response
      • 6.6.1 Risk Response
    • 6.7 Utilize Controls to Remediate Risk
      • 6.7.1 Controls to Remediate Risk
    • 6.8 Participate in Continuous Monitoring
      • 6.8.1 Continuous Monitoring Roles
    • 7.1 Understand the Definition of Third-Parties in Healthcare Context
      • 7.1.1 Third-Parties in the Healthcare Environment
    • 7.2 Maintain a List of Third-Party Organizations
      • 7.2.1 Third-Party Organizations Documentation
    • 7.3 Apply Management Standards and Practices for Engaging Third-Parties
      • 7.3.1 Engaging Third-Parties
    • 7.4 Determine When a Third-Party Assessment Is Required
      • 7.4.1 Third-Party Assessment Triggers
    • 7.5 Support Third-Party Assessments and Audits
      • 7.5.1 Third-Party Assessments and Audits
    • 7.6 Participate in Third-Party Remediation Efforts
      • 7.6.1 Third-Party Remediation Efforts
    • 7.7 Respond to Notifications of Security/Privacy Events
      • 7.7.1 Security/Privacy Events Notification and Response
    • 7.8 Respond to Third-Party Requests Regarding Privacy/Security Events
      • 7.8.1 Third-Party Requests Regarding Privacy/Security Events
    • 7.9 Promote Awareness of Third-Party Requirements
      • 7.9.1 Third-Party Requirements Awareness

Why CyberVista?

When it comes to certification training, we know that you and your organization have several options to choose from. This is what separates CyberVista from the pack. 

Data Driven

Live reporting provides an objective view of performance and progress.


Total costs average 50% less per person compared to traditional providers.


Drive real results with high-quality training and practical applications.


Designed to adapt to the organization and the individual employee.