HealthInfoSec Credential in DevelopmentTraining, Testing Could be Available Next Year
Next year, healthcare information security professionals - and those who want to enter the field - may have the opportunity to earn a new credential to verify their expertise.
(ISC)Â², which already issues the Certified Information Systems Security Professional, or CISSP, credential, is working with the Health Information Trust Alliance to develop the new healthcare-specific certification. If all goes according to plan, training and testing could be available by the second or third quarter of 2013, says Daniel Nutkis, CEO at HITRUST, a non-profit educational group best known for its Common Security Framework, a free guide to implementing security controls to comply with various regulations, including HIPAA.
In January, (ISC)Â² and HITRUST will convene a meeting of experts to begin discussing metrics for the qualifications of healthcare information security professionals. Eventually, HITRUST will offer a training program for those preparing to take an exam to earn the new (ISC)Â² healthcare-specific credential, Nutkis explains.
"CISSP is a great credential, but it's very technical in nature," Nutkis says. Testing to earn the new healthcare credential will go beyond measuring technical aptitude to also assess expertise in relevant industry-specific privacy and security regulations, and the necessary policies and procedures to comply with those rules, he adds.
"The new credential will measure a much broader set of skills for anyone implementing or managing systems that contain PHI [protected health information]," Nutkis says.
Improved training and credentialing is needed in light of the ongoing adoption of electronic health records, increasingly sophisticated cybersecurity threats and complex healthcare regulations, says W. Hord Tipton, (ISC)Â² executive director. "We believe that an organization's privacy and security programs are significantly enhanced when properly trained and experienced individuals are involved," he says.