Official (ISC)² guide to the HCISPP CBK PDF

386 Pages·2015·6.437 MB·English

Checking for file health...

Save to my drive

Quick download

OFFICIAL GUIDE TO THE OFFICIAL GUIDE TO THE HCISPPSM CBK® HCISPPSM CBK® O HealthCare Information Security and Privacy Practitioners (HCISPPSM) are the frontline F defense for protecting patient information. These are the practitioners whose HF I C foundational knowledge and experience unite healthcare information security and CI A privacy best practices and techniques under one credential to protect organizations L I and sensitive patient data against emerging threats and breaches. S P The Official (ISC)2® Guide to the HCISPP SM CBK® is a comprehensive resource providing P G an in-depth look at the six domains of the HCISPP Common Body of Knowledge SMU (CBK). The textbook covers the diversity of the healthcare industry, the types of CI D technologies and information flows that require various levels of protection and E HealthCare Information Security B the exchange of healthcare information within the industry, including relevant T and Privacy Practitioner O regulatory, compliance and legal requirements. K T ® H Numerous illustrated examples and tables are included in this book to demonstrate E concepts, frameworks and real-life scenarios. Endorsed by (ISC)² and compiled and reviewed by HCISPPs and (ISC)² members, this book brings together a global, The most complete compendium of industry knowledge compiled by the thorough perspective to healthcare information security and privacy. Utilize this foremost experts in healthcare information security and privacy. A must-have book as your fundamental study tool in preparation for the HCISPP certification exam. for those seeking to attain the HealthCare Information Security and Privacy Hernandez Practitioner (HCISPPSM) credential. Edited by Steven Hernandez, HCISPP, CISSP, CAP, SSCP, CSSLP K24341 ISBN: 978-1-4822-6277-3 90000 9 781482262773 K24341_COVER_final.indd 1 8/14/14 3:47 PM OFFICIAL (ISC)2® GUIDE TO THE HCISPPSM CBK® K23431_FM.indd 1 8/14/14 11:32 AM OTHER BOOKS IN THE (ISC)2® PRESS SERIES Official (ISC)2® Guide to the CISSP® CBK®, Fourth Edition Adam Gordon, Editor ISBN: 978-1-4822-6275-9 Official (ISC)2® Guide to the HCISPPSM CBK® Steven Hernandez, Editor ISBN: 978-1-4822-6277-3 Official (ISC)2® Guide to the CCFPSM CBK® Peter Stephenson, Editor ISBN: 978-1-4822-6247-6 Official (ISC)2® Guide to the ISSAP® CBK®, Second Edition Adam Gordon, Editor ISBN: 978-1-4665-7900-2 Official (ISC)2® Guide to the CAP® CBK®, Second Edition Patrick D. Howard ISBN: 978-1-4398-2075-9 Official (ISC)2® Guide to the SSCP® CBK®, Second Edition Harold F. Tipton, Editor ISBN: 978-1-4398-0483-4 Official (ISC)2® Guide to the ISSAP® CBK® Harold F. Tipton, Editor ISBN: 978-1-4398-0093-5 Official (ISC)2® Guide to the ISSMP® CBK® Harold F. Tipton, Editor ISBN: 978-1-4200-9443-5 CISO Leadership: Essential Principles for Success Todd Fitzgerald and Micki Krause, Editors ISBN: 978-0-8493-7943-X Official (ISC)2® Guide to the CISSP®-ISSEP® CBK® Susan Hansche ISBN: 978-0-8493-2341-X K23431_FM.indd 2 8/14/14 11:32 AM OFFICIAL (ISC)2® GUIDE TO THE HCISPPSM CBK® Edited by Steven Hernandez, HCISPP, CISSP, CAP, SSCP, CSSLP K23431_FM.indd 3 8/14/14 11:32 AM CRC Press Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2015 by Taylor & Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S. Government works Version Date: 20140814 International Standard Book Number-13: 978-1-4822-6278-0 (eBook - PDF) This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the valid- ity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or uti- lized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopy- ing, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, please access www.copyright.com (http:// www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that provides licenses and registration for a variety of users. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the CRC Press Web site at http://www.crcpress.com Contents Foreword ��ix Introduction��xiii Authors ��xvii Domain 1 – Healthcare Industry ��1 The Healthcare Industry ��6 Understand the Healthcare Environment ��7 Understand External Third Parties ��39 Foundational Health Data Management Processes ��47 Domain 1 – Review Questions ��56 Domain 2 – Regulatory Environment ��61 Identify Applicable Regulations ��66 Understand International Regulations and Controls ��84 Compare Internal Practices against New Policies and Procedures ��102 Understand Compliance Frameworks ��112 Understand Response for Risk-Based Decision ��121 Understand and Comply with Code of Ethics/Conduct in a Health Information Environ- ment ��122 Domain 2 – Review Questions ��134 Domain 3 – Privacy and Security in Health Care ��139 Understand Security Objectives/Attributes ��142 Understand General Security Definitions and Concepts ��145 Case Study ��152 Case Study ��162 v HCISPP_Book.indb 5 7/25/2014 5:45:45 PM Official (ISC)2 Guide to the HCISPP CBK General Privacy Principles ��164 The Relationship between Privacy and Security ��170 The Nature of Sensitive Data and Handling Implications ��171 Case Study ��174 Case Study ��176 Security and Privacy Terminology Specific to Healthcare ��177 References ��180 Domain 3 – Review Questions ��184 Domain 4 – Information Governance and Risk Management ��189 Understand Security and Privacy Governance ��194 Information Governance ��195 Governance Structures ��196 Basic Risk Management Methodology ��198 Understand Information Risk Management Lifecycles ��214 Participate in Risk Management Activities ��222 Domain 4 – Review Questions ��234 Domain 5 – Information Risk Assessment ��239 Definitions ��244 Intent ��248 Information Lifecycle and Continuous Monitoring ��250 Tools, Resources, and Techniques ��253 Role of Internal and External Audit/Assessment��256 Control Assessment Procedures from within Organizational Risk Frameworks ��258 Risk Assessment Consistent with Roles within an Organization ��259 Participate in Efforts to Remediate Gaps ��274 Domain 5 – Review Questions ��284 Domain 6 – Third-Party Risk Management ��289 What is a Third Party in Healthcare? ��292 Case Study ��293 Maintain a List of Third-Party Organizations ��295 Third-Party Management Standards and Practices ��300 Determine When Third-Party Assessment is Required ��304 Third-Party Assessments and Audits ��306 Notifications of Security/Privacy Events ��308 Support Establishment of Third-Party Connectivity ��309 Case Study ��310 Case Study ��312 Case Study ��312 Case Study ��313 vi HCISPP_Book.indb 6 7/25/2014 5:45:45 PM Contents Case Study ��314 Third-Party Program Requirements (Internal and External) ��316 Remediation Efforts ��319 Third Party Requests regarding Privacy/Security Events ��320 References ��325 Domain 6 – Review Questions ��328 Appendix A – Answers to Domain Review Questions ��333 vii HCISPP_Book.indb 7 7/25/2014 5:45:45 PM HCISPP_Book.indb 8 7/25/2014 5:45:45 PM Foreword Official (ISC)2 Guide to the HCISPPSM CBK® Foreword As the rapidly evolving healthcare industry faces challenges to keep personal health information protected – including growing volumes of electronic health records, new government regulations, and a complex IT security landscape – there is an increasing need to ensure knowledgeable security and privacy practitioners are in place to protect this sensitive information. Over the next ten years, the global healthcare industry is forecasted to be among the fastest growing employers. At the same time, the risks and consequences of keeping protected health information secure are increasing. As a result, healthcare employers must find qualified personnel who can demonstrate the necessary competence to protect and secure this vital information. Healthcare Information Security and Privacy Practitioners (HCISPPs) are at the forefront of protecting patient health information. These are the practitioners whose foundational knowledge and experience are instrumental to a variety of job functions: ■ Compliance Officer ■ Information Security Manager ■ Privacy Officer ■ Compliance Auditor ■ Risk Analyst Medical Records Supervisor ■ Information Technology Manager ix HCISPP_Book.indb 9 7/25/2014 5:45:45 PM

See more

Official (ISC)² guide to the HCISPP CBK PDF

Preview Official (ISC)² guide to the HCISPP CBK

The list of books you might like