HCISSP Study Guide (2015)

Preface

We are living in unprecedented times. This environment of constant change and transformation offers both opportunities and challenges. The opportunities and societal advances offered by healthcare technology are abundant. However, these advancements come with privacy and security concerns. We do not advocate fearing such change simply because of the privacy and security concerns. In fact, we look forward to all of the benefits and embrace the change, as long as society can find a way to balance the risks against the rewards. As we transition some of our most valued personal health information to various healthcare technology systems, there is and always will be a critical need for Information Security and Privacy professionals in the healthcare field.

There is a significant shortage of qualified professionals who truly understand all the aspects of Information Security and Privacy, including what it takes to develop, implement, and maintain an effective program while supporting the business needs of the organization and delivering leading-edge healthcare. We have seen a plethora of new threat actors enter the arena in an attempt to exploit vulnerable systems with various motives. These actors include foreign governments, “hacktivists,” organized crime, cyber criminals, and even competitors in an attempt to gain a strategic advantage. The sophistication and scale of attacks surpass anything we’ve seen over the past decade and protecting healthcare organizations becomes more difficult as new technologies are adopted. This contributes to an insatiable demand for qualified Information Security and Privacy professionals.

Why focus on the Healthcare industry? Healthcare is growing at an unprecedented pace and is increasingly vulnerable as the industry shifts to electronic healthcare records.

The following is a list of key issues we believe will drive information security and privacy activities within the Healthcare industry and contribute to the demand for qualified professionals.

1. The Healthcare industry is extremely fragmented with minimal standards for interoperability and data sharing between hospitals, pharmacy benefit management companies, insurance companies, and pharmacies. These issues are actively being addressed, but require a significant investment in technology. With increasing connectivity and access to systems and data, risks will also increase. Connectivity in the form of health information exchanges (HITS) and accountable care organizations also drives demand for qualified professionals.

2. There has been huge underinvestment in technology and especially for providers with most investments focused on providing or improving patient care. Old (legacy) systems remain a major security concern as many contain ePHI and need to be secured as they are updated or replaced.

3. There are enormous amounts of healthcare fraud and abuse within the industry, causing costs to spiral out of control. Technology in conjunction with security and privacy controls can provide solutions to increase business visibility and assist with managing these risks.

4. Demand for healthcare is exploding commensurate with the rapidly aging baby boomer population. This will require expansion of existing systems and implementation of new technologies to improve productivity and outcomes.

5. It is projected that the United States will experience a shortage of 160,000 doctors over the next 20 years and the industry will have to find new ways of improving doctor productivity. This will require implementation of new and innovative technologies that need to be secured.

6. Regulators have been aggressive in regulating the security and privacy of Healthcare IT systems and issuing fines for noncompliance.

7. Despite having vast amounts of sensitive data, healthcare Information Security programs are far behind that of Financial Services and other similarly situated industries. The FBI has also issued warnings to the Healthcare industry to urgently improve their programs and controls.

8. The Bureau of Labor Statistics (BLS) projects the job market for Information Security professionals to expand by 37% between 2012 and 2022. Information Security is one of the fastest-growing professions in the job market.

There are a vast number of opportunities for qualified healthcare Information Security and Privacy professionals. The HealthCare Certified Information Security and Privacy Practitioner (HCISPP) credential will certify your knowledge and stature as a qualified professional. There will be vast opportunities for those who prepare for the future, and this book is your first step toward a rewarding healthcare information security and privacy professional.