SecProve
ProfessionalVendor-neutralISC2· issued from US

HCISPP

HealthCare Information Security and Privacy Practitioner

ISC2 certification for healthcare security and privacy. Will be retired in December 2026. Focus on data protection, compliance, and risk management in healthcare. Relevant in the US (HIPAA), less so in Europe.

Official page at ISC2↔ Compare with another cert
Exam fee
$599
Ongoing
$125/yr AMF · 20 CPE/yr
Study time
80–160 hrs
Delivery
Test center
Validity
3 yrs (renewal cycle)

› Quality score

21.0 / 40

Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.

Blueprint rigor
How well-defined and rigorous the exam blueprint is.
ISC2 healthcare-privacy concentration — HIPAA, HITRUST, healthcare-specific risk.
7.5/10
Practical evidence
Hands-on labs / written reports vs pure MCQ.
MCQ only. No PHI-handling or DPIA artefact.
1.5/10
Currency & upkeep
How aggressively content is kept current with the field.
Refreshed alongside HITRUST CSF revisions; current with HIPAA enforcement guidance.
6.5/10
Market recognition
How often this signal actually moves a hiring decision.
Default healthcare-privacy signal in US hospital and payer systems. [Holders: 3k, 2024-12] [DoD 8140 listed]
5.5/10

› Market signals

public, citable inputs to the recognition score
Holders worldwide
3,000
as of 2024-12 · source
DoD 8140 baseline
Listed
IAM-I, IAM-II

› Built for these roles

Healthcare Compliance OfficersPrivacy OfficersHealth Information Managers

› Exam format

No longer offered (last exam Dec 2023)

Passing score
700/1000 (scaled)
Retake policy
Fee: $599 per attempt
Wait: 30d between attempts
Cap: 4 attempts/year

30/60/90 day waits for retakes 1/2/3 in a rolling 12-month window.

› Recertification

60 CPEs per 3-year cycle until Dec 2026

› 3-year cost of ownership

Exam (1×)
$599
AMF (3×)
$375@$125/yr
Total
$974

Excludes study materials, training, retake risk, and lost-wage opportunity. Use as a floor estimate.

› NICE Framework work roles

The NIST NICE work-role IDs this cert maps to. NICCS lookup.

OG-WRL-008
Recognition
Global
Exam languages
en

› Core domains covered

The 2 domains this cert is centrally about. Passing the exam demonstrates working knowledge of each.

A12Data Security, Privacy & Protection

Data classification, encryption-at-rest/in-transit, DLP, tokenization, privacy-by-design, plus the regulatory stack (GDPR, CCPA, HIPAA) that sets the bar.

A1Governance, Risk & Compliance

Risk frameworks (NIST RMF, ISO 31000, FAIR), policy development, audit, regulatory compliance, third-party risk.

› Prerequisites

Experience

2 years healthcare security/privacy experience

› Progression

requiredrecommended

Where this cert fits in the typical learning path. Required edges are vendor-gated; recommended edges reflect de facto industry progression.

Required prereqs (0)

No vendor-gated prereqs.

Recommended priors (1)
CCISC2
HCISPP
ISC2
Required by (0)

No certs require this one.

Recommended next (0)

No follow-on certs reference this one yet.

› Study materials

Curated starting points. Not exhaustive — vet each against your learning style and the current exam version.

Official guides
  • Official (ISC)² HCISPP CBK Reference, 3rd Ed.Wiley/ISC2
Practice tests
  • Boson ExSim-Max for HCISPP

› Version & lifecycle

Current version
2022 CBK refresh
Released
2022-04

› Salary signal

Healthcare security/privacy practitioner, US, 3-5 years.

$95K$145K
median $115K

Robert Half Salary Guide + Glassdoor 'Healthcare Security Analyst' aggregations · 2024 · US base only · p25–p75 range

› How it compares

vs
CIPP/US

HCISPP is healthcare-specific (HIPAA + HITECH); CIPP/US is broader US privacy.

↔ Compare side-by-side

› Careers that commonly pursue this cert

Privacy Engineer / DPO

Build privacy into systems by design. Navigate GDPR, CCPA, and emerging AI privacy regulations.

See this cert’s domains highlighted on the interactive map, or compare it against the rest of the catalog.

Highlight on the domain mapBrowse all certifications