When I entered the workforce after college, my first job was with the Department of Defense working in IT for a military hospital. I was quickly inundated with compliance requirements that spanned multiple industries and had varying levels of importance. I quickly learned about NIST special publications, how they related to FISMA compliance, and how JACHO and HIPAA both had regulatory standards but were not the same. I was thrown into an environment that involved quite a learning curve, but it turned out to be a great starting point for my career in healthcare compliance.
Throughout my career, I have participated in countless audits and assessments. As director of IT, I had to attest to training completion, access management, breach incident reporting, and all operational activities. Anything and everything in the healthcare compliance arena was in my bucket during my tenure as a HIPAA security officer. As a firewall engineer, I’ve demonstrated compliance with internal procedures for configuring access for external 3rd parties and as a server manager, I’ve produced baseline standards for operating systems for applications that contained ephi. Throughout all of these audits and assessments, regardless of my role, the ultimate key to success has been hiring and partnering with people that have the expertise to get the job done.
With the new government regulations, emerging technologies, and the changing IT landscape, how are you to identify the right resources and people to help you be successful in the security and privacy compliance terrain? Historically, I have worked with people who had an audit certification and invested heavily in educating them on the healthcare industry. I have also educated veteran healthcare associates, providing them a crash-course on security and privacy. It can be very challenging to find someone with the right balance of security, privacy, and healthcare knowledge. Now, this isn’t such a task with the HealthCare Information Security and Privacy Practitioner (HCISPPSM) certification from (ISC)2 . An individual who holds this certification has successfully demonstrated their experience and knowledge in security, privacy, healthcare, governance, and risk management. As a hiring manager, when I see a candidate who holds a HCISPP credential, I know they have the foundational knowledge and experience to help my organization protect sensitive patient data against emerging threats and breaches.
For more information on HCISPP, please visit https://www.isc2.org/hcispp/default.aspx.
Sarah Hendrickson, CISSP, HCISPP
CSO GuideIT www.GuideIT.com