Exam Objective:

Domain 01: Healthcare Industry

Domain 02: Regulatory Environment

Domain 03: Privacy and Security in Healthcare

Domain 04: Information Governance and Risk Management

Domain 05: Information Risk Assessment

Domain 06: Third Party Risk Management

Detailed Syllabus:

Domain 01: Healthcare Industry

Understand the Healthcare Environment
Understand Third-Party Relationships
Understand Foundational Health Data Management Concepts

Domain 02: Regulatory Environment

Identify Applicable Regulations
Understand International Regulations and Controls
Compare Internal Practices Against New Policies and Procedures
Understand Compliance Frameworks (e.g., ISO, NIST, Common Criteria, IG Toolkit, Generally Accepted Privacy Principles [GAPP])
Understand Responses for Risk-Based Decision
Understand and Comply with Code of Conduct/Ethics in a Healthcare Information Environment

Domain 03: Privacy and Security in Healthcare

Understand Security Objectives/Attributes
Understand General Security Definitions/Concepts
Understand General Privacy Principles (e.g., OECD Privacy Principles, GAPP, PIPEDA, UK Data Protection Act 1998)
Understand the Relationship Between Privacy and Security
Understand the Disparate Nature of Sensitive Data and Handling Implications
Understand Security and Privacy Terminology Specific to Healthcare

Domain 04: Information Governance and Risk Management

Understand Security and Privacy Governance
Understand Basic Risk Management Methodology
Understand Information Risk Management Life Cycles (e.g., NIST, CMS, ISO)
Participate in Risk Management Activities

Domain 05: Information Risk Assessment

Understand Risk Assessment
Identify Control Assessment Procedures From Within Organization Risk Frameworks
Participate in Risk Assessment Consistent With Role in Organization
Participate in Efforts to Remediate Gaps

Domain 06: Third Party Risk Management

Understand the Definition of Third Parties in Healthcare Context
Maintain a List of Third-Party Organizations
Apply Third-Party Management Standards and Practices for Engaging Third Parties Based Upon the Relationship with the Organization
Determine When Third-Party Assessment Is Required
Support Third-Party Assessments and Audits
Respond to Notifications of Security/Privacy Events
Support Establishment of Third-Party Connectivity
Promote Awareness of the Third-Party Requirements (internally and externally)
Participate in Remediation Efforts
Respond to Third-Party Requests Regarding Privacy/Security Events

If You Like What We Do Here On PentesterWorld, You Should Consider:

Stay Connected to: Twitter | Facebook

Subscribe to our email updates: Sign Up Now

 

We are thankful for your support.