Why Professional Certifications MatterExpert Explains Key Credentials for Healthcare InfoSec Pros
Because healthcare organizations are juggling so many information security, privacy and regulatory demands, hiring individuals with key professional certifications who can help optimize limited resources is critical, says security expert Steven Penn.
"With dollars so short across the industry, we need to make sure that we spend our dollars correctly, and make sure we have the people that are trained and ready to go right now," says Penn, who serves as the senior director for cybersecurity framework development and education at the Healthcare Information Trust Alliance. HITRUST is best known for its Common Security Framework, which is designed for use by any organization that creates, accesses, stores or exchanges personal health and financial information.
Penn, who has multiple professional certifications, including the Certified Information Security Systems Professional, or CISSP, and the Healthcare Information Security and Privacy Professional, or HCISPP, certifications from (ISC)Â², discussed the results of the 2015 Healthcare Information Security Today survey in an interview with Information Security Media Group.
Registration for a webinar on the survey results is now available. Also coming soon is a full report with in-depth-analysis of the survey findings.
The survey found that the top five information security priorities in 2015 of privacy and security leaders at healthcare organizations include improving regulatory compliance; improving security awareness and training; preventing and detecting breaches; updating business continuity and disaster recovery plans; and monitoring HIPAA compliance of business associates.
To assemble a team that can help achieve those priorities, "you're going to look for people who have been certified to meet those requirements," he says. For instance, the HCISPP certification from (ISC)Â² "has been developed to meet the healthcare industry regulatory environment," he adds.
Hiring individuals with the appropriate professional certifications can help ensure the right mix of skills, training and experience, he says. "They're going to make sure that you are doing the right thing," he says.
In the interview, Penn also discusses:
- Other important certifications for healthcare information security and privacy professionals;
- How various professional certifications differ;
- Why healthcare organizations should have a CISO or an equivalent leader to oversee information security efforts;
Penn is an experienced security professional with more than 15 years of information security experience. He currently serves as the senior director for HITRUST Cyber Security Framework development and education. His varied background includes experience in the public and private sector leading and supporting information security for healthcare, law enforcement, infrastructure and defense. He has a master's degree in information assurance from Norwich University and holds the following (ISC)Â² certifications: CISSP-ISSAP, ISSMP, CAP, HCISPP, and the HITRUST CCSFP credential. Additionally he has volunteered with (ISC)Â² for the past seven years as a subject matter expert and content developer for various certification exams.