HCISPP is a fixed length computer based examination and is offered through Pearson VUE Testing Centers throughout the world. While taking the test, every candidate responds to 125 items on the exam. The majority of questions are four-option multiple-choice items with one correct key. However, some advanced items such as drag-and-drop, hot spot, scenario-based questions, matching items etc. are included in the test. At the end of the exam administration, candidates receive their pass/fail decision. Failing candidates receive feedback on their exam performance by domains; however, candidates who pass the exam only receive their congratulatory letter describing their next step in acquiring the credential. The HealthCare Information Security and Privacy Practitioner (HCISPP) examination is focused on the core knowledge and experience needed to implement, manage, or assess the appropriate security and privacy controls of a healthcare organization. HCISPP provides confirmation of a practitioner's knowledge of best practices and techniques to protect organizations and sensitive data against emerging threats and breaches. The broad spectrum of topics included in the HCISPP Common Body of Knowledge (CBK) ensures its relevancy across all disciplines in the field of information security.Candidates must score 700 out of 1000 points on the scaled score to pass the exam. Since the cut-score of each exam form could be different, the raw cut-score is converted into 700 scaled score so that score reporting is consistent. Equating is conducted among the forms to make sure that each exam form is equitable on the difficulty of each exam form administered.
The HCISPP exam requires candidates to demonstrate the following knowledge, skills and abilities: healthcare industry (10 percent); regulatory environment (16 percent); privacy and security in healthcare (26 percent); information governance and risk management (17 percent); information risk assessment (16 percent); and third party risk management (15 percent).