HCISPP Experience

rwinkler1rwinkler1 Member Posts: 10 ■□□□□□□□□□
Hi all! I just wanted to throw this out there and share my experience so far with obtaining this certification since the resources available for this particular cert are very slim.

I was able to take the exam and pass it yesterday. I have to say I am so relieved to pass. This was my first (ISC)2 exam taken so I really didn't know what to expect.

Reasons for choosing this certification

1. The material was focused on the security and privacy of information within a health related environment in conjunction with learning the processes and terminology of what activities occur within the industry. This was important for me because I didn’t only want to learn more about just regulations (HIPAA) but also the difference between how security/privacy is applied in the health industry vs. other industries.

2. The material included performing risk assessments in the health industry. There are two domains that details how risk assessments should be performed in the health industry and I felt it aligned very well with what I do as an IT auditor.

3. The exam is administered by a reputable certifying body. (ISC)2 is a very reputable information security certifying body. Other health related certifications were administered by organizations I have never even heard of before or didn’t carry a lot of benefits.


I started my studies by reading the “Official (ISC)2 Guide to HCISPP CBK”. This is the book that can be purchased and is available to the public. I read the whole thing all the way through. After reading each domain, I answered the 10 questions at the end of each section and reviewed any incorrect answers. I then went through the book again and highlighted any material I thought might be important to know while using the exam outline as a guide (it wasn’t very helpful though). I will say the material presented in this book is extremely dry and I definitely caught myself getting distracted easily. There is also a lot of fluff that I felt wouldn’t be important to the certification (like small history lessons and case study examples). I also made sure to study the flash cards after reading through each domain. The flash cards are freely available on the (ISC)2 website or you can get them from someone who participated in the boot camp.

As exam time was nearing, I wasn’t comfortable just using one book to study so I purchased the HCISPP Study Guide by Justin Rainey and read through that. This book has good material but is poorly written and the answers to the questions at the end of each section couldn’t be trusted. I found multiple answers I verified to be correct but were marked as a different answer in the book.

It is also important to note that if I encountered any material in the books I didn’t quite understand, I would do some online research to better grasp it.

About a week and a half before the exam, I began reading both books together to try to make sure I absorbed as much information as possible. Two days before the exam I was given the official copy of the Training Seminar Guidebook that is used in the boot camps. I spent the last two days reading this book from cover to cover. I am pretty sure this book was my life saver for passing the exam.

Day of Exam – Mental Preparation

My exam wasn’t until 3:30 PM so I took advantage of the time by making sure I was prepared mentally for the exam. (ISC)2 exams are known their mind meddling tactics so I wanted to make sure I could handle it. I practically made myself sleep in the day of and purposely gave myself a slow start to the day. I started out by eating a good breakfast high in protein and lots of fruit. I then spent about an hour or so going over some flash cards and quickly skimming the guidebook. I didn’t want to spend too much time on it and wear my brain out, I was just looking to keep the material fresh in my head. After that, I went outside to get some exercise and work up a good sweat. After working out, I made sure to eat a protein heavy lunch (I avoid processed carbs as they make you tired.). Then I was off to the exam!

The Exam

I have to say the exam question writers are some sick and twisted yet gloriously smart individuals. You have to really read the questions before you answer them and it is extremely important that you look at the questions more than once. There are some cut and dry questions & answers but you can’t assume they are. Also, it is really important to answer the questions from a high level perspective. You have to think like a company executive, manager, VP, CEO, etc. By the time I was finished I was mentally exhausted and my confidence level of passing was extremely low. This was mainly because I changed a lot of answers when making my second pass which caused me to do a lot of second guessing.

Recommended Studying Strategies

Looking back, there are a lot of things I would have done to better prepare myself for this exam:

1. I would ditch the publicly available HCISPP CBK. If you have a ton of time to prepare for the exam, then feel free to give it read but for the love of god don’t use it as your only reference.

2. Don’t purchase the HCISPP Study Guide book. The main idea of this book was to provide just enough information to pass the exam but I don’t find it to be true. It actually pisses me off that they would market the book in that sense. The authors can’t even answer their own end of chapter questions correctly. Instead, I would purchase Healthcare Information Security & Privacy by Sean Murphy and give it a good read or two. I went to Barnes & Noble and went through the book briefly and I have to say I wish I bought it over the crap guide book. It is very complete and is a lot easier of a read than all the other books.

3. Find someone who has taken the boot camp and borrow their guidebook. This book was my life saver. It follows the exam outline almost perfectly. If I had been able to receive it earlier I would have been more thorough when reading it and used it to make my own study guide/additional flash cards. If you don’t have a way of getting the book, and money isn’t an issue, I would consider just doing the boot camp. It’s amazing how different the guide book is from the actual publicly available CBK.

If anyone has any questions or comments, feel free to let me know. I can try to help as much as I can and try to provide guidance where needed.

Now I am off to endorsement!


  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■■□□
    Congratz! I work in healthcare and think about eventually getting it, but in somewhat distant future, maybe in 2 or 3 years.
  • Mike-MikeMike-Mike Member Posts: 1,860
    Congratz! I work in healthcare and think about eventually getting it, but in somewhat distant future, maybe in 2 or 3 years.

    I am in the same boat
    Currently Working On

    CWTS, then WireShark
  • mc26mc26 Registered Users Posts: 4 ■□□□□□□□□□
    Is it possible to pass this test only using the training book?
  • danny069danny069 Member Posts: 1,025 ■■■■□□□□□□
    Congrats! I'm taking this class now at my university and we are using the Murphy book. It is indeed an in depth book and really good for the subject matter. I however, am not interesting in taking the cert, but any of those who are I definitely recommend it.
    I am a Jack of all trades, Master of None
  • P.BZP.BZ Registered Users Posts: 3 ■□□□□□□□□□
    Hi there,

    I am studying for the HCISPP exam with the Nelson book and ISC Quizlet flash cards and tests. I'd love to see some actual practice questions, however, not just vocabulary. Does anyone have any info on any practice exams?

    Also, I've read that the Training Seminar Student Guidebook is very helpful! Anyone willing to provide their copy? My current remote location doesn't provide for many ISC classes and my organization is not willing to pay for it either. Any help would be much appreciated as I'm typically not the best test-taker, so very nervous about not knowing what to expect!

Sign In or Register to comment.