Expectations of Certification Holders (Program Objectives)
- Formulate and implement policies and solutions that demonstrate a thorough understanding of security foundations and practical applications of information technology for healthcare organizations.
- Ensure that information security strategic planning is aligned with the organization’s clinical and business objectives, including in areas such as cost effectiveness and patient safety.
- Apply their knowledge to assess an information security situation and manage an appropriate security response.
- Effectively communicate information security assessments, plans and actions for technical and nontechnical audiences/stakeholders.
- Identify emerging information security issues and utilize knowledge of information security theory and practice to investigate causes and solutions.
- Apply a standards-based approach to implement the principles and applications of risk management, including business impact analyses, cost-benefit analyses, and implementation methods that map to healthcare business needs/requirements.
- Integrate the elements of information security management – Policy, Strategic and Continuity Planning, Programs and Personnel – into a coordinated operation.
- Articulate positive and socially responsible positions on ethical, regulatory and legal issues associated with the protection of information and privacy.
- Collaborate with other business, clinical, and IT leaders to devise incident response and business continuity/disaster recovery (BC/DR) strategies for cybersecurity and other events that affect the availability of critical data and IT infrastructure.