ABSTRACT
Understand Security Objectives/Attributes It is important for the HCISPP candidate to understand the expectations individuals have in regard to the security of their sensitive healthcare information. Simply put, before focusing on the “how” of information security, the HCISPP must first look at the “why”. Users of computer systems storing healthcare data and the people to whom the data belongs have an expectation that the information will be protected at rest, in use, and in transit. The charge of the HCISPP is to protect that information. Simply put, the individuals will want their information to be:
■ Secure from unauthorized use and disclosure ■ Protected from defacement or tampering ■ Accessible when it is needed by them or by providers of health
care services
These basic needs form the three pillars of information security: Confidentiality, Integrity, and Availability. This is known as the “CIA triad” and is shown in Figure 3.1. Each individual aspect of the model has equal importance for the HCISPP and needs to be addressed as part of the overall design of information security controls. Every security control is designed to meet one or more aspects of the CIA triad.
