Certified Pharmacy Data Privacy Officer (CPDPO)

CPDPO (DPO-001) Exam Objectives

This exam certifies that the candidate has the knowledge and skills to develop, implement, and manage a comprehensive data privacy and security program for a pharmacy organization in compliance with HIPAA and other relevant laws.

Domain 1: Healthcare Privacy Laws and Regulations (40%)

• HIPAA Privacy Rule: Apply the rules governing the use and disclosure of Protected Health Information (PHI), including patient rights and marketing rules.
• HIPAA Security Rule: Apply the administrative, physical, and technical safeguards required to protect electronic PHI (ePHI).
• Breach Notification Rule: Apply the four-factor assessment for determining if a breach has occurred and the requirements for notifying patients and HHS.
• HITECH Act: Describe the key provisions of the HITECH Act and its impact on HIPAA enforcement.

Domain 2: Privacy Program Management and Governance (30%)

• Policy and Procedure Development: Develop and maintain a full suite of privacy and security policies for a pharmacy.
• Training and Awareness: Design and implement an effective employee training program on data privacy.
• Security Risk Analysis (SRA): Manage the process of conducting a formal SRA to identify and mitigate risks to ePHI.
• Business Associate Management: Manage Business Associate Agreements (BAAs) and oversee vendor compliance.

Domain 3: Incident Response and Breach Management (20%)

• Incident Investigation: Lead the investigation of a potential privacy or security incident.
• Breach Determination and Reporting: Apply the breach notification framework to determine if an incident constitutes a reportable breach and manage the reporting process.
• Mitigation: Develop a plan to mitigate harm to affected individuals and prevent future incidents.

Domain 4: Data Security and Technology (10%)

• Security Concepts: Understand basic technical security concepts relevant to privacy, such as encryption, access controls, and audit logs.
• Technology Risks: Identify privacy risks associated with common pharmacy technologies, such as mobile devices and patient portals.

Eligibility Requirements

To be eligible to sit for a CPS certification exam, candidates must meet the criteria outlined in one of the two pathways below.

Pathway 1: For U.S. Licensed Pharmacists

This pathway is for pharmacists licensed to practice within the United States, regardless of country of graduation.

• Hold an active and unrestricted pharmacist license in any state or territory of the United States.
• Meet educational requirements by being a graduate of an ACPE-accredited school of pharmacy or holding a Foreign Pharmacy Graduate Examination Committee® (FPGEC) Certificate.
• Fulfill the specialty experience requirement as outlined below.

Pathway 2: For International Pharmacists (Non-U.S. Licensed)

This pathway is for pharmacists who practice outside of the United States.

• Hold an active and unrestricted license to practice pharmacy in their country of practice. A certified English translation of the license must be provided if the original is not in English.
• Hold a professional degree in pharmacy equivalent to a U.S. pharmacy degree, such as a Bachelor’s degree (BPharm), Master’s degree in Pharmacy Practice (MPharm), or Doctor of Pharmacy degree (PharmD).
• Fulfill the specialty experience requirement as outlined below.

Specialty Experience Requirement (for all pathways)

To ensure candidates have foundational knowledge in the specialty, one of the following criteria must be met:

• Standard Pathway:
  Completion of at least one year of professional experience in a practice setting directly related to the certification area.
• Certificate Pathway:
  The one-year specialty experience requirement is waived for candidates who hold an active certificate of completion from a nationally recognized provider in a related subject matter. This includes, but is not limited to, the completion of a relevant PGY residency, fellowship, certificate/training program, or a relevant graduate degree (e.g., a Master's degree in the specialty field). Recognized providers of certificate programs include, but are not limited to:
  • American Society of Health-System Pharmacists (ASHP)
  • American Pharmacists Association (APhA)
  • American College of Clinical Pharmacy (ACCP)
  • American Society of Consultant Pharmacists (ASCP)

Career Path for CPDPO Professionals

The CPDPO certification is for pharmacy professionals in compliance, informatics, or administrative roles who are tasked with protecting patient data. This is a critical credential for any leader responsible for HIPAA compliance and risk management.

Target Candidates

• Pharmacists in compliance, regulatory affairs, or quality assurance roles.
• Pharmacy managers and directors responsible for operational compliance.
• Pharmacy informatics specialists and IT professionals managing pharmacy systems.
• Legal counsel and risk managers serving healthcare organizations.

Primary Job Roles:

• Pharmacy Privacy Officer
• HIPAA Compliance Officer
• Pharmacy Compliance Manager
• Director of Pharmacy (with privacy oversight)

Career Advancement:

A CPDPO is positioned for senior leadership roles in corporate compliance and risk management. They can advance to become a system-level Chief Privacy Officer or Chief Compliance Officer, responsible for the data protection strategy of the entire healthcare organization.

Study Resources

Prepare for your CPDPO exam with resources focused on the unique privacy and security challenges in the pharmacy environment.