CHPA logo
Focused certification exam prep
Start practice

CHPA Eligibility Requirements 2026: Who Can Apply

TL;DR
  • The CHPA is administered by IAHSS and targets working healthcare security professionals, not general security personnel.
  • Candidates must meet specific healthcare security experience thresholds before submitting an application.
  • The exam covers eight defined domains, with Healthcare Security Leadership and Workplace Violence among the heaviest-weighted areas.
  • Understanding which domains carry the most exam weight helps you decide where to invest preparation time first.

What Is the CHPA Credential?

The Certified Healthcare Protection Administrator (CHPA) is the primary professional certification for security managers and administrators working in hospital systems, health networks, and related healthcare environments. It is awarded by the International Association for Healthcare Security and Safety (IAHSS) and is designed specifically for individuals who have moved beyond frontline security work into supervisory, managerial, or administrative roles within a healthcare setting.

Unlike general security certifications that treat healthcare as one vertical among many, the CHPA is built entirely around the operational realities of protecting patients, staff, visitors, and assets in clinical environments. That specificity is exactly what makes the credential meaningful to healthcare employers and what makes the eligibility process more selective than you might expect from a professional certification.

If you are exploring whether you qualify, this article walks through the eligibility criteria in detail, explains what kinds of work experience count, and shows you what content domains you will be tested on once you apply.

Why Healthcare-Specific Matters: Healthcare security involves unique legal frameworks, patient rights considerations, behavioral threat assessment, and emergency coordination responsibilities that generic security certifications do not address. The CHPA credential signals to employers that a candidate has both the experience and the validated knowledge to operate in that environment.

Core Eligibility Requirements

The CHPA is not an entry-level certification. IAHSS establishes baseline requirements that applicants must satisfy before their application is reviewed. These requirements center on two primary factors: professional experience in healthcare security and a demonstrated supervisory or administrative function.

Experience in Healthcare Security

Applicants are required to have accumulated meaningful hands-on experience working in healthcare security. The experience must be in healthcare specifically-general corporate security, retail loss prevention, or law enforcement experience may count in limited ways depending on how your role intersected with healthcare environments, but the core expectation is direct healthcare security work.

The IAHSS differentiates between candidates based on educational background. Candidates who hold a relevant bachelor's degree or higher may qualify with fewer years of direct experience than candidates without a degree. This tiered approach is common across professional credentialing bodies and reflects the view that formal education can partially substitute for time-in-role when assessing professional readiness.

Supervisory or Administrative Role

The CHPA designation targets protection administrators-not line-level officers. Candidates are expected to have worked in a capacity that includes oversight of security personnel, program management, policy development, or departmental leadership. If your current or recent role is purely operational without any supervisory component, you may want to confirm with IAHSS whether your experience qualifies before investing in exam preparation.

Key Takeaway

Before scheduling any study time, verify with IAHSS directly that your specific role and years of experience meet their current requirements. Eligibility rules can be updated, and confirming your status early prevents wasted preparation effort.

Breaking Down the Experience Requirement

Understanding how IAHSS counts qualifying experience helps you assess your own candidacy accurately. Not all years in security are equal in the eyes of the credentialing body.

Candidate Profile Education Level Qualifying Experience Context
Degree holder with healthcare security management experience Bachelor's or higher (relevant field) Reduced experience threshold; supervisory role required
Non-degree holder with extensive healthcare security background High school diploma or associate degree Longer experience threshold; supervisory role required
Professional with mixed security background (some healthcare) Any level Healthcare-specific years evaluated; non-healthcare years may receive partial credit
Law enforcement transitioning into healthcare security Any level Consult IAHSS; overlap with healthcare settings is the key variable

The key pattern here is that healthcare context is the deciding factor, not simply total years in a security role. A candidate with twelve years in corporate security but only one year in a hospital environment will likely not meet the threshold without additional qualifying experience.

Types of Roles That Qualify

The CHPA credential is held by professionals across a wide range of healthcare security roles. Understanding which job titles and responsibilities tend to qualify can help you evaluate your own standing.

Commonly Qualifying Roles

These are the types of positions from which CHPA candidates typically emerge. The common thread is supervisory or programmatic responsibility within a healthcare security function.

  • Healthcare Security Director or Manager
  • Hospital Security Supervisor with program responsibilities
  • Healthcare Safety and Security Administrator
  • Security Operations Manager at a health system or medical center
  • Director of Public Safety at a hospital or health network
  • Security Consultant working exclusively with healthcare clients
  • Healthcare Compliance or Emergency Management professionals with security oversight duties

Employers who hire for CHPA-holding candidates include large hospital systems, integrated health networks, academic medical centers, behavioral health facilities, long-term care campuses, and specialty clinics with substantial security infrastructure. In each of these environments, the security administrator role carries responsibilities that map directly to the CHPA exam domains.

The Application and Registration Process

Once you have confirmed your eligibility, the application process involves submitting your professional documentation to IAHSS for review. The credentialing body will verify that your experience meets the stated requirements before authorizing you to schedule the exam.

Key practical points about the process:

  • Documentation matters. You will need to provide verifiable information about your employer, your role, and the duration of your qualifying experience. Keeping a current professional record of your responsibilities and tenure is useful well before you apply.
  • Fees are required at application. IAHSS charges an application or examination fee. IAHSS members typically pay a reduced rate compared to non-members. Check the current IAHSS website for exact fee amounts, as these can change between credential cycles.
  • There is a testing window after approval. Once approved, candidates are given a defined period in which they must complete the exam. Understanding this window matters for planning your study schedule-apply when you are ready to begin serious preparation, not months before you intend to study.
  • Recertification is required. The CHPA is not a one-time credential. Certificants must maintain the designation through continuing education and periodic recertification, keeping their knowledge current with evolving healthcare security standards.
Timing Your Application: A common mistake is applying early and then struggling to stay within the testing window. If you need six to twelve weeks of focused preparation-which is realistic for most CHPA candidates-submit your application only when you are ready to begin that preparation phase immediately. Visiting our CHPA practice test platform before you apply can help you gauge how far your current knowledge is from exam-ready, so you can time your application strategically.

What Eligible Candidates Are Expected to Know

Eligibility is about your background. Passing is about your knowledge. The CHPA exam tests eight defined domains, each weighted by percentage of the total exam score. Knowing these domains is essential whether you are evaluating whether the credential is right for you or planning how to study.

Domain 1: Security and Safety in the Healthcare Environment (15%)

Covers the foundational principles of maintaining safe and secure healthcare settings, including regulatory compliance, patient and visitor safety protocols, and the intersection of security with clinical operations.

  • Joint Commission environment of care standards
  • Security-sensitive areas within healthcare facilities
  • Risk assessment methodology in clinical settings

Domain 2: Healthcare Security Leadership (20%)

The highest-weighted domain on the exam. Covers program development, strategic planning, budget oversight, policy formulation, and the administrative competencies expected of a senior healthcare security professional.

  • Developing and managing security department budgets
  • Building collaborative relationships with clinical and administrative leadership
  • Policy writing and implementation across a healthcare organization

Domain 3: Healthcare Security Workforce Management (16%)

Focuses on hiring, training, scheduling, performance management, and retention of security personnel in healthcare environments. Covers both direct employees and contracted security staff.

  • Healthcare-specific training requirements for security officers
  • Managing contract versus proprietary security models
  • Performance evaluation and progressive discipline

Domain 4: Physical Security (14%)

Addresses the assessment and implementation of physical security measures including access control, perimeter security, lighting, locking systems, and security design principles in healthcare facility planning.

  • Crime Prevention Through Environmental Design (CPTED) in healthcare
  • Parking structure and campus perimeter security
  • Security considerations in new facility construction and renovation

Domain 5: Electronic Security System Integration (5%)

The lowest-weighted domain, but still tested. Covers CCTV, access control systems, duress alarms, and the integration of these technologies into a cohesive security infrastructure.

  • Video surveillance system design and management
  • Electronic access control implementation
  • Integration of security technology with clinical systems

Domain 6: Emergency Preparedness: Planning and Management (10%)

Covers the security administrator's role in hospital incident command, disaster preparedness, mass casualty planning, and coordination with external emergency response agencies.

  • Hospital Incident Command System (HICS) roles and responsibilities
  • Active shooter and lockdown protocols
  • Coordination with local law enforcement and emergency management

Domain 7: Healthcare Workplace Violence (15%)

Covers prevention, response, and recovery related to workplace violence in healthcare settings-one of the most pressing issues in the field. Includes behavioral threat assessment, de-escalation training, and OSHA guidelines.

  • Developing and maintaining a workplace violence prevention program
  • Behavioral threat assessment teams in healthcare organizations
  • Documenting and reporting workplace violence incidents

Domain 8: Investigation Management (5%)

Covers the principles of conducting and managing security investigations within a healthcare setting, including evidence handling, interview techniques, and documentation standards.

  • Healthcare-specific investigation protocols
  • Managing investigations involving patients, employees, and visitors
  • Proper documentation and chain of custody procedures

The combined weight of Domains 1, 2, 3, and 7 accounts for nearly two-thirds of the total exam. If you are a newly eligible candidate deciding where to focus, those four domains deserve the most preparation time. That said, every domain is tested, and gaps in any area can affect your score. Use CHPA practice tests organized by domain to identify where your knowledge is strongest and where you need more work.

Structuring Your Preparation After You Apply

Once your eligibility is confirmed and your testing window is open, you need a preparation structure that respects both the domain weightings and your professional schedule. Below is a practical six-week framework anchored to the CHPA domains specifically-not a generic study plan.

Week 1

Foundation and Self-Assessment

  • Take a full-length diagnostic practice test to benchmark your current knowledge across all eight domains
  • Review the IAHSS CHPA study guide and identify which domains show the largest gaps
  • Prioritize Domain 2 (Leadership, 20%) as your first deep-study area
Weeks 2-3

High-Weight Domains

  • Domain 2: Healthcare Security Leadership - budget management, strategic planning, policy development
  • Domain 3: Healthcare Security Workforce Management - training requirements, contract models, performance systems
  • Domain 7: Healthcare Workplace Violence - prevention programs, threat assessment, OSHA alignment
  • Run domain-specific practice questions after each topic area
Week 4

Mid-Weight Domains

  • Domain 1: Security and Safety in the Healthcare Environment - regulatory frameworks, risk assessment
  • Domain 4: Physical Security - CPTED, access control, facility design
  • Domain 6: Emergency Preparedness - HICS, lockdown protocols, external agency coordination
Week 5

Lower-Weight Domains and Integration

  • Domain 5: Electronic Security System Integration - technology fundamentals, system integration
  • Domain 8: Investigation Management - documentation, evidence handling, interview protocols
  • Begin cross-domain practice tests to simulate real exam conditions
Week 6

Final Review and Exam Simulation

  • Take two or three timed full-length practice exams
  • Focus final review on any domains still showing weakness
  • Review question rationales carefully-understanding why an answer is correct matters more than memorizing answers

This timeline is a starting point, not a rigid prescription. Candidates who are already strong in workforce management may compress weeks two and three. Those coming from a physical plant or technology background may need extra time on Domain 7. The CHPA Study Schedule: How to Plan Your Exam Prep article provides a more detailed treatment of how to adapt your preparation to your specific experience profile.

Experience Does Not Equal Exam Readiness: Many CHPA candidates with years of strong healthcare security experience underestimate the exam because they assume their practical knowledge will carry them through. The CHPA tests specific terminology, frameworks, and best practices aligned to IAHSS standards. Practical experience is invaluable context, but targeted preparation against the actual domain content is still essential.

Frequently Asked Questions

Can I apply for the CHPA if I work in security for a non-hospital healthcare setting?

Yes. The CHPA is not limited to hospital environments. Healthcare security administrators working in long-term care, behavioral health, outpatient clinics, and integrated health systems can qualify, provided their experience meets the supervisory and duration requirements established by IAHSS. The key factor is that your work must be in a recognized healthcare setting with direct security program responsibilities.

Does law enforcement experience count toward CHPA eligibility?

Law enforcement experience may be considered, particularly if that experience involved working within or closely alongside healthcare environments-such as a police officer assigned to a hospital campus or an investigator handling healthcare-related cases. However, general law enforcement experience without a healthcare nexus is unlikely to satisfy the full experience requirement on its own. Contact IAHSS directly to have your specific background evaluated.

How long is the CHPA credential valid before recertification is required?

The CHPA credential requires recertification on a periodic basis through continuing education credits and professional development activities recognized by IAHSS. The specific recertification cycle and credit requirements are detailed on the IAHSS website. Planning for ongoing professional development is part of maintaining the credential, not just earning it initially.

Is there a difference in eligibility requirements for IAHSS members versus non-members?

The core eligibility requirements-experience and supervisory role-apply equally to members and non-members. However, IAHSS membership does typically affect the application or examination fee, with members receiving a reduced rate. Membership may also provide access to study resources, domain-specific publications, and professional networking that can support exam preparation.

Where can I find practice questions aligned to the actual CHPA domains?

Domain-aligned CHPA practice questions are available through our CHPA exam preparation platform, where questions are organized by the eight official exam domains so you can target your weakest areas systematically. Reviewing the CHPA Eligibility Requirements 2026: Who Can Apply article alongside your practice testing helps ensure you are preparing for the right credential with the right context from the start.

Ready to pass your CHPA exam?

Put this into practice with free CHPA questions across every exam domain.