PwC Designated a HITRUST Common Security Framework Assessor; New Survey Finds Nearly Half of Healthcare Organizations Experience

NEW YORK, Jan. 11, 2011 /PRNewswire/ -- PwC US announced today that the Health Information Trust Alliance (HITRUST) has designated the firm a Common Security Framework (CSF) Assessor, qualified to evaluate and certify security standards of CSF-related services. The designation affirms PwC's deep experience in privacy, security and identity theft prevention, and helps to meet growing demand from health organizations for assurance that information is safe amid heightened concern over security breaches.

(Logo: )

"Our designation as a HITRUST Common Security Framework Assessor allows us to support our healthcare clients with their mounting information protection needs at a time in which the volume and exchange of vulnerable healthcare information is growing by leaps and bounds," said James Koenig, director and Privacy and Identity Theft Practice Leader, PwC.

Increased concern for information security standards is being driven by a number of factors including: The advent of electronic health records spurred by $40+ billion in federal economic stimulus funds; increased sharing of health information via health information exchanges, Web 2.0, social media and interactive communications; globalization of supply chain operations, manufacturing, clinical trials and outsourcing to third parties; and new federal privacy and security laws.

A recent survey of 495 healthcare providers and 163 pharmaceutical companies, conducted by PwC and CIO magazine found the following:

  • There has been an overall decline in information security processes over the past several years, including a decline in the number of healthcare organizations conducting regulatory compliance tests, maintaining an overall information security strategy, conducting personal background checks on employees or performing due diligence on third-parties that handle personal data.
  • Nearly half (49 percent) of pharmaceutical/life sciences companies and 41 percent of healthcare providers said they experienced a breach of security in the past year.
  • Of those who had a security breach, 24 percent of providers and 22 percent of pharmaceutical companies had data exploited. Twenty-three percent of pharmaceutical companies and 19 percent of providers said that information on mobile devices was exploited.
  • The source of information security breaches comes largely from inside the organization. Thirty-six percent of providers and 35 percent of pharmaceutical companies attribute security breaches to current employees; 18 percent of providers and 23 percent of pharmaceutical companies attribute breaches to former employees.
  • Over the past year, there has been increased concern about security breaches from outside hackers. Twenty-three percent of respondents attribute breaches to hackers, evidence that personal health information is a tempting target for theft by both insiders and outsiders.
  • Fewer than half (45 percent) of pharmaceutical and provider organizations are actually using data leakage prevention tools.

HITRUST's Common Security Framework is the first information technology security framework developed specifically for healthcare information, and PwC, as an Assessor, will evaluate and/or certify services associated with the CSF, including services delivered through the CSF Assurance Program. As a designated HITRUST Common Security Framework Assessor, PwC is positioned to assist healthcare organizations with adopting the most innovative approaches to healthcare information security in the industry.

"We are pleased to have PwC join the Common Security Framework Assessor program," said Daniel Nutkis, Chief Executive Officer, HITRUST. "Increasingly, healthcare organizations are facing greater regulatory scrutiny, more competition and demands to operate more efficiently, all of which make information protection more important than ever before. As a leader in both healthcare consulting and information security and privacy, PwC can assist organizations in adopting the Common Security Framework in these volatile times."

Jeff Fusile, a PwC Health Industries partner, added that "PwC is proud to have played an influential role in the early development of the HITRUST Common Security Framework and the creation of preliminary standards in this crucial initiative. We are pleased to take the next step in our relationship with HITRUST by becoming an official CSF Assessor, and look forward to assisting health organizations in helping to ensure that the data of patients, providers and all healthcare system participants is safe and secure."


The Health Information Trust Alliance (HITRUST) was born out of the belief that information security should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST, in collaboration with healthcare, business, technology and information security leaders, has established the Common Security Framework (CSF), a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information. Beyond the establishment of the CSF, HITRUST is also driving the adoption of and widespread confidence in the framework and sound risk management practices through awareness, education, advocacy and other outreach activities. For more information, visit

About PwC's Health Industries Group

PwC's Health Industries Group ( is a leading advisor to public and private organizations across the health industries, including payers, providers, academic institutions, health sciences, biotech/medical devices, pharmaceutical companies, employers and new non-traditional market participants in the dynamic healthcare space. PwC has a network of more than 4,000 professionals worldwide and 1,200 professionals in the U.S. dedicated to the health industries.

PwC's Health Industries' clients include 40 of the top 100 hospitals in the U.S. and 16 of the 18 best hospitals as ranked by US News & World Report; all 20 of the world's major pharmaceutical companies; all of the top 20 commercial payers in the U.S.; municipal, state and federal government agencies and many of the world's preeminent medical foundations and associations. Follow PwC Health Industries at

About the PwC Network

PwC firms provide industry-focused assurance, tax and advisory services to enhance value for their clients. More than 161,000 people in 154 countries in firms across the PwC network share their thinking, experience and solutions to develop fresh perspectives and practical advice. See for more information.

© 2011 PwC. All rights reserved. "PwC" and "PwC US" refer to PricewaterhouseCoopers LLP, a Delaware limited liability partnership, which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate and independent legal entity.