NEW YORK – The Health Information Trust Alliance (HITRUST) has designated PwC US as a designated Common Security Framework (CSF) Assessor, qualified to evaluate and certify security standards of CSF-related services.

HITRUST's Common Security Framework is the first information technology security framework developed specifically for healthcare information. As an assessor, PwC will evaluate and/or certify services associated with the CSF, including services delivered through the CSF Assurance Program, and will assist healthcare organizations with adopting healthcare information security approaches.

PwC officials said the designation affirms the company's experience in privacy, security and identity theft prevention, and helps to meet growing demand from health organizations for assurance that information is safe amid heightened concern over security breaches.

"Our designation as a HITRUST Common Security Framework Assessor allows us to support our healthcare clients with their mounting information protection needs at a time in which the volume and exchange of vulnerable healthcare information is growing by leaps and bounds," said James Koenig, director and Privacy and Identity Theft Practice Leader, PwC.

Officials say concerns over information security standards are being heightened by:

• increased adoption of electronic health records;
• increased sharing of health information via health information exchanges, Web 2.0, social media and interactive communications;
• globalization of supply chain operations, manufacturing, clinical trials and outsourcing to third parties; and
• new federal privacy and security laws.

"We are pleased to have PwC join the Common Security Framework Assessor program," said Daniel Nutkis, Chief Executive Officer, HITRUST. "Increasingly, healthcare organizations are facing greater regulatory scrutiny, more competition and demands to operate more efficiently, all of which make information protection more important than ever before. As a leader in both healthcare consulting and information security and privacy, PwC can assist organizations in adopting the Common Security Framework in these volatile times."

A recent survey of 495 healthcare providers and 163 pharmaceutical companies, conducted by PwC and CIO magazine also cite the following factors contributing to security concerns:

• There has been an overall decline in information security processes over the past several years, including a decline in the number of healthcare organizations conducting regulatory compliance tests, maintaining an overall information security strategy, conducting personal background checks on employees or performing due diligence on third-parties that handle personal data.
• Nearly half (49 percent) of pharmaceutical/life sciences companies and 41 percent of healthcare providers said they experienced a breach of security in the past year.
• Of those who had a security breach, 24 percent of providers and 22 percent of pharmaceutical companies had data exploited. Twenty-three percent of pharmaceutical companies and 19 percent of providers said that information on mobile devices was exploited.
• The source of information security breaches comes largely from inside the organization. Thirty-six percent of providers and 35 percent of pharmaceutical companies attribute security breaches to current employees; 18 percent of providers and 23 percent of pharmaceutical companies attribute breaches to former employees.
• Over the past year, there has been increased concern about security breaches from outside hackers. Twenty-three percent of respondents attribute breaches to hackers, evidence that personal health information is a tempting target for theft by both insiders and outsiders.
• Fewer than half (45 percent) of pharmaceutical and provider organizations are actually using data leakage prevention tools.

"PwC is proud to have played an influential role in the early development of the HITRUST Common Security Framework and the creation of preliminary standards in this crucial initiative," said Jeff Fusile, a PwC Health Industries partner. "We are pleased to take the next step in our relationship with HITRUST by becoming an official CSF Assessor, and look forward to assisting health organizations in helping to ensure that the data of patients, providers and all healthcare system participants is safe and secure."