Case Study

Security audit for large health insurance company

Teaser Bild Besprechung
  • Case Study
  • 3 minute read
  • 31 May 2023

The situation: We supported a renowned German health insurance company as part of the admission processes during the end of the development of a secure mobile application for patient data. The task was challenging: The particularly sensitive personal data is an attractive target for criminals, and the field is therefore heavily regulated. Gematik, a predominantly state-owned organisation, plays a crucial role in regulating and digitalizing the industry. They also review the development, introduction and operation of all of our client’s connected backend systems.

The request: We verified compliance with all gematik requirements in our assessments, precisely met deadlines and thus avoided penalties and established transparent, seamless communication. In our reference project, we relied on modern project management tools such as Asana and particularly close cooperation with our client – to ensure smooth operation of the application and gain the full trust of all stakeholders.

Our approach

Our client faced numerous challenges in this complex field: The German healthcare market is heavily regulated, which means that precise and reliable planning is required for all projects. The stakeholders are also very diverse: government, patients, executing agencies, municipalities. They all have to meet certain deadlines and face penalties in the event of delays. Furthermore, the requirements of the market environment and stakeholders often change at short notice – this makes planning complex, and means that flexibility and speed of response are a must.

To combine all these requirements, we carried out all our sub-projects in Asana – from project management to the actual security assessment. This means that our client overcame the challenges mentioned in a combined approach: The Asana dashboard showed the progress of the assessment in real time. This made planning more precise and enabled confident interaction with the stakeholders involved. This allowed our client to communicate progress in advance and anticipate completion dates more accurately. The benefits here were twofold: Because communicating in good time avoids penalties. The more precise planning also helped us as a neutral evaluation body: It enabled us to assign our auditors to the individual security analyses precisely and as quickly as possible.

If the requirements changed, we were able to quickly incorporate the changes into the Asana projects and share them with our client and other relevant stakeholders. Efficient communication via a common platform also helps to keep the tool landscape slender when working on evidence – because Asana is only used for security assessments, not for development itself.

Do you have further questions?

Contact our experts

The added value

Our collaboration has provided key advantages for our client: The improved predictability of our reviews makes it possible to control publications precisely. This made it no less challenging to meet regulatory requirements and deadlines – but enabled our client to manage the challenge much more effectively. For example, our main contact person now gains peace of mind as the real-time progress of our reviews in Asana is visible at all times – even for spontaneous status requests from managers outside of the usual work times. Project participants can literally sleep more peacefully.

Working with us as an independent security audit and assessment body has helped our client avoid penalties and adjust project plans accurately and in real time. The central communication in Asana also ensures greater clarity and efficiency. How do we know how our client assesses the quality of our partnership? A contract extension for expanding cooperation over the next two years speaks for itself.

“Asana has proven to be a key tool for precise planning and central to success in our reference project. Efficient communication and flexibility are essential to satisfy not only regulators, but also stakeholders.”

Jörg Asma, Partner Cyber Security and Head of Digital Healthcare at PwC Germany
Follow us

Contact us

Jörg Asma

Jörg Asma

Partner, Cyber Security & Privacy, PwC Germany

Tel: +49 221 2084-103

Christian Tömmel

Christian Tömmel

Manager, PwC Germany