EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
How EY can help
-
EY’s Direct to Consumer for Consumer Products, can help your business meet the changing needs of consumers. Find out how.
Read more
If personal data is everything, then protected health information (PHI) is everything and then some. PHI is generally defined as individually identifiable health information.
The very nature of health care — and the regulated health products this industry distributes — has always made this a highly regulated space. Regulatory bodies, including the US Food and Drug Administration and the European Medicines Agency, maintain strict compliance requirements around the creation and manufacturing of pharmaceuticals to ensure they’re safe, effective and of high quality. Above that, the distribution and sale of these regulated products reflect another level of compliance requirements; one that presents unique complexities in an e-commerce setting.
Spanning any identifiable health information relating to the health status of an individual that is created, collected, transmitted, or maintained by an entity in relation to the provision or payment of health care, PHI is incredibly valuable. Safeguarding it is essential; failing on this front is simply not an option. One of the main reasons health care companies haven’t ventured further into this space is because without the right platform or services, doing so creates significant risks. On the flipside, new ecosystem partnerships (for example, through providers like Shopify) are creating secure ways for these companies to explore regulated products — while eliminating the barriers that have previously held these businesses back. How so?
In a working world where cyber risk transforms (via ey.com Canada) by the day, PHI is an increasingly attractive target for hackers. Data breaches and cyberattacks launched on hospitals and health care providers are increasingly common. In fact, health care suffers two to three times more cyberattacks than financial services providers.[1] Today, medical data can fetch up to 10 times the price that stolen credit cards do in cybercrime marketplaces.[2]
It’s no wonder companies selling regulated health products online are spending more to keep their data safe in the face of this increasing pressure. Analysts project the global health care cybersecurity market to hit around US$58.4 billion by 2030[3], registering growth at a CAGR of over 17.5% from 2022 to 2030. That said, it will take more than investment alone for health care organizations and companies to maximize the potential of e-commerce, while keeping PHI safe.