Four Ways to Foster Trusted E-Commerce Experiences in Health Care

Warren Tomlin, Aaron Smith & Arryn Blumberg

Changing consumer expectations are creating exciting opportunities for health care organizations to embrace e-commerce and evolve their business.

In brief

  • With cyberattacks on the rise, regulated health companies selling online must invest in cybersecurity measures to keep protected.
  • Analysts predict the global health care cybersecurity market will grow at a CAGR of over 17.5% from 2022 to 2030, hitting around US$58.4 billion by 2030.
  • Health care companies must choose scalable and adaptable e-commerce solutions to capitalize while keeping protected health information (PHI) safe.

Trust is currency, especially in health care. As the industry seizes the upside of embracing digital, direct-to-consumer (DTC) models, trust in the system itself will be critical to long-term success.

If personal data is everything, then protected health information (PHI) is everything and then some. PHI is generally defined as individually identifiable health information.

The very nature of health care — and the regulated health products this industry distributes — has always made this a highly regulated space. Regulatory bodies, including the US Food and Drug Administration and the European Medicines Agency, maintain strict compliance requirements around the creation and manufacturing of pharmaceuticals to ensure they’re safe, effective and of high quality. Above that, the distribution and sale of these regulated products reflect another level of compliance requirements; one that presents unique complexities in an e-commerce setting.

Spanning any identifiable health information relating to the health status of an individual that is created, collected, transmitted, or maintained by an entity in relation to the provision or payment of health care, PHI is incredibly valuable. Safeguarding it is essential; failing on this front is simply not an option. One of the main reasons health care companies haven’t ventured further into this space is because without the right platform or services, doing so creates significant risks. On the flipside, new ecosystem partnerships (for example, through providers like Shopify) are creating secure ways for these companies to explore regulated products — while eliminating the barriers that have previously held these businesses back.

How so?

In a working world where cyber risk transforms (via Canada) by the day, PHI is an increasingly attractive target for hackers. Data breaches and cyberattacks launched on hospitals and health care providers are increasingly common. In fact, health care suffers two to three times more cyberattacks than financial services providers. Today, medical data can fetch up to 10 times the price that stolen credit cards do in cybercrime marketplaces.[2]

It’s no wonder companies selling regulated health products online are spending more to keep their data safe in the face of this increasing pressure. Analysts project the global health care cybersecurity market to hit around US$58.4 billion by 2030, registering growth at a CAGR of over 17.5% from 2022 to 2030. That said, it will take more than investment alone for health care organizations and companies to maximize the potential of e-commerce, while keeping PHI safe.

Having the right e-commerce solution is critical to managing those risks and enabling companies to capitalize on new opportunities like this effectively. It must provide seamlessly effective digital-mobile-social commerce with capabilities and experiences customers and patients have come to expect, with industrialized security, availability, and global reach.

Grounding e-commerce for regulated products is the right solution. Cybersecurity measures don’t work in silos. They must be comprehensively integrated across organizations, and within compliance commerce solutions. Choose a platform grounded in a security-by-design or zero trust approach; one that is scalable and adaptable as new business, regulatory and data needs emerge.

Keep integration in mind. Building out the right e-commerce strategy for regulated health products isn’t a one and done process. You want to bake the ability to integrate PHI data storage right into any enterprise system or downstream operational process. This helps de-risk sales and online fulfilment, while empowering you with the ability to expand into and comply across regions and geographies.

Develop long-lasting and reliable consumer relationships based on trust. This is the most important thing health e-commerce providers can do to remain sustainable. Digital trust influences the consumer’s decision to visit a site, buy a product, return to a site, or promote a brand (via Canada). Consumers want to know they can communicate reliably and transact transparently, counting on the fact that their PHI will be handled securely at every stage of sale or support.

Communicate broadly about your commitment to safeguarding PHI. When it comes to purchasing health products online, consumers have even more reasons to be vigilant in comparison with traditional retail goods. Not only do they have to be concerned with seller authenticity, product safety and quality, misleading product claims and fraudulent product reviews; they also need to worry about the security of their most personal data. Talk openly about the measures you’re implementing to secure PHI, to bring consumers and other stakeholders into the dialogue, and keep them engaged. Taking proactive steps to build trust in health care e-commerce ecosystems helps consumers feel more comfortable building relationships with brands.

What’s the bottom line?

Companies operating in regulated markets are on the precipice of a massive opportunity. Harnessing that potential requires organizations to modernize DTC channels. That shift brings renewed need for additional front-end risk mitigation. Investing to get this piece right can generate longer lasting consumer relationships that drive sustainable success.


The increasing development of health care e-commerce creates fresh possibilities. However, updating direct-to-consumer channels and enabling secure access to regulated health care goods online necessitates health companies and organizations to commit resources towards managing risk. By doing so, it is possible to cultivate strong consumer relationships that can result in sustainable growth.

Warren Tomlin is Partner, Digital and Innovation, Ernst & Young LLP

Aaron Smith is Partner, Public Sector and Health Consulting, Ernst & Young LLP

Arryn Blumberg is Senior Manager, Business Consulting, Ernst & Young LLP



Scroll to Top