The process of distribution for pharmaceuticals has evolved. No longer does the distribution process just consist of moving pharmaceuticals from manufacturer to pharmacy to patient. Today's prescription supply chain is more complex and includes a pharmacy's ability to share patient identity, Insurance information, and prescription history with other entities. As a result of this evolution, The distribution companies have become unwitting custodians for patient data.

As pharmacies and distributors digitise their ordering, fulfilment and compliance processes, they are increasingly reliant on digital integrated IT systems to communicate between all the various stakeholders, manufacturers, pharmacies, Insurers and patients. The benefit of these IT systems is not only greater operational efficiency, but they also allow for the greatest risk and vulnerability to data.

The Morton Drug Company Data Breach is an example of how prescription service providers can store extremely sensitive information, other than just the medications prescribed to them. A lot of times, when patients make an order for a prescription, their name, address and other identifying information accompany that pharmacy order and are incorporated into the pharmacy's operational processes.

Unlike retail pharmacies, Distributors are not typically seen publicly. When a dispenser makes a prescription for an individual, that patient may never come in direct contact with the distributor although the distributor is responsible for access to his/her sensitive information. Because of this fact, patients may be unaware of the distributor's involvement until the incident occurs.

Regulatory overlap is another issue faced by pharmaceutical distributors who must now comply concurrently with health care privacy regulations, financial regulations, and logistical compliance. Security obligations may get lost in between regulations, particularly when the systems providing support for these functions were originally created to increase efficiency in supply chains.

Prescription data has unique sensitivity as it is an indicator of possible chronic disease, mental health issues, and major life events (diagnoses). When such information is coupled with personal identity information, any abuse of this data has the potential of extending beyond financial fraud.

As health care continues to devolve into smaller (i.e., more localized and decentralized) delivery systems, those in the supply chain need to look at their own responsibilities for collecting and protecting prescription data. To protect prescription information means that an individual's identity must be protected as well.

The ability of individuals to trust in medical product safety is also based on trust in the processes that are used to deliver those products.

With the growing number of digital health ecosystems being developed, distributors will need to consider data protection an equal priority to logistics instead of being an afterthought. Cybersecurity, vendor management, and transparency will be vital to maintaining patient trust in an increasingly automated pharmaceutical supply chain.