Pharmaceutical companies and laboratories gather a wealth of personally identifiable information in their software systems. They keep critical data elements of electronic health records. Along with healthcare and insurance companies, they are subject to HIPAA regulations.

As we reach our goal of "National Health Information Infrastructure (NHII), and greater use of electronic health records, protecting the confidentiality, integrity, and availability of EPHI becomes even more critical" (not sure what this is saying, clarify). Unlike healthcare practitioners, pharmacies often sell medicine in retail establishments and as such might have to comply with PCI/DSS as well.