- About Us
- IT Services
- IT Security
- Cloud Services
- Who We Help
- Contact Us
HIPAA compliance is crucial because it ensures a business, its data, and customers remain secure.
As the medical marijuana industry grows and expands, there has been a consistent question of whether dispensaries and other businesses in the sector are mandated to meet HIPAA compliance requirements. The concerns arise from the misconceptions that exist about HIPAA in the industry.
Blake Schwank from Colorado Computer Support invited Harry Brelsford, an expert in cannabis technology. Brelsford has background experience in the IT space, having started as a Microsoft Vendor.
Brelsford explains that there has been the notion that marijuana companies don’t need HIPAA compliance over the years. The basis for this argument was that the industry is federally illegal but allowed by the state. Some businesses believe that HIPAA compliance is a federal requirement that doesn’t apply to them.
On the medical side of cannabis, HIPAA compliance is a requirement for businesses that dispense the product. A medical marijuana dispensary requires a medical prescription to provide its customers with the product, hence falling under the classification of a HIPAA-covered entity.
Their status directly puts them within the HIPAA umbrella that requires them to comply with federal law.
Cannabis businesses that keep customer records must be HIPAA compliant to enhance data privacy. For example, dispensaries scan their customers’ medical cards, and there’s a concern about how safe the information they collect is.
The protection of patient information by any covered entity or business partner is a requirement under HIPAA. That’s regardless of their specific business operations in the healthcare industry.
Any dispensary that handles protected health information (PHI) must be HIPAA compliant. According to the Department of Health and Human Services (HHS), PHI is any identifiable information related to an individual’s past, present, or future health. It’s also any information related to providing or financing healthcare for a patient.
The HHS identifies some of the following PHI:
If your business operates like a traditional pharmacy that fills prescriptions, it is likely to store patient information. The requirement is to comply with HIPAA standards. It also falls under HIPAA compliance requirements if a covered healthcare provider handles medical marijuana transactions.
Keep in mind that medical cannabis dispensaries and businesses can experience personal data breaches if they fail to safeguard PHI adequately.
Your business should think of how it handles the health information it collects, stores, and shares within the organization. Data privacy violations happen for various reasons, like storing unencrypted data off-site, sharing data, and improper employee procedures.
It’s crucial to learn and keep your business updated with HIPAA’s security and privacy rules and take steps to become compliant. Ensure to take precautions when storing or sharing PHI, and only use HIPAA-compliant solutions or IT platforms. If your business must share data with other vendors or entities, remember to enter into a business associate agreement. It will enable both parties to claim liability for HIPAA requirements.
Most importantly, ensure you check what your state requires about HIPAA compliance. Research and ask the right questions to ensure you stand on the right side of the law at all times.
HIPAA compliance is daunting and can overwhelm you, but Colorado Computer Support exists to make the process easier. We have solutions to enable your business to keep up with your employee’s training and implement the necessary policies. Contact us today to consult on this and about all your business IT needs.