HIPAA in the Medical Marijuana Dispensary

Listen to the blog entry:
Voiced by Amazon Polly

Did you know Medical Marijuana is treated like any other medical prescription and Medical marijuana dispensaries are subject to HIPAA -Health Insurance Portability and Accountability compliance? Privacy Rights

The fees associated with lost information or data breaches can be staggering. The penalties for noncompliance are based on the level of negligence:

Violation Amount per violation Violations of an identical provision in a calendar year
Did Not Know $100 – $50,000 $1,500,000
Reasonable Cause $1,000 – $50,000 $1,500,000
Willful Neglect — Corrected $10,000 – $50,000 $1,500,000
Willful Neglect — Not Corrected $50,000 $1,500,000

Source: HHS, Federal Register.gov

HIPAA violations tripled over a 10-year span between 2004 and 2014 and it continues to grow.

What is  HIPAA?

As a healthcare provider you are required to maintain the privacy and confidentiality of patient’s health information including their Names, addresses, date of birth, sex, medical condition, and prescriptions/medications.

The key term in HIPAA is PHI or Protected Health Information. All the demographics about a patient whether electronic or in paper form is PHI.

Most offices already have a policy statement, but it falls short in several critical areas:

· Aside from HIPAA compliance, there is also general data breach legislation for the State of California

· Use strong passwords

· Use and maintain Anti-Virus Software

· Use a firewall with Intrusion Prevention- Telephone or Cable provider routers often are not sufficient

· Control Access to PHI- only people with a need to know should have access.

· Control Physical Access to PHI

· Establish a Security Culture

The good news is we can help. With your input we will audit your current practice management environment and produce a comprehensive report to address any potential issues.

We welcome the opportunity to discuss your current environment and concerns.

Leave a Reply

Your email address will not be published. Required fields are marked *