Medical Marijuana Patient Verification and HIPAA Compliance


Green Medical Group

By Edward Nguyen

If you are a healthcare provider or patient, you have heard about HIPAA, the Health Insurance Portability and Accountability Act. Did you also know that computer systems (such as verification systems used to verify medical cannabis patients) that store patient information are also subject to HIPAA security regulations?
Patient verification systems are a cornerstone of the medical cannabis healthcare movement. Like other patient databases, they may store sensitive patient data, such as medical record numbers, patient addresses, patient contact details, diagnoses codes and driver’s license numbers.

Green Medical Group

It is critical that healthcare providers, particularly small clinics and practices, follow security measures in protecting their patients’ data at all times.

As a current or prospective patient for medical cannabis, here are several requirements to examine before making a decision on your provider:
Is the patient verification website encrypted? 
Look for the padlock and https:// in the address bar of the website. Use of SSL encryption meets HIPAA’s data transmission security requirements. This ensures all data transacted from the database to end-user is protected.

Green Medical Group
An encrypted connection is verified by looking in the address bar. You will see a green padlock and https:// to indicate data is being securely transmitted.

Is patient data hosted in a HIPAA certified data center? 
A HIPAA certified data center has established and proven processes, proper security control and 24/7 monitoring by HIPAA trained security personnel. 
Is my data being backed up and replicated? 
This is a requirement you must directly ask your healthcare provider. They are the only personnel familiar with their own data storage and management processes. A simple yes or no answer does not suffice.  
Will your alternative healthcare provider pass a HIPAA auditing assessment? These are great questions to ask your provider to begin with. However, keep in mind that more HIPAA compliance requirements exist.
The consequences of violating HIPAA security regulations are serious and often include fines for violators. If you believe that a covered entity violated your (or someone else’s) health information privacy rights or committed another violation of the Privacy or Security Rule, you may file a complaint with the OCR (Office for Civil Rights).
As always, make sound decisions when it concerns your healthcare – including when it involves medical cannabis. 

Green Medical Group
Edward Nguyen, Green Medical Group

Editor’s note: Edward Nguyen is a co-owner of Green Medical Group, based in Redmond, Washington.