Medical Marijuana
Compliance & HIPPA


In 1996, the federal government created the Health Insurance Portability and Accountability Act (HIPAA). The purpose of this law was the security and confidentiality of protected health information (PHI), while

reducing administrative costs for providers. Under HIPAA regulations, medical marijuana is treated almost exactly like any prescription or medical treatments.

Like any drug that is considered a controlled substance, marijuana that is prescribed for medical treatment requires an extensive patient verification process. This ensures that those who are receiving medical marijuana are correctly identified through digital verification. The verification must comply with HIPAA regulations. In this sense, medical marijuana is on the same level as other treatment protocols and prescription drugs.

Marijuana used as medicine has drawn negative feedback, as some perceive it as a tactic to legalize casual use. This has made health care providers extra cautious and extremely diligent about staying within the parameters of HIPAA. As a result, they rely on the accuracy of verification systems for patients. These systems may store personal data such as a patient’s medical history, details on diagnosis, medical record number, driver’s license id, and contact information including phone numbers and home addresses.

For someone who is currently receiving medical marijuana to treat their health problem, this means the data provided to health care staff is safe and confidential when used within an officially licensed marijuana dispensary. Some locations utilize off­site storage of patient data rather than keeping it on­ site. This adds an extra layer of security and helps patients feel more confident about visiting the facility to have prescriptions filled.

Patients can also rest assured that all information they provide during the medical marijuana card application process is protected under the same HIPAA law.

As mentioned above, HIPAA compliance applies to medical marijuana patients the same way it would for any other person using the health care system. The sensitive and personal information of patients is fully protected under the law in terms of inquiries by employees and data storage. If a business does not comply with HIPAA, it will be subject to legal action and hefty fines, even when a patient is prescribed and legally using marijuana to treat a health problem.

While HIPAA is a federal law, patients using medical marijuana are advised to find out what the specific data storage protocol is implemented by their particular dispensary. This will ensure the patient is utilizing a dispensary that meets their comfort level as well as their health needs.

Contact and feel free
to ask about more details