In recently published guidance, Illinois’ main cannabis regulator – the Illinois Department of Financial and Professional Regulation – announced that medical and co-located dispensaries in Illinois must protect patient information in accordance with the stringent privacy and security rules set out in the federal HIPAA statute and attendant regulations.
This involves understanding the requirements as laid out in the HIPAA regulations and then matching up those requirements with internal IT practices and policies, as well as initiatives such as employee training and disclosures to patients.
Massachusetts, for example, requires that dispensaries train employees on patient privacy and confidentiality, and have records systems that are likewise configured to protect patient privacy.
In preparing for HIPAA compliance, it is important for cannabis businesses to consult with professionals who understand HIPAA.
This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks.