CANNAHEALTH An Overview of Cannabis | Page 19

Patient Privacy and Medicinal Cannabis: Know Your Rights

Because of its reputation, the medical cannabis industry is diligent about keeping within the confines of federal law and in so doing, relies heavily on these patient verification systems. These systems usually contain protected health information (PHI) such as medical record numbers, patient contact information (including addresses), diagnosis codes, and other personal information used for verification (such as driver’s license numbers).

At a glance, a few factors will give away if a business is serious about their compliance. For one, their website will have a Secure Socket Layer (SSL) certificate. This means that your address bar will show a lock and/or be green to indicate that website traffic is encrypted. In addition, the provider will need to host their data in a HIPAA (Health Insurance Portability and Accountability Act) Compliant data center. Having the data on-site or in a typical server location is a flagrant violation of HIPAA. If you are concerned, you should be aware that violating HIPAA security regulations is a serious crime and often includes fines for the violator. Understand the differences between standard web hosting vs. HIPAA compliant hosting to

KNOWLEDGE

19