HIPAA Requirements for Maryland Medical Cannabis Dispensaries
Integrate HIPAA-compliant point-of-sale software in your cannabis dispensary.
Classifying marijuana as a medically valuable substance represents a great step forward in Maryland cannabis legislation, but it puts a great deal of responsibility on dispensary owners’ shoulders.
The logic of the argument is sound: If marijuana is to be used medically, then its consumers must be understood as patients – who must benefit from all of the protections afforded to patients in any clinical environment.
This means that Maryland medical cannabis dispensaries need to adhere to HIPAA regulation, a federal law that protects the privacy and security of patients’ health records and makes patient information easier for doctors and law enforcement professionals to access.
For dispensary owners, HIPAA compliance requires implementing a HIPAA-ready point-of-sale (POS) solution that provides the basic protections ensured under the law.
How HIPAA Works for Cannabis Dispensaries in Maryland
HIPAA establishes strict requirements for the collection, storage, and transmission of patient health records. These records include medical marijuana transaction data, which the Maryland Medical Cannabis Commission (MMCC) already demands from dispensaries which are outlined in this published report.
In practice, this means that Maryland medical cannabis dispensaries need to incorporate HIPAA-compliant POS software to legally do business in the state. This comes with a few caveats:
- Patients and caregivers must register with the MMCC.
- Patients are not required to purchase MMCC identity cards.
- Caregivers are required to purchase MMCC identity cards.
- Law enforcement can access the MMCC registry and browse patient records.
- Because MMCC registry data includes patient data, dispensaries must protect the data using end-to-end encryption.
Hospitals and other specialty medical clinics can choose between a broad range of HIPAA-compliant software vendors. Cannabis dispensaries, on the other hand, cannot simply use pharmacy-oriented POS software without implementing deep changes in the technology’s structure and functionality.
Because Maryland is opening up its edible market, dispensaries must also meet various new food safety regulations while remaining HIPAA-compliant. The need for a reliable cannabis industry compliance solution has never been greater.
The Maryland Dispensary Opening Deadline Is Set
Maryland state regulators have set a final deadline for the state’s pre-approved dispensaries to open their doors of September 30th or risk having their licenses revoked. As of June 2019, 6 dispensaries have successfully applied for medical cannabis licensing but struggled to open their dispensaries while meeting the state’s compliance needs.
If these dispensaries don’t have HIPAA-compliant point-of-sale solutions in place by September 30th, the state will revoke their licenses. State regulators want to eliminate these final holdouts as soon as possible, putting pressure on medical cannabis dispensary owners to opt for compliant technology solutions quickly.
Integrate Your POS with ezGreen’s On-Demand Compliance
For Maryland’s yet-unopened dispensaries and the upcoming recipients of its fourteen diversity-oriented licenses, there is a clear need for reliable, on-demand compliance software. New dispensary owners won’t have the time or resources to build their own HIPAA-compliant POS solution and successfully integrate it with METRC – the state’s mandated seed-to-sale system – in time to meet regulators’ tight deadlines.
Take a proactive stance toward HIPAA compliance. Leverage the power of compliance mastery with ezGreen’s highly customized point-of-sale solution.
Sources:
https://www.metrc.com/maryland
https://www.baltimoresun.com/business/bs-md-cannabis-licenses-20190528-story.html
https://compliancy-group.com/hipaa-encryption/