HIPAA Medical Marijuana: How to Achieve HIPAA Compliance
So as a dispensary that handles PHI, how can you achieve HIPAA compliance? Achieving HIPAA compliance comes down to proving your good faith efforts towards ensuring the confidentiality, integrity, and availability of PHI. This is done by implementing an effective compliance program, documenting your efforts, and reviewing certain aspects of HIPAA compliance annually.
To implement an effective compliance program, you must address the following components.
HIPAA requires you to implement administrative, physical, and technical safeguards to secure PHI. By conducting self-audits you identify areas in which your HIPAA safeguards are lacking. For HIPAA medical marijuana compliance, you must conduct six self-audits annually.
Gap Identification and Remediation
Once you have completed your self-audits, gaps in your HIPAA safeguards are identified. To ensure your HIPAA compliance, your organization must create remediation plans to close the gaps.
Policies and Procedures
Policies and procedures create a framework for how your medical marijuana dispensary will comply with HIPAA standards. Policies and procedures must address the HIPAA Privacy, Security, and Breach Notification Rules. Your organization’s policies and procedures must be customized to apply directly to how your dispensary operates. Your policies and procedures must be reviewed annually, and updated, to account for any changes within your organization.
Employees that have access to, or the potential to access, the medical records that you store must be trained annually. Annual training should include HIPAA basics, your organization’s policies and procedures, cybersecurity best practices, and the proper use of social media in a healthcare environment. To be HIPAA compliant, employee training must be documented to prove that each employee received the