Professional Documents
Culture Documents
CROWD POW WOW PROUD WANTS EMPLOYERS TO FEEL COMFORTABLE WITH THE CANNABIS
PROGRAM.
WE WILL PROVIDE EDUCATED INFORMATION AS WELL AS THE POSITIVE AFFECT CANNABIS IS HAVING IN
OUR COMMUNITIES.
(570) 852-9068
(570) 763-8282
Many nurses have been asking about how medical cannabis is playing into the protected fields of HIPAA
(Health Insurance Portability and Accountability Act of 1996) which is United States legislation that
provides data privacy and security provisions for safeguarding medical information. Here’s an article
that will assist you in your profession to ensure your state medical marijuana/recreational programs and
dispensaries are in alignment with protecting patient’s medical information.
At a glance, a few factors will give away if a business is serious about their compliance. For one, their
website will have a Secure Socket Layer (SSL) certificate. This means that your address bar will show a
lock and/or be green to indicate that website traffic is encrypted. In addition, the provider will need to
host their data in a HIPAA Compliant data center. Having the data on-site or in a typical server location is
a flagrant violation of HIPAA. If you are concerned, you should be aware that violating HIPAA security
regulations is a serious crime and often includes fines for the violator. Understand the differences
between standard web hosting vs. HIPAA compliant hosting to ensure that you have the correct type of
provider.
Medical Dispensaries fall under the auspices of HIPAA and are required to keep confidential all of the
PHI that is collected during a customer transaction. The information that is given to qualify for a medical
marijuana card in the first place is also covered under HIPAA and can’t be released without the patient’s
written consent or a court subpoena. To do so, even accidentally, would be a violation of HIPAA and
most likely would result in a fine. However, if a credit card is used when purchasing marijuana from a
dispensary, completely restricting this transaction information is not possible. It is also worthwhile
noting that Visa and MasterCard have recently stopped allowing medicinal marijuana purchases or have
used high per-transaction rates to make accepting credit cards not feasible.
When it comes to HIPAA compliance, the rules for medicinal marijuana are strikingly similar to the rules
for any other medical substance or service. Patient information is protected under HIPAA regulations in
terms of both data storage and employee inquiries. Businesses and their associates that handle PHI are
compelled to abide by these regulations and are subject to fines and legal action, even if the PHI data
pertains to medicinal marijuana. Learn more about HIPAA web hosting requirements.
Medical Marijuana: A Primer on Ethics, Evidence, and Politics Nayna Philipsen, JD, RN, Robin D. Butler,
MBA, RA, Christie Simon-Waterman, MSN, FNP-C, and Jylla Artis, MSN, FNP-C
ABSTRACT
Controversy in the United States about the decriminalization of cannabis to allow health care providers
to recommend it for therapeutic use (medical marijuana) has been based on varying policies and beliefs
about cannabis rather than on scientific evidence. Issues include the duty to provide care, conflicting
reports of the therapeutic advantages and risks of cannabis, inconsistent laws, and even the struggle to
remove barriers to the scope of practice for Advanced Practice Registered Nurses. This article reviews
the ethics, evidence, and the politics of this complex debate.
Keywords: advanced practice registered nurse scope of practice, advocacy, barriers to advanced
practice registered nurse practice, cannabis, compassionate care, criminalization, decriminalization,
gateway drugs, marijuana, medical marijuana, palliative care, paternalism, patient autonomy,
therapeutic cannabis, HIPAA.
Therefore, caregivers, including APRNs, need to be prepared to extend these additional protections of
privacy for a patient who is using medical marijuana. Where the possession of therapeutic cannabis is
illegal, patients have an additional concern about criminal penalties and may well be concerned about
the protection of their information from release to organizations and individuals. HIPAA does exempt
certain entities from the confidentiality requirement and grants them access to patient information
without patient consent for the greater good of society. Law enforcement is not generally an exception.
Examples of exceptions include public health reporting requirements and regulators like the US
Department of Health and Human Services, which needs access in order to enforce HIPAA. APRNs can
reassure their patients that most entities are not entitled to the patient’s health records without the
patient’s consent, including the US Drug Enforcement Administration (DEA). HIPAA (the Privacy Rule, at
45 C.F.R. xx160 and 164) specifically limits access to identifiable health information, whether it is
medication listings, discharge, or progress reports, including those cases in which DEA officers request
information to show the patient’s criminal intent. All health entities and caregivers are held accountable
by HIPAA to protect patient privacy and generally are not required to expose the patient’s past or
present medical history, including prescriptions or drug use, to authority outside of that health entity.