HIPAA: Health Insurance Portability and Accountability Act

While this law may sound like it only applies to health insurance, you may be surprised it can apply to any transference of medical information.

In medical dispensaries, we ask our patients intimate details about their health histories, current medical conditions, and their medications whether past or present. We also need to know their allergies and reactions to previous medicines or inactive ingredients to better formulate our Cannabis recommendation.

This differs from a recreational shop where the budtender or retailer may not question the health history of the patient. Typically, in these cases, patients are simply considered customers! Many times these dispensaries do not even have the possibility to retain documentation or identifiable information about the customer, which is another difference from medical Dispensaries that have a space to record qualifying condition and other pertinent medical information.

It is important pharmacists develop a credible relationship with their patients to ensure open and honest communication. It is difficult, if not impossible, to correctly predict how a patient will react to the medicine, especially with Cannabinoid therapies.

Protected health information (PHI) that may be used to identify the patient is necessary to treat the patient. Identifiable information commonly shared in the dispensary includes the patients’ name and birthday, their address, their qualifying medical conditions or other conditions, and their prescription and cannabinoid medications.

When it comes to PHI, we need to ensure we are protecting the patients’ constitutional right to privacy. This means exercising caution when discussing treatment plans with other healthcare providers, especially when on the phone or audible in the waiting room. This also means we need to properly dispose of written or electronic PHI that is no longer necessary.

Lastly, if there is a breach in HIPAA, it’s important to notify the patient and follow-up with your organization’s specific policies/procedures. And if your organization doesn’t have any specific policies – be a privacy champion and actively create one!

We want to know your thoughts — Comment below to keep the discussion alive!