As of 2019, the voters in 33 American states have passed some form of legislation allowing the use of medical marijuana. 10 of them have gone so far as to legalize the recreational use of the drug. In late 2018, the U.S. government re-classified hemp — the subspecies of cannabis lacking significant concentrations of the compounds responsible for the psychoactive effects associated with the plant – from a controlled substance to an agricultural commodity. This change at the federal level has essentially made it legal to sell and use products containing cannabidiol, a cannabis compound used to help treat a variety of health issues and which does not induce intoxication.
These changes in the laws regarding medical cannabis have created a new frontier for healthcare, one in which doctors are now prescribing a drug the possession of which would have landed their patients in jail just a few years prior. While two-thirds of the United States have opted for loosening the restrictions on medical cannabis, that still leaves one-third which considers it a crime to cultivate, distribute, and sell cannabis. What’s more, while the federal government has backed off on hemp, it still classifies marijuana as a schedule I controlled substance.
The varying way in which medical cannabis is viewed across the United States means most people are potentially at personal risk when they decide to use medical cannabis products. With the exception of using cannabidiol-based products like oil drops of CBD that helps with sleep, those who depend on medical cannabis products are still breaking the law in the eyes of the federal government. This is because the U.S. government still considers marijuana‘s primary active ingredient — the compound known as tetrahydrocannabinol or THC — to be a controlled substance. The same cannot be said for products containing CBD, which is derived from hemp and is therefore not a controlled substance.
This personal risk taken by medical marijuana patients means that protecting their privacy is of the utmost importance.
The electronic records created, saved and accessed by medical professionals involved in the prescribing or selling of medical cannabis are under the same HIPAA compliance requirements as any other patient records, and rightfully so; someone who lives in Missouri, where medical marijuana is set to become accessible by 2020, might not want his employer down in Texas, where marijuana is still across the board illegal, finding out he’s been buying products at a local dispensary.
Doctor’s offices, dispensaries, and any other institution where medical marijuana patient’s records are being kept must make sure they are doing everything they can to keep them protected. A breach of security and leak of patient names can do untold damage on the reputations and careers of thousands of people. So, with that said, it’s imperative for these organizations to stay up to date on cybersecurity measures and adhere to any and all existing electronic medical records laws.
At the rate it’s going, it’s safe to say medical cannabis will be a nationally recognized healthcare option within a decade or so. In the meantime, as the American federal government and one-third of states continue to consider most cannabis-based products to be illegal, those who keep records of medical cannabis patients must be extra careful in managing said records.