HIPAA Compliance Audits
HIPAA compliance reviews for new and existing cannabis dispensaries. Ensure compliance, avoid fines and other problems, and protect your patients’ data.
Review
We’ll review your current plans, policies, operations, and systems (as applicable) for HIPAA compliance.
Advise
We’ll identify what needs to be changed so you’re compliant, and advise you on how and why to do it.
Remediate
We can help you achieve compliance through plan & policy writing, system hardening, training, & more.
Florida Cannabis HIPAA Compliance Consulting
Get help reviewing and implementing your HIPAA compliance plan as required under
Alabama Cannabis HIPAA Compliance Consulting
Get help reviewing and implementing your HIPAA compliance plan as required under
Why Forte HIPAA Audits?
Double-Check & Rest Easy
Get an outside opinion from the experienced HIPAA compliance experts at Forte.
Make Your HIPAA Plan a Reality
You’ve got a HIPAA plan on paper, now let’s figure out the details and put it into action.
Cybersecurity & Public Image
Decrease the chance of data breaches, & show to your patients that you care about the privacy of their medical data.
Be Ready for US Legalization
Avoid scrambling once federal legalization passes & HIPAA enforcement gets more serious for medical operators.
Looks Great for M&A
HIPAA compliance shows your business takes controls & risk management seriously, giving you a chance at a higher valuation.
FAQ
We’ll review all aspects of your company that are relevant to the HIPAA Privacy and Security Rules (45 CFR Subtitle A, Subchapter C, Part 164), which at a high level cover:
- Administration safeguards (§ 164.308)
- Risk analysis
- Risk management
- Assigned security responsibility
- Workforce security
- Security awareness and training
- Security incident procedures
- Data backup plan
- Disaster recovery plan
- Physical safeguards (§ 164.310)
- Facility access control
- Facility security plan
- Maintenance records
- Workstation use
- Device and media disposal
- Technical safeguards (§ 164.312)
- Unique user IDs
- Automatic logoff
- Encryption and decryption
- Organizational requirements (§ 164.314)
- Policies and procedures and documentation requirements (§ 164.316)
- Breach notification requirements (§ 164.4)
- Minimum necessary requirement (§ 164.502)
This includes your end-user devices, network/IT infrastructure, physical security, physical document storage, company policies, and training.
Certain states such as Alabama and Florida require medical cannabis dispensaries, as well as vertically-integrated cannabis businesses with dispensary operations, to achieve and maintain HIPAA compliance at all times.
Aside from that, every organization in the US that handles protected health information (PHI) is required by law to follow the HIPAA Privacy and Security Rules. This includes all medical dispensaries. Enforcement of this requirement will only increase once cannabis is federally legalized.
Perhaps you’ve already submitted a HIPAA compliance plan and you’ve received your license. However, these applications had strict page limits, and any comprehensive and effective HIPAA compliance plan – including precise security policies and procedures – is going to be longer than 5-10 pages. Your HIPAA compliance plan may present a broad strategy of how you’ll achieve and maintain compliance, but you still have to figure out a lot of the particulars and make the plan a reality. You may also not have the in-house expertise and experience to implement all the measures you outlined in your plan.