eir compliance with the HIPAA Security and Privacy Rules as an organization. They achieved this milestone with the HIPAA compliance audit service of Forte Ops, a leading cannabis consulting firm, and Their compliance was independently confirmed by Compliancy Group, a third-party auditor.
The HIPAA Security and Privacy Rules are comprehensive and rigorous data security standards that apply to any organization that handles Protected Health Information (PHI). This includes medical cannabis dispensaries and the ancillary services companies with access to their systems and data.
“We take the security of our clients’ data extremely seriously, which means that we also take our own internal security very seriously as well,” said Cure8 Vice President Munir Haque. “We essentially already met HIPAA’s security standards as it was, we just had to make a few perfunctory tweaks to align with the law’s specific requirements. We are still very proud to have this independently confirmed and give all of our clients increased peace of mind.”
HIPAA Security and Privacy Rules requirements include cyber security, physical security, account/permissions management, password management, security breach notification, security policies, and periodic reviews. These requirements ensure that an organization is secure at all levels, and access to PHI is kept to a minimum.
Penalties for failing to comply with HIPAA regulations can go up to $250,000 per violation and even include jail time.
Said Haque, “Medical dispensaries in some states including Alabama and Florida are required to comply with HIPAA regulations, just like any other healthcare organization. And a big part of compliance is only working with vendors like Cure8 that take HIPAA requirements seriously, otherwise you’re putting yourself at big risks for fines and other issues.”
Forte Ops is a consulting firm that specializes in helping new cannabis companies get licensed and launched, and helping existing cannabis companies streamline their operations and maintain compliance. One of the services they offer is a HIPAA compliance audit, ensuring companies meet all the Security and Privacy Rule requirements regardless of what stage of their lifecycle they are in – whether they are applying for a license, setting up their facilities, or are already operational.
With their HIPAA compliance audit for Cure8, Forte Ops leveraged its detailed knowledge of legal requirements to identify and fill gaps in Cure8’s operations, policies, procedures, and training. Deliverables included new, stricter security policies and in-depth cybersecurity awareness training.
“We expect HIPAA compliance to become even more of a focus in the event of federal legalization, and as existing operators look to protect their investments,” said Brytany Melville, Forte Ops President.
New licensees looking to verify and ensure their HIPAA compliance and avoid costly mistakes in their rollouts in states like Alabama and Florida should reach out to the Forte Ops team at email@example.com.
Cure8 is the world’s leading cannabis IT services provider. Since 2016, it has planned, set up, and managed the tech for hundreds of cannabis facilities throughout the US and Canada, for companies such as Canopy Growth, Tokyo Smoke, Everest Cannabis, and Northern Helm. It serves all industry verticals and can support organizations of any size, including MSOs and enterprises.