[nickff]

From some quick research, it seems unclear whether dispensaries are covered entities under HIPAA, as they are not reimbursed by Insurers, due to the federal illegality of the drug. https://mjbizdaily.com/do-medical-marijuana-companies-need-t...

[sailfast]

Kinda incredible - even if they’re not covered providers they are still requesting medical records!

[lmkg]

HIPAA is not a privacy law, nor even a healthcare law. It's an insurance law. It does not cover medical records generally. It deals strictly with how doctors bill insurance companies, and mandates security for health information being billed about.

For the same reason, health & wellness apps are not generally covered by HIPAA, and in fact quite a few of those exist solely for the purpose of selling medical data to data brokers. Especially ones related to women's health.

[nickff]

They usually require records for compliance with state regulations (but the state does not require them to follow HIPAA).