As of Dec. 1, 2021, cannabis dispensaries and technology vendors operating in the state of Illinois must protect health information with the same stringent security and privacy standards required of medical providers under the federal Health Insurance Portability and Accountability Act (HIPAA). These regulations, applied by the Illinois Department of Financial and Professional Regulation (IDFPR), include fines of up to $10,000 per violation.
While Illinois is the first state to place these strict data security and privacy rules on dispensaries that provide medical-use cannabis, it is likely not the last. As the cannabis industry continues to grow and evolve, so does the attention from legislators
