Decentralized Identity – Medical Marijuana

Decentralized Identity – Medical Marijuana

Outcomes

Outcomes Delivered

By leveraging Decentralized Identity for Government (DIG), the Maryland Medical Cannabis Commission (MMCC) is delivering a more secure and convenient solution to patients, caregivers, and dispensaries. The application dramatically simplifies the onboarding process for patients – reducing the process from an average of 4.3 hours to a few minutes.

Background

Like many states, Maryland permits licensed dispensaries to sell medical cannabis to patients registered with the Maryland Medical Cannabis Commission (MMCC). The commission needed a solution that allowed dispensaries to verify the identity of patients.

Maryland CATS+ Qlarion

Challenge

Traditional identity solutions store residents’ personally identifiable information (PII) in centralized government
databases. For residents, this means each government interaction requires redundant paperwork, weeks of back-and-forth communication, and a lack of control of how personal data – such as name, address, medical history, and more – is stored and shared. For agencies, manual identity verification processes are time- consuming, costly, and highly susceptible to fraud.

This aggregation of PII also makes state and local governments prime targets for cyber attacks. According to the Maryland State and Local Government Cybersecurity 2021 Analysis and Recommendations, a single cyber attack against Baltimore City government in 2021 cost an estimated $18 million.

Solution

Leveraging our Decentralized Identity for Government (DIG) platform, we developed a solution to streamline the process of verifying resident IDs and issuing credentials allowing residents to purchase medical cannabis. Residents are issued Digital ID and Patient ID credentials, which they store in a secure mobile app. When they’re ready to make a purchase at a dispensary, they can use the mobile app to complete the transaction without revealing their personal information. Dispensaries can be sure that they are transacting with a registered patient without putting the patient’s personal data at risk.

MMC Case Study