A bill the legislature passed a few years ago before Gregoire slaughtered it via sectional veto would have had us using a privacy-protecting registry designed at the University of Washington by Alexei Czeskis and Jacob Appelbaum.

The general idea is that it would provide the ability for someone to prove to a law enforcement officer that he or she was in the registry but prevent anyone--police, database operators at the Department of Health, Chinese hackers--from trolling the registry to find who is in it, even with access to the underlying database.

See their paper, "High Stakes: Designing a Privacy Preserving Registry" for details: http://www.czeskis.com/research/pubs/ppm…

Abstract:

This paper details our experience designing a privacy preserving medical marijuana registry. In this paper, we make four key contributions. First, through direct and indirect interaction with multiple stakeholders like the ACLU of Washington, law enforcement, the Cannabis Defense Coalition, state legislators, lawyers, and many others, we describe a number of intersting technical and socially-imposed challenges for building medical registries. Second, we identify a new class of registries called unidirectional, non-identifying (UDNI) registries. Third, we use the UDNI concept to propose holistic design for a medical marijuana registry that leverages elements of a central database, but physically distributes proof-of-enrollment capability to persons enrolled in the registry. This design meets all of our goals and stands up in the face of a tough threat model. Finally, we detail our experience in transforming a technical design into an actual legislative bill.

"The federal government is not done going after medical marijuana growers—even in Washington State."

Yes, they are. They were done almost two months ago. Early in December in point of fact. Even The National Law Review knows this.

http://www.natlawreview.com/article/fede…

What if the state maintains a list of active usernames and passwords (created by the state), and when a doctor prescribes marijuana to someone, they call it in to the state, the state supplies a username/password (which will expire after a year, which then the patient will need to have the subscription refilled). When buying at a dispensary, a patient must have his/her username/password verified. This would also keep a patient from buying 10-times what they're prescribed, since the credentials can be matched to previous purchases (though not the identity of the buyer). People could still doctor-shop to get multiple user/passwords, but people illegally do that for other drugs, too.