REGULATION OF BUSINESS PRACTICES
- Section 603A.495 - Regulated entity required to develop and maintain policy concerning privacy of consumer health data; policy to be posted on Internet website maintained by regulated entity; prohibited acts
- Section 603A.500 - Collection and sharing of consumer health data by regulated entity prohibited; exceptions; required disclosures for request for consent to collect or share consumer health data
- Section 603A.505 - Actions required of regulated entity upon request of consumer; establishment of means of making request
- Section 603A.510 - Response by regulated entity to request by consumer; inability to authenticate request; fee; challenge to validity of fee charged
- Section 603A.515 - Deletion of consumer health data upon request by consumer; deletion by third party; delay of deletion of data on archived or backup system
- Section 603A.520 - Regulated entity to establish process for appeal of refusal to act on request by consumer; regulated entity required to inform consumer in writing after receipt of appeal
- Section 603A.525 - Regulated entity to limit authority of employees and processors to access consumer health data; regulated entity to establish, implement and maintain policies and practices for security of consumer health data
- Section 603A.530 - Limitations on authority to process consumer health data pursuant to contract; processor to assist regulated entity to comply with law; liability of processor for acts inconsistent with contractual provisions
- Section 603A.535 - Unauthorized sale or offering of consumer health data prohibited; provision of goods or services conditioned upon authorization of sale of consumer health data prohibited; required contents of authorization; revocation; expiration; invalidity; provision and retention of copies
- Section 603A.540 - Implementation of geofence near certain facilities, persons or entities that provide in-person health care services or products prohibited
- Section 603A.545 - Discrimination prohibited
- Section 603A.550 - Violation constitutes deceptive trade practice; no private right of action; other provisions of law unimpaired