Section 603A.NEW - [Newly enacted section not yet numbered] [Access to consumer health data; security of consumer health data]1. A regulated entity shall only authorize the employees and processors of the regulated entity to access consumer health data where reasonably necessary to: (a) Further the purpose for which the consumer consented to the collection or sharing of the consumer data pursuant to section 22 of this act; or(b) Provide a product or service that the consumer to whom the consumer health data relates has requested from the regulated entity.2. A regulated entity shall establish, implement and maintain policies and practices for the administrative, technical and physical security of consumer health data. The policies must: (a) Satisfy the standard of care in the industry in which the regulated entity operates to protect the confidentiality, integrity and accessibility of consumer health data;(b) Comply with the provisions of NRS 603A.010 to 603A.290, inclusive, where applicable; and(c) Be reasonable, taking into account the volume and nature of the consumer health data at issue.Added by 2023, Ch. 525,§28, eff. 3/31/2024.