Nev. Rev. Stat. § 603A.NEW

Current through 82nd (2023) Legislative Session Chapter 535 and 34th (2023) Special Session Chapter 1 and 35th (2023) Special Session Chapter 1
Section 603A.NEW - [Newly enacted section not yet numbered] [Access to consumer health data; security of consumer health data]
1. A regulated entity shall only authorize the employees and processors of the regulated entity to access consumer health data where reasonably necessary to:
(a) Further the purpose for which the consumer consented to the collection or sharing of the consumer data pursuant to section 22 of this act; or
(b) Provide a product or service that the consumer to whom the consumer health data relates has requested from the regulated entity.
2. A regulated entity shall establish, implement and maintain policies and practices for the administrative, technical and physical security of consumer health data. The policies must:
(a) Satisfy the standard of care in the industry in which the regulated entity operates to protect the confidentiality, integrity and accessibility of consumer health data;
(b) Comply with the provisions of NRS 603A.010 to 603A.290, inclusive, where applicable; and
(c) Be reasonable, taking into account the volume and nature of the consumer health data at issue.

NRS 603A.NEW

Added by 2023, Ch. 525,§28, eff. 3/31/2024.