2023 Nevada Revised Statutes
Chapter 603A - Security and Privacy of Personal Information
NRS 603A.525 - Regulated entity to limit authority of employees and processors to access consumer health data; regulated entity to establish, implement and maintain policies and practices for security of consumer health data. [Effective March 31, 2024.]
1. A regulated entity shall only authorize the employees and processors of the regulated entity to access consumer health data where reasonably necessary to:
(a) Further the purpose for which the consumer consented to the collection or sharing of the consumer data pursuant to NRS 603A.500; or
(b) Provide a product or service that the consumer to whom the consumer health data relates has requested from the regulated entity.
2. A regulated entity shall establish, implement and maintain policies and practices for the administrative, technical and physical security of consumer health data. The policies must:
(a) Satisfy the standard of care in the industry in which the regulated entity operates to protect the confidentiality, integrity and accessibility of consumer health data;
(b) Comply with the provisions of NRS 603A.010 to 603A.290, inclusive, where applicable; and
(c) Be reasonable, taking into account the volume and nature of the consumer health data at issue.
(Added to NRS by 2023, 3459, effective March 31, 2024)