2023 Nevada Revised Statutes
Chapter 603A - Security and Privacy of Personal Information
NRS 603A.525 - Regulated entity to limit authority of employees and processors to access consumer health data; regulated entity to establish, implement and maintain policies and practices for security of consumer health data. [Effective March 31, 2024.]

Universal Citation:
NV Rev Stat § 603A.525 (2023)
Learn more This media-neutral citation is based on the American Association of Law Libraries Universal Citation Guide and is not necessarily the official citation.

1. A regulated entity shall only authorize the employees and processors of the regulated entity to access consumer health data where reasonably necessary to:

(a) Further the purpose for which the consumer consented to the collection or sharing of the consumer data pursuant to NRS 603A.500; or

(b) Provide a product or service that the consumer to whom the consumer health data relates has requested from the regulated entity.

2. A regulated entity shall establish, implement and maintain policies and practices for the administrative, technical and physical security of consumer health data. The policies must:

(a) Satisfy the standard of care in the industry in which the regulated entity operates to protect the confidentiality, integrity and accessibility of consumer health data;

(b) Comply with the provisions of NRS 603A.010 to 603A.290, inclusive, where applicable; and

(c) Be reasonable, taking into account the volume and nature of the consumer health data at issue.

(Added to NRS by 2023, 3459, effective March 31, 2024)

Disclaimer: These codes may not be the most recent version. Nevada may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.