Nevada Public Health and Safety
Sec. § 439.589
Adoption of regulations to prescribe standards relating to electronic health records, health-related information and health information exchanges.


1.

The Director shall by regulation prescribe standards:

(a)

To ensure that electronic health records retained or shared by any health information exchange are secure;

(b)

To maintain the confidentiality of electronic health records and health-related information, including, without limitation, standards to maintain the confidentiality of electronic health records relating to a child who has received health care services without the consent of a parent or guardian and which ensure that a childs right to access such health care services is not impaired;

(c)

To ensure the privacy of individually identifiable health information, including, without limitation, standards to ensure the privacy of information relating to a child who has received health care services without the consent of a parent or guardian;

(d)

For obtaining consent from a patient before retrieving the patients health records from a health information exchange, including, without limitation, standards for obtaining such consent from a child who has received health care services without the consent of a parent or guardian;

(e)

For making any necessary corrections to information or records retained or shared by a health information exchange; and

(f)

For notifying a patient if the confidentiality of information contained in an electronic health record of the patient is breached.

2.

The standards prescribed pursuant to this section must include, without limitation:

(a)

Requirements for the creation, maintenance and transmittal of electronic health records;

(b)

Requirements for protecting confidentiality, including control over, access to and the collection, organization and maintenance of electronic health records, health-related information and individually identifiable health information;

(c)

Requirements for the manner in which a patient may, through a health care provider who participates in the sharing of health records using a health information exchange, revoke his or her consent for a health care provider to retrieve the patients health records from the health information exchange;

(d)

A secure and traceable electronic audit system for identifying access points and trails to electronic health records and health information exchanges; and

(e)

Any other requirements necessary to comply with all applicable federal laws relating to electronic health records, health-related information, health information exchanges and the security and confidentiality of such records and exchanges.
Source
Last accessed
Oct. 16, 2019