Section 603A.525 - Regulated entity to limit authority of employees and processors to access consumer health data; regulated entity to establish, implement and maintain policies and practices for security of consumer health data1. A regulated entity shall only authorize the employees and processors of the regulated entity to access consumer health data where reasonably necessary to: (a) Further the purpose for which the consumer consented to the collection or sharing of the consumer data pursuant to NRS 603A.500; or(b) Provide a product or service that the consumer to whom the consumer health data relates has requested from the regulated entity.2. A regulated entity shall establish, implement and maintain policies and practices for the administrative, technical and physical security of consumer health data. The policies must: (a) Satisfy the standard of care in the industry in which the regulated entity operates to protect the confidentiality, integrity and accessibility of consumer health data;(b) Comply with the provisions of NRS 603A.010 to 603A.290, inclusive, where applicable; and(c) Be reasonable, taking into account the volume and nature of the consumer health data at issue.Added to NRS by 2023, 3459, effective March 31, 2024Added by 2023, Ch. 525,§28, eff. 3/31/2024.