1. The Director shall by regulation prescribe standards:
(a) To ensure that electronic health records retained or shared by any health information exchange are secure;
(b) To maintain the confidentiality of electronic health records and health-related information, including, without limitation, standards to maintain the confidentiality of electronic health records relating to a child who has received health care services without the consent of a parent or guardian and which ensure that a child’s right to access such health care services is not impaired;
(c) To ensure the privacy of individually identifiable health information, including, without limitation, standards to ensure the privacy of information relating to a child who has received health care services without the consent of a parent or guardian;
(d) For obtaining consent from a patient before retrieving the patient’s health records from a health information exchange, including, without limitation, standards for obtaining such consent from a child who has received health care services without the consent of a parent or guardian;
(e) For making any necessary corrections to information or records retained or shared by a health information exchange; and
(f) For notifying a patient if the confidentiality of information contained in an electronic health record of the patient is breached.
2. The standards prescribed pursuant to this section must include, without limitation:
(a) Requirements for the creation, maintenance and transmittal of electronic health records;
(b) Requirements for protecting confidentiality, including control over, access to and the collection, organization and maintenance of electronic health records, health-related information and individually identifiable health information;
(c) Requirements for the manner in which a patient may, through a health care provider who participates in the sharing of health records using a health information exchange, revoke his or her consent for a health care provider to retrieve the patient’s health records from the health information exchange;
(d) A secure and traceable electronic audit system for identifying access points and trails to electronic health records and health information exchanges; and
(e) Any other requirements necessary to comply with all applicable federal laws relating to electronic health records, health-related information, health information exchanges and the security and confidentiality of such records and exchanges.
(Added to NRS by 2011, 1756; A 2015, 1040)