1. Except as otherwise authorized by the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, a person shall not use, release or publish:
(a) Individually identifiable health information from an electronic health record or a health information exchange for a purpose unrelated to the treatment, care, well-being or billing of the person who is the subject of the information; or
(b) Any information contained in an electronic health record or retained by or retrieved from a health information exchange for a marketing purpose.
2. Individually identifiable health information obtained from an electronic health record or a health information exchange concerning health care services received by a child without the consent of a parent or guardian of the child must not be disclosed to the parent or guardian of the child without the consent of the child which is obtained in the manner established pursuant to NRS 439.589.
3. A person who accesses an electronic health record or a health information exchange without authority to do so is guilty of a misdemeanor and liable for any damages to any person that result from the unauthorized access.
4. The Director shall adopt regulations establishing the manner in which a person may file a complaint with the Director regarding a violation of the provisions of this section. The Director shall also post on the Internet website of the Department and publish in any other manner the Director deems necessary and appropriate information concerning the manner in which to file a complaint with the Director and the manner in which to file a complaint of a violation of the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191.
(Added to NRS by 2011, 1757; A 2015, 1041)