NRS439.589. Adoption of regulations to prescribe standards relating to electronic health records, health-related information and system.  

      (a) To ensure that electronic health records and the statewide health information exchange system are secure;

      (b) To maintain the confidentiality of electronic health records and health-related information, including, without limitation, standards to maintain the confidentiality of electronic health records relating to a child who has received health care services without the consent of a parent or guardian and which ensure that a child’s right to access such health care services is not impaired;

      (c) To ensure the privacy of individually identifiable health information, including, without limitation, standards to ensure the privacy of information relating to a child who has received health care services without the consent of a parent or guardian;

      (d) For obtaining consent from a patient before transmitting the patient’s health records to the health information exchange system, including, without limitation, standards for obtaining such consent from a child who has received health care services without the consent of a parent or guardian;

      (e) For making any necessary corrections to information or records included in the statewide health information exchange system; and

      (f) For notifying a patient if the confidentiality of information contained in an electronic health record of the patient is breached.

      2.  The standards prescribed pursuant to this section must include, without limitation:

      (a) Training requirements for persons who work with electronic health records or the statewide health information exchange system;

      (b) Requirements for the creation, maintenance and transmittal of electronic health records;

      (c) Requirements for protecting confidentiality, including control over, access to and the collection, organization and maintenance of electronic health records, health-related information and individually identifiable health information;

      (d) Requirements for the manner in which the statewide health information exchange system will remove or exclude health records or any portion thereof upon the request of a person about whom the record pertains and the requirements for a person to make such a request;

      (e) A secure and traceable electronic audit system for identifying access points and trails to electronic health records and health information exchanges; and

      (f) Any other requirements necessary to comply with all applicable federal laws relating to electronic health records, health-related information, health information exchanges and the security and confidentiality of such records and exchanges.