RSA 420-P:10 Safe Harbor for HIPAA Compliance.

A licensee that is in possession of protected health information subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and that has established and maintains programs and procedures regarding information privacy, security, and breach notification that are prescribed by HIPAA and by Parts 160 and 164 of Title 45 of the Code of Federal Regulations established pursuant to HIPAA, shall be considered to meet the requirements of this chapter with respect to such protected health information, provided that the licensee is compliant with the HIPAA privacy, security, and breach notification requirements and submits a written statement certifying such compliance. Furthermore, to the extent a licensee maintains other nonpublic information concerning a consumer in the sam