[§323C-14] Establishment of safeguards. (a) An entity shall establish and maintain administrative, technical, and physical safeguards that are appropriate to the size and nature of the entity establishing the safeguards, and that are appropriate to protect the confidentiality, security, accuracy, and integrity of protected health information created, received, obtained, maintained, used, transmitted, or disposed of by the entity.

(b) The office of information practices shall adopt rules pursuant to chapter 91 to implement subsection (a). [L 1999, c 87, pt of §2]