The originating and distant site providers:
A. Shall comply with the laws and regulations concerning the privacy and security of protected health information under:
(1) Health-General Article, Title 4, Subtitle 3, Annotated Code of Maryland; and
(2) The Health Insurance Portability and Accountability Act of 1996 (HIPAA), 42 U.S.C. §§1320d et seq., as amended, the HITECH Act, 42 U.S.C. §§17932, et seq., as amended, and 45 CFR Parts 160 and 164, as amended;
B. Shall ensure that all interactive video technology-assisted communication comply with HIPAA patient privacy and security regulations at the originating site, at the distance site, and in the transmission process;
C. Shall occupy a space or area that meets the minimum standards for privacy expected for a patient-provider interaction;
D. May not disseminate any participant images or information to other entities without the participants consent, unless there is an emergency that prevents obtaining consent; and
E. May not store at originating and distant sites the video images or audio portion of the telehealth service for future use.