(d) The department shall establish and enforce policies and procedures to ensure that the privacy and confidentiality of patients are maintained and that patient information collected, recorded, transmitted, and stored is protected and not disclosed to persons except as listed in Section VII Providing Prescription Monitoring Information. The department's policies shall comply with Sections 261 through 264 of the Health Insurance Portability and Accountability Act (HIPAA) of 1996, Public Law 104-191 (the Administrative Simplification provisions) and regulations 45 CFR Parts 160 and 164 ("the HIPAA Security and Privacy Rule") and the HITECH (Health Information Technology for Economic and Clinical Health) Act as enacted by the American Recovery and Reinvestment Act (ARRA) of 2009 (Pub. L. 111-5), pursuant to Title XIII of Division A and Title IV of Division B. see full law