The state of Virginia has passed a law requiring notice of security breaches involving medical information, according to an Information Law Group report. It requires that breached entities notify affected Virginia residents and the state's Office of Attorney General. "The Attorney General can bring an action for violations of the law and impose civil penalties of up to $150,000 per breach," writes Info Law Group's David Navetta, CIPP. "The law does not apply to persons or entities that must report the breach under the HITECH Act." The new rules become effective in January.
If you want to comment on this post, you need to login.