David Navetta writes:
The state of Virginia has passed a breach notice law requiring notice of security breaches involving medical information.
[…]
“Breach of the security of the system” means unauthorized access and acquisition of unencrypted and unredacted computerized data that compromises the security, confidentiality, or integrity of medical information maintained by an individual or entity. Good faith acquisition of medical information by an employee or agent of an individual or entity for the purposes of the individual or entity is not a breach of the security of the system, provided that the medical information is not used for a purpose other than a lawful purpose of the individual or entity or subject to further unauthorized disclosure.
Read more on InformationLawGroup.