V. John Ella writes:
North Dakota has amended its data breach notification law to include “medical information” and “health insurance information.” See N.D. Century Code, Section 51-30-01. Amendments to the law also provide an exemption for HIPAA covered entities, business associates, or subcontractors so long as they are in compliance with breach notification requirements under title 45, Code of Federal Regulations, subpart D, part 164. The new law takes effect August 1, 2013.
Read more on Lexology.