South Healthcare Compliance Guide

The Southern region produces the country's tightest breach-notification window (Florida's 30-day FIPA under Fla. Stat. §501.171) alongside Texas's multi-agency enforcement stack (HB 300 + Identity Theft Enforcement and Protection Act + Texas Medical Board + DFPS). Virginia's Consumer Data Protection Act layered consumer-data obligations atop the standard breach regime; North Carolina and South Carolina pursue breach-notification enforcement actively through their respective AG consumer protection units. Kentucky operates KASPER — one of the oldest PMPs in the United States, established 1998 — with a Class D felony penalty for failure to check; West Virginia's CSMP and Tennessee's CSMD enforce similarly aggressively in post-opioid-crisis specialties. Maryland's Personal Information Protection Act and the District of Columbia's consumer-protection framework apply within the Capital region. The Southern region's pediatric retention rules vary widely (Texas: age 25, Florida: age 26, Tennessee: 10 years post-majority) — practices serving residents of multiple Southern states should retain to the strictest applicable rule. Pain-management practices face the most concentrated regulatory scrutiny in this region, with KY/WV/TN/FL among the strictest PDMP regimes in the country.

South Compliance Guides & Articles