The controls go beyond those available under HIPAA (the Health Insurance Portability and Accountability Act) and are expected to be more strictly enforced than HIPAA rules have been.

The breach at the Virginia health agency highlights the "overall lack of compliance" with HIPAA within the health care sector, said Peter MacKoul, president of HIPAA Solutions LC, a consulting firm in Sugar Land, Texas.

"HIPAA by and large has been ignored, not because it is unimportant, but because of a lack of will to really [enforce] it," MacKoul said. "Much like all other regulations, if there is no real enforcement, this type of thing will continue to happen over and over again," he said.