What have we lost with the new patient privacy notification law?

The new health care data breach notification law, which is set to go into effect Wednesday, has drawn harsh criticism from privacy advocates.
Late last month, the U.S. Department of Health and Human Services (HHS) issued an interim final rule requiring health care organizations subject to the Health Insurance Portability and Accountability Act (HIPAA) regulations to notify individuals whose information has been breached. But privacy advocates contest a “harm threshold” provision of the interim final rule, which states that if a breach occurs, organizations should conduct a risk assessment and only need to issue breach notifications if they believe disclosure of the information “poses some harm to the individual.”
Privacy advocates told SCMagazineUS.com on Tuesday that they believe the HHS added this provision in response to overwhelming pressure from the health care industry.
“The key problem is, those who breach your information are the ones who get to decide if you are harmed or not,” Deborah Peel, founder and chairwoman of the nonprofit Patient Privacy Rights, told SCMagazineUS.com on Tuesday.

Link:
http://www.scmagazineus.com/Privacy-groups-blast-new-health-care-notification-rule/article/149444/