Health Breach Notification Rulemaking #541358-00076

Submission Number:
Brad Smith
Computer Institute of the Rockies
Initiative Name:
Health Breach Notification Rulemaking
section 13402(e)(3), 500 or less people involved in a breach without having to notify people is to great a loss to go unreported. Please consider lowering this to a more resonable number (100) to encourage medical facilities to improve security rather than just under-report the numbers involved. This is also a hinderance to rural America where many breaches occur but are less than 500 records involved. Since HIPAA hasn't really protected our records yet, giving a 500 person breach free ride does not solve the problem of security. Only local pressure of revealing a breach is making medical facilites improve security. PLEASE lower this limit to 100. Brad Smith, RN,CISSP,NSA-IAM