The U.S. Department of Health and Human Services proposed a new “harm threshold” for breach notification. The change would require health care organizations to notify patients of a breach involving their personal health information. Critics say the new threshold “completely undermines” the original intent of the law. The law is part of the $20 billion Health Information Technology for Economic and Clinical Health Act (HIPAA) The change allows health-care companies to do a self-assessment of potential privacy and fraud risks stemming from a data breach.”]