Subject of Possible Rule Making: Amending chapter 284-04 WAC, Privacy of consumer financial and health information, by adding security breach notification requirements.

     Statutes Authorizing the Agency to Adopt Rules on this Subject: RCW 48.02.060, 48.43.505, the Gramm-Leach Bliley Act, (Pub. L. 02-106 (1999), Sections 501(b), 505 (B)(2) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, (Pub. L. 111-5 (2009), Section 13402).

     Reasons Why Rules on this Subject may be Needed and What They Might Accomplish: The commissioner will consider rules defining a security breach, specifying who receives security breach notifications and what information is required in the notification.

     Other Federal and State Agencies that Regulate this Subject and the Process Coordinating the Rule with These Agencies: Other than ensuring the rules are aligned with the federal standards, coordination with Health and Human Services (HHS) is not a requisite part of the proposed rule making.

     Process for Developing New Rule: Submit written comments by June 5, 2012.

     Interested parties can participate in the decision to adopt the new rule and formulation of the proposed rule before publication by contacting Donna Dorris, P.O. Box 40255, Olympia, WA 98504-0255, donnad@oic.wa.gov, fax (360) 586-3109.

May 2, 2012

Mike Kreidler

Insurance Commissioner

© Washington State Code Reviser's Office