June 6, 2017
Winners of this challenge created Model Privacy Notice (MPN) generators that produce a customizable MPN for health information technology (IT) developers, making it easier for consumers to see a product’s privacy and security policies.
“Compared to when the original Model Privacy Notice was released in 2011, the consumer-facing health IT market now features a much larger variety of digital health technologies that collect information,” said Genevieve Morris, principal deputy national coordinator for health IT. “The winners designed innovative tools that will help make privacy notices easier for consumers to understand, so they can know how and why their health information is being shared.”
The winning generators are:
- Jason Cronk and Professor Daniel J. Solove’s generator features a side-by-side, live-updating view allowing application developers to see the MPN as they complete the app’s sections. It also clearly shows the developer which sections are completed or require more information. The MPN most successfully combines the clarity and simplicity of a nutrition facts-type label with visual icons that aid comprehension of the privacy concepts. The first-place team, which was awarded $20,000, best specified which terms and language were changed to enhance consumer understanding.
- 1upHealth’s team uses a side-by-side view that includes live checking of entered information to verify websites and phone number formats. The generated MPN allows for extensive customization, available in HTML, JSON, and Markdown formats. Detailed interviews and usability testing were held to receive consumer feedback. The second-place team was awarded $10,000.
- MadeClear.io's generator features expandable headers allowing developers to easily see how far they have progressed in completing the MPN. The MPN uses alternating background images that help differentiate the sections and colorful icons that add context to the privacy language. The team’s consumer testing included surveys completed by 30 individuals. The third-place submission was awarded $5,000.
The model privacy notice is a voluntary, openly available resource designed to help developers clearly convey information about their privacy and security policies to their users. Similar to the FDA Nutrition Facts Label, the MPN provides a snapshot of a company’s existing privacy practices encouraging transparency and helping consumers make informed choices when selecting products. The MPN does not mandate specific policies or substitute for more comprehensive or detailed privacy policies, nor does it meet the Health Insurance Portability and Accountability Act (HIPAA) requirements for a notice of privacy practices.
ONC issued a request for information on March 1, 2016 asking the public what information about privacy and security practices health IT developers should disclose to consumers and what language should be used to describe those practices. ONC received thirteen submissions with broad stakeholder representation - from developer organizations representing over 5,100 members, provider organizations representing over 200,000 providers, and consumer organizations representing patients and consumers across the country. The challenge was launched in December 2016 and leverages updated MPN content developed by ONC, with feedback from the HHS Office for Civil Rights, Federal Trade Commission, and other private and public stakeholders.
A public webinar demonstrating the winning tools will be held on July 12 at 2:00p.m. EDT.
To access the 2016 MPN content, visit https://www.healthit.gov/sites/default/files/2016_model_privacy_notice.pdf.
Additional information about the MPN is available at https://www.healthit.gov/policy-researchers-implementers/model-privacy-notice-mpn.