Participants in the challenge were required to develop a Model Privacy Notice (MPN) generator capable of generating customizable MPNs for healthIT developers.
While resources are available to help HIPAA covered entities, many technology companies are not subject to HIPAA requirements. It was therefore important for a resource to be developed for those businesses to help them adhere to other federal regulations.
While a MPN had already been released by ONC in 2011, since then the range of digital health technologies has increased considerably. One MPN would not be suitable for all organizations that collect consumer information.
On March 1, 2016, ONC issued a request for information to find out more from the public about the practices that should be disclosed to consumers and how that information should be presented.
The challenge to develop a MPN generator was issued in December 2016, with participants leveraging an updated MPN that had been developed by ONC with assistance from the Federal Trade Commission, HHS’ Office for Civil Rights and public and private stakeholders.
The challenge was to create an innovative tool that made it easy for developers to generate their own privacy notices, while also making it easy for consumers to understand those notices and find out about the data collected and how that information will be used and shared.
There were three winners announced by ONC, with the top prize of $20,000 awarded to Jason Cronk and Professor Daniel J. Solove. 1upHealth came second and was awarded a prize of $10,000 with third place and a prize of $5,000 going to MadeClear.io.
Jason Cronk/Prf. Daniel J. Solove’s winning submission best specified which language and terms had been changed to enhance consumer understanding, while combining “the clarity and simplicity of a nutrition facts-type label with visual icons that aid comprehension of the privacy concepts.” The MPN generator includes a side-by-side and live updating view of the MPN as users complete the app’s sections.
The 1upHealth team conducted detailed interviews and usability tests to obtain feedback on the usability of the solution. The MPN generator also includes a live updating, side by side view and verification of websites and phone number formats. The solution also allows for extensive customization and is available in three formats (HTML, JSON and Markdown).
MadeClear.io also conducted extensive tests, obtaining feedback from 30 individuals on usability. The MPN generator includes expandable headers displaying how far developers have progressed, with alternating background images to differentiate different sections and colourful icons to add context to the privacy language.
Genevieve Morris, principal deputy national coordinator for health IT announced the winners of the challenge saying, “Winners designed innovative tools that will help make privacy notices easier for consumers to understand, so they can know how and why their health information is being shared.”
While the winning MPN generators can be used by developers, they do not meet the requirements of HIPAA for notices of privacy practices.
ONC Announces Move Health Data Forward Challenge Winners
Last week, the ONC announced the winners of the Move Health Data Forward challenge which asked participants to develop applications that make it easier for consumers to share their health data with their healthcare providers, research institutions, family and caregivers.
This was a multi-stage challenge with the first phase requiring participants to submit their plans. Ten phase 1 winners were awarded $5,000 each. Phase 2 required participants to demonstrate that their plans were viable and could meet the goals of the challenge. The field was narrowed down to five winners, each of whom won $20,000.
Phase three required participants to implement their solution into a mobile or web application, with two winners selected and awarded $50,000 each. Those winners were Foxhall Wythe LLC and Live and Leave Well, LLC.
The Foxhall Wythe solution – Docket™- is a system that allows consumers to easily store and share their healthcare data with trusted healthcare providers. The system securely stores data with the appropriate protections to meet HIPAA security standards, while using FHIR® messages for communication. The solution includes OAuth 2.0 for user authentication, with a Quick Response (QR) code scan to authorize the sharing of information.
The Live and Leave Well™ solution allows consumers to easily share their end of life plans with healthcare providers, friends and family. Users can share Do Not Resuscitate (DNRs) and Medical Orders of Life Sustaining Treatment (MOLST) and other documents with healthcare providers. Healthcare providers can also complete proxy forms on the system. The app uses open application program interfaces, direct integration and OAuth 2.0 and allows data to be securely shared with ease.
Don Rucker, M.D., national coordinator for health information technology, said “The final winners in the Move Health Data Forward challenge show us that electronic health information can truly be owned by patients and their family members”