HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

ONC Issues Challenge to Develop a New Online Model Privacy Notice Generator

The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC) has challenged designers, developers, and health data privacy experts to create a new online Model Privacy Notice (MPN) generator.

At present, the MPN is a voluntary resource that helps health technology developers who collect electronic health data provide information to consumers about how health data is collected, used, and protected.

The purpose of the MPN is to improve transparency and clearly display information about an organization’s privacy practices to enable consumers to make an informed decision about whether to use a particular product.

While the ONC, in conjunction with the Federal Trade Commission (FTC), developed a Model Privacy Notice in 2011, technology has moved on considerably in the past five years. The MPN was intended to be used for personal health records, but the range of products that collect health data is now considerable, and include wearable devices and mobile applications. The current MPN is therefore somewhat dated.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

ONC notes that the number of consumers that are using devices that record electronic health information has grown considerably since 2011. It is has now become increasingly important for consumers to be able to make decisions about products based on how their information will be used and stored. In particular, how their data will be protected and with whom health information will be shared. The current MPN does not make it easy for consumers to find out this information.

While many consumers are aware of the Health Insurance Portability and Accountability Act and know that HIPAA covered entities are required to implement controls to protect stored data and limit disclosures of health information, many product developers that collect and store health information are not in fact HIPAA-covered entities.

Fitness trackers for example may record data types that are classed as protected health information (PHI) when collected and stored by a HIPAA-covered entity, yet are not subject to HIPAA Rules when collected and stored by a product developer.

It is therefore essential to clarify privacy and security policies to ensure consumer are aware what will happen to their data so they can make an informed decision about whether to use a particular product.

To make it easier for developers to use the MPN and easier for consumers to understand the information provided via the MPN, the ONC has launched The Privacy Policy Snapshot Challenge.

The Challenge involves creating “an online tool that can generate a user-friendly snapshot of a product’s privacy practices.” ONC explains that submissions must include “code for an open source, web-based tool that allows health technology developers who collect digital health data to generate a customized privacy notice.”

The first prize is $20,000, the second prize $10,000, and third prize is $5,000. Entries must be submitted by April 10, 2017

Designers, developers, and health data privacy experts can find out more and sign up for the Privacy Policy Snapshot Challenge on this link.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.