ONC Names Privacy Policy Snapshot Challenge Winners | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

ONC Names Privacy Policy Snapshot Challenge Winners

June 7, 2017
by Rajiv Leventhal
| Reprints

The Office of the National Coordinator for Health Information Technology (ONC) has announced the winners of the Privacy Policy Snapshot Challenge, a contest that called on stakeholders to use ONC’s Model Privacy Notice (MPN) template to create an online tool that can generate a user-friendly “snapshot” of a product’s privacy practices.

Indeed, winners of this challenge created Model Privacy Notice generators that produce a customizable MPN for health IT developers, making it easier for consumers to see a product’s privacy and security policies.

More specifically, according to ONC, the model privacy notice is a voluntary, openly available resource designed to help developers clearly convey information about their privacy and security policies to their users. Similar to the FDA Nutrition Facts Label, the MPN provides a snapshot of a company’s existing privacy practices encouraging transparency and helping consumers make informed choices when selecting products. The MPN does not mandate specific policies or substitute for more comprehensive or detailed privacy policies, nor does it meet the Health Insurance Portability and Accountability Act (HIPAA) requirements for a notice of privacy practices.

The winning generators are, as announced by the agency:

  • R. Jason Cronk and Professor Daniel J. Solove’s generator features a side-by-side, live-updating view allowing application developers to see the MPN as they complete the app’s sections. It also clearly shows the developer which sections are completed or require more information. The MPN most successfully combines the clarity and simplicity of a nutrition facts-type label with visual icons that aid comprehension of the privacy concepts. The first-place team, which was awarded $20,000, best specified which terms and language were changed to enhance consumer understanding.
  • 1upHealth’s team uses a side-by-side view that includes live checking of entered information to verify websites and phone number formats. The generated MPN allows for extensive customization, available in HTML, JSON, and Markdown formats. Detailed interviews and usability testing were held to receive consumer feedback. The second-place team was awarded $10,000.
  • MadeClear.io’s generator features expandable headers allowing developers to easily see how far they have progressed in completing the MPN. The MPN uses alternating background images that help differentiate the sections and colorful icons that add context to the privacy language. The team’s consumer testing included surveys completed by 30 individuals. The third-place submission was awarded $5,000.

“Compared to when the original Model Privacy Notice was released in 2011, the consumer-facing health IT market now features a much larger variety of digital health technologies that collect information,” Genevieve Morris, principal deputy national coordinator for health IT, said in a statement. “The winners designed innovative tools that will help make privacy notices easier for consumers to understand, so they can know how and why their health information is being shared.”

ONC issued a request for information in March 2016 asking the public what information about privacy and security practices health IT developers should disclose to consumers and what language should be used to describe those practices. The federal agency then received 13 submissions with broad stakeholder representation—from developer organizations representing over 5,100 members, provider organizations representing over 200,000 providers, and consumer organizations representing patients and consumers across the country. The challenge launched last December.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Boston Children's Accelerates Data-Driven Approach to Clinical Research

In an effort to bring a more data-driven approach to clinical research, Boston Children’s Hospital has joined the TriNetX global health research network.

Paper Records, Films Most Common Type of Healthcare Data Breach, Study Finds

Despite the high level of hospital adoption of electronic health records and federal incentives to do so, paper and films were the most frequent location of breached data in hospitals, according to a recent study.

AHA Appoints Senior Advisor for Cybersecurity and Risk

The American Hospital Association (AHA) has announced that John Riggi has joined the association as senior advisor for cybersecurity and risk.

Report: Healthcare Accounted for 45% of All Ransomware Attacks in 2017

Healthcare fell victim to more ransomware attacks than any other industry in 2017, according to a new report from global cybersecurity insurance company Beazley.

Study: Use of EHRs Does Not Reduce Administrative Costs

A recent study by Duke University and Harvard Business School researchers found that costs for processing a single bill ranged from $20 for a primary care visit to $215 for an inpatient surgical procedure, or up to 25 percent of revenue.

Kibbe to Step Down as CEO of DirectTrust

David Kibbe, M.D., M.B.A., announced he would step down as president and CEO of DirectTrust at the end of the year.