The Office of the National Coordinator for Health Information Technology (ONC) has announced the winners of the Privacy Policy Snapshot Challenge, a contest that called on stakeholders to use ONC’s Model Privacy Notice (MPN) template to create an online tool that can generate a user-friendly “snapshot” of a product’s privacy practices.
Indeed, winners of this challenge created Model Privacy Notice generators that produce a customizable MPN for health IT developers, making it easier for consumers to see a product’s privacy and security policies.
More specifically, according to ONC, the model privacy notice is a voluntary, openly available resource designed to help developers clearly convey information about their privacy and security policies to their users. Similar to the FDA Nutrition Facts Label, the MPN provides a snapshot of a company’s existing privacy practices encouraging transparency and helping consumers make informed choices when selecting products. The MPN does not mandate specific policies or substitute for more comprehensive or detailed privacy policies, nor does it meet the Health Insurance Portability and Accountability Act (HIPAA) requirements for a notice of privacy practices.
The winning generators are, as announced by the agency:
- R. Jason Cronk and Professor Daniel J. Solove’s generator features a side-by-side, live-updating view allowing application developers to see the MPN as they complete the app’s sections. It also clearly shows the developer which sections are completed or require more information. The MPN most successfully combines the clarity and simplicity of a nutrition facts-type label with visual icons that aid comprehension of the privacy concepts. The first-place team, which was awarded $20,000, best specified which terms and language were changed to enhance consumer understanding.
- 1upHealth’s team uses a side-by-side view that includes live checking of entered information to verify websites and phone number formats. The generated MPN allows for extensive customization, available in HTML, JSON, and Markdown formats. Detailed interviews and usability testing were held to receive consumer feedback. The second-place team was awarded $10,000.
- MadeClear.io’s generator features expandable headers allowing developers to easily see how far they have progressed in completing the MPN. The MPN uses alternating background images that help differentiate the sections and colorful icons that add context to the privacy language. The team’s consumer testing included surveys completed by 30 individuals. The third-place submission was awarded $5,000.
“Compared to when the original Model Privacy Notice was released in 2011, the consumer-facing health IT market now features a much larger variety of digital health technologies that collect information,” Genevieve Morris, principal deputy national coordinator for health IT, said in a statement. “The winners designed innovative tools that will help make privacy notices easier for consumers to understand, so they can know how and why their health information is being shared.”
ONC issued a request for information in March 2016 asking the public what information about privacy and security practices health IT developers should disclose to consumers and what language should be used to describe those practices. The federal agency then received 13 submissions with broad stakeholder representation—from developer organizations representing over 5,100 members, provider organizations representing over 200,000 providers, and consumer organizations representing patients and consumers across the country. The challenge launched last December.
