Skip to Content

Notice

Announcement of Requirements and Registration for “Digital Privacy Notice Challenge”

Document Details

Information about this document as published in the Federal Register.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble

AGENCY:

Office of the National Coordinator for Health Information Technology, HHS.

Award Approving Official: Karen DeSalvo, National Coordinator for Health Information Technology.

ACTION:

Notice.

SUMMARY:

The HIPAA Privacy Rule gives individuals a fundamental right to be informed of the privacy practices of health plans and health care providers, as well as to be informed of their privacy rights with respect to their personal health information. Health plans and covered health care providers are required to develop and distribute a notice that provides a clear, user friendly explanation of these rights and practices.[1] In practice, however, many patients have found that these notices Start Printed Page 7672can be difficult to read and poorly comprehended.[2]

The Office of the National Coordinator for Health Information Technology (ONC) recently collaborated with the Office for Civil Rights (OCR) to develop model notices of privacy practices (NPP) that clearly convey the required information to patients in an accessible format. These model notices can be customized by covered entities (doctors, hospitals and other health care providers covered by HIPAA who maintain patient data, health plans) and then printed for office display and distributed to patients.

The new model notice resources offer an opportunity to improve what covered entities display online. Research shows that online privacy policies are often not read or well-understood by the general public.[3] As in the case of privacy notices displayed in medical offices, if patients cannot understand what they are reading online, they will not be properly informed of their privacy rights, including their right to access their health information. A patient's understanding of his or her privacy rights is an important component of quality health care and can impact patient-provider communication as well as patient engagement in health care.

The Digital Privacy Notice Challenge leverages the consumer tested and preferred content and formats developed recently as part of the joint ONC/OCR model NPP project and provides an award to the creators of the best online versions of an NPP. Out-of-the-box thinking could be effectively applied to the challenge of creating an online NPP that patients would actually read and understand, helping to break down the barriers to patients taking greater control of their own health and health care. We hope to bring a variety of creative minds to the task of developing a patient friendly resource, as well as enable users to interact with the proposed notices and identify the most effective approaches.

The statutory authority for this challenge competition is Section 105 of the America COMPETES Reauthorization Act of 2010 (Public L. 111-358).

DATES:

  • Submission period begins: February 7, 2014
  • Submission period ends: April 7, 2014
  • Winners announced: Event TBD May-June, 2014
Start Further Info

FOR FURTHER INFORMATION CONTACT:

Adam Wong, 202-720-2866

End Further Info End Preamble Start Supplemental Information

SUPPLEMENTARY INFORMATION:

Subject of Challenge Competition

The Challenge is a call for designers, developers, and patient privacy experts to create an online model notice of privacy practices that is compelling, readable, and understandable by patients and is easily integrated into existing entity Web sites. Submissions will use the content and design elements developed recently as part of the joint ONC/OCR paper-based model NPP project. Submitters are challenged to take the model language and format(s) and develop effective approaches to integrating them into an online interface. The module, or generator, is intended to live on GitHub and be made available open-source such that any organization can implement it on its Web site.

The Submission must:

  • Be coded in JavaScript for the interaction piece (as a JQuery plugin, Node.JS module, or standalone script) and HTML/CSS for the presentation layer.
  • Use the content developed jointly by ONC and OCR, available at http://www.hhs.gov/​ocr/​privacy/​hipaa/​modelnotices.html. The formatting design elements of the paper notices were consumer-tested and should be looked to as a guide, but successful submissions will factor in the differences between reading and consuming content on paper versus online.
  • Allow organizations using it to customize the content, consistent with the options made available through the paper-based model.

The intent of the challenge is to design a model digital notice that creatively informs and educates the user, so simply cutting-and-pasting the content into an online document will not be sufficient to win an award.

At the end of the submission period, Submissions will be posted on the challenge Web site for a public voting period of two weeks.

In addition to the functioning generator, Solvers must submit a slide deck of no more than seven slides that describes how the submission functions, how to install and operate the generator, the system requirements to run the generator, and addresses the application requirements.

Eligibility Rules for Participating in the Competition

To be eligible to win a prize under this challenge, an individual or entity—

(1) Shall have registered to participate in the competition under the rules promulgated by the Office of the National Coordinator for Health Information Technology.

(2) Shall have complied with all the requirements under this section.

(3) In the case of a private entity, shall be incorporated in and maintain a primary place of business in the United States, and in the case of an individual, whether participating singly or in a group, shall be a citizen or permanent resident of the United States.

(4) May not be a Federal entity or Federal employee acting within the scope of their employment.

(5) Shall not be an HHS employee working on their applications or submissions during assigned duty hours.

(6) Shall not be an employee of Office of the National Coordinator for Health IT.

(7) Federal grantees may not use Federal funds to develop COMPETES Act challenge applications unless consistent with the purpose of their grant award.

(8) Federal contractors may not use Federal funds from a contract to develop COMPETES Act challenge applications or to fund efforts in support of a COMPETES Act challenge submission.

An individual or entity shall not be deemed ineligible because the individual or entity used Federal facilities or consulted with Federal employees during a competition if the facilities and employees are made available to all individuals and entities participating in the competition on an equitable basis.

Entrants must agree to assume any and all risks and waive claims against the Federal Government and its related entities, except in the case of willful misconduct, for any injury, death, damage, or loss of property, revenue, or profits, whether direct, indirect, or consequential, arising from my participation in this prize contest, whether the injury, death, damage, or loss arises through negligence or otherwise.

Entrants must also agree to indemnify the Federal Government against third party claims for damages arising from or related to competition activities.

Registration Process for Participants

To register for this Challenge, participants can access http://www.challenge.gov and search for “Digital Privacy Notice Challenge.”Start Printed Page 7673

Prize

  • Total: $25,000 in prizes
  • First Place: $15,000
  • Second Place: $7,000
  • Third Place: $3,000

Payment of the Prize

Prize will be paid by contractor.

Basis upon Which Winner Will be Selected

The review panel will make selections based upon the following criteria:

  • Accurate use of model NPP content
  • Use of best practices in presenting web content for consumption, including use of plain/understandable writing in any additional framing language
  • Visual appeal
  • Capacity to link to other relevant covered entity content
  • Results from public voting period

In order for an entry to be eligible to win this Challenge, it must meet the following requirements:

1. General—Contestants must provide continuous access to the tool, a detailed description of the tool, instructions on how to install and operate the tool, and system requirements required to run the tool (collectively, “Submission”)

2. Acceptable platforms—The tool must be designed for use with existing web, mobile web, electronic health record, or other platform for supporting interactions of the content provided with other capabilities.

3. Section 508 Compliance—Contestants must acknowledge that they understand that, as a pre-requisite to any subsequent acquisition by FAR contract or other method, they are required to make their proposed solution compliant with Section 508 accessibility and usability requirements at their own expense. Any electronic information technology that is ultimately obtained by HHS for its use, development, or maintenance must meet Section 508 accessibility and usability standards. Past experience has demonstrated that it can be costly for solution-providers to “retrofit” solutions if remediation is later needed. The HHS Section 508 Evaluation Product Assessment Template, available at http://www.hhs.gov/​od/​vendors/​index.html, provides a useful roadmap for developers to review. It is a simple, web-based checklist utilized by HHS officials to allow vendors to document how their products do or do not meet the various Section 508 requirements.

4. No HHS or ONC logo—The app must not use HHS', ONC's, or OCR's logos or official seals in the Submission, and must not claim endorsement.

5. Functionality/Accuracy—A Submission may be disqualified if it fails to function as expressed in the description provided by the user, or if it provides inaccurate or incomplete information.

6. Security—Submissions must be free of malware. Contestant agrees that ONC may conduct testing on the app to determine whether malware or other security threats may be present. ONC may disqualify the Submission if, in ONC's judgment, the app may damage government or others' equipment or operating environment.

Additional Information

General Conditions: ONC reserves the right to cancel, suspend, and/or modify the Contest, or any part of it, for any reason, at ONC's sole discretion.

Intellectual Property: Winning entries as determined by ONC will be licensed to all under the Apache License 2.0.

Start Authority

Authority: 15 U.S.C. 3719.

End Authority Start Signature

Dated: February 3, 2014.

Karen DeSalvo,

National Coordinator for Health Information Technology.

End Signature End Supplemental Information

Footnotes

3.  Turow, Hoofnagle, Mulligan, Good and Grossklags. The Federal Trade Commission and Consumer Privacy in the Coming Decade. I/S—A Journal of Law and Policy for the Information Society. 740. (2008).

Back to Citation

[FR Doc. 2014-02785 Filed 2-7-14; 8:45 am]

BILLING CODE 4150-45-P