[Federal Register Volume 79, Number 27 (Monday, February 10, 2014)]
[Notices]
[Pages 7671-7673]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2014-02785]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Office of the National Coordinator for Health Information
Technology
Announcement of Requirements and Registration for ``Digital
Privacy Notice Challenge''
AGENCY: Office of the National Coordinator for Health Information
Technology, HHS.
Award Approving Official: Karen DeSalvo, National Coordinator for
Health Information Technology.
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: The HIPAA Privacy Rule gives individuals a fundamental right
to be informed of the privacy practices of health plans and health care
providers, as well as to be informed of their privacy rights with
respect to their personal health information. Health plans and covered
health care providers are required to develop and distribute a notice
that provides a clear, user friendly explanation of these rights and
practices.\1\ In practice, however, many patients have found that these
notices
[[Page 7672]]
can be difficult to read and poorly comprehended.\2\
---------------------------------------------------------------------------
\1\ 45 CFR 164.520.
\2\ https://www.privacyrights.org/ar/HIPAA-Reading.htm.
---------------------------------------------------------------------------
The Office of the National Coordinator for Health Information
Technology (ONC) recently collaborated with the Office for Civil Rights
(OCR) to develop model notices of privacy practices (NPP) that clearly
convey the required information to patients in an accessible format.
These model notices can be customized by covered entities (doctors,
hospitals and other health care providers covered by HIPAA who maintain
patient data, health plans) and then printed for office display and
distributed to patients.
The new model notice resources offer an opportunity to improve what
covered entities display online. Research shows that online privacy
policies are often not read or well-understood by the general
public.\3\ As in the case of privacy notices displayed in medical
offices, if patients cannot understand what they are reading online,
they will not be properly informed of their privacy rights, including
their right to access their health information. A patient's
understanding of his or her privacy rights is an important component of
quality health care and can impact patient-provider communication as
well as patient engagement in health care.
---------------------------------------------------------------------------
\3\ Turow, Hoofnagle, Mulligan, Good and Grossklags. The Federal
Trade Commission and Consumer Privacy in the Coming Decade. I/S--A
Journal of Law and Policy for the Information Society. 740. (2008).
---------------------------------------------------------------------------
The Digital Privacy Notice Challenge leverages the consumer tested
and preferred content and formats developed recently as part of the
joint ONC/OCR model NPP project and provides an award to the creators
of the best online versions of an NPP. Out-of-the-box thinking could be
effectively applied to the challenge of creating an online NPP that
patients would actually read and understand, helping to break down the
barriers to patients taking greater control of their own health and
health care. We hope to bring a variety of creative minds to the task
of developing a patient friendly resource, as well as enable users to
interact with the proposed notices and identify the most effective
approaches.
The statutory authority for this challenge competition is Section
105 of the America COMPETES Reauthorization Act of 2010 (Public L. 111-
358).
DATES:
Submission period begins: February 7, 2014
Submission period ends: April 7, 2014
Winners announced: Event TBD May-June, 2014
FOR FURTHER INFORMATION CONTACT: Adam Wong, 202-720-2866
SUPPLEMENTARY INFORMATION:
Subject of Challenge Competition
The Challenge is a call for designers, developers, and patient
privacy experts to create an online model notice of privacy practices
that is compelling, readable, and understandable by patients and is
easily integrated into existing entity Web sites. Submissions will use
the content and design elements developed recently as part of the joint
ONC/OCR paper-based model NPP project. Submitters are challenged to
take the model language and format(s) and develop effective approaches
to integrating them into an online interface. The module, or generator,
is intended to live on GitHub and be made available open-source such
that any organization can implement it on its Web site.
The Submission must:
Be coded in JavaScript for the interaction piece (as a
JQuery plugin, Node.JS module, or standalone script) and HTML/CSS for
the presentation layer.
Use the content developed jointly by ONC and OCR,
available at http://www.hhs.gov/ocr/privacy/hipaa/modelnotices.html.
The formatting design elements of the paper notices were consumer-
tested and should be looked to as a guide, but successful submissions
will factor in the differences between reading and consuming content on
paper versus online.
Allow organizations using it to customize the content,
consistent with the options made available through the paper-based
model.
The intent of the challenge is to design a model digital notice
that creatively informs and educates the user, so simply cutting-and-
pasting the content into an online document will not be sufficient to
win an award.
At the end of the submission period, Submissions will be posted on
the challenge Web site for a public voting period of two weeks.
In addition to the functioning generator, Solvers must submit a
slide deck of no more than seven slides that describes how the
submission functions, how to install and operate the generator, the
system requirements to run the generator, and addresses the application
requirements.
Eligibility Rules for Participating in the Competition
To be eligible to win a prize under this challenge, an individual
or entity--
(1) Shall have registered to participate in the competition under
the rules promulgated by the Office of the National Coordinator for
Health Information Technology.
(2) Shall have complied with all the requirements under this
section.
(3) In the case of a private entity, shall be incorporated in and
maintain a primary place of business in the United States, and in the
case of an individual, whether participating singly or in a group,
shall be a citizen or permanent resident of the United States.
(4) May not be a Federal entity or Federal employee acting within
the scope of their employment.
(5) Shall not be an HHS employee working on their applications or
submissions during assigned duty hours.
(6) Shall not be an employee of Office of the National Coordinator
for Health IT.
(7) Federal grantees may not use Federal funds to develop COMPETES
Act challenge applications unless consistent with the purpose of their
grant award.
(8) Federal contractors may not use Federal funds from a contract
to develop COMPETES Act challenge applications or to fund efforts in
support of a COMPETES Act challenge submission.
An individual or entity shall not be deemed ineligible because the
individual or entity used Federal facilities or consulted with Federal
employees during a competition if the facilities and employees are made
available to all individuals and entities participating in the
competition on an equitable basis.
Entrants must agree to assume any and all risks and waive claims
against the Federal Government and its related entities, except in the
case of willful misconduct, for any injury, death, damage, or loss of
property, revenue, or profits, whether direct, indirect, or
consequential, arising from my participation in this prize contest,
whether the injury, death, damage, or loss arises through negligence or
otherwise.
Entrants must also agree to indemnify the Federal Government
against third party claims for damages arising from or related to
competition activities.
Registration Process for Participants
To register for this Challenge, participants can access http://www.challenge.gov and search for ``Digital Privacy Notice Challenge.''
[[Page 7673]]
Prize
Total: $25,000 in prizes
First Place: $15,000
Second Place: $7,000
Third Place: $3,000
Payment of the Prize
Prize will be paid by contractor.
Basis upon Which Winner Will be Selected
The review panel will make selections based upon the following
criteria:
Accurate use of model NPP content
Use of best practices in presenting web content for
consumption, including use of plain/understandable writing in any
additional framing language
Visual appeal
Capacity to link to other relevant covered entity content
Results from public voting period
In order for an entry to be eligible to win this Challenge, it must
meet the following requirements:
1. General--Contestants must provide continuous access to the tool,
a detailed description of the tool, instructions on how to install and
operate the tool, and system requirements required to run the tool
(collectively, ``Submission'')
2. Acceptable platforms--The tool must be designed for use with
existing web, mobile web, electronic health record, or other platform
for supporting interactions of the content provided with other
capabilities.
3. Section 508 Compliance--Contestants must acknowledge that they
understand that, as a pre-requisite to any subsequent acquisition by
FAR contract or other method, they are required to make their proposed
solution compliant with Section 508 accessibility and usability
requirements at their own expense. Any electronic information
technology that is ultimately obtained by HHS for its use, development,
or maintenance must meet Section 508 accessibility and usability
standards. Past experience has demonstrated that it can be costly for
solution-providers to ``retrofit'' solutions if remediation is later
needed. The HHS Section 508 Evaluation Product Assessment Template,
available at http://www.hhs.gov/od/vendors/index.html, provides a
useful roadmap for developers to review. It is a simple, web-based
checklist utilized by HHS officials to allow vendors to document how
their products do or do not meet the various Section 508 requirements.
4. No HHS or ONC logo--The app must not use HHS', ONC's, or OCR's
logos or official seals in the Submission, and must not claim
endorsement.
5. Functionality/Accuracy--A Submission may be disqualified if it
fails to function as expressed in the description provided by the user,
or if it provides inaccurate or incomplete information.
6. Security--Submissions must be free of malware. Contestant agrees
that ONC may conduct testing on the app to determine whether malware or
other security threats may be present. ONC may disqualify the
Submission if, in ONC's judgment, the app may damage government or
others' equipment or operating environment.
Additional Information
General Conditions: ONC reserves the right to cancel, suspend, and/
or modify the Contest, or any part of it, for any reason, at ONC's sole
discretion.
Intellectual Property: Winning entries as determined by ONC will be
licensed to all under the Apache License 2.0.
Authority: 15 U.S.C. 3719.
Dated: February 3, 2014.
Karen DeSalvo,
National Coordinator for Health Information Technology.
[FR Doc. 2014-02785 Filed 2-7-14; 8:45 am]
BILLING CODE 4150-45-P