Healthcare Information Security

Patient Privacy News

ONC Privacy Policy Snapshot Challenge Wants Online Patient Tool

The recently announced ONC Privacy Policy Snapshot Challenge hopes to create a tool to generate a user-friendly snapshot of a product’s privacy practices.

By Elizabeth Snell

In an effort to create an online tool that will generate a user-friendly snapshot of a product’s privacy practices, the Office of the National Coordinator (ONC) announced the Privacy Policy Snapshot Challenge earlier this week.

ONC pushes patient privacy rights with challenge to stakeholders

Additionally, ONC showcased a live demonstration of consumer-friendly apps that can help individuals access a consolidated list of their medications from a variety of sources in one place.  ONC made the announcement and presentation at the annual Connected Health Conference, which was hosted by the Personal Connected Health Alliance.

National Coordinator for Health IT B. Vindell Washington, MD, MHCM explained that the private sector has made great advances when it comes to helping individuals access their own medication data.

“This is just the latest example of the health IT progress and infrastructure that has resulted from public-private collaboration over the past eight years to improve the health and care of individuals and communities,” Washington said in a statement.

The ONC Privacy Policy Snapshot Challenge wants developers, designers, health data privacy experts, and any other innovators to come together and use content from the MPN template - PDF to create the tool for individuals.

The submission deadline is April 10, 2017, with ONC awarding a total of $35,000 in prizes for the Challenge. Winners are expected to be announced in mid-2017.

“The MPN and Challenge reflect ONC’s overall efforts to address the rapid pace of change regarding wearables and other types of health information technology,” ONC stated. “As ONC outlined in a July 2016 report to Congress, Examining Oversight of the Privacy & Security of Health Data Collected by Entities Not Regulated by HIPAA - PDF,many new businesses use consumer-facing technology to collect, handle, analyze, and share health information about individuals – sometimes without those individuals’ knowledge.”

The ONC report to Congress was developed in coordination with the OCR and the Federal Trade Commission (FTC), and discussed how there is a potential risk in the gaps that exist between HIPAA covered entities and non-HIPAA entities.

Furthermore, PHI security issues could arise along with the increase in certain technologies that collect and potentially share individuals’ health information, such as wearables and fitness trackers.

“A critical piece of improving health care for patients in today’s system involves the patient being at the center of his or her care,” the report’s authors explained. “This includes having access to data about their health, while maintaining the confidentiality and integrity of that data.”

There is a lack of clear guidance as to how wearable fitness trackers, health social media, and mobile health apps may pose privacy or security threats to health information, according to ONC, and improvements need to take place “around consumer access to, and privacy and security of, health information collected, shared, and used” by non-HIPAA covered entities.  

The ONC has been making a stronger push for patients to have access to their own data for some time, and also ensuring that individuals fully understand their access rights under HIPAA regulations.

Over the summer of 2016, ONC released a series of videos explaining the rights patients have to access their health information.

“Many people are not fully aware of their right to access their own medical records under the Health Insurance Portability and Accountability Act (HIPAA), including the right to access a copy when their health information is stored electronically,” ONC’s Chief Privacy Officer Lucia Savage, J.D. said in a statement. “The videos we released today highlight the basics for individuals to get access to their electronic health information and direct it where they wish, including to third party applications.”

Dig Deeper:


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks