By Brandon Ge and Alaap Shah

The Department of Health and Human Services (“HHS”) is taking laudable steps to improve notices of privacy practices (“NPPs”) and make them more clear, understandable, and user-friendly. Under the HIPAA Privacy Rule, individuals are entitled to a receive an NPP informing them of how their health information may be used and shared, as well as how to exercise their health privacy rights. Health plans and health care providers must develop and distribute NPPs that clearly explain these rights and practices. Unfortunately, to date NPPs have been poorly designed, hard to navigate and unclear with regard to patient rights or company obligations regarding use and disclosure of health information.

Privacy is just as much about protecting patients’ rights to data as it is about protecting data. The HIPAA Omnibus Rule, CLIA Rule, and others are designed to improve patient access to their medical records, empowering them to actively manage their health. The digitization of medical records, in the form of electronic health records, personal health records, patient portals, and the like, facilitates patient engagement in healthcare if used properly.  However, ineffective NPPs create barriers for patient understanding their rights.

NPPs that clearly convey patients’ privacy rights are critical in enabling patients to take a more active role in healthcare. Conversely, if patients do not understand NPPs, then they won’t have a good sense of their privacy rights, including their right to access their health information. Some critiques regarding NPPs include that they are frequently lengthy and include legalese that the general public has difficulty understanding.  To remedy these concerns, some suggest simplifying language and “layering” the notice—that is, including a short summary of the individual’s rights as a first layer and including a longer, more detailed explanation as a second layer—would go a long way toward improving the readability of NPPs.

In an effort to address criticisms of NPPs, last month, the Office of the National Coordinator for Health Information Technology (“ONC”) collaborated with the HHS, Office for Civil Rights (“OCR”) to develop model NPPs that clearly convey the required information to patients in an accessible format. Covered entities can customize these model NPPs and then display them and distribute them to patients.

ONC and OCR have also thrown down the gauntlet and established the Digital Privacy Notice Challenge, which will award $15,000 to the creators of the best online NPP (second place wins $7,000 and third place gets $3,000). The challenge calls for designers, developers, and privacy experts to use the model notices as a baseline and create an online NPP that is clear, effectively informs patients of their privacy rights, and is easily integrated online. Once submissions are finalized, the public will have two weeks to vote on the best submission.

The submission period ends on April 7, 2014, and winners will be announced in May or June of 2014.

Does your organization think it has what it takes to win this challenge?

 

Follow Alaap Shah on Twitter: @HealthITLawyers

Back to Health Law Advisor Blog

Search This Blog

Blog Editors

Related Services

Topics

Archives

Jump to Page

Subscribe

Sign up to receive an email notification when new Health Law Advisor posts are published:

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.