• Print

Privacy & Security Policy

Personal Health Record (PHR) Model Privacy Notice

Model Privacy Notice (MPN) Project Updates:

ONC is embarking on an effort to update the Model Privacy Notice (MPN) — a voluntary, openly available resource designed to help developers provide transparent notice to consumers about what happens to their data. The MPN’s approach is to provide a standardized, easy-to-use framework to help developers clearly convey information about privacy and security to their users.

The 2011 version of the MPN was developed in collaboration with the Federal Trade Commission and focused on Personal Health Records (PHRs), which were the emerging technology at the time. In 2016, we want to make it a more useful resource for consumers and developers in a market with more varied products that are collecting more types of different digital health information than ever.

A modernized MPN would serve as a voluntary resource for health technology developers who want to give notice of their information practices to their users in an understandable way. ONC put out a request for information on March 1, 2016 and sought comment on what information practices health technology developers should disclose to consumers and what language should be used to describe those practices. The public comment period closed on April 15, 2016. We received thirteen submissions with broad stakeholder representation - from developer organizations representing over 5,100 members, provider organizations representing over 200,000 providers, and consumer organizations representing patients and consumers across the country. The public comments are posted here.

Project Goals

In June 2008, the Office of the National Coordinator for Health Information Technology (ONC) began a multi-phase and iterative research project to develop an easy-to-understand the Personal Health Record (PHR) Model Privacy Notice. The project’s goals were twofold:

  • Increase consumers’ awareness of PHR companies’ data practices
  • Empower consumers by providing them with an easy way to compare the data practices of two or more PHR companies

About the PHR Model Privacy Notice

The Personal Health Record Model Privacy Notice is designed to be a standardized template that a web-based PHR company can use to succinctly inform consumers about its privacy and security policies. The PHR Model Privacy Notice is meant to be similar to other consumer-oriented “labels” that have been developed for other industries, such as the nutrition facts label for food and the Model Privacy Notice developed for the financial services industry for compliance with the Gramm-Leach Bliley Act. It is intended to focus only on some important information and does not substitute for more comprehensive privacy policies.

How the Notice was Developed
The development of the PHR Model Privacy Notice was completed over three separate phases:

Phase 1 included conversations with Federal experts in the area of privacy notices and privacy practices, an in-depth analysis of relevant background materials (such as consumer communication literature, actual PHR privacy policies, and other published analyses), and a limited round of consumer testing.

Phase 2 included solicitations of public comment and input from stakeholders in the public and private sector, consumers, and communication specialists. All input was reviewed and incorporated into the design process of the PHR Model Privacy Notice.

Phase 3 focused on further rounds of in-depth consumer testing to assess and analyze consumer understanding of the PHR Model Privacy Notice and further adjust the notice using consumer input. The PHR Model Privacy Notice was released for public use in September 2011.

Using the Personal Health Record Model Privacy Notice

ONC is working on updating the Model Privacy Notice. Stay tuned for a revised version soon!

Backgrounder [PDF - 427 KB]: This document provides further details on why and how the PHR Model Privacy Notice was developed. In addition, this document highlights important key points about the PHR Model Privacy Notice.

PHR Model Privacy Notice Template [PDF - 40 KB]: This document represents the PHR Model Privacy Notice template before it is populated by company specific answers. When a PHR company uses the PHR Model Privacy Notice, consumers can find this Notice on the homepage for the company’s PHR.

Implementation Guide [PDF - 760 KB]: This guide will assistance PHR companies correctly populate a PHR Model Privacy Notice template and display the notice on the company's public website.

Consumer Guide [PDF – 1.4 MB]: This guide is intended to be a reference manual for consumers on using the PHR Model Privacy Notice. Though the PHR Model Privacy Notice has been designed to be simple and self-explanatory, ONC has provided this consumer guide to give further details on using the notice.

Public Comments

ACT Comments [PDF - 308 KB]

AMA Comments [PDF - 230 KB] 

CDT Comments [PDF - 111 KB]

Comments on Updates [PDF - 511 KB]

Consumer Partnership for eHealth Comments [PDF - 418 KB]

CTA Comments [PDF - 237 KB]

DirectTrust Comments [PDF - 199 KB] 

GetMyHealthData Comments [PDF - 785 KB]

Humetrix Comments [PDF - 148 KB]

Linda Van Horn Comments [PDF - 179 KB]

NATE Comments [PDF - 308 KB]

National Partnership Comments [PDF - 536 KB]

PatientPrivacyRights Comments [PDF - 147 KB]