Model Privacy Notice (MPN)

Model Privacy Notice (MPN)

The Model Privacy Notice (MPN) is a voluntary, openly available resource designed to help developers clearly convey information about their privacy and security policies to their users. Similar to the FDA Nutrition Facts Label, the MPN provides a snapshot of a company’s existing privacy practices encouraging transparency and helping consumers make informed choices when selecting products. The MPN does not mandate specific policies or substitute for more comprehensive or detailed privacy policies.

Privacy Policy Snapshot Challenge

ONC announced the Privacy Policy Snapshot Challenge in December 2016 and selected the winners in June 2017. The challenge called on designers, developers, and health data privacy experts to create an online MPN generator that is easy for health technology developers to use in customizing a privacy notice that is compelling and understandable to consumers. The Privacy Policy Snapshot Challenge leveraged updated MPN content developed by ONC, with feedback from Office for Civil Rights, Federal Trade Commission, and other private and public stakeholders that identifies certain areas that should be highlighted for the consumer.  Winners of this challenge created MPN generators that produce a customizable MPN for health technology developers, making it easier for consumers to see a product’s privacy and security policies. The winning generators are:

  1. R. Jason Cronk and Professor Daniel J. Solove
  2. 1upHealth

For more information about the winners, please see the press release at:

Additional information about this challenge is available at:

The 2018 version of the MPN template incorporates user feedback from participants of the Privacy Policy Snapshot Challenge.

Read the summary of the ONC’s Model Privacy Notice Privacy Policy Snapshot Challenge [PDF-263KB]

2016 Updated Model Privacy Notice

ONC recognized a need to to update the MPN. The 2011 version of the MPN was developed in collaboration with the Federal Trade Commission and focused on Personal Health Records (PHRs), which were the emerging technology at the time (view 2011 PHR version). The health IT market has changed significantly in the last five years and there is now a larger variety of products such as mobile applications (apps) and wearable devices that collect digital health information.

ONC issued a request for information on March 1, 2016 asking the public what information about privacy and security practices health technology developers should disclose to consumers and what language should be used to describe those practices. The public comment period closed on April 15, 2016. ONC received thirteen submissions with broad stakeholder representation - from developer organizations representing over 5,100 members, provider organizations representing over 200,000 providers, and consumer organizations representing patients and consumers across the country. The public comments are posted below.

2011 Personal Health Record Model Privacy Notice

About the PHR Model Privacy Notice [PDF - 427 KB]: This document provides further details on why and how the PHR Model Privacy Notice was developed. In addition, this document highlights important key points about the PHR Model Privacy Notice.

PHR Model Privacy Notice Template [PDF - 40 KB]: This document represents the PHR Model Privacy Notice template before it is populated by company specific answers. When a PHR company uses the PHR Model Privacy Notice, consumers can find this Notice on the homepage for the company’s PHR.

Implementation Guide [PDF - 760 KB]: This guide  assistants PHR companies correctly populate a PHR Model Privacy Notice template and display the notice on the company's public website.

Consumer Guide [PDF – 1.4 MB]: This guide is intended to be a reference manual for consumers on using the PHR Model Privacy Notice. Though the PHR Model Privacy Notice has been designed to be simple and self-explanatory, ONC has provided this consumer guide to give further details on using the notice.