Digital Privacy Notice Challenge

• Background Research
• Final Notice of Privacy Practices Deliverables

The Challenge is a call for designers, developers, and patient privacy experts to create an online model notice of privacy practices that is compelling, readable, and understandable by patients and is easily integrated into existing entity web sites. Submissions will use the content and design elements developed recently as part of the joint ONC/OCR paper-based model NPP project. Submitters are challenged to take the model language and format(s) and develop effective approaches to integrating them into an online interface. The module, or generator, is intended to live on GitHub and be made available open-source such that any organization can implement it on its Web site. The intent of the challenge is to design a model digital notice that creatively informs and educates the user, so simply cutting-and-pasting the content into an online document will not be sufficient to win an award.

The Submission must:

• Use the content developed jointly by ONC and OCR, available at http://www.hhs.gov/ocr/privacy/hipaa/modelnotices.html.  The formatting design elements of the paper notices were consumer-tested and should be looked to as a guide, but successful submissions will factor in the differences between reading and consuming content on paper versus online.
• Allow organizations using it to customize the content, consistent with the options made available through the paper-based model.

Your solution should be developed as an HTML webpage styled using CSS (or SASS) that is powered by a framework, library, or plugin developed in JavaScript that is packaged and made available as one of the following:

• JQuery Plugin
• Node.JS Module
• Standalone Script

You may use HTML5/CSS3,but keep in mind that provider systems may offer support for lower browser versions so you will want your solution to degrade gracefully.

Solvers must submit the following through the “Submit an Entry” buttons on the site:

• Framework, library, or plugin file(s)
• ReadMe file that documents usage and installation instructions and system requirements (including supported browsers)
• Slide deck of no more than seven slides that describes how the submission functions and addresses the application requirements

Solvers must also link to a Github Repository with the submission files, the ReadMe file, and a link to a demo page to try it out. Solvers can make the Repository private so that their code is not out in the open.

At the end of the submission period, Submissions will be posted on the challenge website for a public voting period of two weeks.

• Submission period begins: February 7, 2014
• Submission period ends: April 7, 2014
• Winners notified: May 1, 2014
• Winners Announced: Event TBD May-June, 2014

• Total: $25,000 in prizes
• First Place: $15,000
• Second Place: $7,000
• Third Place: $3,000

The review panel will make selections based upon the following criteria:

• Accurate use of model DPN content (no deviation from the model notice language)
• Use of best practices in presenting Web content for consumption, including use of plain/understandable writing in any additional framing language
• Visual appeal
• Capacity for entity to customize content and link to other relevant entity content
• Results from public voting period

Review Panel coming soon!

Winning entries as determined by ONC will be licensed to all under the Apache License 2.0.

In order for an entry to be eligible to win this Challenge, it must meet the following requirements:

• General – Contestants must provide continuous access to the tool, a detailed description of the tool, instructions on how to install and operate the tool, and system requirements required to run the tool (collectively, “Submission”)
• Acceptable platforms – The tool must be designed for use with existing web, mobile web, electronic health record, or other platform for supporting interactions of the content provided with other capabilities.
• Section 508 Compliance – Contestants must acknowledge that they understand that, as a pre-requisite to any subsequent acquisition by FAR contract or other method, they are required to make their proposed solution compliant with Section 508 accessibility and usability requirements at their own expense. Any electronic information technology that is ultimately obtained by HHS for its use, development, or maintenance must meet Section 508 accessibility and usability standards. Past experience has demonstrated that it can be costly for solution-providers to “retrofit” solutions if remediation is later needed. The HHS Section 508 Evaluation Product Assessment Template, available at http://www.hhs.gov/od/vendors/index.html, provides a useful roadmap for developers to review. It is a simple, web-based checklist utilized by HHS officials to allow vendors to document how their products do or do not meet the various Section 508 requirements.
• No HHS or ONC logo – The app must not use HHS’, ONC’s, or OCR’s logos or official seals in the Submission, and must not claim endorsement.
• Functionality/Accuracy – A Submission may be disqualified if it fails to function as expressed in the description provided by the user, or if it provides inaccurate or incomplete information.
• Security – Submissions must be free of malware. Contestant agrees that ONC may conduct testing on the app to determine whether malware or other security threats may be present. ONC may disqualify the Submission if, in ONC’s judgment, the app may damage government or others’ equipment or operating environment.