Project Goals

In June 2008, the Office of the National Coordinator for Health Information Technology (ONC) began a multi-phase and iterative research project to develop an easy-to-understand the Personal Health Record (PHR) Model Privacy Notice. The project’s goals were twofold:

• Increase consumers’ awareness of PHR companies’ data practices
• Empower consumers by providing them with an easy way to compare the data practices of two or more PHR companies

About the PHR Model Privacy Notice

The Personal Health Record Model Privacy Notice is designed to be a standardized template that a web-based PHR company can use to succinctly inform consumers about its privacy and security policies. The PHR Model Privacy Notice is meant to be similar to other consumer-oriented “labels” that have been developed for other industries, such as the nutrition facts label for food and the Model Privacy Notice developed for the financial services industry for compliance with the Gramm-Leach Bliley Act. It is intended to focus only on some important information and does not substitute for more comprehensive privacy policies.

How the Notice was Developed
The development of the PHR Model Privacy Notice was completed over three separate phases:

Phase 1 included conversations with Federal experts in the area of privacy notices and privacy practices, an in-depth analysis of relevant background materials (such as consumer communication literature, actual PHR privacy policies, and other published analyses), and a limited round of consumer testing.

Phase 2 included solicitations of public comment and input from stakeholders in the public and private sector, consumers, and communication specialists. All input was reviewed and incorporated into the design process of the PHR Model Privacy Notice.

Phase 3 focused on further rounds of in-depth consumer testing to assess and analyze consumer understanding of the PHR Model Privacy Notice and further adjust the notice using consumer input. The PHR Model Privacy Notice was released for public use in September 2011.

Using the Personal Health Record Model Privacy Notice

The PHR Model Privacy Notice (online form) is available for PHR companies to begin using. PHR companies can answer the sections of the Notice template online to generate a company specific PHR Model Privacy Notice.

Backgrounder [PDF - 427 KB]: This document provides further details on why and how the PHR Model Privacy Notice was developed. In addition, this document highlights important key points about the PHR Model Privacy Notice.

PHR Model Privacy Notice Template [PDF - 40 KB]: This document represents the PHR Model Privacy Notice template before it is populated by company specific answers. When a PHR company uses the PHR Model Privacy Notice, consumers can find this Notice on the homepage for the company’s PHR.

Implementation Guide [PDF - 760 KB]: This guide will assistance PHR companies correctly populate a PHR Model Privacy Notice template and display the notice on the company's public website.

Consumer Guide [PDF – 1.4 MB]: This guide is intended to be a reference manual for consumers on using the PHR Model Privacy Notice. Though the PHR Model Privacy Notice has been designed to be simple and self-explanatory, ONC has provided this consumer guide to give further details on using the notice.