MPN GEN   Build MPN  GitHub  

Let's Build Your Privacy Notice

Welcome to the 1upHealth Model Privacy Notice Generator (mpn gen). This project is a response to the USA Challenge.gov Healthcare Privacy Policy Snapshot Challenge.


What's MPN GEN?

MPN GEN will help you create a Privacy Notice for consumers of your healthcare app, company, or organization. It has many features including form validation, multi-device friendly layout, and helpful user experience. The left side presents inputs for the Model Privacy Notice. The right side shows snippets of the output.


MPN GEN Video

 
MPN GEN will provide you a default styled privacy notice which you can see here. By filling out the form, MPN GEN will customize the the content of the Privacy Notice to your organization. User testing has shown simpler privacy notice formats are most desireable to healthcare consumers.

Preamble

The Model Privacy Notice (MPN) is a voluntary, openly available resource designed to help health technology developers provide transparent notice to consumers about what happens to their digital health data when the consumer uses the developer’s product. The MPN’s approach is to provide a standardized, easy-to-use framework to help developers clearly convey information about privacy and security to their users. The MPN does not mandate specific policies or substitute for more comprehensive or detailed privacy policies.

The Office of the National Coordinator for Health Information Technology (ONC) is updating the 2011 version of the MPN. The 2011 version focused on personal health records (PHRs), which were the emerging technology at the time. The health information technology market has changed significantly in the last five years and there is now a larger variety of products such as exercise trackers, wearable health technologies, or mobile applications that help individuals monitor various body measurements. As such, it is increasingly important for consumers to be aware of health technology developers’ privacy and security policies, including data sharing practices.

Preamble for Health Technology Developers

What is the Model Privacy Notice (MPN)?

The MPN is a voluntary, openly available resource to help health technology developers who collect digital health data clearly convey information about their privacy policies to their users. Similar to a nutritional label, the MPN provides a snapshot of a company’s existing privacy and security policies to encourage transparency and help consumers make informed choices when selecting products. The MPN does not mandate specific policies or substitute for more comprehensive or detailed privacy policies.

Who is the MPN for?

The MPN is for health technology developers whose technology or app uses and/or shares users'
health data.
Health data means: data that can include, but is not limited to: wellness information (e.g., exercise or fitness habits, nutrition, or sleep data), health markers (e.g., blood pressure, BMI, or glucose), information on physical or mental health conditions, insurance or health care information, or information that integrates into or receives information from a personal health record.

What laws might apply to you?

Health technology developers should consult the Federal Trade Commission (FTC)’s Mobile Health Apps Interactive Tool (which was developed in conjunction with the following Department of Health and Human Services offices and agency: ONC, Office for Civil Rights (OCR), and the Food and Drug Administration (FDA)) to determine if they need to comply with the FTC Act, the FTC’s Health Breach Notification Rule, HHS’s Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security and Breach Notification Rules, or FDA rules implementing the Federal Food, Drug & Cosmetic Act, as applicable. This tool is not meant to be legal advice about all compliance obligations, but identifies relevant laws and regulations from these three federal agencies.

Does use of this MPN satisfy HIPAA requirements to provide a notice of privacy practices?

No. The MPN does not ensure compliance with HIPAA or any other law. However, the MPN may be used, as applicable, in conjunction with a HIPAA notice of privacy practices (please see MPN). To find more information on HIPAA directed towards health technology developers, visit the HIPAA Q’s Portal for Health App Developers.


Create a Custom Model Privacy Notice


The MPN generator will help you create a Consumer Privacy Notice. It requires you provide links to a full company Privacy Policy, and, if applicable, HIPAA Notice of Privacy Practices and documentation for adjusting certain user perferences.

Each of these sections will be automatically checked as you complete them.


Data Use

Primary service

1upHealth stores health data from multiple sources



Use: How we use your data internally

We collect and use your identifiable data:

fill in to check "other" option



Share: How we share your data externally with other companies or entities

Is your identifiable data shared?

We share your identifiable data:

fill in to check "other" option


Is your data shared AFTER removing identifiers (note that remaining data may not be anonymous):

We share your data AFTER removing identifiers (note that remaining data may not be anonymous):

fill in to check "other" option



Sell: Who we sell your data to

We sell your identifiable data to data brokers, marketing, advertising networks, or analytics firms.

https://1uphealth.care/help/permissions-for-selling


We sell your data AFTER removing identifiers (note that remaining data may not be anonymous) to data brokers, marketing, advertising networks, or analytics firms.

https://1uphealth.care/help/permissions-for-selling


                                                                                                                                                                                                                                               


Data Use (Preview)



Use: How we use your data internally

We collect and use your
identifiable data
Identifiable data means: data, such as your name, phone number, email, address, health services, information on your physical or mental health conditions, or your social security number, that can be used on its own or with other information to identify you.
:



Share: How we share your data externally with other companies or entities

We share your
identifiable data
Identifiable data means: data, such as your name, phone number, email, address, health services, information on your physical or mental health conditions, or your social security number, that can be used on its own or with other information to identify you.
:



We share your data AFTER removing identifiers (note that remaining data may not be anonymous):



Sell: Who we sell your data to

Sold Data Do we sell?
We sell your identifiable data
Identifiable data means: data, such as your name, phone number, email, address, health services, information on your physical or mental health conditions, or your social security number, that can be used on its own or with other information to identify you.
to data brokers
Data broker means: companies that collect personal information about consumers from a variety of public and non-public sources and resell the information to other companies
, marketing, advertising networks, or analytics firms.
We sell your data AFTER removing identifiers (note that remaining data may not be anonymous) to data brokers
Data broker means: companies that collect personal information about consumers from a variety of public and non-public sources and resell the information to other companies
, marketing, advertising networks, or analytics firms.


Security

Is your organization is a HIPAA covered entity?

1upHealth Patient App


Select one of the following statements to be inserted into the privacy notice:

https://1uphealth.care/policy/hipaa



Store: How we store your data

Are your data stored on the device?

Are your data stored outside the device at our company or through a third party?


Encryption: How we encrypt your data

Does the app or technology use encryption to encrypt your data in the device or app?

https://1uphealth.care/help/encrypt-device


Does the app or technology use encryption to encrypt your data when stored on our company servers or with an outside cloud computing services provider?

https://1uphealth.care/help/encrypt-data-on-server


Does the app or technology use encryption to encrypt your data while it is transmitted?

https://1uphealth.care/help/encrypt-transmit



Privacy: How this technology accesses other data

Will this technology or app request access to other device data or applications, such as your phone’s camera, photos, or contacts?

It connects to ...

fill in to check "other" option


https://1uphealth.care/help/device-permissions


Does this technology or app allow you to share the collected data with your social media accounts, like Facebook?

https://1uphealth.care/help/social-permissions


                                                                                                                                                                                                                                               


Security (Preview)



Store: How we store your data

Stored Data Is it stored?
Are your data stored on the device?
Are your data stored outside the device at our company or through a third party?


Encryption: How we encrypt your data

Encrypted Data Is it encrypted?
Does the app or technology use
encryption
Encryption means: a method of converting an original message of regular text into encoded text in such a way that only authorized parties can read it.
to encrypt your data in the device or app?
N/A
Does the app or technology use
encryption
Encryption means: a method of converting an original message of regular text into encoded text in such a way that only authorized parties can read it.
to encrypt your data when stored on our company servers or with an outside
cloud computing
Cloud computing means: a kind of Internet-based computing that provides shared processing resources and data to computers and other devices on demand.
services provider?
N/A
Does the app or technology use
encryption
Encryption means: a method of converting an original message of regular text into encoded text in such a way that only authorized parties can read it.
to encrypt your data while it is transmitted?


Privacy: How this technology accesses other data

Other Data Is it accessed?
Will this technology or app request access to other device data or applications, such as your phone’s camera, photos, or contacts?
Does this technology or app allow you to share the collected data with your social media accounts, like Facebook?


User

User Options: What you can do with the data that we collect

Can you access, edit, share, or delete the data we have about you?

You can...

How do users access, edit, share or delete

Step 1) Click settings, Step 2) ... or visit the help center page http://1uphealth.care/help/permisisons



Deactivation: What happens to your data when your account is deactivated

When your account is deactivated/terminated by you or the company, your data are...

5



Policy Changes: How we will notify you if our privacy policy changes

Describe how/if the company will notify consumers of privacy policy changes (e.g. merger or acquisition) and provide link to section in privacy policy.

Step 1) Click settings, Step 2) ... or visit the help center page http://1uphealth.care/help/permisisons


https://1uphealth.care/privacy-policy#changes



Breach: How we will notify you and protect your data in case of an improper disclosure

Describe how the company will protect consumers’ data in the case of a breach and provide link to section in privacy policy.

In the event of a breach, we will ...


https://1uphealth.care/privacy-policy#breach


                                                                                                                                                                                                                                               


User (Preview)



User Options: What you can do with the data that we collect

Can you access, edit, share, or delete the data we have about you?


Deactivation
Deactivation means: an individual takes action or a company ceases operation or deactivates an individual’s account due to inactivity.
: What happens to your data when your account is deactivated

When your account is deactivated/terminated by you or the company, your data are...


Policy Changes: How we will notify you if our privacy policy changes

[user-useraccessPolicy] [user-privacyPolicyChangeLink]

Breach
Breach means: an unauthorized disclosure.
: How we will notify you and protect your data in case of an improper disclosure

Our company complies with all applicable laws regarding breaches. [user-useraccessNotification]

[user-privacyPolicyBreachLink]



Contact

Basic Info

1upHealth, Inc.


https://1uphealth.care/privacy-policy


Contact

https://1uphealth.care/contact-us


hello@1uphealth.care


347-422-7242


225 Centre St. Boston MA, 02119


United States


                                                                                                                                                                                                                                               


Contact (Preview)



Contact Us

[company-legalName]

Privacy Policy ([company-privacyPolicyLink])
Contact Page ([company-contactLink])

[company-email]
[company-contactNumber]

[company-legalName]
[company-address]
[company-country]

                                                                                                                                                                                                                                               

Export Privacy Notice As

  
  
Full Privacy Notice


Not all fields complete. Final Privacy Notice unavailable