Trust Framework

What is the PPR Framework?

The PPR Framework is a set of 75+ auditable criteria that measure how much technology protects data privacy. It can offer ALL health care consumers the ability to control their most sensitive and sacred personal information by empowering patients to make meaningful choices about HIT systems and products based on attestation to the tough privacy principles and criteria they expect for health information.

Who developed the PPR Framework?

PPR and the bipartisan Coalition for Patient Privacy, in concert with Microsoft and a health consulting firm, developed and tested a set of privacy principles and standards, operationalized in criteria that should be built into all electronic systems, platforms, and applications that handle personal health data in order to prove that they are worthy of trust.

What is PPR Framework based on?

The PPR Framework is grounded in American’s longstanding civil, human, and ethical rights to health information privacy. It is based on the bipartisan consumer privacy policies and principles established by members of the Coalition for Patient Privacy in 2007.

What does the PPR Framework test?

The PPR Framework tests whether health IT, platforms, applications, and research projects comply with the gold-standard privacy principles the bipartisan Coalition for Patient Privacy established in 2007-2008 over a period of 18 months. A patent is pending to assure that this system can be widely used to measure how closely systems, platforms, and applications meet patients’ expectations for control over personal data, and expectations of state-of-the art data security.

Who will benefit?



Developers of health IT systems, platforms, applications, and organizations that claim to be committed to privacy should be able to outwardly reflect that avowed commitment. Privacy seals could be awarded for compliance with the PPR Trust Framework and would distinguish trustworthy organizations that are truly making a full and good-faith effort to honor individuals’ right to privacy from all the rest. Patients are the greatest beneficiaries of the PPR Trust Framework. They should be able to protect themselves and easily see which electronic records systems, applications, and websites to avoid. Restoring patient control will offer consumers the ability to reap the rewards of health IT by enabling them to select systems worthy of trust.

PPR Trust Framework

Today’s data-rich networked society makes deployment of trusted electronic systems practical and painless. PPR believes organizations can earn public trust by attesting and adhering to the principles outlined in its Trust Framework and privacy certification process. In 2008, PPR, Microsoft, and a health consulting firm developed and tested this robust privacy certification program on HealthVault. Several key consumer organizations, inducing the ACLU and Consumer-Action, participated in the development and testing of the PPR Trust Framework.


PPR’s Trust Framework could be used for a formal privacy certification process. It differs from other health IT certification processes because it is designed specifically to enhance consumer engagement, education, and trust in electronic systems, platforms, and applications that hold individuals’ personal health information.


Public awareness of privacy-positive companies and organizations would be a very significant step and create pressure to restore privacy and the Constitutional liberties and freedoms that the Digital Age has violated. As more and more consumers – of healthcare and other products and services – become better educated about their privacy rights and the existing and growing threats to those rights, they will look for privacy-committed companies with which they can do business. Consumers will reward good business practices by participating in systems or projects that are publicly committed to operate in compliance with the Trust Framework’s privacy principles.


The PPR Framework can play an integral role in building a vibrant, trusted research ecosystem. In general, the public is altruistic and willing to participate in research, provided that they know they have control over their information and can choose the type of research in which they participate. Furthermore, they want to know that the platforms and applications they donate their information to are trustworthy and secure. The Trust Framework offers research organizations and institutions the opportunity to demonstrate their commitment to informed consent and strong data security and data privacy protections.

Click here for a nutshell overview of Principle 1 of PPR’s Trust Framework.
Click here to read more about the Framework criteria

Copyright © 2010 – 2013 PPR. All rights reserved.