US Government

Giving Users Control Over Sensitive Healthcare Data

I was the Product Design/UX Lead on a team building an API platform for a large US Government Agency. The platform was designed to empower people to take ownership of their data and share it with third-party applications of their choosing. This project involved vetting and partnering with dozens of third-party organizations, building out the API public-facing documentation (developer experience) and safeguarding the transmission of sensitive data.

Role

Product Design / UX Lead

Year

2016-2018

Team

Product Design/UX Lead (Me) + Platform Engineering Team

Key Outcome

100% mandated adoption of new privacy controls

Giving Users Control Over Sensitive Healthcare Data

The Problem

  • Users are required to give consent to share their protected data (PII/PHI) with third-parties.
  • Based on call center data and analytics, we knew some users seemed confused about the mechanics of using their agency credentials to authorize data on a separate third-party application.
  • We suspected there was also a deeper issue - a lack of nuanced knowledge and understanding about the mechanics and implications of sharing sensitive data.
  • How might we try to improve people’s ability to share their healthcare information while also ensuring they understand what data they are sharing, and the risks involved?

Approach

Start with Research

  • Presented to stakeholders, got approval for inter-agency research, and developed the research plan and conversation guides
  • To overcome outreach restrictions, partnered with a research department at another government agency to ensure a higher fidelity of participant recruitment demographics.
  • Conducted ~15 moderated usability testing sessions with users, watching them walk through the authorization process

The authorization screen used in testing revealed multiple design improvements that needed to be made. Despite this simple, one-screen UI - the implications of getting this content wrong could risk users facing unintended consequences sharing extremely personal and private medical information.

Research Results

The research made it clear that our hypothesis was correct - users really struggled to understand the concepts around data sharing. They would need a user interface that allowed them to give them more choice and nuance, instead of a warning and an "all or nothing" binary selection.

Prototype Iteration

  • First, we iterated on the designs to attempt to make the data sharing nuance more clear (and also to make the authentication page mobile-friendly)
  • Next, we redesigned the authentication page to match the agency's branding and design system to reduce user’s confusion after credentialing
  • Finally, we introduced “scopes” on the backend so that we could build a front-end that allowed for more granularity of data sharing
  • For testing, we leveraged our third-party application partners to test with their users for each of the use cases and report back findings.

Outcomes

  • We saw immediate user adoption of the scopes feature, and kicked-off development of even more granular scopes, based on use case (i.e. if a third-party only needs medication information, they should be unable to even request additional data).
  • We created contextual reminder emails for users to remind users what apps had access to their data and how to revoke it.
  • We introduced requirements for third-parties to give clear instructions of the revocation of data to users.
  • We even created an automated enforcement tool to detect changes to third-party privacy policies and terms-of-service documents that would trigger notification for users.