🌸 Jenny Ho 🎨 Design work 👩🏻‍💻 More about me 🌞 Resume 🌊 Say hi 🌸 Jenny Ho 🎨 Design work 👩🏻‍💻 More about me 🌞 Resume 🌊 Say hi 🌸 Jenny Ho 🎨 Design work 👩🏻‍💻 More about me 🌞 Resume 🌊 Say hi 

Simplifying permissions to share client data

Research, product design, information architecture

Healthify (acquired by WellSky) was a startup that addressed health inequities by connecting people to social services. Case managers can find resources for their clients, create referrals, and check on progress made.

We experimented with lightweight ways to keep client data secure.

The challenge

When a case manager refers a client to a social service on Healthify, the client’s entire profile, including potentially sensitive data, is shared with both organizations. 

Since there aren’t any privacy permissions or recorded client consent, customers are restricted on who they can work with. This includes places offering life-saving services related to behavioral health, substance use, and domestic violence.

What I did

I conducted user research to clean up client profile pages, created new design patterns for privacy controls, held design review sessions, and conducted usability tests. 


Our usability tests led to a simpler solution than originally scoped, saving months of engineering time. Plus, the sales team can now tell prospects that Healthify had measures to ensure client privacy.

What needs to be hidden?

The product manager conducted prior research with customers and internal stakeholders to determine which levels of privacy we needed:
  • Share with any organization that already has access to the client.
  • Restrict to specific types of organizations that already has access to the client.
  • Restrict to a user’s team.

This gave us an opportunity to improve client profile pages. How could we group details to make editing permissions easier?

I ran a card sorting exercise where users sort a fake patient’s details however they saw fit. The most common groups were demographic, contact, and health data.

The new information architecture

After the first round of research, the product manager and I checked with our legal counsel on privacy restrictions. I then made interactive spreadsheets with data sharing scenarios to confirm product requirements.

Based on card sorting results and legal requirements, we reorganized the client profile page. We also added a highly visible form to record whether a client consents to share their health data.

Building a UI system for permissions

I designed a simple dropdown interaction for users to edit privacy settings across different parts of the app.

Breaking the design with usability testing

A product manager and I ran usability testing sessions with participants with varying levels of authority: customer stakeholders, project administrators, and case workers. We asked them to edit privacy settings on a sample client page.
Permissions didn’t work. Testers had a hard time figuring out how permissions worked. Plus, organizations they work with don’t neatly fit into our predefined options. However, testers liked the client consent checkbox, since recording consent is standard for them already.

Recording client consent on referrals

We implemented a simpler solution: referral-based consent. Whenever a user sends a referral, they must click a checkbox to acknowledge that they’ve obtained their client’s consent to share health data. Otherwise, they cannot proceed.

We cleared this approach with our legal counsel, client services team, and customers.


A year and a half later, my information architecture research informed the redesigned client profile page. Demographic details are in a collapsible section under the header, thus freeing up screen space for new case management features.