Jenny Ho
Making property data approachable at Archipelago
Improving access to social services at Healthify
Personal projects
Healthify
Securing client privacy
Research, product design
The challenge: When a case manager refers a client to a social service on Healthify, the client’s entire profile, including potentially sensitive data, is shared with both organizations.
Since there aren’t any privacy permissions or recorded client consent, customers are restricted on who they can work with. This includes places offering life-saving services related to behavioral health, substance use, and domestic violence.
The solution: We needed to add a lightweight system to share sensitive client data.
My role: I conducted user research to clean up client profile pages, created new design patterns for privacy controls, held design review sessions, and conducted usability tests.
Impact: Our usability tests led to a simpler solution than originally scoped, saving 3 months of engineering time. Plus, the sales team can now tell prospects that Healthify had measures to ensure client privacy.
Since there aren’t any privacy permissions or recorded client consent, customers are restricted on who they can work with. This includes places offering life-saving services related to behavioral health, substance use, and domestic violence.
The solution: We needed to add a lightweight system to share sensitive client data.
My role: I conducted user research to clean up client profile pages, created new design patterns for privacy controls, held design review sessions, and conducted usability tests.
Impact: Our usability tests led to a simpler solution than originally scoped, saving 3 months of engineering time. Plus, the sales team can now tell prospects that Healthify had measures to ensure client privacy.
What needs to be hidden?
The product manager conducted prior research with customers and internal stakeholders to determine which levels of privacy we needed:- Share with any organization that already has access to the client.
- Restrict to specific types of organizations that already has access to the client.
- Restrict to a user’s team.
This gave us an opportunity to improve client profile pages. How could we group details to make editing permissions easier?
I ran a card sorting exercise where users sort a fake patient’s details however they saw fit. The most common groups were demographic, contact, and health data.
The most common groups.
The most consistent categories.
The most common pairings.
Make the information architecture make sense.
After the first round of research, the product manager and I checked with our legal counsel on privacy restrictions. I made interactive spreadsheets with data sharing scenarios to confirm product requirements.Legal-approved information architecture.
Start with the client consent form and demographics.
Scroll down for client care information, referrals, and attachments.
Complex permissions can look simple.
I designed a dropdown interaction for users to edit privacy settings across different parts of the app.Users choose a privacy level with this dropdown.
Permissions also apply to attachments, referrals, and screenings.
This can be done when sending an individual referral.
Same with bulk referrals.
Permissions didn’t work.
A product manager and I ran usability testing sessions with participants with varying levels of authority: customer stakeholders, project administrators, and case workers. We asked them to edit privacy settings on a sample client page.Testers had a hard time figuring out how permissions worked. Plus, organizations they work with don’t neatly fit into our predefined options.
However, testers liked the client consent checkbox, since recording consent is standard practice already. The large UI make it obvious that they got their client’s consent.
Recording client consent is easier.
We implemented a simpler solution: referral-based consent. Whenever a user sends a referral, they must click a checkbox to acknowledge that they’ve obtained their client’s consent to share health data. Otherwise, they cannot proceed.There's a checkbox when users send a referral.
Our legal counsel, client services team, and customers cleared our approach!
Post-script
A year and a half later, my information architecture research informed the redesigned client profile page. Demographic details are in a collapsible section under the header, thus freeing up screen space for new case management features.The new client profile page.
Expand to see client details.