MedeAnalytics - Security Restrictions

MedeAnalytics is a healthcare software company that provides organizations the tools to detect the greatest areas of risk and identify opportunities to improve their financial health.

Problem

PHI (Private Health Information) cannot be freely distributed as the information is confidential, but select users have access to PHI. How will we handle sharing reports containing PHI from the sender and receiver level?

Solution

Remove PHI when users have restricted access, and notify both ends when sharing/viewing a report that contains PHI.

Challenge

Create a solution that will not hinder user experience with sharing PHI.

Design

When a user has restricted access and is shared a report, specific parts of the report are removed for security reasons. Understanding this, the first task was to design a way to inform a user without interrupting their workflow. We tested several designs including a banner, toast message, and icon with a hover over tooltip. Based off the feedback, the icon with the tooltip on the report was seen to be less disruptive yet informed the user on their current view.

Not only is the experience of the recipient affected by security restrictions, but also the sender.

Modal Options

Designs to inform the sender that a receiver has limited access to information on the report

Final Modal

Design outcome for when a user shares a report with a limited user

View Restrictions

When the sender views the limited users, they will be able to see the specific metrics that the receiver does not have access to

Specs

Details for mock up

When a user adds individuals to share the report with, they needed a instant indication that there were individuals with security restrictions. Learning from the feedback given during testing, an icon was not clear enough to indicate a warning. When there is an icon with a tooltip, a user was able to see a warning and what caused it. To avoid the issue of a user hovering over multiple users to gain insight on why multiple members were restricted, a button link was added to display all users within the distribution list and their restrictions.

Key Findings

When testing iconography, an exclamation gave a "important, please take a look", crossed out eyes indicated "this person cannot see this", and question mark provided a "you did something wrong" meaning in this scenario. This alone taught me that depending on the scenario, icons are not always obvious visual indications and in this case, not enough to stand alone. To avoid an increase of mental stress from the user, it was important to provide more information in a non disruptive and overwhelming way.