Informing identity and access management frameworks for a hospital data platform

Client

Centers for Medicare & Medicaid Services

Duration

April 2021 - June 2021

Role(s)

Senior UX Researcher

UX Toolkit

Workshop Facilitation
User Interviews
Contextual Inquiries
Qualitative Coding
SWOT Analysis
Visual Communication

Software Used

Miro (whiteboarding)
Optimal Workshop's Reframer (data tagging and analysis)
Zoom (remote interviews)
User Interview's Research Hub (participant management and recruitment)
Calendly (scheduling)

Overview

In government, IT systems are usually designed to meet highly specific functional requirements mandated by legislation. I often describe working in government IT as stepping into a bureaucratic minefield—where legally mandated requirements are vague in scope yet rigid in execution. When I led greenfield development research efforts for the Centers for Medicare & Medicaid Services' (CMS) Hospital Quality Reporting (HQR) system, my goal was to align those functional requirements with user needs.

One of these projects involved conducting a study to help advocate for a new Identity and Access Management (IAM) framework. The intent was to address a long-standing pain point for corporate users who relied on complex workarounds to manage submission requirements across their networks of subsidiary hospitals.

This project was uniquely challenging because I had to communicate the complexity of various hospital network structures, clearly define the problem, and persuade skeptical stakeholders of the business value in addressing it. I utilized a conceptual learning approach that introduces complex ecosystems as broad concepts with deeper insights packaged in an addendum report. This provided a more approachable foundation for understanding—and eventually investigating—the nuances of the issue.

Through a mix of qualitative research, stakeholder workshops, and business analysis, I built a compelling case that led to the inclusion of a new IAM initiative on the product roadmap. Beyond the initial discovery phase, my coded qualitative data continued to inform design and operational decisions, ultimately saving our development organization several sprints worth of repeated studies.

I facilitated empathy workshops with stakeholders to build trust and inform research, which made delivering findings and recommendations much smoother.

Conceptual models illustrated variations in how healthcare organizations manage data reporting. Designers and developers referenced these models to shape UX flows and identity management policies for the new IAM framework.

After the discovery phase, I continued collaborating with designers to translate research insights into a working prototype for usability testing and future development.

Keep scrolling to read the full case study

Or click here to check out another project

Project Case Study

1. The Project

Hospitals participating in Medicare quality programs use the Hospital Quality Reporting (HQR) platform to submit abstracted claims data in return for monetary incentives. Originally built for individual hospitals, the platform didn't evolve with the industry's shift toward centralized quality reporting teams spanning across national and regional offices. As a result, organizations relied on complex workarounds involving email communications, custom guidance documents, and even third party services. The Centers for Medicare & Medicaid Services (CMS) needed to reassess their existing Identity and Access Management (IAM) framework to support the complex, varied ways modern healthcare systems operate.

“We own these facilities, but we don't get a say in how we structure account management in this system."

Hospital Quality Department IT Manager

2. My Role

I was a senior user researcher for a 90-person application development organization comprising five product teams, a centralized UX design team, and business owners who guided prioritization. This project was in the very early stages of product discovery. My goal was to help the organization understand the complex operational structures of hospital networks and clearly demonstrate how addressing these complexities would drive business value.

3. The Challenges

3.1. Business Owner Skepticism

Business owners were cautious about extending access to non-hospital users due to vague policy language around user eligibility in the HQR system. However, I needed their buy-in to champion business requirements and facilitate program operation improvements.

3.2. No One-Size-Fits-All Framework

Healthcare organizations varied widely in how they managed data submission. Differences in network size, management structures, program participation, and role distribution meant a single framework wouldn’t work for all.

4. The Approach

My process started by partnering with business owner stakeholders to build credibility, trust, and eventually garner buy-in. Before the research kick-off, I facilitated a series of empathy workshops to gauge the problem space from their perspective. I framed the project as a collective effort to evaluate the existing account management framework and its policy implications.

I knew my findings would be dense. Omitting key details could misrepresent a healthcare network and lead to costly misunderstandings. To balance depth with clarity, I used a conceptual learning approach: taking insights from user interviews to define broad, high-level concepts and presenting them through models grounded in real-world application.

5. Empathy Workshops

I facilitated workshop discussions with business owners to surface their concerns, assumptions, and biases around potential greenfield opportunities. These sessions shaped my research questions and allowed me to speak their policy language—building trust and demonstrating that their priorities were understood and valued.

Business owners documented their prior knowledge of hospital stakeholders and their challenges using color-coded stickies—green for their anecdotal insights and blue for evidence from prior research our UX team conducted.

We grouped stickies into key themes, labeled them using purple stickies, and abstracted them into business and operational concerns. Technical leads joined afterwards to provide their perspectives, revealing their challenges from an engineering standpoint.

6. User Interviews

Over a three-week period, I conducted 25+ user interviews to understand how corporate healthcare organizations are structured and coordinate data submissions. To maximize efficiency, I began interviews in the first week while continuing participant recruitment to account for late responders.

My interview style is indirect and conversational, guided by a conversation outline that keeps discussions aligned with research goals. For example, I asked participants to walk me through the last time they helped someone create or troubleshoot an account. This helped uncover whether the current IAM framework had led to new or adapted workflows.

From the empathy workshops, I identified three distinct user types most impacted by the platform’s existing access and permission framework. These insights directly informed the composition of my participant sample for user interviews.

I mapped key themes from the empathy workshops—such as Relationship—to broader research questions (highlighted in blue) that required deeper investigation. Each research question was then broken into broad prompts to spark open-ended discussion, with more targeted follow-ups used to dive deeper based on participants’ initial responses.

7. Qualitative Data Coding and Theme Analysis

To analyze the large volume of interview data, I broke down my notes into smaller snippets including quotes, observations, and insights, and organized them in Optimal Workshop's Reframer tool. Each snippet was grouped under its respective session, then tagged and segmented based on themes. I defined the segments and codes according to my research objectives to ensure alignment with the study’s goals.

Each interview session was segmented by unique hospital and participant characteristics, such as facility size, organizational structure, participating programs, and other relevant contextual factors.

I collected a total of 154 snippets of qualitative observations, each individually tagged using qualitative codes. These codes were predetermined based on the research objectives to maintain consistency and minimize directional drift during analysis.

By filtering different combinations of tags, I explored cross-sections of various user and hospital characteristics, which helped surface patterns and generate meaningful themes.

8. Conceptual Learning Models

My interviews focused on understanding how hospital networks structure and coordinate data submissions. These insights enabled me to create conceptual learning models that simplified complex organizational structures. I also shared my coded qualitative observations and themes with cross-functional teams. This top-down approach helped stakeholders quickly grasp unfamiliar concepts while giving them the flexibility to explore deeper details at their own pace.

Each model represented a different operational structure for coordinating data submissions.

I also provided deeper insights and a SWOT analysis for each model to highlight how it performed within the current IAM framework. This helped stakeholders clearly understand the nuances of each model and grasp the full scope of the problem.

After introducing the conceptual models, I presented scenarios comparing the HQR IAM framework with more conventional systems to emphasize its limitations.

9. Outcomes-Oriented Problem Statement

Putting complaints about the HQR's account structure at the center of the problem statement would immediately draw controversy from our business owners. I also wanted to avoid being too prescriptive and risk pigeonholing the product team to a single solution.

To align the organization on a shared outcome and allow for flexibility in exploring new ideas, I crafted the following problem statement for a product initiative:

How might we offer efficiency for hospitals who rely on their corporate counterparts to coordinate quality data submissions or submit on their behalf?

10. The Outcome

After presenting my findings and artifacts, I was met with enthusiasm and empathy from stakeholders—thanks in large part to the early efforts spent building trust. Even our most skeptical business owner acknowledged opportunities for operational improvements, despite policy constraints around expanding access to corporate users. Ultimately, I successfully advocated for the new IAM framework to be added to the product roadmap.

Following the study, I continued supporting business owners and product teams by helping them navigate the more complex research findings. Designers and developers often relied on my qualitative data to inform design and implementation decisions, such as user provisioning and deprovisioning policies.

A year later, new features supporting corporate-level user access were finally deployed to the HQR production environment.

Because of how my qualitative observations were coded, I could quickly re-abstract insights to answer questions from our product teams.

The identity, access, and permissions product team implemented a hierarchical account management structure that enabled corporate users to request special access to their subsidiary hospitals’ submission portals.

Subsidiary hospitals would still manage and approve access requests, which addressed business owners’ primary concern of prioritizing hospital accounts over those of corporate users.

Check out another project

Google Sites

Report abuse