Informing identity and access management frameworks for a hospital data platform

Overview

In government, IT systems are usually designed to meet highly specific functional requirements mandated by legislation. I often describe working in government IT as stepping into a bureaucratic minefield—where legally mandated requirements are vague in scope yet rigid in execution. When I led greenfield development research efforts for the Centers for Medicare & Medicaid Services' (CMS) Hospital Quality Reporting (HQR) system, my goal was to align those functional requirements with user needs. 

One of these projects involved conducting a study to help advocate for a new Identity and Access Management (IAM) framework. The intent was to address a long-standing pain point for corporate users who relied on complex workarounds to manage submission requirements across their networks of subsidiary hospitals.

This project was uniquely challenging because I had to communicate the complexity of various hospital network structures, clearly define the problem, and persuade skeptical stakeholders of the business value in addressing it. I utilized a conceptual learning approach that introduces complex ecosystems as broad concepts with deeper insights packaged in an addendum report. This provided a more approachable foundation for understanding—and eventually investigating—the nuances of the issue. 

Through a mix of qualitative research, stakeholder workshops, and business analysis, I built a compelling case that led to the inclusion of a new IAM initiative on the product roadmap. Beyond the initial discovery phase, my coded qualitative data continued to inform design and operational decisions, ultimately saving our development organization several sprints worth of repeated studies.