Enhancing Evernorth's Universal Onboarding

How to improve the privacy compliance and usability of Evernorth Healthcare's Universal Onboarding Flow?

UX Research Apprenticeship

TLDR - About the Opportunity

Evernorth Healthcare's Universal Onboarding Login Flow is used by 112 million patients and insurance customers in the US. Ensuring a quick and easy login flow compliance with best practices for data management (especially biometrics) is crucial to ensuring user retention, decreasing user abandonment and inciting brand trust. Additionally, as a healthcare company, it is important to comply with accessibility standards to provide inclusive access to people with disabilities.

Team & Role

Timeline

I independently led this project, while reporting to two Sr. UX Researchers at Evernorth.

Mid-January till March 2024

UX Methods I Used

Tools

• Literature Reviews
• Heuristic Evaluation
• Remote, Moderated Usability Testing

UserZoom, Figma, Excel

Project Roadmap

01

Project Scope

Define project objectives
Form a schedule + designate responsibilities

02

Literature Review & Heuristic Evaluation

Research and synthesis of design guidelines for enhancing privacy and user trust
Framework and severity levels
Examination of user flows
Debrief session

03

Usability Testing & Interviews

Screener survey
Participant recruitment + scheduling
Tasks & test script
Success metrics
Task analysis with think aloud protocol
Follow-up questions

04

Data Analysis & Benchmarking

Thematic analysis
Quantify success metrics
Debrief session
Prioritize pain points
Actionable recommendations

Goals

Assess concrete ways of enhancing privacy compliance across Universal Onboarding flows

Determine whether iconography, content design and layout are sufficient for communication

Identify pain points while inputting information for login
khkhkhk

Objectives

Assess usability of tasks as compared to results of heuristic evaluation.

Understanding users’ thought process while they input information related to login and verification.

Understand user preferences related to login, entering password, securing identity, biometric or Face ID.

Literature Reviews

Powered by Webflow
FacebookTwitterInstagram

To synthesize data management and storage guidelines for the UX and content design teams, I reviewed 20+ academic papers and articles on privacy in HCI and healthcare. This process led to the following guidelines, aimed at building transparency and ongoing, informed consent from users. The guidelines also adhere with HIPAA and data regulation laws.

Embed privacy across all products from the initial stages of development

Gather "zero party data" shared with the user's informed consent

Involve partner's in data governance, such as auditing third parties

"Just in time prompts" so users can consent when data is needed with full understanding of purpose

Minimize data collection to only include the necessary

Provide clear and jargon-free information on technologies and organizations

Users must actively opt in to having their data collected and shared

Encourage users to enable to 2 Factor Authentication for security

Heuristic Evaluation

I used the Nielsen Norman Group’s 10 Usability Heuristics for User Interface Design to analyze whether the website's usability complied with industry standards. This low cost and fast UX method also allowed me to prioritize certain areas during usability testing. A summary of the issues identified is as follows:

Help & Documentation
Match between System & the Real World
Recognition rather than recall

#1

Issues

Users may feel disempowered if there is little information on how their biometric data is being handled by the company

Recommendations

Add easily comprehensible information how the company is managing user data. Sometimes saying ‘trust us’ too many times can be suspicious so the the tone should be just right.

Severity Rating

#1

Issues

Users may not grasp the term "Face Login" and the corresponding actions they need to perform.

Recommendations

Provide concise instructions on how they can achieve this.
Ensure that help is easily accessible if the users need it (even if it’s outside this user flow).

Severity Rating

#1

Issues

The pop up message doesn’t provide an explanation for how user information would be shared. It relies on remembering privacy agreements from the registration process.

Recommendations

Write a clearer message to explain how data is shared between platforms

Severity Rating

#2

Issues

For non-tech savvy or older users, the purpose of this screen could be made slightly clearer.

Recommendations

For less tech savvy users, the purpose of the screen could be made clearer by rephrasing “Other Methods” to “Other Verification Methods”. We could add a line of copy here to augment this.

Severity Rating

Task-by-Task Analysis

Task-by-Task Analysis

Participant Recruitment

I used the following criteria for scoping the participant recruitment. Since Evernorth is a national company, it was important ensure a diversity. I also wanted to test with users who had experience with health devices. I created a screener survey, which was published through UserZoom for recruitment and scheduling.

#Study Participants

Participants aged 26 and above
People with commercial health insurance and/or a pharmacy benefits plan
People using smart health devices on a regular/semi-regular basis or purchasing within 6 months
All states, gender identities, household incomes and ethnicities, with a focus on Hispanic origin

#Screener Survey and Moderator Script

After assessing which parts of the user demographics (outlined above) could influence their access of the Universal Onboarding, Icreated a screener survey on User Zoom for recruitment.

For standardization in user testing and interviews, I created a moderator script outlining the exact instructions and questions my team members must ask their interviewees. The testing prioritized user flows that were either crucial or discovered as problematic during the heuristic evaluation to validate internal findings.

SCREENER SURVET AND MODERATOR SCRIPT

Usability Testing

I conducted cognitive walkthroughs with 6 participants with pre and post task interviews. The tasks flows were as follows:

Task 1: Landing, Login & One Time Password

Scenario: Imagine you have just registered for the Evernorth App and you are logging in for the first time. Please login using your details.
Objective: Asses the clarity of the buttons, text fields and overall design for login with a username and an OTP.

Task 2: Login with Face ID/ Biometric Authentication

Objective: Assess user expectations and preferences for biometric authentication/ Face IDand evaluative the ease-of-use while logging in with Face ID.

Qualitative Findings

Biometric Authentication

Negative:
• 2 users were confused between setting up Face ID and enabling Face ID in phone settings.

Positive:
• 3 participants had used Face ID on the day of testing due to perceived convenience.

Recommendations:
• Provide clear instructions and feedback for setting up and enabling Face ID and finger print in the app and phone.
• Enlarge the success message and give users more time to read it. For accessibility purposes, an overlay has to be identified at the back end for people using screen readers.

Information on Data Handling

Negative:
While users felt disempowered if there was little information on data management, saying 'trust us' too often felt suspicious.

Recommendation:
• It’s important to ensure that clear privacy and security agreements and information about user data are shown earlier in the registration process.

Dated Design Reduced Trust

Negative:
Auth0's authentication service used a dated pop-up which forced users to go outside the app, which reduced user trust.

OTP via SMS vs. Email

Positive:
• Participants preferred receiving OTP via SMS because it can be quickly copied into the application. However, email was considered a necessary backup.

Recommendation:
• Provide access to help and documentation and customer service in case no account recovery options or methods work for the user.

Affinity Diagram

Future Steps

Analysis of Embedded Features:

Research is needed to uncover how biometric authentication would interact with the capabilities of various devices.

Accessibility Review:

Research is needed to uncover how biometric authentication would interact with the capabilities of various devices.

Conduct Competitive Research:

Research aimed at understanding industry standards and best practices for Universal Onboarding Login Flow and communicating privacy will help strengthen brand trust and user retention.

Lessons Learned

UX Research is Ongoing

During the usability study, I uncovered questions that I hadn't anticipated starting out. Competitive analysis would be valuable for understanding login methods that weren't uncovered during testing.

User Trust and Visual Design

Users rely on visual design and the currency on technology with emerging trends to assess compliance with standards of data privacy and security.

Minimal Data Collection

Product designers can ensure user privacy by collecting data only when necessary and being transparent about its purpose. This can help protect users against opaque data collection agreements.