User-friendly yet rarely read: A case study on the redesign of an online HIPAA authorization

  • Pearman S
  • Young E
  • Cranor L
N/ACitations
Citations of this article
5Readers
Mendeley users who have this article in their library.

Abstract

In this paper we describe the iterative evaluation and refinement of a consent flow for a chatbot being developed by a large U.S. health insurance company. This chatbot’s use of a cloud service provider triggers a requirement for users to agree to a HIPAA authorization. We highlight remote usability study and online survey findings indicating that simplifying the interface and language of the consent flow can improve the user experience and help users who read the content understand how their data may be used. However, we observe that most users in our studies, even those using our improved consent flows, missed important information in the authorization until we asked them to review it again. We also show that many people are overconfident about the privacy and security of healthcare data and that many people believe HIPAA protects in far more contexts than it actually does. Given that our redesigns following best practices did not produce many meaningful improvements in informed consent, we argue for the need for research on alternate approaches to health data disclosures such as standardized disclosures; methods borrowed from clinical research contexts such as multimedia formats, quizzes, and conversational approaches; and automated privacy assistants.

Cite

CITATION STYLE

APA

Pearman, S., Young, E., & Cranor, L. F. (2022). User-friendly yet rarely read: A case study on the redesign of an online HIPAA authorization. Proceedings on Privacy Enhancing Technologies, 2022(3), 558–581. https://doi.org/10.56553/popets-2022-0086

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free