Read on Twitter
Okay. I'm going to do a usability audit for free for @saskhealth eHealth.
Let's start with the front page
Let's start with the front page
1) We have two methods of getting to your health record, through the banner or through the icon. They both take you to the same page. This violates usability guidelines on pathways.
2) The next page has contradictory information. At the top is a (now green, not red) banner about phone activation, but where it actually tells you the step, it says:
3) Okay, so the first step to making my eHealth account is to make a http://Saskatchewan.ca account. This creates confusion about what account is asking for what information and why.
4) Note that this expressly asks you to _return_ to eHealth to continue, instead of just returning you to where you started.
5) Signing up for http://Saskatchewan.ca account asks me for not just your email address (which will uniquely identify you) but a username AND a 4-digit PIN that will uniquely identify me to government for security reasons. Will this be different from the PIN that's given to me?
6) With all this security, the site still uses a well-recognized weak password structure: length matters, characters doesn't. This just makes it easier for people to access your information because it's harder for you to remember without increasing security.
7) And adds a defeatable captcha. Why? Is http://Saskachewan.ca inundated with bot-generated applications? Let's see if it asks for more information that would make sure that I'm not a bot after this page.
8) So now I have to check my email. That seems like a reasonable "I'm not a robot" step.
9) But the email activation leads me to a sign-in page where I can use my username OR email address. Why did you make me create a username in this case if they're interchangeable?
9) But the email activation leads me to a sign-in page where I can use my username OR email address. Why did you make me create a username in this case if they're interchangeable?
10) There's a "forgot password" link here, which suggests that I can get my password emailed to me. So why do I have to sign in when I just followed a link from my email? The link should auto-sign me in as well.
11) Now I have to remember that I need to go back to eHealth. But for a moment, let's look at where I've landed. I'm going to try to add eHealth to my services.
12) Expanding the "link" option results in a bunch of blank boxes. It doesn't matter what I type in the search field, nothing changes. The search icon remains inactive. There are no explanations and no help.
13) Let's try this instead.
14) Now it appears that I have an eHealth service linked to http://Saskatchewan.ca . But as far as I know, I don't have an eHealth account yet. But it gives me the option to read a ToS and agree, so let's do that...
15) The Terms and Conditions is pages long (I can't imagine trying this on mobile) and far to dense to read. So like everyone else, I'm going to skip it and click agree. Which now appears to have put me into the application process for eHealth. I thought I had to return here?
16) I have to start by providing a driver's license. Why do I need to be able to drive to access my health information? Lots of people don't drive. My sister didn't have a driver's license until she was 23.
17) The validation number is in different places on the license depending on when it was issued. I've never before been asked for this number. Is this yet another level of security or is it to make it easier for someone to steal my identity when eHealth is hacked.
I did something wrong.
18) I had forgotten my middle initial. Just about ran out of attempts. What would have happened? I would never have been able to access eHealth?
19) I see that it explains that it won't keep my SGI data, but @saskhealth already knows my age and residency, because it's associated with my health card.
(Missed the screenshot here, but it tells me it's just to verify my age and residency.)
(Missed the screenshot here, but it tells me it's just to verify my age and residency.)
20) Now I'm putting in my health card information. This shortening stuff is confusing (and I almost ended up with this being a problem with the SGI thing because my middle name has only the initial on my license)
21) Is my middle name optional? If it appears on my health card, should it be in the Given Name field... optionally? This adds to confusion.
22) This is just lazy programming. Auto-enter the dashes if they're required. Everyone will have them in the same place.
23) And now I've apparently registered for a PIN that will be mailed to me.
Except that this is wrong information. You have to call to get it. That information should be here, when it matters, not just earlier.
Except that this is wrong information. You have to call to get it. That information should be here, when it matters, not just earlier.
I'm sure there's more, but now I'm going to call SaskHealth with a phone number that I'm going to have to dig up somewhere and get my PIN. Seems to me that I've already identified enough barriers that someone should be concerned. #skpoli @saskhealth
Okay, so I had to sign in again and accept the ToS again, but the PIN worked and the phone service was excellent (after only a 3 minute hold.
The rest is pretty vanilla, except that when I get to the Notifications settings, I'm unable to enter my phone number because I don't appear to have a "verified mobile phone".
I'm deep enough in security right now I should be able to enter my phone number. But there's no explanation of how I can verify my mobile, either.
I'm going to leave it here now. But.
I'm going to leave it here now. But.
I really wish that this system were designed with people in mind. It violates what we've learned in #usability & #hci. And it's critical that these systems be #accessible, not gated by ability to navigate complexity or having particular licenses. Please fix, @saskHealth #skpoli
I want to be clear. It's FANTASTIC that we have an eHealth system in Saskatchewan. And kudos to the people working on it. When it works, it's perfect.
But the details matter.
But the details matter.
