Access to Medical Records - Case Study
This is a high-level PRD based on a hypothetical scenario to demonstrate my understanding of product methodologies.
Problem Statement
Limitless Health is a healthcare technology organization focused on driving positive health outcomes through interaction with the patient and personalized behavior change activities. The company’s leading product, Wellth+, is an innovative connected care suite designed to provide financial incentives to the patient as they achieve their health goals through wellness activities.
Currently, the company has no way of modeling family/legal relationships, making it difficult for authorized individuals to access patient medical information. For example, parents aren’t able to easily view the medical records of their children. The desired end result is to create a feature that enables designated individuals other than the patient to easily be given access to the patient’s medical information in a secure manner.
Business Opportunity
Supporting Data
In order to verify that their is a need for this feature, I would start by doing some high-level market research to assess if this is a major cause of customer complaints or discussion. This might mean:
Browsing forums or online groups for discussions about this topic.
Searching reviews for complaints about the lack of functionality.
If needed, I would identify customers who may be interested in this feature and interview them about their difficulties with the platform. Interviews like this would help us validate the idea, and may also provide insight into their problems, goals, and behavior.
Since this feature idea would fulfill one of the main jobs users are looking to solve, it has obvious value and I wouldn’t need much data to support the decision to move forward with it. However in more nuanced situations, the following strategies may be used:
Marketing tests:
On the Limitless Health marketing site there could be a landing page describing the feature and a call-to-action button. We could drive traffic to the page and identify how many conversions there are.
Within Wellth+ itself, we could have a link to this feature, but have the page be a 404 page or say “coming soon”. Tracking the volume of navigation to this page could give us feedback on interest.
Product MVP tests:
Create a rough beta of the feature, or just make mockups, and then walk a few interested customers through the MVP and probe about interest.
Before running these tests, a minimum criteria for success should be decided that would prove the existence of an interest in this feature.
Competition
We should already have a deep understanding of our competition, but for this feature we should be able to answer:
Are there other companies or products that provide a similar feature?
If so, how does Limitless Health's offering compare in terms of price, ease of use/design, and security? What is our differentiator?
Adding this feature may be an industry standard that we need to have (and one that customers expect), or it could be a source of unique value.
Market Size
The question we are trying to answer here is: How many new customers might we gain if we have this feature?
For an individual other than the patient to have access to patient records, they must fall into one of the following categories:
Parents or guardians of minors (as well as other adults who have been authorized to access records by the parent or guardian): 63 million people
Legal guardians or representatives of adults: 1.3 million people
Caregivers of adults: 48 million people
Given the above, the approximate size of the target population of this feature is ~112 million people (in the US). Of this existing population, some people are customers of our company, some to our competitors, and some aren’t customers at all.
So, to break the problem down:
We should know how many of our customers are in the above population.
Competitive research could tell us how many people use other similar products.
Our analysis up to now should be able to help us answer: How many people in this population do not have access to this feature? How many want this feature? How many are willing & able to pay for it?
Revenue Model
Depending on Limitless Health’s business model, we could potentially only include this feature in higher tiers of subscriptions (say, only for premium users). Otherwise, we could simply include the feature in the mainline product and expect to see an increase in the number users.
This could be estimated by a calculation like the following:
Revenue per customer * (adoption rate * market size)
Development Costs
To analyze this, I would need to look at the impact of each of these costs if I wanted to be thorough:
Dev Personnel
Hourly rates of product, development, design, QA * number of expected hours required for each for this feature
Technology
Software development tools
Infrastructure costs (e.g. cloud hosting, servers, databases)
Marketing
Expected adspend
Sales & marketing personnel hours
Other
Solution
Assumptions
According to the prompt, it appears as though the current flow to create a Wellth+ profile is as follows:
Patient provides Medical Record Number, Phone #/email, & DOB
If creating a profile on behalf of a dependent, the proof of their relationship, such as a birth certificate or legal documentation establishing guardianship is required as well.
Provider enrolls patient/dependent in Wellth+ program.
Wellth+ profile created based on the information recorded on the patient by the provider.
In the current state, this workflow is done manually, off-platform, through the provider.
For the remainder of the case study I will hold the following assumptions:
The above flow is required to enroll and set up a profile with Wellth+
This flow can legally be done within the Wellth+ platform
High-Level Functionality
The above workflow should contain the following functionality within the Wellth+ platform:
Ability to create a Wellth+ account/profile for myself
Ability to input my medical provider
Ability to input my MRN
Ability to input my phone # and email
Ability to input my date of birth
Assume the provider has the ability to authenticate this information
Ability to create Wellth+ account/profile on behalf of my child/dependent
Ability to input dependent’s medical provider
Ability to input dependent’s MRN
Ability to input dependent’s phone # and email
Ability to input dependent’s date of birth
Ability to input proof of relationship, such as a birth certificate or legal documentation establishing guardianship (photo scan)
Assume the provider has the ability to authenticate this information
Setting up a dependent’s account in this way automatically links our accounts
Given dependent already has an account, ability to link their account to my own
Ability to provide the above information about my dependent through my account
Ability to set legal relationship & set permissions for the dependent
Ability to switch between my account and my dependent’s profiles
Upon creation of an account, ability to set up secure, multifactor authentication
Ability to set up secure password as well as one other method:
Time-base one-time code sent to SMS or email
Biometric authentication via Microsoft Authenticator or similar
Ability to provide payment method for new account
Ability to login with MFA to access either my profile or my dependent’s profile
Assuming the feature doesn’t yet exist, I would prioritize account creation for oneself, setting up payment methods, and multi-factor authentication. Next, the creation of an account on behalf of a dependent and linking accounts with a legal relationship. Lastly, setting permissions for a dependent.
Compliance & Limitations
For individuals who are not legal parents or guardians, but unpaid caretakers (usually of disabled/elderly adults), there is a limitation given the above functionality:
As far as I could tell, there is not always specific documentation that caretakers of disabled adults have that proves their status as a caretaker. In other words, the legal requirements for accessing another’s medical records seem to not apply to caretakers of this sort.
That is, unless the healthcare provider has procedures in place for caretakers, like verifying the caretakers relationship with a background check, or with legal documents like power of attorney.
However, I will be ignoring this edge-case for simplicity.
In any case, if we don’t authenticate the legal relationship between a caretaker and dependent, it poses a security risk to the dependent - anyone can hypothetically access someone’s medical records if they have the right information, which is not something we should allow.
Sample User Story
Core user story: As a parent, I want to link my child’s Wellth+ account to my own so that I can view their medical records at will.
Functional Details:
Under Account Settings screen, button labeled “Link Account” or similar
On Linked Account screen, fields for:
Name (field with relevant validation)
MRN (field with relevant validation)
SMS or Email (field with relevant validation)
Date of Birth (fixed field or calendar dropdown)
Relationship (dropdown)
Upload Proof of Relationship (button with file explorer popup)
Submit button
Scenarios:
Scenario: User successfully links account with required fields
Given the user is on the Link Account page
When the user enters all required fields
And clicks the "Submit" button
Then the user should be redirected to the Accounts screen
And should see a confirmation message that their account has been created
Scenario: User fails to link account without providing all the required fields
Given the user is on the Link Account page
When the user does not enter all required fields
And clicks the "Submit" button
Then the user should see the missing fields outlined and starred in red
And the "Submit" button should be disabled
Design (rough wireframe):
Metrics & OKRs
Lastly, metrics and OKRs for measuring success should be approached in a fairly predictable way:
Feature usage
Number of clicks into Link Account screen
Number of successful Submissions
The higher the ratio of successful submissions to total page views, the better
Ratings, reviews, direct feedback
Adoption & growth from target audience
Retention