Tom Frew, Lead Product Designer at Echo

Speaking at Trust & Design #2, 27th September 2017

Transcript: I lead product design at Echo, And I'm planning on telling you a bit about how we kind of base everything we do on data privacy and how it kind of underpins everything we start, and then how we tie that into design. Because our two kind of main philosophies are design and privacy, so this is how they work together.

To give you a bit of context about what Echo is - Echo is a mobile app that works on Android and iOS, that lets you manage repeat prescriptions. So if you have a recurring NHS prescription you sign up with us - some screens - you sign up with us, you tell us who your GP is, you tell us what medication you take, and then that's kind of it. We then look after the rest, we chat to your GP, we work with our partner pharmacies to get your medication prescribed, dispensed, packaged up, and then we send it to you in the post, so it just turns up. And the service is completely free. And then once we send your medication to you, we then automatically take your GP's instructions about - take one tablet once a day, or something like that - then turn it into some scheduled reminders so you get instant push notifications on what to take and when, without ever needing to kind of enter boring data.

That's what kind of turns up - so we care about what happens in the app, massively, and across both platforms, but we also care about the presentation about what turns up in the post, it's a full kind of experience all the way through. So like I said, everything we do is kind of data privacy first. And then there's a lot of other people that kind of agree with us on this, and they, they govern this space. So there's a lot of - what's been interesting for us - is there's a lot of people who have some say in how we handle data, and it's not totally obvious who thinks what and what we should - and where you get this information from, so it's been an interesting journey with us. Especially that link between the NHS generally which isn't kind of one beast, it's quite a few little subsections in NHS Digital and NHS England and how they all work together.

So over the last year and a half that Echo's been operating it's been really interesting working with various people across the NHS, finding out new things every day about what they're doing, and what we should be doing. So what I wanted to do was to talk through the main sections that we do, how design and privacy touches the various aspects of the business, so we've got product design, customer interaction, and then internal operations, and we'll kind of go through one by one, just kind of touching on it, not too, not boring you to death with it.

So with product design on step one - it's a bad transition there - what I'll talk about is the sign-up flow, because the biggest part is where we first interact with a patient and when we get their information from them, how we connect them with the NHS data, how we work out what data we want to get from them, what data we don't need from them, etc. So step one of that is education, I think. There's a lot of privacy around what we're doing with it, what we need to do with it, and how we need them to very quickly trust us because a key part of the Echo service is, you nominate us to be your partner pharmacy.

So anything that then happens in the future that goes - that you would expect to go to your pharmacy is now us. And it's quite a - it's quite a big decision if you are - if you've got a recurring condition and you get medication a lot, we now suddenly become the keys to your medication. So we need to get that across very quickly, but obviously we don't want to terrify people and them to lose the app.

So what we start with is this little kind of welcome animations that have a nice little bit of motion, some fun delightful touches but just to kind of get the - get the opinion across that a) we are secure, we care about data - it's like the first thing we say is really, it's safe and secure - and then finally we talk about the NHS, and you'll see at the start, like Mollie mentioned, we use the NHS branding and think it is a really important trust marker for everyone to use, and people then start to trust it more.

The first step is then you select your GP and then straight away again we kind of have that trust that we work with every - well, 98% of GPs in the country, so anyone that uses the electronic prescription service, so you don't have to change anything, you don't have to kind of change your GP, sign up for something else like that, you go to your GP as normal.

Then during the sign-up process itself, this one's an interesting one we're working on at the moment where we're integrating with the NHS directly, currently we kind of - in the similar sense as you guys said outside - well not outside but it, outside the NHS bubble, where we work with our partner pharmacies directly and they are the NHS link, but as we start to integrate more directly we can let - we can communicate more securely with the patient and understand their data. And a key part of that with the NHS data is don't ask for stuff you don't need. There is stuff we can get from the NHS that we don't necessarily need the patient to give us as well, but then in order to do that we need to match that patient across and there is this - the sign-up process where we first ask for their name, and then we check with the NHS and obviously there's loads of Rob Smiths and we get hundreds of people back.

Then what we can never do and it's really important here, is share information from the NHS back to the patient, so we can't see like 'which one of these Rob Smiths and here are all the addresses for other Rob Smiths, do you want to be?' So we then have to - like, kind of - we actually look at the list and dynamically pick other questions to ask that will make the biggest change in the filter. So let's say we then look at date of birth and we rule a load of people out by date of birth, and then there's still not an exact match so we pick that actually the addresses are all very unique so we'll follow up and ask for address. I think it's an interesting way that is very different to a normal sign-up form where you can normally let people choose and ask for a load of information.

The next stage in our sign-up process that's really important is the Terms and Conditions. And our terms and conditions are a bit more than just a legal list because we have to get this nomination idea across where it's not just like, don't be bad, it's - everything you kind of know about your, how you handle medication is about to change. So one of the first things we do is introduce them to their pharmacy. And again because we're a mail-order - basically a mail-order service, we have to tell them that your pharmacy is in London, probably - we work with a few partner pharmacies but it's in London, you don't need to visit it, don't freak out, like - we'll send it in the post. And we try and make that as clear as possible here and we've made quite a few iterations on this but it's trying to make it a bit fun.

What's also interesting is we then put a load of - we then - it kind of pains as the natural designer, but we introduce quite a lot of friction here. Like we've - before, up until this step, we've had like big green buttons that you can just tap and move through the flow very quickly. And then suddenly we'd lose the big green button and we've got a tap and it's also a swipe gesture that - what happens is that then swipes up and you're quite disorientated which is good because we then show them another very important screen and they can't just tap through these and never see them.

On this screen we've kind of distilled down all the terms and conditions. So it is - those three paragraphs are everything you really importantly need to know about our terms and conditions and we want people to go and read more, and actually the links are a bit more obvious than the real app. But this is kind of important that they read. And then we kind of have their digital consent and then we completely flip the button and need them to swipe and do a very different gesture that you can't flip through.

And then finally once this all has happened, we have this big confetti burst. And this big confetti burst is kind of important because a) it's very satisfying, like 'Woohoo, I've signed up', but also it's very memorable. So quite often people have been flicking through the terms and conditions and then said 'What, I don't understand, I haven't nominated anyone' and then - now we've kind of changed this, we go back and they're like 'Yeah, the confetti moment, I remember that, I've now nominated someone.' So as well as being quite a cool fun thing, it actually really cements it as an important piece. So there's a little video here about how it all kind of comes together with some motion and animation and…now the confetti.

So it's quite a fun process but a huge amount of friction compared to a normal terms and conditions process. One thing to say here is it's not perfect, at all, we've done quite a few iterations on this, but we could be clearer, and I think this screen especially, there's stuff we could spend a bit more time explaining it, and it's something that we're kind of actively testing. But just to kind of wrap up this product area, one thing that, as a very kind of young small business we have quite limited resources, so the way we approach data and the product decisions, are we have to create good defaults and then give people some options, but we don't have the development power to create loads of options and massive flexibility all the time, so we pick a good default and let people kind of - a bit of flexibility, as much as they have.

But what it does mean is that, like, everyone can be a patient. The demographic or the personas of people that have prescriptions are huge. So as a kind of a picture to illustrate it, we have - our average user has maybe one, or takes one tablet, or two tablets, once a day. Then we have a load of cystic fibrosis patients who, this is their monthly send out. So there's kind of hundreds and hundreds of tablets, they're managing their condition in a completely different way, and this is actually becoming quite a growing part of our user-base. So when it comes to creating these designs and it's different in reminders and things like that but - you have to design for a huge range of people. And it's a challenge, and it's an interesting one.

So that's kind of the, top level of the product design. The next section is customer interaction, and this is an interesting bid on privacy. Because, there's a lot of very traditional channels, you can use email, Twitter, Facebook, there's loads of ways to engage with customers that is just totally inappropriate. So you could be, as an Echo patient, you never want to get to a stage where someone's doing a presentation like this, and then suddenly on screen, something pops in to tell you your Viagra's on its way. And it's - so we're always like, very sensitive with these bits. And especially, there's things like reminders in the app, we know that we send notifications to people, like, every time they need to take a tablet, here's the tablet and here's what you need to take. And we tested this staying really abstract, being like 'take your medication' but if the average is 2 and a half medications a day, like very quickly it becomes like - either not useful or just quite clinically unsafe because they'll start taking pills that they don't necessarily need or need to take at that time.

But it does mean, is that is now quite - that's an antidepressant and it's a scope for quite serious embarrassment, I think we've got a hedge fund manager who said that he has an antidepressant but he just - he can't have anyone know that, and having these pop up on his phone is quite scary for him. So this is where we have these defaults where the thing that's important for us is adherence, we want people not just to possess the medication that we send out but then also, take it on time, and remember to take it. So our default is that this is good. But our - the flexibility allows us to turn it off, and so like - or you can mute them individually, so you could - you can mute the ones that happen through work days and keep the ones that happen in the evening.

One thing that we are working on to try and take this a bit further is letting you give medications nicknames. So you could give all your medications different emojis, you could call them your pets' names, but then it's something that you know that if it pops up on a screen it's not an issue. The other important touch point we have with users is packaging. And I think as Mollie was saying, the important thing is that when it arrives it can't be obviously medication, we send a lot of these things to people's offices, to homes, and they don't want to share this about. But at the same time, we really care about branding and design.

So we have kind of iterated a lot on this packaging, and now it actually sometimes - well, it now comes in a grey plastic bag as well, just to make sure there's no chance you would recognise it, but the idea is that it's totally plain on the outside but kind of 'party on the inside', that has then a nice, the nice strong ECHO branding and is trying to make it not a - it's very easy for health around pharmacy and stuff to be quite dry, quite like, the NHS, very clinical without personality. I think it's important for us that we have a personality and that we make it something fun so that you engage with it and you really like, connect with your healthcare.

Sometimes though, we kind of have to help our patients help themselves. Like we get a lot of these kind of tweets, where people have said like, we love it, obviously, like people are saying how great the service is, but accidentally they're also telling the world what medication they're on, and this is an okay one, but some - there's some address data, or whatever, and I think like Monzo have the same issue, where people get their bright coral card in the post and want to tweet about it and just tell everyone their credit card number. So it is very easy for people to start giving away their own personal data without necessarily realising it.

So this is something we kind of - it's an interest in our patient but you just - you can't retweet these, and we tell them like, we nicely advise them because it's something they just don't realise. Twitter generally is like, an interesting channel for us. So a lot of kind of traditional marketing and social marketing, you'd wanna re-engage people, you'd want to use like, re-marketing and things like that to kind of keep them engaged if we lost them earlier on in the final, but here we just - we can't. Like, if you can imagine this kind of tweet happening, you wouldn't be happy. And also like if you'd been looking at the app and adding medication and then you were browsing around at work or on your phone and suddenly other things popped up being like 'hey get your antidepressants here' and stuff, we can't let their kind of medication world chase them around digitally, while still trying to make use of the tools that we do when we - I mean we primarily use Facebook ads and things like that, so we - it's an interesting balance between traditional digital channels, but trying to be really sensitive about what follows people around.

So then the kind of third section here, third section there - is internal operations and what we do internally about data, which again is - I came from outside the health tech world and was in the kind of, fast-moving start-up world where you can kind of use a lot of online services, you can sign up to stuff, you can test it, you can - you're sending data to everyone, it doesn't matter hugely. But then especially with like, NHS rules on data being in England and things like that, and also patient identifiable information being separate from everyone, you have to really kind of take the stuff a bit more seriously and pick and choose the tools and possibly it means not being able to use the kind of, the snazzy tools that you could in other industries.

An interesting part of that is our business intelligence tools that we use, we went through a process recently of kind of selecting good tools, and it was making sure that the tools that just do analysis, they never cache things on their end, they never store it. And then actually how we structure analytics data, we never want, in the same analytics table that some third party could have access to, we'd never want patient names or their medication or addresses and stuff like that, so it's actually really - and as a designer and product gut it's frustrating because we can't get like - getting flow analysis and stuff like that is much harder in final breakdowns, but you have to put in the work and work out what to send where. And what it means is bringing a lot of the analytics tools in-house, working on that.

Likewise, our internal tools. Our internal tools is a big part of what we do and we have - we do a lot of internal processes to move around and we have a great ops team that work on stuff, but the important bit here is they don't see stuff they don't need to see. So there's - we work on very like, workflow tasks, there's not this kind of like, worlds you can just go in and look at a database of all your patients and stuff like that, you say like, 'we need to talk to a GP about this person, and these are the items we need to talk about', you don't need to know that they're on something else or you don't need to know where they live, you just need to know this.

And an interesting point here to note is our CEO doesn't actually have access to any internal tools, he has no log-in, so it's just - unless you really need to know it, then you get a log-in. And then as you're here for longer you get more access, but it's, it's not trusted. So that was a kind of - that was the brief intro in the three main areas that we work on, and just to kind of underpin that, the design principles we have at Echo are that everything is patient-centric. Everything, from the way we design the apps to the service we do and also how they interact with their GP, by taking us out of the loop - taking them out of the loop and just interacting with us, we become the way they interact with their health more than they have done with their GP before or with their pharmacist or anything like that, so a big part of what we do is live chat and things like that in the app where we want to make sure there's a human there and we're chatting, and they can - they don't feel like they're missing out and it's not a clinical cold service.

Obviously, as we've talked about here, privacy by design. Like when we're starting any project or any new feature it's looking at what are the risks, how could we accidentally embarrass someone, how could they share data they don't need to or what's the least amount of information we need to do this. And then finally, which is my favourite bit, is the delightful in human. Like, we are digitising what for a lot of people who have had a very historic experience with their health, it's very human, they go to their GP, they talk to people, we want to take it digital but without losing any of the human aspect and hopefully giving them much more flexibility and control so they can take control of the condition. And that's that. We are kind of hiring and growing the product team at the moment, so do come and chat, and thank you.