We’ve optimized digital healthcare for compliance - not for patients. Frameworks like HIPAA and GDPR are essential. No debate there. But we’ve applied them too broadly.
The result? When patients are asked to log in, verify, authenticate, and re-authenticate they don’t do that often, and not consistently.
But most of what patients need isn’t sensitive data. Primary-care clinics can send age-specific, condition-specific, advice. The apps can also contain clinic communications, location, and even social-media sharing and clinic feedback.
Those having a procedure or surgery require the most information:
- Alternatives for their situation
- How to prepare before
- What happens during surgery
- What to expect after
- What can I do to speed up recovery
- Which symptoms matter
None of that requires a password.
So why are we treating it like it does? We’ve collapsed everything into one delivery model: secure portal = everything. That model is failing—because it ignores human behavior.
The fix is simple - split the experience in two:
- Secure channel (for actual confidential information)
Keep it locked down. - Open-access channel (for everything else)
Make it frictionless.
What can “frictionless” actually look like?
- Scan a QR code – any device
- Select language
- Tap a link - it opens instantly
This isn’t theoretical. It’s already deployed across surgical pathways, rehab, and patient education by companies like mine. And it works—because patients actually use it.
If we’re serious about outcomes we need to stop protecting low-risk information like it’s high-risk data. And start designing for the one thing that matters most: will the patient actually access it?
Less friction. More engagement. Better outcomes.