EQRS – User Roles

My role

Research lead, working within a human-centered design team as a contractor for the Centers for Medicare and Medicaid Services (CMS).


  • Support ticket analysis
  • Research recruiting
  • Discussion guide preparation
  • Pilot study
  • Co-design
  • Qualitative research analysis
  • Presentation

EQRS incentivizes quality dialysis care

The End Stage Renal Disease Quality Reporting System (EQRS) is a web application that dialysis facilities use to report their healthcare quality data to the Centers for Medicare and Medicaid Services. Facilities’ quality data is scored, and their Medicare reimbursement rates may be adjusted based on the outcome. The aim is to incentivize best practices for quality of dialysis care.

How will I manage permissions for 700 users?

A few individuals are responsible for managing user accounts for many others. We wanted to equip these people to ensure that the right users had the right level of access needed to do their work, and we wanted to reduce security risks.

With the research, we sought to understand what approach was most sensible for users who have to manage other users. One potential way to manage users was with a roles-based framework – having capabilities defined in pre-set roles and allowing managers to assign each person to a role. If needed, roles could be customizable. Another approach was to apply individual permissions for each user. If a roles-based framework made the most sense, we wanted to know how best to define those roles.

Also, we wanted to find other opportunities to improve the user experience around user roles.


We conducted sessions that began with an interview portion and then used an online whiteboarding tool to have participants create a framework for managing users.

Whiteboard diagram showing boxes of "corporate uber user", "corporate area user", "corporate viewer", and "facility user". Each of these boxes shows a description of the role and a list of capabilities
Example output from a co-design session where we had participants illustrate how they would like to manage their users

Many users can’t get into their accounts

We learned that individual users had significant account access issues. In an earlier study that was unrelated to user roles, 4/7 participants mentioned significant issues accessing their accounts. We also analyzed support tickets and found that a fairly high percentage were issues with account access or roles. This set the stage for a future project to address these issues for individual users.

Pie chart showing "Reports: 30%, some asking for reports due to access issues; Access / roles: 16%; Other: 54%."
Breakdown of support ticket topics

The burden of user management is shifted to other entities

The intent of the application was for managers at facilities to do most of the user management, but we learned that this was rarely happening. At larger organizations, much of the user management happened at the corporate level, rather than the facility level. Independent facilities without a corporate level were at a disadvantage since they didn’t have these resources. Across the board, regional support centers called networks also took up a large portion of user management.

Enhancing security through appropriate access

Corporate users had no way to see a view of all users across their organization – they only had the ability to see users for one facility at a time. Corporate staff emphasized that if they were able to see users across the organization, they could more easily review user lists to ensure that employees who have left no longer have access. Also, people wanted to ensure that more than one person had the authority to manage roles – so if one person who usually manages roles is on leave, another teammate could fill in for this task. Supporting this would prevent the need to share account credentials.

A simple framework for roles

We analyzed the results of the co-design exercise and found that half of participants created a roles framework that designated “administrator”, “editor”, and “viewer” roles at various levels of the organization. Corporate roles would have access to all facilities within the corporation, network roles would have access to the facilities within the regional network, and facility roles would have access to only their individual dialysis facilities.

Table showing a breakdown of corporate, network, and facility roles. Each level has an admin and editor. Corporate and network levels also have a viewer role.
Half of participants created a framework for roles similar to this


We summarized our findings in this presentation and prepared a separate written report with more detail.

Reducing support volume and burden

The results are yet to be implemented at the time of writing, but we anticipate that our findings will significantly reduce time and cost for the help desk and reduce burden to users so that they can focus more on improving quality of care and less on administering user accounts.