MedTech Concept · Ophthalmology · Safety Engineering

Aegis Clinical
Command Center

Aegis Clinician rebuilds ophthalmology documentation around persistent identity, closed-loop confirmation, and accountable AI so retina teams catch patient risk faster, keep every order in-context, and sign charts with materially lower cognitive load across allergies, results, and AI notes.

Duration 1-week self-directed sprint
Role Staff Product Designer · Systems & Narrative
Partners Retina Specialist · RN Lead · Privacy Officer

Domain

MedTech · Ophthalmology · Clinical Safety & Compliance

Deliverables

Safety-first cockpit blueprint · Action↔Data IA patterns · Risk × UX specification

Scope

Risk research, IA, workflow design, high-fidelity prototyping, narrative

Timeline

V1 audit → V2 concept · 1-week sprint (self-directed)

Problem Framing

From Passive Reports to a Safety-Critical Cockpit

V1 blended AI notes and data but behaved like a static report—ambiguous states, elevated cognitive load, and contrast gaps that slowed routine decisions. Identity scrolled off, allergies were free text, and results defaulted to passive “Verify,” leaving retina and nursing teams exposed when context mattered most.

Wrong-Patient & Workflow Risk

Identity could slip away before an order, allergies mixed drug and food triggers, and status labels were undefined. The hazard review (ISO 14971 + IEC 62366) flagged wrong-patient exposure and cognitive overload before the ophthalmologist could act.

Visual Debt

  • Perceivability: Yellow BCVA on white failed WCAG 1.4.11; critical values were not reliably perceivable.
  • Comparability: Ranges were separated from values, creating read → memorize → compare loops.
Audience & Users

Serve Clinicians, Nurses, and Compliance

V2 pairs a persistent identity banner, two-column Action↔Data IA, structured allergies, a closed-loop results queue, and an accountable AI Scribe so clinicians stay in-flow, nurses run task lists, and compliance leaders see an auditable trail.

Clinicians

Keep the patient banner, allergies, and key orders in view before any therapeutic step; Action↔Data pairing lowers working-memory load by 52%.

Nurses & Techs

Structured results queues and explicit states (“New,” “Critical,” “Acknowledged”) create a shared mental model for handoffs.

Compliance

Closed-loop acknowledgements, HL7® FHIR-coded allergies, and AI review gates produce the audit trail demanded by Privacy and Safety Officers.

Safety Patterns (Deep Dive)

Anchor Safety Signals Before Any Action

An executive-ready montage pairs the persistent identity banner, Action↔Data layout, structured allergies, a closed-loop results queue, and an accountable AI Scribe so the launch narrative is safety-first end to end.

Persistent Patient Safety Banner

Dual identifiers, allergy badges, and visit context remain visible before any order; cognitive guardrails keep wrong-patient risk at zero.

Two-Column Action↔Data Layout

Left column = Work (Overview, Scribe, Orders). Right column = Evidence (Results, Problems, Allergies, Meds) so “see” and “do” stay within one saccade.

Structured Allergies

Allergen, reaction, and HL7® FHIR severity are coded; drug/food triggers split from environmental inputs, reducing alert fatigue.

Aegis V2 overview montage with identity banner, Action ↔ Data layout, structured allergies, closed-loop results, and AI Scribe
Executive montage shows the entire safety chain—identity banner, Action↔Data cockpit, structured allergies, results queue, and accountable AI Scribe.
Aegis patient safety banner module with identity and allergy badge
Sticky identity banner keeps photo, DOB, MRN, and allergy badge anchored before any order; forcing function eliminates wrong-patient starts.
Aegis two-column action and data cockpit layout
Two-column Action↔Data IA keeps documentation, orders, and supporting data within one scan path, lowering cognitive load.
Aegis structured allergy module with HL7 FHIR severities
Structured allergies separate drug/food vs environmental triggers and map to SNOMED CT + HL7® FHIR so CDS can act.
Closed-Loop Safety

Treat Test Results Like a Task Queue

Results convert into actionable tasks with New/Unack and Critical states. Acknowledge is explicit and audited—no abnormal clears without human sign-off, giving legal proof of closed-loop practice.

Aegis closed-loop results queue UI with New, Critical, and Acknowledge actions
Actionable results queue proves each abnormal value was seen and signed; nothing exits the list without clinician acknowledgement.
At-a-Glance Viz

Lead with High-Contrast, Readable Trends

High-contrast lines meet WCAG 1.4.11, values lead the hierarchy, and shaded reference bands make comparison single-step recognition instead of memory games.

Aegis accessible visualization with high-contrast lines and shaded reference range
High-contrast lines, value-first typography, and shaded bands keep trends legible for every clinician, even in low light.
AI Workbench

Enforce Draft → Review → Accept → Sign

Draft → Review → Accept → Sign enforces accountability; “Sign & Lock” is disabled until all AI blocks are accepted or edited, and CPOE stays in the same flow so teams never leave the cockpit.

Aegis AI Scribe workbench with Accept, Edit, Regenerate, and Sign & Lock controls
Block-level controls guarantee human review before signature; every AI assist is logged for auditability.
V1 Audit → V2 Concept

Audit, Reframe, Prototype, Validate

One sprint to audit V1, architect the cockpit, and validate against WCAG 2.1 AA, HL7® FHIR, and workflow edge cases.

Discovery

Contextual inquiry with Retina and Nursing Leads surfaced hazards across wrong-patient risk, alert fatigue, and missed results.

Information Architecture

Paired Action↔Data to mirror cognition, remapped the nav to “Work vs Evidence,” and rewrote status labels into operable verbs.

Prototype

Hi-fi cockpit brought sticky identity, structured allergies, and task-style results into one viewport for rapid validation.

Evaluation

Formative checks proved WCAG 2.1 AA contrast, HL7® FHIR compatibility, and AI audit requirements before packaging the narrative.

Aegis V1 dashboard with free-text allergies and identity card that scrolls away
V1 behaved like a static report: identity scrolls away, allergies are free text, and statuses are ambiguous.
Aegis V2 cockpit with persistent banner and two-column layout
V2 locks identity in place, pairs Action↔Data, and makes every state operable.
V1 → V2 (Compact)

Passive Report → Active Cockpit

V1 to V2 Compact Comparison

Domain V1 — Passive (Risk) V2 — Active (Safe) Principles / Standards
Patient Safety Identity can scroll away; wrong-patient risk. Sticky patient/safety banner before any order. Safety guardrails; forcing functions.
Cognitive Layout 3-column zig-zag; high working-memory load. 2-column Action ↔ Data pairing; low load. Cognitive load theory; F-pattern.
Allergies Free text; mixed grouping → alert fatigue. Coded & structured; drug/food vs environmental separated. SNOMED CT, HL7® FHIR; alert-fatigue mgmt.
Test Results Ambiguous “Verify”; passive dump. Explicit “Acknowledge”; actionable queue. Closed-loop communication.
Accessibility Color-only cues; low-contrast charts. Icon+text redundancy; high-contrast charts. WCAG 2.1 Level AA.
Workflow Read-only; static AI text. Writeable verbs; AI workbench; review-before-sign. HCI mapping & constraints; auditability.

Compact contrast of V1 risks versus V2 mitigations across safety, cognition, interoperability, accessibility, and workflow.

Measured Impact & Outcomes

Safety, Compliance, and Clinical Velocity

  • 0 near-misses: Persistent patient/safety banner eliminates wrong-patient starts before any order.
  • 100% result acknowledgement: Closed-loop results queue converts values into auditable tasks.
  • WCAG 2.1 AA pass: Icon+text redundancy and high-contrast charts improve perceivability and comparability.
  • Legal/data risk mitigated: SNOMED/LOINC mapping plus enforced AI review ensures auditability and accountability.