[CAIA Intake] Content update for MHV login options

[fmccaf1]

About your team

• Team name: Cartography team
• OCTO product owner: Patrick Bateman
• Product name: MHV landing page
• Product manager: Wes Rowe
• Slack channel: mhv-on-vagov-cartography-team

About your initiative

Which of these descriptions best fits the work we’ll partner on?

Select all that apply.

• [ ] Digitizing a new form
• [ ] Creating a new digital tool
• [ ] Updating an existing form or tool
• [ ] Translating a form or tool into Spanish
• [ ] Adding new unauthenticated content to VA.gov
• [x] Updating existing unauthenticated content on VA.gov
• [ ] Something else

What's the nature of your initiative and desired outcomes?

We've received user feedback about this frustrating situation:

1. Users with working MHV Premium accounts are finding information indicating that they must create either a Login.gov or ID.me account. We're not sure exactly where this is happening but here are some possibilities: "Currently, My HealtheVet doesn't meet all the new federal security standards in the executive order to improve the nation's cybersecurity." or "It's best to use a Login.gov or ID.me account to sign in. These accounts meet modern security standards. Select 'Option 1: New VA sign in (recommended)' on the My HealtheVet Sign in page. [...] If you don't have either of these accounts, create a Login.gov or ID.me account now."
2. Users follow the guidance given, starting the process of creating a Login.gov or ID.me account
3. When they then try to use this new account to complete health management tasks, they find that they are blocked from accessing any of their PII or PHI because they [EDIT:] ~are for whatever reason not able to verify their ID~ have not yet verified their identity. (They are not currently being advised to do so on the MHV landing page; they currently just see an alert that they can't access tools).

We've received angry feedback around the lines of, "You made me create this new account and now you're telling me this new account won't work to do the things I came here to do."

To address this feedback, we are recommending an update to the ID-not-verified component copy to tell users they have other options if they cannot verify their ID for their new account right now

• EDIT/clarification: We intend to add the ID-not-verified component to the page for this LOA1 case. We want to update its content to help users understand their options more completely, specifically since we think they have more than one login they can use.

Collaboration timeframe

Note: We work on nearly every OCTO product and manage all unauthenticated content on VA.gov, so we will need to prioritize intake requests based on overall workload and VA and OCTO priorities.

Is this work tied to a Congressional mandate, change in law or policy, or upcoming event with a specific deadline?

• [ ] Yes
• [x] No
• [ ] I’m not sure

Where are you at in your timeline?

Tell us briefly about what you're working on now (such as initial discovery, wireframing, or usability research planning) and add any known dates for upcoming milestones or deadlines.

We've completed discovery and have crafted copy, but are now hoping for review and feedback.

Collaboration cycle

Which phases of the collaboration cycle have you completed?

Select all that apply.

• [ ] Design intent
• [ ] Midpoint review
• [ ] Staging
• [x] None. This initiative isn’t going through the collaboration cycle.

Supporting artifacts

Provide links to any supporting artifacts that can help us better understand your initiative and begin collaboration. Include artifacts like your product outline, user flows, mockups and prototypes, or any draft content.

Original alert text

Text in image reads: "Verify your identity to access My HealtheVet tools and features / We need to make sure you're you - and not someone pretending to be you - before we can give you access to your personal and health-related information. This helps to keep your information safe, and to prevent fraud and identity theft. / This one-time process takes about 5-10 minutes. / Verify your identity (hyperlink)

Link (below alert) text reads: Learn how to verify your identity on VA.gov (hyperlink)

Proposed alert text

Text in image reads: "Verify your identity to use your ID.me (or Login.gov) account on My HealtheVet / Before we can give you access to your personal and health-related information, we need to verify your identity for this account. This helps to keep your information safe, and to prevent fraud and identity theft. / This one-time process takes about 5-10 minutes / Verify your identity (hyperlink)

Additional info component (below alert) text reads: Having trouble verifying your identity? / If you have a My HealtheVet account, you can access My HealtheVet tools now by logging out and logging back in using your My HealtheVet login credentials. You can continue to use this option until My HealtheVet switches to a new VA sign in. / Get help: Go to the Login.gov help center / Visit the ID.me support section

Breakdown of changes and reasons for changes:

• Verify your identity to access My HealtheVet tools and features > Verify your identity to use your ID.me (or Login.gov) account on My HealtheVet: Users complaining about this were able to access My HealtheVet before they followed guidance to create a new login. We should be specific here that this is about using their new account to access those same tools and features
• We need to make sure you're you - and not someone pretending to be you - before we can give you access to your personal and health-related information Before we can give you access to your personal and health-related information, we need to verify your identity for this account: Users complaining about this have already proven their identity, but for their MHV Premium account. They need to do this again but for their new account
• Learn how to verify your identity on VA.gov The copy at the top of the linked page directly contradicts the guidance that these users followed to create their new account. We imagine it would be frustrating to be told they can just use their MHV account indefinitely and don't need a Id.me or Login.gov account after following guidance to create one.
• Addition of: Having trouble verifying your identity? / If you have a My HealtheVet account, you can access My HealtheVet tools now by logging out and logging back in using your My HealtheVet login credentials. You can continue to use this option until My HealtheVet switches to a new VA sign in. / Get help: Go to the Login.gov help center / Visit the ID.me support section: We know a change is coming eventually that will require users to create new logins if they are still using their MHV premium accounts to login. However, if they are blocked from doing their necessary health management tasks today due to problems with verifying their identity in their new account, our priority right now is to get them unblocked.

Next steps

• [x] Post a link to this issue in the #sitewide-content-sitewide-content-accessibility-ia slack channel and tag @Terry Nichols. We’ll reply within 24 hours to acknowledge receipt. We'll then review the artifacts in more detail and work with you to determine timing for collaboration. Depending on the work, we may schedule a kickoff meeting to better understand how we'll partner together.
• [x] Review the remaining next steps in the VFS team tasks section here.

Tasks

### VFS team tasks
- [ ] **If you also need engineering support from the public websites team**, fill out their intake request form as well.<br> [Open a public websites intake request](https://github.com/department-of-veterans-affairs/va.gov-team/issues/new?assignees=Public+Websites%2C+Sitewide+content&labels=vsa-public-websites%2C+vsa%2C+vsa-public-websites-intake%2C+sitewide-content%2C+needs-grooming&template=public-websites-intake.md&title=%3CType+of+Request%3E+from+%3CTeam%3E)
- [ ] **If you're requesting a page/URL redirect, a URL change, or a vanity URL**, submit an additional request for this work. <br> [Open a redirect, URL change, or vanity URL request](https://github.com/department-of-veterans-affairs/va.gov-team/issues/new?assignees=jennymayoco%2C+jilladams%2C+RLHecht&labels=sitewide+CAIA%2C+Sitewide+IA%2C+Public+Websites%2C+VA.gov+frontend%2C+Redirect+request&projects=&template=redirect-request.md&title=Redirect+Request)
- [ ] **If you're creating an experimental design**, also contact the design system team. <br> [Read more about experimental designs](https://design.va.gov/about/contributing-to-the-design-system/experimental-components-and-patterns#what-is-an-experimental-component-or-pattern?) <br> [Suggest an addition or update to the design system team](https://design.va.gov/about/contributing-to-the-design-system/suggest-an-addition-or-update)
- [ ] **If you're requesting a11y support for usability research**, submit a research support request next. <br> [Open an a11y research support request](https://github.com/department-of-veterans-affairs/va.gov-team/issues/new?assignees=coforma-terry%2Cangelafowler82&labels=508%2FAccessibility%2C+sitewide+CAIA%2C+sitewide+accessibility%2C+CAIA-a11y-research&template=caia-a11y-research.yaml&title=%5BCAIA+A11y+Research%5D%3A+Team+name%2C+product+name)

### CAIA operations
- [x] Initial Review - @coforma-terry and @strelichl

### CAIA a11y tasks

### CAIA content tasks
- [ ] https://github.com/department-of-veterans-affairs/va.gov-team/issues/75327

### CAIA IA tasks

[laurwill]

Hi @fmccaf1 , it sounds like the issue these users are having is that their Login.gov or ID.me account is not connected to My HealtheVet. The good news is that we have a new R&S page nearly ready to publish that tells people how to fix this exact issue!

I'll update here when that page is live (hopefully by tomorrow), and then we can suggest language for this alert to briefly explain the problem and link users to that page.

We also have in-process updates to the Verify your identity page that will address the possible confusion you pointed out here — those changes still need final approval from the sign-in comms working group, but we hope to be able to publish them very soon.

[dcloud]

@laurwill Did that page go live last week? If so, could you point us to URLs or the updated content?

[laurwill]

Hi @dcloud , yes, here's the live page: https://www.va.gov/resources/how-to-use-your-logingov-or-idme-account-to-access-my-healthevet/

We'll be publishing some relevant updates to the Verifying your account page today and again later this week as well. I'll update you when those changes are live.

[dcloud]

Thanks for sharing that, that's some good content to know about. I think what might help for the Cartography team's scenario are the updates to the "Verify your identity page".

The scenario we are trying to solve is for veterans trying to access MHV tools on https://www.va.gov/my-health/, and in particular veterans who were frustrated while trying to use a new id.me/login.gov account (that they hadn't verified). Some of those veterans have My HealtheVet Premium accounts and could use those in the past, but have been seeing guidance to switch to an id.me or login.gov account.

I think the content proposed in this ticket was intended to reduce frustration for people who wanted to get something done right away, letting them know that they could use their My HealtheVet Premium accounts if verifying their login.gov/id.me account wasn't something they wanted to do in the moment.

The page you shared appears intended to help veterans log into the MHV "National Portal", given the links to https://www.myhealth.va.gov/ … which is a different scenario than the one we are working through. But again, good to know about!

[laurwill]

Hi @dcloud , the page I shared is actually to help people sign in to either the MHV health tools on VA.gov, or the MHV tools on myhealth.va.gov. It's for 2 groups:

• People who have a verified Login.gov or ID.me account but haven't connected it to the MHV system that allows them to access health tools
• People who don't have any type of verified account (no Login.gov, ID.me, or Premium MHV)

It sounds like your message is intended for a third group: People who have Premium MHV, but are currently signed in with an unverified Login.gov or ID.me account. Is that correct?

[dcloud]

Yes, we had feedback from people who have been using MyHealth eVet for years, and were told to create a login.gov or id.me account. They created those new accounts, but haven't verified their identities with those accounts.

I'm not sure what "haven't connected it to the MHV system" means. As far as I know, any veteran who has been registered at a VA facility could have access to health tools, regardless of whether they had an MHV account now or in the past. Perhaps this is something I should discuss with @batemapf

[fmccaf1]

Thanks @dcloud for taking on explaining here while I was trying to wrap up some higher priority work. And @laurwill thanks for providing this helpful info.

Daniel is exactly correct that the use case we're trying to solve for is a third option: User has created a Login.gov/ID.me account based on VA.gov's or MHV's urging, and then are not able to login to MHV anymore (their obstacle seems to be that they are not able or willing to verify their identity at the moment they're trying to login to MHV).

[laurwill]

@fmccaf1 are you able to tell if the person getting this "Verify" message also has a Premium MHV account? Or would we need to show that part of the message to everyone, and include the "if you have a My HealtheVet account" conditional?

[fmccaf1]

I'm sorry for the delay here @laurwill. I could ask our developers to double-check but that is the sense I've gotten from reading user feedback, that prior to getting this new login type, they were able to access MHV tools without issue, which would require a Premium account.

[laurwill]

Ah sorry, my question was unclear — I'm wondering if we can segment the user groups to show more tailored messages. So can we show 2 different versions of this message to:

1. Users who have Premium MHV accounts, but signed in with an unverified Login.gov/ID.me
2. Users who don't have Premium MHV accounts and signed in with unverified Login.gov/ID.me

[fmccaf1]

Oh I see. Yes! I know that we are able to segment users in that way so they will see different versions if needed, however it sounds like at this point that data is not "in state" and would require too much of an engineering lift than my team is able to offer right now. The content I originally drafted was intended to be read by both segments. I'm curious if it seems like that copy is missing something that is needed to improve UX for one of those segments?

[laurwill]

Hi @fmccaf1 , we have some updated text to suggest here. But first want to check, have you confirmed with Carnetta and Tom Black that this solution (signing out and signing back in with Premium MHV) will work? I have no reason to think it won't, just want to make sure they're aware of this planned messaging. If not, I'll loop them in to confirm. Thanks!

[fmccaf1]

Hi @laurwill, great to hear!! I have not confirmed with Carnetta and Tom Black. If you're okay to loop them in, that would be great. Thanks for keeping this work moving forward!

[laurwill]

Hi @fmccaf1 , I copied you on my email to Carnetta and Tom, and Carnetta clarified that ~400,000 Premium MHV users don't have a separate MHV user ID and password, so they wouldn't be able to use this workaround. But I think it's likely those users already have verified Login.gov or ID.me accounts. Waiting for Carnetta to confirm that piece.

In the meantime, here's suggested updates to the content. Let me know if you want to chat! (Note we adjusted the time to verify based on more recent estimates.)

Verify your identity to use your ID.me account on My HealtheVet We need to make sure you’re you—and not someone pretending to be you—before we can give you access to your personal and health-related information. This helps us keep your information safe and prevent fraud and identity theft.

ID.me will ask you for certain personal information and identification. This one-time process often takes about 10 minutes.

[link] Verify your identity

If you have trouble verifying your identity [additional info] Get answers to common questions about verifying your identity

Or, if you have a Premium My HealtheVet account with a My HealtheVet user ID and password, you can sign out and then sign back in with that account to access My HealtheVet.

[fmccaf1]

I saw those emails. Thanks so much Laura. I really appreciate you reaching out to those folks and sending this new content.

I have one question given this new content: I'm assuming that in the near future we'll want to add copy here that recommends that people do go about verifying their identity and that this strategy of signing out and signing back in with MHV credentials is just a solution for now. Is that something you'll reach out to me and offer an update? Or maybe you've decided that this messaging doesn't need to be here. Curious whatever your take might be on this issue.

[laurwill]

Yes thanks for raising that! You're right that this messaging (and quite a lot of sign-in messaging across the site) will change soon — I'll update you when we get approval to make that messaging shift, and we can work out a new version for this.

[wesrowe]

@laurwill, I wonder if a key UX point got lost in the back and forth here. We think that the particular copy below might feel inappropriate to the longtime MHV users in our use case:

We need to make sure you’re you—and not someone pretending to be you—before we can give you access to your personal and health-related information. This helps us keep your information safe and prevent fraud and identity theft.

In their feedback these longtime MHV users are frustrated and even indignant, "you know dang well who I am!" Of course, they have not seen this alert yet, so they're not responding to the copy you suggested. However, given the sensitivity, I would err on the side of caution and make the text as much as possible about "the login/identity you provided" and not simply "you" for the MHV landing page use case. (FYI, this same alert will be used on tool landing pages too, e.g. secure messaging, for the case where users come in through a side door like email.)

Florence's original suggested copy for our alert made it clearer that the "you" that we're talking about is the user's "account":

Before we can give you access to your personal and health-related information, we need to verify your identity for this account

If we go with something closer to your version, I think we would do well to adapt it to be clearly about the identity/login provided and not the Veteran themselves. Do you see where I'm coming from? Happy to jump on a zoom as well.

[laurwill]

Hi @wesrowe , great point! I had missed that part of the issue here. Here's a version I chatted through with Danielle:

Verify your identity to use your ID.me account on My HealtheVet Our records show that you haven't verified your identity for your ID.me account. We need you to verify your identity for this account to help us keep your information safe and prevent fraud and identity theft.

ID.me will ask you for certain personal information and identification. This process often takes about 10 minutes.

[link] Verify your identity

And if it's possible to segment the audience more in the future, it might be nice to show a more tailored version to people who for sure already verified through MHV, acknowledging that we're asking them to verify for a second time. Let me know if you have any questions or want to chat more!

[wesrowe]

Thanks, Laura. We've inquired about segmentation, but it doesn't seem like the platform is capable of informing apps about a user's other identity.

[wesrowe]

@laurwill, taking a closer look... you provided alert content. what about the additonal-info component? If I'm not mistaken, we still need that. (Scanning the comments, it seems like the focus has been on the alert content.)

[wesrowe]

PS: this is the language from an earlier draft that has been dropped from the latest language shared yesterday (starting with the CTA Link):

[link] Verify your identity

If you have trouble verifying your identity [additional info] Get answers to common questions about verifying your identity

Or, if you have a Premium My HealtheVet account with a My HealtheVet user ID and password, you can sign out and then sign back in with that account to access My HealtheVet.

[laurwill]

Whoops, yes, no changes to the addtl info content! I omitted that by mistake.

[laurwill]

Hi @fmccaf1 @wesrowe ,

@sterkenburgsara triggered this version of this alert in production:

This should only be showing for people who sign in with unverified ID.me and Login.gov accounts, not for MHV or DS Logon, right?

[wesrowe]

@laurwill, I can verify that the alert swaps in the auth method the user actually used in the headline, i.e., "Verify your identity to use your [auth method name] account..."

Can you say more about what your concern is, though?

[laurwill]

Hi @wesrowe , the concern is this:

• For users signed in with unverified ID.me or Login.gov, the "Verify your identity" link takes (or is supposed to take) users to the verification flow for the account they are already signed in with. So the content in the alert makes sense in those 2 use cases.
• For users signed in with MHV or DS Logon, I have no idea where that link would go — there is no current online verification pathway for those account types. We no longer direct users to create or upgrade DS Logon accounts. And to get a "verified" status for an MHV account online, you actually create a Login.gov or ID.me account, verify that account, and then connect it to your health information. So where is that "verify your identity" link going in the MHV case? Does it take them to ID.me or Login.gov to create a new account? Which one does it take them to?

[asg5704]

Hello @wesrowe and @laurwill To answer your questions about users signed in with MHV or DS Logon, when they navigate to the /verify page using the "verify your identity" link. The user will be prompted with two buttons to start the identity verificaiton process with: ID.me and Login.gov (see previous Slack thread)

The second thing I wanted to bring up was the content (below) which I believe should be updated to include both ID.me and Login.gov, not just referencing ID.me for "verifying identity".

Verify your identity to use your ID.me account on My HealtheVet We need to make sure you’re you—and not someone pretending to be you—before we can give you access to your personal and health-related information. This helps us keep your information safe and prevent fraud and identity theft.

ID.me will ask you for certain personal information and identification. This one-time process often takes about 10 minutes.

[link] Verify your identity

If you have trouble verifying your identity [additional info] Get answers to common questions about verifying your identity

Or, if you have a Premium My HealtheVet account with a My HealtheVet user ID and password, you can sign out and then sign back in with that account to access My HealtheVet.

[sterkenburgsara]

@asg5704 this is in a scenario where a user logged in already with an ID.me LOA1 account. We're asking them to id-proof it so that it is LOA3 and we can display authenticated data on VA.gov.

We have an alert displaying conditional logic, that pulls the sign-in credential name (ID.me or Login.gov) based on what the user has already started with. Does that make sense? Do you have concerns about that?

[sterkenburgsara]

Including this Slack thread re: MHV basic accounts needing content for a separate design

[asg5704]

Hello @sterkenburgsara yes that makes sense however the actual component update in the Pull Request does not reflect the dynamic sign-in credential name.. it ONLY mentions ID.me (see this PR)

[sterkenburgsara]

@laurwill & @DanielleThierryUSDSVA now I think we need yet another alert that will show up once users have ID-proofed their login.gov or ID.me accounts but haven't registered with MHV National portal to get connected with the API. I'll try to mock that in our Figma file here before you all sync at 3pm today!

[sterkenburgsara]

@asg5704 thank you for pointing me to that! We will fix! cc @jzucadi can you update the PR to include conditional logic?

[jzucadi]

@asg5704 @sterkenburgsara sorry, I don't follow. What is the desired copy that should be displayed? What is the conditional logic for again?

[asg5704]

Sure @jzucadi I will make a comment in your PR for what needs to be updated.