CVS Health: Architecting compliance-first, e-commerce flows
Strategic focus:
Compliance-first service blueprinting
Domain expertise:
Regulated healthcare / pharmacy e-commerce
Project duration:
9-month strategic initiative
Platform scope:
Enterprise e-commerce platform
Exploration & Discovery
The Regulatory Landscape & User Friction
I began by auditing the existing "in-store only" purchase flow for regulated items to identify why users were abandoning the journey. The primary friction point wasn't just the legal requirement itself, but the "black box" nature of the verification process—users were hesitant to share sensitive data like SSNs or biometrics without clear context or trust indicators. My goal was to move beyond a binary "pass/fail" gate and design an informative, transparent bridge between the CVS e-commerce experience and the third-party verification layer.
Stakeholder Alignment & Requirement Gathering
To navigate the strict state-by-state legalities, I led a series of discovery workshops with Legal, Pharmacy Operations, and Compliance teams. The objective was to codify a massive matrix of variable purchase limits into a single, unified logic for the digital cart. By documenting these requirements early, I ensured that the technical architecture would support complex conditional triggers—such as real-time age verification—without requiring a manual overhaul for every new state regulation.
Competitive Audit & Mental Models
I conducted a competitive analysis of other high-stakes verification flows, specifically focusing on how federal and state agencies utilize ID.me for digital identity handoffs. I discovered that a major pain point in these journeys is the "context switch"—the moment a user is redirected to a third-party site and feels they have lost the security of the primary brand. To solve this, I researched mental models surrounding "Co-Branded Trust," leading me to design a persistent CVS-branded header and a clear progress tracker that remained visible even while the user was interacting with the ID.me verification layer.
UX Design Process
Architecting the Conditional Logic
The core challenge was not the UI, but the background logic that governed when and how the ID.me verification would trigger. I led the design of the information architecture to handle complex conditional checks: the system had to verify the user's state, check real-time federal purchase logs, and confirm age requirements before the user even reached the cart. This "background-first" approach ensured that we didn't waste the user's time with a verification flow if the item was out of stock or if they had already reached their legal purchase limit for the month.
The Iteration: Solving the "Verification Wall"
During initial internal reviews, a "failed" iteration involved placing the ID.me verification immediately after a user added a PSE item to their cart. Feedback from technical working sessions revealed that this created a massive "drop-off" point because users weren't yet mentally committed to the final purchase. I pivoted the strategy to move the verification "gate" to the final checkout stage, treating it as a standard security step rather than an immediate barrier. This shift maintained e-commerce momentum and aligned with the user’s mental model of "signing off" on a regulated transaction.
Collaborative QA & Engineering Alignment
Because this project involved high-stakes data passing between CVS and ID.me, I facilitated direct working sessions with Engineers to perform real-time QA. We focused on "edge case" management—such as what happens if the third-party API times out or if a user’s session expires mid-verification. By designing custom error states and "resume journey" triggers, we ensured that the technical constraints of the integration didn't result in a broken user experience.
Strategic Impact: Quantified Results and Systemic Value
Quantified Revenue & Market Reach
The successful launch of this initiative immediately unlocked a multi-million dollar revenue stream by digitizing a previously restricted, in-store-only sales channel. By reducing the friction of the ID.me verification process, we successfully validated that mandatory compliance checks did not lead to high cart abandonment rates. This ensured that CVS could fulfill high-demand customer needs across the enterprise while maintaining a seamless e-commerce experience.
Compliance Assurance & Risk Mitigation
Working at the intersection of Legal and Engineering, I ensured the flow achieved 100% compliance success during both launch and post-launch audits. By accurately managing real-time state and federal law requirements through the ID.me integration, we mitigated high-stakes legal risks for the company. The system was robust enough to handle the complex validation logic required for millions of potential transactions without error.
DesignOps & Systemic Scalability
Beyond the immediate product launch, I integrated the new compliance components into our core Design System, which is estimated to reduce the time-to-market for future regulated products by 30%. This upfront Service Blueprinting methodology provided a single source of truth that drastically reduced internal friction between Legal, Pharmacy Operations, and Engineering teams. This created a repeatable framework for CVS to tackle future regulatory challenges with greater speed and consistency.
Learnings
- The Power of Early Alignment: This project reinforced that in a highly regulated environment, "Design" begins in a workshop with Legal and Engineering, not in Figma.
- Cross-Functional Advocacy: I learned that as a Senior Designer, my role is often to serve as a translator between technical API constraints and user-centricity.
- Future Opportunity: If I were to iterate on this today, I would explore further "pre-verification" options to notify users of their eligibility even earlier in the discovery phase, further streamlining the path to purchase.
