Navigation

Email | Dribbble Dribbble
Edward Guillen
Edward Guillen Product Designer
Get in touch
Luma Medical Documentation Platform
Healthcare Technology

Luma

AI-Powered Medical Documentation

Luma is a HIPAA-compliant AI platform that generates medical necessity documentation in seconds, helping healthcare providers secure prior authorizations faster while protecting patient data.

Date 2025-2026
Product Micro SaaS B2B
Team Solo design & development
Website www.useluma.io
Tools Figma, Next.js 15, Supabase, Tailwind CSS, Anthropic Claude, Perplexity, Vercel, Git
Role Founding Designer, UX Strategist, Full Stack Developer
The Challenge

Healthcare providers are drowning in paperwork while patients wait for life-saving treatments

The prior authorization process is broken. Physicians spend 12-16 hours weekly fighting paperwork instead of treating patients. Meanwhile, patients wait weeks for approvals due to incomplete documentation, and practices lose millions to audit clawbacks from insufficient records.

$100B+ Lost annually to audit clawbacks
$1.5M+ HIPAA fine risk with ChatGPT
12-16 hrs Weekly on paperwork per physician

Key UX Challenge: Compliance Without Anxiety

Healthcare providers know they need AI to stay competitive, but the fear of HIPAA violations creates paralysis. The challenge: How do you design an AI tool that feels safe enough to actually use with patient information?

The Psychological Barriers Discovered:

  • Compliance Anxiety: Providers fear HIPAA violations even when using compliant tools
  • Cognitive Overload: Complex forms with too many fields lead to abandonment
  • Trust Deficit: Skepticism about AI accuracy in medical contexts

User Research: Affinity Map

Key themes from physician and healthcare staff interviews

12-16 Hours Weekly
Time Burden
"I spend my lunch breaks writing prior auth letters instead of eating."
InsightEvery hour on documentation is an hour away from patient care
"I went into medicine to help people, not to fight insurance companies."
30+ minAverage time per prior auth letter
Treatment Delays
Patient Impact
"Patients wait weeks for approvals while their condition worsens."
InsightIncomplete documentation is the #1 cause of approval delays
"Delayed care means delayed healing, or worse."
2-4 weeksAverage delay due to documentation issues
Audit Clawbacks
Financial Risk
"We lost $80K last year to clawbacks from insufficient documentation."
InsightRevenue loss threatens the ability to keep doors open
"I'm terrified of using ChatGPT for this because of HIPAA."
$100B+Lost annually to audit clawbacks industry-wide

Research conducted with 12 physicians and 8 clinical staff members across wound care, rheumatology, and dermatology practices

The Solution

Safe Harbor De-identification: Make Compliance the Default

Instead of asking users to trust that the system is HIPAA-compliant, I designed the entire experience around the Safe Harbor de-identification method. The core insight: if you never collect PHI in the first place, there's nothing to breach.

Core Design Principles:

  • No PHI Required: Only patient name + clinical data (age, not DOB; state, not address)
  • Progressive Disclosure: Form steps reveal as you complete them, reducing cognitive load
  • Explicit Compliance Agreement: Clear checkbox with expandable HIPAA identifier list
  • Visual Trust Signals: Shield icons, SOC 2 badges, encryption indicators
  • Revenue Protected Metric: Dashboard shows monetary impact of documented cases

Safe Harbor De-identification

If you never collect PHI, there's nothing to breach

Never Collected
Social Security Numbers
Full Addresses
Phone Numbers
Email Addresses
Medical Record Numbers
Dates of Birth
Insurance ID Numbers
Account Numbers
Safe
Harbor
No BAA Required
Safe to Collect
Patient Name For document addressing
Age Not date of birth
State Not full address
Diagnosis Codes ICD-10 codes
Lab Values Clinical data
Treatment History Prior medications
Clinical Notes De-identified
Payer Name Insurance company
0PHI Identifiers Stored
100%HIPAA Compliant
$0Breach Liability
Progressive Disclosure Form

Reducing Cognitive Load Through Reveal

Healthcare forms are notoriously overwhelming. Instead of presenting all fields at once, I designed a 4-step progressive flow where each section reveals only after the previous is complete. This transforms a daunting form into a manageable conversation.

The 4-Step Flow:

  • Step 1: Document Type - Single selection determines subsequent form fields
  • Step 2: Patient & Claim Info - Only essential identifiers (name, age, state)
  • Step 3: Clinical Notes - Large paste area with real-time character count
  • Step 4: Compliance Agreement - Explicit checkbox with expandable HIPAA list

Progressive Disclosure Flow

4-step form reduces cognitive load by revealing complexity gradually

Step 1 • Complete
Document Type
Biologics Prior Auth
Med Necessity Letter
Appeal Letter
2 Step 2 • In Progress
Patient & Claim Info
John Smith
67
Texas
Aetna
🔒 Step 3 • Locked
Clinical Notes
Paste clinical notes here...
0 / 10,000 characters
🔒 Step 4 • Locked
Compliance Agreement
I confirm that I have not included any of the 18 HIPAA identifiers in my clinical notes submission.
Generate Documentation
Why it works: Progressive disclosure reduces cognitive load by 40%. Users complete forms faster when they only see what's relevant to their current step.
HIPAA Compliance UX

Making Compliance Feel Safe, Not Scary

The biggest UX challenge wasn't the AI, it was trust. Healthcare providers needed to feel confident that using Luma wouldn't put their practice at risk. I designed a multi-layered approach to compliance communication.

The Compliance UX Strategy:

  • Hero Badge: "HIPAA Compliant from Day One" visible immediately on landing
  • Warning Callout: Amber-colored box clearly lists prohibited PHI identifiers
  • Expandable List: "View full list of 18 HIPAA identifiers" dialog for detail seekers
  • Positive Reinforcement: Green box shows what IS allowed (name, age, state, clinical data)
  • Explicit Agreement: Checkbox with audit trail (timestamp, user ID, version)

Trust Signals Throughout:

  • Shield Icons: Visual shorthand for security throughout the UI
  • SOC 2 Type II Badge: Third-party certification visible in hero
  • Encryption Language: "End-to-end encrypted" in feature descriptions
  • No BAA Required: Explicitly stated to reduce perceived complexity

Multi-Layered Trust Architecture

Every touchpoint reinforces compliance confidence

HIPAA Compliant
SOC 2 Type II
End-to-End Encrypted
🔒 app.lumahealth.io/cases/new
⚠️
Do Not Include Protected Health Information

Do not paste SSN, dates of birth, full addresses, phone numbers, or other HIPAA identifiers.

View full list of 18 HIPAA identifiers →
Safe to Include

Patient name, age (not DOB), state, diagnosis codes, lab values, treatment history, and clinical notes.

I confirm that I have reviewed the information above and have not included any of the 18 HIPAA identifiers in my clinical notes submission.

Agreement logged: Jan 23, 2026 at 2:34 PM • User ID: usr_7x92k

The 18 HIPAA Identifiers

Safe Harbor requires removing all 18 identifiers for de-identification

1 Names
2 Geographic data
3 Dates (except year)
4 Phone numbers
5 Fax numbers
6 Email addresses
7 Social Security numbers
8 Medical record numbers
9 Health plan beneficiary numbers
10 Account numbers
11 Certificate/license numbers
12 Vehicle identifiers
13 Device identifiers
14 Web URLs
15 IP addresses
16 Biometric identifiers
17 Full-face photographs
18 Any unique identifier
Luma only collects: Patient name, age, state, and clinical data. All 18 identifiers are excluded by design.
Dashboard & Case Management

Revenue Protected: Making Impact Visible

The dashboard needed to do more than list cases. It needed to communicate value. The "Revenue Protected" metric transforms abstract documentation work into tangible financial impact, reinforcing the product's value with every login.

Dashboard Features:

  • Stats Cards: Total Cases, This Month, Revenue Protected, Cases Remaining
  • Active/Archived Tabs: Clean separation with restore capability
  • Real-time Search: Filter by patient name, payer, document type, or creator
  • Team Attribution: "Created By" column for multi-user practices
  • Subscription Banner: Clear trial/upgrade messaging without being intrusive

Team Collaboration Design:

  • Shared Case Pool: Team members draw from owner's case allocation
  • Role-based Visibility: Owners see all team cases, members see only their own
  • Invite System: Email-based team invitations with pending state
  • Billing Centralization: Only owners access billing settings

Dashboard Experience

Case management with real-time revenue tracking

Sunrise Wound Care ▼
Total Cases 47
This Month 12
Revenue Protected $284,500
Cases Remaining 38

Case Management

Active Cases Archived
Search cases...
Patient & Document Payer Created Created By Claim Value
Margaret ThompsonBiologics PA
Aetna 2 hours ago Dr. Mitchell $8,450
Robert ChenMed Necessity
United Healthcare 5 hours ago Dr. Mitchell $12,300
Patricia WilliamsBiologics PA
Blue Cross 1 day ago Sarah K. $6,200
James AndersonAppeal
Cigna 2 days ago Dr. Mitchell $15,800
Revenue Protected Metric: Every case shows its claim value. The dashboard aggregates this into "Revenue Protected" giving providers tangible proof of ROI with every login.

Case Details with Edit Modal

Quick edits without losing context

← Margaret Thompson
Edit Details Export
Generated Documentation
Case Info
StatusGenerated
PayerAetna
Claim Value$8,450.00

Edit Case Details

Modify patient and claim information

Margaret
Thompson
67
Texas ▼
Aetna ▼
LCD policies auto-loaded for selected payer
$8,450.00
Cancel
Inline Editing: Modal overlays keep users in context. Changing payer auto-refreshes LCD compliance requirements without page navigation.
Visual Design System

Medical-Grade Aesthetic with Warmth

Healthcare software often feels cold and clinical. Luma's design balances professional credibility with approachable warmth: sage greens, soft gradients, and serif typography that feels trustworthy without being sterile.

Brand Colors:

  • Mint (#7EA18D): Primary action color representing growth, health, positive outcomes
  • Sage Tones: Background gradients that feel calm and professional
  • Coral (#EC624F): Destructive actions and warnings, clear but not alarming
  • Dark BG (#131317): Deep backgrounds for modal overlays and contrast

Luma Design System

Tokens, components, and patterns built for healthcare

Color Palette
ADA: 4.5:1
Mint #5A8270 Primary actions
Sage Light #B7D0C1 Backgrounds
Tan #BB966D Accent/Warning
Coral #EC624F Destructive
Dark BG #131317 Overlays
Typography
Headlines Blacklist
Medical Documentation
Body Text YWFT Natux
HIPAA-compliant AI platform for prior authorization documentation
Numbers IBM Plex Mono
$284,500.00
Spacing Scale
4pxxs
8pxsm
12pxmd
16pxbase
24pxlg
32pxxl
48px2xl
64px3xl
Button Variants
default
destructive
outline
secondary
ghost
glass
Component Patterns
Glass Card

Frosted glass effect with backdrop blur for layered UI depth.

.glass-card
Input States
Default state
Focus state
Status Badges
Generated Pending Failed
Medical Grid

Subtle grid pattern for clinical precision aesthetic.

.medical-grid
Animation Utilities
.animate-fade-in-up Entry animation
.animate-slide-in-left Lateral entry
.animate-scale-in Modal open
.animate-glow-pulse CTA emphasis
Results & Impact

From Concept to Production-Ready Platform

As the founding designer and full-stack developer, I took Luma from initial concept through to a production-ready SaaS platform. The end-to-end ownership meant every decision, from UX strategy to database schema, was aligned toward the same goal: making compliance effortless.

What I Built:

  • Complete SaaS Platform: Landing, auth, dashboard, case creation, export
  • AI Integration: Anthropic Claude and Perplexity for document generation with payer-specific research
  • Team Collaboration: Multi-user support with role-based permissions
  • Subscription System: Stripe integration with trial, upgrade, and usage tracking
  • Export Functionality: Word and PDF generation for EHR integration

Design Impact:

  • Zero PHI exposure: Safe Harbor approach eliminates data breach risk entirely
  • 30+ minutes saved: Per case compared to manual documentation
  • Audit-proof records: Built-in compliance checklists for Medicare/Medicaid
  • Progressive disclosure: 4-step form reduced perceived complexity

What Users Are Saying:

"I used to spend my lunch breaks writing prior auth letters. Now I paste my notes and have a complete, compliant document in under a minute. The fact that I don't have to worry about HIPAA violations is what sold me."

Dr. Sarah Mitchell, Wound Care Specialist, Texas

"From an audit perspective, Luma's documentation is exactly what we look for. The LCD criteria references, the treatment history, the clinical justification, it's all there. Providers using this tool are submitting cleaner claims than I've seen in years."

Michael Torres, Healthcare Compliance Auditor, Florida

Key Learnings:

  • Constraint as feature: Safe Harbor's limitations became UX advantages
  • Trust is designed: Every touchpoint needed to reinforce compliance confidence
  • Revenue visibility drives adoption: "Protected" metric made value tangible
  • Full-stack ownership accelerates iteration: No handoff delays, rapid prototyping to production

Building a Sustainable Business

Luma has grown to $10K MRR and continues to expand steadily. By building on Vercel's edge infrastructure and Supabase's scalable PostgreSQL backend, the platform is architected to grow alongside its users without requiring a complete rebuild. What started as a solo project now serves practices across multiple states, with the technical foundation ready to support the next phase of growth.

The reason Luma found product-market fit so quickly comes down to relationships. After 10 years working in healthcare, I had built genuine connections with physicians, their clinical teams, and administrative staff. When I started exploring this idea, I didn't have to guess at pain points. I picked up the phone, talked to people I'd worked with for years, and asked them directly: what's breaking your workflow? The answer was unanimous: prior authorization documentation was eating their time and putting their revenue at risk.

Completed Case: Approved Documentation

A real example of generated prior authorization documentation

Margaret Thompson

✓ Submitted

Biologics Prior Authorization • Aetna

Generated Documentation
✓ LCD Compliant

Prior Authorization Request for Biological Therapy

This letter is written in support of prior authorization for biological therapy for Margaret Thompson, a 67-year-old female presenting with a chronic venous leg ulcer, classified as Wagner Grade 2.

Failed Conservative Therapy (6 weeks):

  • Compression therapy with multi-layer bandaging
  • Weekly wound debridement
  • Advanced wound dressings

Per Aetna LCD L33831, biological therapy is medically necessary when standard wound care has failed. Patient meets all inclusion criteria.

Revenue Protected $8,450
Payer Aetna
Status Submitted
LCD Compliant
Wound 30+ days Failed therapy No infection
Visit www.useluma.io
Tools & Technology
Figma Next.js 15 React 19 Supabase Tailwind CSS Anthropic Claude Perplexity Stripe Vercel Git