Bygger på:Konstant och kontextuellt↗ Foundation

Aleris Anti-Patterns — What We Do Not Build

Guardrails for AI-assisted development and design review. These describe patterns that harm the patient, their data, or their experience — patterns that may appear reasonable in isolation but are destructive in a healthcare context.

This document has the same status as the enforcement rules in the patient product design guidelines. When implementing an Aleris product, treat every anti-pattern as a hard constraint. If a design brief or feature request conflicts with an anti-pattern, surface the conflict — do not resolve it by ignoring the anti-pattern.

Primary audience: AI assistants (Claude Code, Claude Projects) implementing Aleris products, and designers reviewing implementations. Written as machine-readable constraints, not design education.

How to read this

Each anti-pattern follows the same structure:

  • Pattern name — a short, referenceable label.
  • Never — the specific behavior that is prohibited.
  • Because — the harm it causes in a healthcare context. This exists so the implementing agent can explain why it is refusing a request, and so a reviewer can assess edge cases against the underlying reason.
  • Instead — the compliant alternative.

The Anti-Patterns

1. Consent Asymmetry

Never make it visually or interactionally easier to consent than to decline. This includes: making the consent button more prominent (larger, colored, positioned first), requiring more steps to decline than to accept, using confirmshaming language on the decline option, or pre-selecting consent checkboxes.

Because patients in healthcare flows are stressed, often unfamiliar with digital interfaces, and may not fully understand what they are consenting to. Any friction asymmetry between accepting and declining exploits that vulnerability. Under GDPR, consent for health data processing must be freely given — a design that nudges consent undermines the legal validity of that consent.

Instead present consent and decline as visually equal options. Same size, same prominence, same number of steps. If consent requires explanation, the explanation appears before the choice — not as a consequence of choosing to decline.

2. Cost Burial

Never place price information, payment triggers, or financial commitments later in a flow than the point where the patient has invested emotional or practical effort. Do not hide costs behind expandable sections, downstream pages, or conditional reveals.

Because a patient who has completed intake forms, uploaded referrals, or progressed through a care flow has made a psychological investment. Revealing costs after that investment exploits sunk-cost bias. In healthcare, where the patient may feel they have no alternative, this pressure is amplified. The patient should never feel that they have been led into a financial commitment.

Instead surface cost information at the first point where the patient could reasonably ask "what will this cost me?" — typically before any data entry or intake action. If pricing is variable, show the range and the factors that determine it. If pricing is not yet known, say so explicitly and explain when it will be.

3. Urgency Fabrication

Never use countdown timers, limited-availability messaging, or time-pressure language to drive patient action — unless the urgency is clinically real and verifiable.

Because fabricated urgency in a healthcare context can cause patients to make medical decisions under artificial pressure. A patient choosing a procedure, a treatment track, or a consultation should decide based on their clinical situation and personal readiness — not because a UI element suggests the opportunity will disappear. Genuine clinical urgency (e.g., a referral validity window) is legitimate and should be communicated clearly — but as factual information, not as a pressure mechanism.

Instead if there is a real deadline (referral expiry, insurance coverage window, appointment availability), state it as a fact with the date and source. Do not style it as an alert or use alarm colors unless it is within 48 hours and clinically consequential. Never use language like "only X slots left" for appointment booking unless the number is accurate and updated in real time.

4. Obstacle Withdrawal

Never make it harder to cancel, pause, or exit a care flow than to enter it. This includes: requiring phone calls to cancel what was booked online, burying cancellation behind multiple navigation steps, asking for reasons before allowing cancellation, or adding confirmation dialogs that repeat the value proposition ("Are you sure? Your specialist is waiting").

Because patients must feel they can exit a care flow at any point without penalty or manipulation. A patient who feels trapped is a patient who has lost trust — and a patient who may avoid seeking care in the future. Asymmetric exit difficulty is the healthcare equivalent of a roach motel pattern, and it is particularly harmful when the patient is in a vulnerable state.

Instead any action a patient can initiate online, they can reverse or cancel online with equal ease. Cancellation flows should be at most the same number of steps as booking flows. Cancellation confirmation is one step: "Your appointment on [date] has been cancelled. You can rebook anytime." No persuasion, no friction.

5. Informational Hiding

Never withhold, obscure, or delay information that the patient needs to make an informed decision. This includes: hiding side effects or risks in expandable sections that are collapsed by default, placing important qualifying information in footnotes or tooltips, requiring navigation to a separate page for information that contextualizes a decision on the current page, or using medical jargon without explanation when plain language is possible.

Because informed consent requires actual informedness. A patient who technically had access to information but was architecturally discouraged from reading it has not been meaningfully informed. In healthcare, the consequences of uninformed decisions are clinical, not just commercial. The design system's progressive disclosure principle applies to complexity management, not to risk communication — risks and qualifying information must be visible at the point of decision, not progressively disclosed behind interaction.

Instead any information that qualifies, limits, or adds risk to a decision the patient is making appears inline, visible without interaction, at the point of decision. Use plain language. If medical terminology is necessary, explain it in parentheses on first use. Side effects and risks appear in the same visual hierarchy as benefits — not demoted to fine print.

6. Data Maximalism

Never collect more patient data than is required for the specific service being delivered. Do not add optional fields styled as required, bundle data collection for future marketing with clinical intake, or require account creation for services that could function without it.

Because patients in healthcare contexts often assume that every field on a form is medically necessary. They do not distinguish between clinical data collection and commercial data collection. Exploiting that assumption violates patient trust and likely violates GDPR's data minimization principle (Article 5(1)(c)). Every unnecessary field is a small betrayal of the implicit contract: "we are asking because your care requires it."

Instead collect only what the current service requires. If a field is optional, label it "valfritt" / "optional" visibly. If data is collected for purposes beyond immediate care (e.g., service improvement, follow-up marketing), separate that collection into a distinct, clearly labeled step with its own consent — never bundled with clinical intake.

7. Default Escalation

Never pre-select the more expensive, more invasive, or higher-commitment option. This includes: defaulting to the most comprehensive insurance package, pre-selecting recurring appointments, pre-checking add-on services, or defaulting to the broadest data sharing consent.

Because defaults have disproportionate power. Research consistently shows that users accept defaults at very high rates. In healthcare, where patients are already uncertain and inclined to defer to the system's apparent recommendation, a pre-selected option functions as implicit medical advice. A pre-selected expensive option is financial manipulation. A pre-selected broad consent is a privacy violation.

Instead no pre-selection on any choice that has financial, clinical, or privacy consequences. Present options as an unselected list. If a recommendation is clinically appropriate, it can be labeled as such ("Rekommenderas av din läkare") — but it is not pre-selected.

8. Emotional Exploitation

Never use fear, guilt, shame, or social comparison to drive patient action. This includes: confirmshaming copy ("Nej, jag vill inte ta hand om min hälsa"), progress-shaming ("Du har inte slutfört din hälsoprofil"), fear-based nudges ("Vänta inte tills det är för sent"), or displaying other patients' activity to create social pressure.

Because patients arrive with their own anxiety, exhaustion, or shame — particularly in sensitive areas like weight management, mental health, or conditions they have struggled with. Design that amplifies negative emotions to drive conversion is harmful in any context; in healthcare, where the emotional baseline is already loaded, it is unconscionable. The Aleris brand promise is "den nära experten" — a knowledgeable colleague does not shame you into action.

Instead motivate through clarity and support. "Du har tre steg kvar i din förberedelse" is informational. "Din specialist ser fram emot ditt besök" is warm. Neither exploits emotion. When a patient hasn't completed an action, a neutral reminder with a clear next step is sufficient. No emotional manipulation.

9. Exit Penalty

Never penalize a patient for choosing a less profitable path. This includes: degrading the experience for patients who decline upsells, showing reduced functionality to patients who choose a basic service level, removing access to information that was visible before a commercial decision point, or making the "free" or "basic" option visually inferior.

Because every patient receives the same quality of care and the same quality of digital experience, regardless of their commercial choices. A patient who declines additional services should not receive a lesser product. Healthcare products are not freemium software — the patient's clinical experience must not be contingent on their spending.

Instead service tiers, where they exist, differ in scope — not in quality. A patient on a basic path sees the same interface quality, the same information quality, and the same care signals as a patient on a premium path. The premium path offers more, not better.

10. Notification Coercion

Never use push notifications, emails, or SMS to create urgency, guilt, or anxiety. Never send notifications whose primary purpose is re-engagement rather than clinical relevance. Never require notification opt-in as a condition of using the service.

Because a notification from a healthcare provider carries implicit clinical authority. A patient who receives a push notification from Aleris will, at least momentarily, wonder if something is wrong. Exploiting that reflex for engagement metrics is a betrayal of clinical trust. Notifications in healthcare should only fire when the patient needs to know something for their care.

Instead notifications are sent only for clinically relevant events: appointment reminders, results available, action required for care progression, messages from care team. Marketing and re-engagement communication is separate, clearly labeled, and requires distinct opt-in. The patient can disable non-clinical notifications without affecting their care flow.

Smell Test — For Design Reviews and Shipping Checklists

These four questions compress the anti-patterns above into a quick assessment. Use them alongside the existing "Before Shipping a New View" checklist.

  1. Is there any action in this flow that benefits the business but whose consequences the patient might not fully understand? If yes — surface the consequences before the action.
  2. Is it easier to accept than to decline? If yes — equalize the interaction cost.
  3. Does this flow hide or delay information that would change the patient's decision? If yes — move the information to the point of decision.
  4. Does this flow require the patient to do something that is not necessary for their care? If yes — make it visibly optional or remove it.

Anti-Pattern Log

When an anti-pattern is caught in review or discovered in production, document it here briefly. Over time, this log builds a context-specific reference that supplements the principles above.

Date Product Pattern caught What was proposed What shipped instead

Relationship to Other Documents

  • ALERIS-DESIGN-WORKING.md — The anti-patterns operate at the same level as the Non-Negotiables in section 1. They describe what is prohibited; the working reference describes what is permitted and encouraged.
  • aleris-patient-product-design-guidelines.md — The enforcement rules and shipping checklist in that document are complementary. Anti-patterns extend the "what not to do" dimension that enforcement rules address for visual consistency into behavioral and ethical territory.
  • Healthcare UX skill — The healthcare UX principles provide the positive design direction. Anti-patterns are the inverse — the patterns that violate those principles in specific, identifiable ways.

First draft — March 2026. Torfinn Almers, Head of Design, Aleris Group. Grounded in Gray et al. dark patterns ontology (CHI 2023/2024), Brignull's deceptive patterns taxonomy, EU DSA/GDPR regulatory framework, and Aleris-specific product experience. Intended as AI context for implementation tools (Claude Code) and as review reference for design and development teams.