Building Software to Help Prevent Abuse Against Adults with Disabilities

Massachusetts Disabled Persons Protection Commission

The Massachusetts Disabled Persons Protection Commission (DPPC) protects adults with disabilities from the abusive acts or omissions of their caregivers through investigation oversight, public awareness, and prevention.  The DPPC Abuser Registry is intended to protect individuals with intellectual or developmental disabilities (“I/DD”) by barring care providers who have a substantiated finding of registrable abuse from working with other persons with intellectual or developmental disabilities. A substantiated finding of registrable abuse is a finding by the DPPC, after investigation and opportunity to appeal, that a care provider abused a person with I/DD.

A care provider is a person who is employed by, or contracts with, the Department of Developmental Services (“DDS”) or an Employer who provides services or treatment to persons with I/DD. Care providers include all current and prospective caretakers in any program licensed, contracted, or funded by DDS to provide services and support to persons with intellectual or developmental disabilities. Care providers can include volunteers, interns, work-study participants, or any other similar unpaid positions.  The DDPC Abuser Registry is a web based tool for employers to look up individuals to determine if they have a substantiated finding against them.

DPPC Cover

The Challenge

There are currently more than 500 organizations required to access the registry and check on thousands of prospective employees each year to ensure that individuals with intellectual or developmental disabilities are protected from caretaker abuse. The original system was built using Unity Client (frontend) and Onbase (backend/database) was outdated and unable to scale.

The Solution

The Gnar Company provided a comprehensive product team consisting of a product manager, product designer, three software engineers, and an AWS infrastructure engineer to deliver this new platform.  The work kicked off with a Discovery and Design phase in close collaboration with the DPPC team with the following steps:

  • Discovery: The discovery process kicked-off by meeting with the DPPC team to learn more about their users personas, user flows, and identify core features and functionalities of the product. Through card sorting exercises the design team was able to organize feature requirements per user which helped guide the design information architecture of the DPPC product as well as provided guidance for future design sprints.
  • Wireframing: After establishing core user flows and information architecture, wireframes were created to further define the content hierarchy on each screen on a weekly design sprint basis. By creating low-fidelity wireframes, we were able to quickly test user flows based on user assumptions.
  • Design: In parallel to wireframing, we created a unified design system and component library based on features and user patterns. The goal of the design system was to keep the entire design and development team on the same page during design hand-off and to maintain consistency in product while designing in sprints.

The team then worked closely with the  DPPC team to build the next generation of the DPPC Abuser Registry, including: 

  • Abuser Registry Web Application: This custom built web application in Ruby on Rails and Stimulus enables employers to log in and conduct individual or batch searches of the Abuser Registry, as well as view their organizations’ search statistics, a list of their organization’s pending searches, and their organization’s 10 most recent search records.  In addition, employers can also upload documents to assist with their search, if requested.  Admins can manage users, build custom reports for auditing purposes, view in-app analytics, as well as manage employer and user data with ease.
  • Data Migration and Amazon Web Services RDS Database: The Abuser Registry data was migrated from the legacy Onbase database to an AWS Relational Data Service (RDS), which is a managed SQL database service provided by Amazon Web Services (AWS). 
  • AWS GovCloud Infrastructure: The Gnar Company collaborated with the Massachusetts Executive Office of Technology Services and Security (EOTSS) to set up and configure development, test, stage, and production environments on AWS GovCloud infrastructure. 
DPPC ImagGroup2

The Results

The new DPPC Abuser Registry was delivered on-time and within budget in early July 2023.  Gnar is continuing to work with DPPC on software feature updates and maintenance.  Learn more about The Gnar's Ruby on Rails application development capabilities here.

Like what you hear and have a project of your own?

Interested in building with us?