Guest Column | November 22, 2017

How To Bypass Challenges Of Testing Healthcare Mobile Apps

Some Apps Better Than Others At Promoting Well-Being

By Pavel Novik, QA Unit Coordinator, A1QA

Today, there are apps that cover almost every area of services like banking, retail, travel and more. Healthcare providers have raised their awareness of mobile platforms, too. For healthcare providers, it’s very important to run each of enterprise apps through quality assurance (QA) in order to avoid security and performance issues as they contain users’ sensitive information such as personal details and health status.

Customers Need Flawless Performance
Imagine you’ve just downloaded an app. What measures would you take if the app doesn’t respond and fails to meet your quality standards? — You’d probably uninstall that kind of app from your smartphone.

According to the recent survey conducted by Neumob, almost 50 percent of consumers tend to ignore providing feedback either as a star rating or detailed explanation regarding reasons of uninstalling apps which suffered from performance issues. Consequently, healthcare CEOs should increase their investments in QA solutions in order to maximize their ROI through increasing the number of satisfied end users.

While performance is one of the major technical aspects of mobile apps’ usability regardless of their type and function, security is critical to apps that store private information and therefore are vulnerable to cybercrimes.

In 2016, Arxan Technologies analyzed 126 of the most popular mobile health and finance apps from the US, the UK, Germany and Japan. They’ve found that 84 percent of the FDA-approved apps didn’t fully address at least two of the Open Web Application Security Project (OWASP) mobile top 10 risks, and 95 percent of those apps lacked two-step protection.

Managing Healthcare Software Testing
Compared to many industries, healthcare is a strictly regulated one that has to follow the protocols issued by governments and IGOs. That said, there’re a few things to be considered to avoid possible frustrations during medical software testing.

First of all, there’re guidelines needed for setting up a proper testing environment. Among them, there are Healthcare Information Standard Panel (HITSP) and Integrating the Healthcare Enterprise (EHE).

HITSP offers cooperation between the public and private sectors in order to enable interoperability regarding healthcare software applications. Similarly, IHE is an initiative by healthcare professionals to improve the way computer systems in healthcare exchange the information.

Regulations In Healthcare
QA vendors are obliged to follow specific frameworks when dealing with Electronic Health Record (EHR) software testing. These frameworks provide all the necessary features to correspond with the Certification Commission for Healthcare Information Technology (CCHIT).

CCHIT was an independent NPO whose mission was to accelerate the adoption of interoperable health IT. They have been certifying the EHR technology between 2006 and 2014. The certification has been issued in order to regulate EHR functionality and interoperability using criteria developed by the organization itself.

Another influential legislative regulation for those testing EHR or any other healthcare software is the Health Insurance Portability and Accountability Act (HIPAA). It was known before as the Kennedy-Kassebaum Act named after two of its leading sponsors.

The list below from QASource underlines 6 software testing strategies in order to comply with HIPAA:

  • access control
  • encrypted data transfers
  • data sanitization
  • structured test data approach
  • audit trail
  • failover/loading balancing

The list shows how important it is to maximize security levels according to HIPAA. At the same time, the rest of domain-specific testing areas (usability, performance, stability) should be taken very seriously as they’re vital to mobile apps.

Legal Frameworks In EHR Testing
While software testing in general doesn’t require additional external procedures/tools to be used, EHR systems depend on special frameworks.

There’re a few tools on the market that can be used in healthcare software testing (Laika, MESA, etc.) as legal frameworks which fully correspond to industry regulations.

For example, Laika analyzes and reports on the interchangeability of EHR systems. In order to support EHR interoperability testing, Laika verifies the input and output of EHR data against the standards and criteria identified by the CCHIT.

Laika and similar testing frameworks are dependent on various data transfer standards explained below.

Hl7 & FHIR
Health Level Seven (HL7) is a non-profit, ANSI-accredited standards developing organization which provides comprehensive standards for the exchange, integration, sharing and retrieval of electronic health information.

HL7 International features the automatic validation testing which checks transferred messages from each system to detect if they comply with their set of “primary standards”. It also checks whether the data flows correctly by employing relevant user stories. But the most important process is end-to-end testing when the app’s communication modules are being checked to make sure the data exchanges correctly.

Fast Healthcare Interoperability Resources (FHIR) is a next-gen standards framework created by HL7 which combines the best features of HL7’s versions 2 and 3 along with Clinical Document Architecture (CDA) product lines.

FHIR makes interface building much easier by providing the Application Programming Interface (API) and building blocks which are called resources.

Digital Imaging and Communications in Medicine (DICOM) is the international standard for medical images and related information.

DICOM helps healthcare professionals to safely store and transmit medical images (X-ray, CT, MRI, etc.) and has become the standard solution in hospitals.

DICOM has to be taken into account by QA vendors very seriously, since complex testing for compliance, interoperability, interface and integration areas are mandatory.

Is It Complicated? — Not Really
Of course, it’s no surprise that healthcare apps are required to meet the requirements of extensive frameworks designed specifically. Because of this, EHR vendors are seeking professional services to fully comply with the above-mentioned standards. While security concerns have a priority, performance and other technical areas of testing needs to be covered and analyzed accordingly, otherwise end users are likely to move to alternative providers, and your ROI generation strategy simply won’t deliver.

Luckily, there are some great QA vendors who specialize in EHR testing and delivering sustainable results. One of them is A1QA, which offers a complete package of testing solutions. QA outsourcing by A1QA provides all the necessary options in order to thoroughly test healthcare apps while maintaining compliance with international standards. The company has more than fourteen years of expertise in SQA business and has completed over 1,500 projects so far.

A1QA’s domain expertise also includes Telecom, Insurance, E-commerce, SaaS and so forth.

Here’s a brief overview of services offered:

  • all-round testing
  • custom reporting
  • complete QA coverage
  • continuous monitoring
  • smooth process integration

What’s more, there are no hidden costs and more importantly, QA teams are flexible and dynamic, depending on a project size.

Bottom Line
To conclude, healthcare is a very sensitive industry guided by many regulations, and it’s impossible to avoid them. Due to the rise of attention to mobile platforms, healthcare vendors are increasing their investments into IT solutions, including QA services. In response to this, QA vendors are tailoring their offering to the industry’s standards and regulations in order to implement all the required frameworks needed for successful EHR testing.

Here’s the short review of what’s been highlighted in this article:

  1. Healthcare apps have to be error-free and optimized for different systems and configurations in order not to lose customers and revenue.
  2. They have to follow HITSP and EHE guidelines.
  3. They have to comply with HIPAA.
  4. Healthcare apps must be tested with one of the legal frameworks which correspond to the CCHIT standards.
  5. HL7 & FHIR standards provide the exchange, integration, sharing and retrieval of electronic health information.
  6. DICOM has to be taken into account very seriously, since complex testing for compliance, interoperability, interface and integration areas are mandatory.