How is Testing Different for Healthcare Applications?



An approach for testing an application is dependent on many factors and domain / industry type is one of them. Why? Because it helps in enumerating critical risks associated with an application, which can’t be ignored. For example, in healthcare, the most important aspect of testing is in safety of patients and compliance with government regulations. Listed below are tips and pointers to consider while testing the healthcare provider application(s).

Introduction to Health Care Domain / Industry

Healthcare Compliance & Regulatory Environment
Healthcare compliance and regulatory environment are among the most complex to understand and apply. Most of these regulations are in place to ensure that hospitals protect the patient health records. This makes security testing utmost important for any healthcare applications. The the risk of violating the compliances is very risky and damaging. Below are some example of regulations need to be complied by the healthcare industry in the USA.
  • HIPAA- Health Insurance Portability and Accountability Act of 1996 is United States legislation that provides data privacy and security provisions for safeguarding medical information
  • HITECH- The Health Information Technology for Economic and Clinical Health Act legislation was created in 2009 to stimulate the adoption of electronic health records (EHR) and supporting technology in the United States

Conformance to Different Standards
Usually, different applications are deployed at different departments of a hospital or clinic. Often, these applications communicate with remote departments of the other hospitals and stakeholders (e.g. Insurance) as well. Having seamless communication along with standard protocols is must for scalability and sustainability of the applications. Testers need to understand different standards supported by application/component and must validate its integration with different interfaces. Some of the most common standards being followed in healthcare industry are as follows -
  • HL7 (Health Level 7) - set of international standards for the transfer of clinical and administrative data between software applications used by various healthcare providers. These standards focus on the application layer, which is "layer 7" in the OSI model
  • DICOM (Digital Imaging and Communications in Medicine) - standard for storing and transmitting images. It includes a file format definition and a network communication protocol
  • HL7 CDA (Clinical Document Architecture) - provides an exchange model (XML-based) for clinical documents (such as discharge summaries and progress notes); recently known as the Patient Record Architecture (PRA)
  • CCR (Continuity of Care Record) - a standard for the creation of electronic summaries of patient health.
  • CCOW (Clinical Context Object Workgroup) - International standard protocol designed to enable disparate applications to synchronize in real time, and at the user-interface level
  • LOINC (Logical Observation Identifiers Names and Codes) - Universal standard for identifying medical laboratory observations. It applies universal code names and identifiers to medical terminology related to electronic health records. The purpose is to assist in the electronic exchange and gathering of clinical results (such as laboratory tests, clinical observations, outcomes
  • ELINCS (EHR-Lab Interoperability and Connectivity Standards) - An emerging standard for reporting lab test results

Complex Workflows & Data Integrity
  • Interconnected workflows should be tested considering various parameters like different types of tests, operations, consultancies, plans, brokers, members, commissions etc
  • Unlike other domains, the healthcare software needs to be tested in a certain order that follows the patient flow through the system
  • Validation & Verification of complex images generated during workflow
  • Give attention to workflows that allow an action when it should be restricted e.g. application might allow users to place medication orders (prescriptions) for patients who had already been discharged
  • Different healthcare applications from different vendors might be used to cover a workflow, which makes E2E testing difficult
  • There might be many embedded calculations used to produce dosing amounts on patient medication orders. Medication doses differ among children, infants, and adults. If dosing calculations are incorrect, a pediatric patient could receive an adult dose that could be lethal
  • For medical applications, it needs to verify that the medications, dosages, units, and data are exactly as entered and remain that way between application sessions. It's also vital to check for data corruption, as well as hard-to-read text or images that might cause confusion
  • Workflows can be highly dependent on test data being used, e.g. only the elderly are eligible for geriatric treatments, infants for neonatal procedures and women for gynaecological treatments
  • Dates used as test data are important and needs to be accurate and in context
  • Data displayed on screens are used by doctors or nurses for taking decisions on patient prescriptions. It's easy in the midst of testing to glance over the display without truly reading it, so focusing on the data accuracy should be the key

Usability, Security & Performance
  • Most of the time the users of healthcare application are not trained computer professionals, so the user experience is a key factor
  • It is advisable to use concise and clean data on the display screen for users who work in high-stress environments such as an emergency room or operating room
  • Being HIPAA and HITEC compliant, conducting in-depth security testing is implicit
  • Number of concurrent users in a healthcare application might not be huge (in millions) but performance of the application needs to be validated against multiple big media files being transferred over the network


Comments

Post a Comment

Popular posts from this blog

Performance Test Run Report Template

You have gathered requirements from clients, identified key critical business scenarios, analyzed the workload distributions, found out performance goals and requirements, identified  tool for generating load, setup the test environment, designed the scripts, executed the performance run, collected the raw data, analyzed it, what next?  Send information to stakeholders? No!!  Wait!! It needs to formatted, customized for different stakeholder(s) and reported accordingly. This article suggests one of the ways to report performance run results to client especially if the performance testing activity has been outsourced to yours company.  It discusses the performance report template and importantly the reasons for including the items in the report. The performance report template contains information by data collected from client side only and doesn’t discuss / talk about data from server side like processor utilization etc. Broadly the performance report has been divided in three major
Read more

Understanding Blockchain

This notes will cover below questions... Introduction to Blockchain What is the difference between Blockchain and Bitcoin? What are some other uses of blockchain that go beyond bitcoin? History of blockchain Could you explain the blockchain process in laymen terms? If all data is available to the public. Can anyone know my bank balance (in Bitcoin)? Introduction to Blockchain The Blockchain is a decentralized and distributed public (digital) ledger where transactions are recorded and confirmed anonymously. It’s a record of events that is shared between many parties. More importantly, once information is entered, it cannot be altered without altering subsequent blocks. WTF is the blockchain? A guide for total beginners What is the difference between Blockchain and Bitcoin? The blockchain is a technology
Read more

Bugs Management in Agile Project

Agile has a refreshing approach to bugs, especially when contrasted with traditional waterfall practices. Historically, teams would postpone bugs to a stabilization phase. This stabilization phase was long and tedious, typically with high stress and long hours. Agile, on the other hand, promotes the following thought processes: Carrying bug debt is unhealthy and sometimes, even destructive. We should fix bugs, not track them. A feature isn't done until the bugs are fixed. Quality is part of the overall cost. Bugs are prioritized against new features. A bug needs to be more important than the next new feature. Notes All new features have a "bug tail." The bug tail is the diminishing number of open bugs on the new functionality. When a feature is added, bugs are introduced. Most are discovered and fixed immediately by the team as a part of feature development: some a few days later, others not until long after a story is considered &quo
Read more