How is Testing Different for Healthcare Applications?
An approach for testing an application is dependent on many factors and domain / industry type is one of them. Why? Because it helps in enumerating critical risks associated with an application, which can’t be ignored. For example, in healthcare, the most important aspect of testing is in safety of patients and compliance with government regulations. Listed below are tips and pointers to consider while testing the healthcare provider application(s).
Introduction to Health Care Domain / Industry
Healthcare Compliance & Regulatory Environment
Healthcare compliance and regulatory environment are among the most complex to understand and apply. Most of these regulations are in place to ensure that hospitals protect the patient health records. This makes security testing utmost important for any healthcare applications. The the risk of violating the compliances is very risky and damaging. Below are some example of regulations need to be complied by the healthcare industry in the USA.
- HIPAA- Health Insurance Portability and Accountability Act of 1996 is United States legislation that provides data privacy and security provisions for safeguarding medical information
- HITECH- The Health Information Technology for Economic and Clinical Health Act legislation was created in 2009 to stimulate the adoption of electronic health records (EHR) and supporting technology in the United States
Conformance to Different Standards
Usually, different applications are deployed at different departments of a hospital or clinic. Often, these applications communicate with remote departments of the other hospitals and stakeholders (e.g. Insurance) as well. Having seamless communication along with standard protocols is must for scalability and sustainability of the applications. Testers need to understand different standards supported by application/component and must validate its integration with different interfaces. Some of the most common standards being followed in healthcare industry are as follows -
- HL7 (Health Level 7) - set of international standards for the transfer of clinical and administrative data between software applications used by various healthcare providers. These standards focus on the application layer, which is "layer 7" in the OSI model
- DICOM (Digital Imaging and Communications in Medicine) - standard for storing and transmitting images. It includes a file format definition and a network communication protocol
- HL7 CDA (Clinical Document Architecture) - provides an exchange model (XML-based) for clinical documents (such as discharge summaries and progress notes); recently known as the Patient Record Architecture (PRA)
- CCR (Continuity of Care Record) - a standard for the creation of electronic summaries of patient health.
- CCOW (Clinical Context Object Workgroup) - International standard protocol designed to enable disparate applications to synchronize in real time, and at the user-interface level
- LOINC (Logical Observation Identifiers Names and Codes) - Universal standard for identifying medical laboratory observations. It applies universal code names and identifiers to medical terminology related to electronic health records. The purpose is to assist in the electronic exchange and gathering of clinical results (such as laboratory tests, clinical observations, outcomes
- ELINCS (EHR-Lab Interoperability and Connectivity Standards) - An emerging standard for reporting lab test results
Complex Workflows & Data Integrity
- Interconnected workflows should be tested considering various parameters like different types of tests, operations, consultancies, plans, brokers, members, commissions etc
- Unlike other domains, the healthcare software needs to be tested in a certain order that follows the patient flow through the system
- Validation & Verification of complex images generated during workflow
- Give attention to workflows that allow an action when it should be restricted e.g. application might allow users to place medication orders (prescriptions) for patients who had already been discharged
- Different healthcare applications from different vendors might be used to cover a workflow, which makes E2E testing difficult
- There might be many embedded calculations used to produce dosing amounts on patient medication orders. Medication doses differ among children, infants, and adults. If dosing calculations are incorrect, a pediatric patient could receive an adult dose that could be lethal
- For medical applications, it needs to verify that the medications, dosages, units, and data are exactly as entered and remain that way between application sessions. It's also vital to check for data corruption, as well as hard-to-read text or images that might cause confusion
- Workflows can be highly dependent on test data being used, e.g. only the elderly are eligible for geriatric treatments, infants for neonatal procedures and women for gynaecological treatments
- Dates used as test data are important and needs to be accurate and in context
- Data displayed on screens are used by doctors or nurses for taking decisions on patient prescriptions. It's easy in the midst of testing to glance over the display without truly reading it, so focusing on the data accuracy should be the key
Usability, Security & Performance
- Most of the time the users of healthcare application are not trained computer professionals, so the user experience is a key factor
- It is advisable to use concise and clean data on the display screen for users who work in high-stress environments such as an emergency room or operating room
- Being HIPAA and HITEC compliant, conducting in-depth security testing is implicit
- Number of concurrent users in a healthcare application might not be huge (in millions) but performance of the application needs to be validated against multiple big media files being transferred over the network
Comments
Post a Comment