How QA addresses the functional requirements of Digital Health Apps

The healthcare industry has been at the forefront of adopting digital technologies. And with the penetration of smartphones and the increase in internet bandwidth, digital health apps are developed to offer greater functionality, mobility, convenience, and cost savings to the user. However, given their health implications for the users, they are subjected to greater scrutiny and regulations. Healthcare app testing is an important process in the value chain to ensure the app works seamlessly, provides the security of users’ data, adheres to all regulatory standards, and delivers a positive user experience. Healthcare software testing is not like testing any other software product and needs the QA team to understand the potential weaknesses the app can harbor.

Focus on vulnerabilities for healthcare application testing

Healthcare or medical apps deal with sensitive patients’ data and can have more vulnerabilities or weaknesses compared to other apps as mentioned below:

HIPAA compliance: The Health Insurance Portability and Accountability Act is a US federal law that calls for protecting sensitive patient’s health information and not to disclose the same without the latter’s consent or knowledge. So, HIPAA compliance needs to be accorded top priority during the development and testing phases in the SDLC. If not, the same can lead to penalties from regulatory agencies and exposes the healthcare app to cyber-attacks and data breaches. The HIPAA aspects to look at during healthcare app security testing are –

a) Proper functioning of role-based controls: The QA team should check if all roles have been given access to specific app sections based on their privileges. It should ensure that each role has access to prescribed data only.

b) Secure authentication: People using or administering the app should be provided with risk-based authentication, short-term passwords, and biometrics as the highest level of protection. The QA team should check every cybersecurity approach to verify whether it works properly.

c) Encrypted information: The best way to secure the health information of patients is by applying encryption. The testers should check if both encryption and decryption processes function properly and the keys for the same are protected.

d) Automated data backups: Taking manual data backups can be missed or forgotten. So, it is important that the process of taking backups is automated based on frequency or certain data manipulations. The QA team needs to verify if the backup of data has been taken when every condition is met.

Improper or unfriendly UI and UX: To ensure the healthcare app is accepted in the market, it should have a simple and seamless UI and UX. The QA team while undertaking healthcare app testing should verify if the app is user-centric and easy to navigate. The QA team should evaluate the app’s UI/UX by choosing parameters such as usability goals and metrics, roles, and usability tasks. Then the process of testing the average time users may take to perform a specific task effectively is undertaken. This is done by selecting random users who are asked to perform certain tasks in the app. This activity can expose the hurdles and inconveniences users are likely to face, and if not remedied in time, can lead to user dissatisfaction.

Lack of interoperability: For a healthcare app to function properly, the APIs of several third-party software solutions like hospital management software, electronic health record, and medical practice management software should be fully integrated. However, this can be a challenging piece of the task as each third-party software solution can have its specific database, data format, and functionality logic. This lack of uniformity, more so with legacy systems, can make the task of medical devices testing a difficult exercise. The QA team should check if all integrations are working properly and the app can freely communicate with all third-party software suites.

Incompatibility with wearable devices: Wearable devices appear to have cornered a significant chunk of the market – 125 million units in Q3 of 2020 (IDC.) However, the healthcare app can only hit the growth trajectory if its integrations with such devices are strong and functional. The QA team should check if the app is compatible with every type of wearable device it seeks to support.

Poor performance: The final customer satisfaction depends on the app’s performance, and other aspects as discussed above. According to the customers or users, the healthcare app should perform seamlessly irrespective of location, device platforms, quality of network connection (3G, 4G, 4G LTE), and traffic. The QA team should conduct performance testing on medical devices on the above-mentioned parameters and ensure the app is scalable, especially during times of high traffic.

Test processes for the QA team to consider

In order to prevent or address the above-mentioned issues related to incompatibility, interoperability, security, and load, the QA team should consider the following testing processes:

Risk-based testing: This involves identifying all potential risks the app may face and suggest suitable remediation solutions for the same.

Compatibility testing: This healthcare compliance testing process checks all integrations with third-party apps and wearable devices, and ensures the app works across all types of device platforms, operating systems, and networks.

Load testing: This involves checking the capability of the app in meeting the threshold of traffic. With performance testing on medical devices, the QA team can find out the extent of traffic the app can support without malfunctioning or facing latency.

Security testing: Of late, this type of testing has taken center-stage given the high incidences of cybercrime. It detects all types of vulnerabilities that an external threat actor can exploit and cause data breaches.

Regression testing: On identifying bugs during healthcare QA testing, the test team passes bug info to the development team for fixing. However, the fixing process can influence or break an existing functionality within the app, and can only be realized and remedied by conducting proper regression testing.

Conclusion

Healthcare apps have become popular to know the vital body parameters and avail critical services, especially during a pandemic like situation the world is witnessing at present. However, they must be subjected to stringent healthcare performance testing on a variety of metrics such as compatibility, security, interoperability, and performance, among others.

James Daniel is a software Tech enthusiastic & works at Cigniti Technologies I'm having a great understanding of today's software testing quality