Hi Folks, I am working on a healthcare related web application. I would like to share few interesting things that I came across while testing the project. Firstly, I was taught by my teammates to get deep domain knowledge of the project we work in. To start with, I started digging more about healthcare. Herein I am summarising few of my learnings about healthcare industry which helped me in testing throughout the app.
Once I have started getting into the healthcare domain project, terminologies and vocabularies are different. Some of them are
Purpose of Healthcare Web App
A practitioner electronically invites a patient and sends them the necessary intake forms. then patient answer those intake forms on his/her computer using a secure login. Once complete, the patient submits the form(s) to the practitioner. By this way, the practitioner could analyze and get a clear idea regarding the health issue of a particular patient. It helps the practitioner to interact with patient easier.
Ensure Privacy and How Secure is the Patient Data?
Therefore unique URL will be provided to each practice. Hence it makes more difficult for strangers trying to breach.This system is developed to collect the data from the patient and provide it to the practitioner in a way that saves their time. It helps them to analyze data more efficiently. The patient information will be more secure, (i.e) encrypt all PII (Personally Identifiable Information).
Basically, Data can be classified into 3 major categories
1) Protected Health Information
2) De-identified Health Information
3) Synthetic Health Information
PHI (Protected Health Information) is a fully identified information. It deals with Name of a patient, Age, Address, Telephone and other health information. Hence it should be completely protected under HIPAA (Health Insurance Portability and Accountability Act) law. High priority will not be given for Synthetic Health Information. It can be shared with anyone like university students etc.
Therefore App ensures the high protection of patient data with the help of HITRUST certified platform named Catalyze, which is an HIPAA compliant, highest industry and privacy standards. Practitioner’s personal data is also protected and it will be provided directly to the patient. Any company that deals with PHI and PII (Personally Identifiable Information) must ensure that all the required physical, network and process security measures are in place and followed.
- Patient name is the first and foremost data which must be highly protected since it comes under PHI category. The name of a patient should be visible within the practice.
- In case of any issues, the Technical team (Developers and Testers) should not use the patient name while contacting the support team.
- Data breach is the most important one which technical team must take care from the backend. A unique username and password will be given to each patient. So when a patient enters different login credentials or some other practice to log in, details of the other patients should not be shown. This may lead to data breach. Here patients data is highly confidential. Cross-domain testing must be a mandatory one.
- Since PHI category is given high priority, even the Support/ Technical team should not see patient’s name unless there is a need. In order to maintain high security, we will be tracking each and every action performed by Support/ Technical team. Here we maintain all the details of the team members as when they viewed the patient name and the reason for viewing .
Is the app Patient and Practitioner- Friendly?
In an earlier publication, constitute of Medicine said that between 44,000 and 98,000 patients die in the hospital each year as a result of medical errors that could have been prevented. Also, poor EHR system design and improper use can cause EHR- related errors. By this, I can understand how user-friendly the app should be.
The patient could able to complete the forms at their own place. As patient answers the form via computer, Practitioner, and patient do not need to write down the answers in long form. It also helps us to save our time and reduce the risk of paperwork being lost.
- Colors play an important factor in the healthcare. Generally, practitioners prefer Blue and Green colors. Especially Green color helps the practitioners to refresh their vision of Red things including internal organs of a patient during surgery. According to John Werner, a psychologist who studies vision at the University of California, Davis, Human eyes become more sensitive to variations in Red when we keep on looking at something Green from time to time.
- Practitioners expectation on User Interface would be completely different as it deals with the patient’s data. The UI must support a high level of readability as it is more important for healthcare operation with patient’s data, especially in case of emergency.
- Graphical Representation is one of the better ways for a proper understanding of the current status of a patient. When a patient has 40- 50 health concerns. The practitioner may think the content is heavy and it is more time consuming when start looking at the list. Here graphical images help the practitioner to understand more easily about a patient.
- Medical History of a patient is one of the most important ones which all the practitioners want. So it should be more clear, easily understandable and properly maintained. Because it includes both information reported by the patient as well as practitioner’s observation as per their diagnoses and treatment. This helps practitioners to catch human errors, track the effectiveness of their treatment and can make predictions about outcomes throughout the patient’s lifetime.
- As we discussed Colors plays an active role in the healthcare web applications. Some of the patients will get suffered due to Color Blindness. The patients with Color Blindness feel too challenging to differentiate Red, Yellow and Green colors. So from the patient of view, UI design should be carried out carefully by considering these color combinations.
- Data in the medical document are highly sensitive. In my testing experience, Data Loss is one of the major issues which was raised by the patients. Sometimes patients enter some N number of data with respect to their health concern and lock the system or put it in Sleep mode if they wanna submit it after some time. So when the patient comes back and unlocks the system again, Previously entered data are refreshed automatically. Hence data loss occurs and becomes more critical to convincing the patients. Finally, we implemented Autosave in our application.This autosave will happen every 1 Minute (60 Seconds). So even if patient enter some data and start working on something else, all the information entered by the patient will be saved automatically. So when the patient comes back into the application, data remains as it is. No data can get out of the application.
- A Font is one of the most important factors gives active role in the medical document. As I told earlier, the document includes both the issues reported by the patient and notes added by the practitioner as per their observation. So for mutual understanding between the patient as well as practitioner, the font must be Bold and Clear for better understanding.Size of the font should not be too large or too small. It should be normal and consistent through the document. Generally, practitioners won’t prefer dark and fancy colors. Color of the font decides how patient-friendly the app is.
Why Certification in Healthcare?
Certification is one of the most important things for the people those are working under healthcare applications. It gives you a clear idea of how patient’s data should be tracked with more security. It helps you to manage highly confidential information that comes under HIPAA law.
HIPAA Security Training, a certification developed by experts knowledgeable with the HIPAA security and privacy rules, computer and network security, and security training. It gives a broad idea on Administrative, Physical and Technical Safeguards. The Risk Assessment plays as a foundation of HIPAA security rule. Some of the topics covered in the certification include:
- Understanding PII
- Protecting Passwords
- Recognising and Preventing Malware
- Using Encryption
- Security Breaches and Violations
- Understanding, Protecting and Auditing ePHI
- Practical Security Steps and etc.
Please visit this link http://www.hipaasecurenow.com for more details.
Hope these details would be helpful for those who work in the healthcare related projects like me. Thanks for your time reading my blog.