August 14, 2018

Solving QA Challenges in Healthcare Apps

Written by
Pavel Novik
Why is TechnologyAdvice Free?

Think about anything you’d like to do, and it is likely there’s already an app for that. From banking to e-commerce and entertainment industries, there are apps that cover a vast range of services we use daily. Healthcare has also started to introduce mobile platforms across the care delivery cycle, creating a voluminous medical app market.

In a recent report from BIS Research, the global mobile medical apps market was forecasted to reach $11.22 billion by 2025, growing from $1.40 billion in 2016. With global market of mobile healthcare apps growing steadily, vendors rush in to create multiple solutions for patients and providers.

But no rush can justify the absence of thorough testing, be it an in-house team or QA outsourcing services. Without diving deep, QA specialists can’t ensure that the mobile app complies with high standards and prerequisites for patient safety, data security, and performance while staying user-friendly.

To help the fellow specialists out, we extracted major QA challenges in testing healthcare mobile apps and the ways to get over them. Let’s make sure your next big thing is consistent from spec to release without the risk of failing deadlines.

Challenge #1: All types of users and their usability expectations

The question of software usability is especially painful in healthcare, and EHR systems are a great example. It doesn’t matter whether your company’s goal is as ambitious as creating a mobile version of patient health records or as humble as aggregating physical activity recommendations with nutrition tracking, the app should be convenient to use.

When testing an mHealth app, it is important to think about the situations in which patients may need it. For example, if a critical case arises when an elder patient uses their condition management app, will they be able to find and tap the emergency call button quickly? Or, will the app contact the caregivers, sending an alert to them or initiating a video call to help them estimate the situation and intervene timely?

Additionally, each healthcare mobile app can influence many stakeholders, including patients, caregivers, care team members, administrative staff, insurers and more. The app should support their workflows in a comfortable way, so QA specialists need to get a good picture of basic user needs. This picture will be the pillar for relevant user stories and scenarios for each role. For example:

  • As a patient, I’d like to connect my smartwatch to the app to monitor my heart rate during exercise.
  • As an insurer, I’d like to track each patient’s treatment plan activities, including tests, office visits, and procedures remotely.
  • As a physician, I’d like to review my patient’s treatment plan progress remotely.
  • As a caregiver, I’d like to access my supervisee’s current health status remotely.

In some mobile healthcare apps, user stories should highlight the documents accompanying each patient’s care-receiving activity. To make the process more consistent, QA specialists can create a list of possible documents and overlay them on a visit scheme. Such documents can include:

  • Identification and consent forms
  • Problem list, including significant medical conditions
  • Vitals
  • Lab and imaging results
  • Operative/procedure notes
  • Immunization records

Challenge #2: How much security is secure enough

The need to safeguard software from viruses, malicious attacks, and breaches is what keeps the whole development team up at night sometimes. In healthcare, there is a path to regaining that sleep: compliance with HIPAA. If the mobile healthcare app is compliant with this legislative regulation, then it is safe and sound. Still, there are troubles in testing this compliance.


HIPAA stands for the Health Insurance Portability and Accountability Act. This Act focuses on security and privacy of health data and requires additional domain knowledge from QA specialists. In particular, they should thoroughly study the Act to assure that the test is consistent with all parts of the regulation applicable to the product.

Here are the possible testing strategies for checking the app’s HIPAA compliance:

  • Authentication and user authorization
  • Access control
  • Information on correct/incorrect data use
  • Encrypted data transfers
  • Data sanitization
  • Structured test data approach
  • Audit log
  • Failover/loading balancing

Challenge #3: The everlasting song of interoperable apps and systems

As healthcare software gradually goes into the cloud, even legacy systems follow the trend. Of course, smaller applications are the first to make the move. Alphabet’s current technical advisor Eric Schmidt mentioned in his HIMSS-18 keynote speech that he sees a better digitally connected health future as a system of ‘killer apps,’ such as chronic, mental and physical care apps, working together in the cloud.

Additionally, the resource acclaimed the need for interoperability in such applications, because new health IT priorities, procedures, and technologies will influence changes in accepted standards for data transfer , Fast Healthcare Interoperability Resources (FHIR), Health Level Seven (HL7), and Digital Imaging And Communications In Medicine (DICOM).

Vendors have to ensure continuous dialogue between their app and all other systems that could connect to it, including huge clinical systems (EHR, CRM, ERP), and a wide range of smart medical devices and wearables.


HL7 is a set of standards for exchange, retrieval and integration of electronic health information. Here’s how QA specialists can ensure the app’s compliance with it:

  • Integration testing with relevant user stories, confirming that data flows correctly across the app.
  • End-to-end testing that checks the app’s communication modules and verifies that they exchange data and process external data without errors.
  • Automated validation testing that makes sure that outbound/inbound messages in the app comply with HL7. HL7 International offers a set of tools to check it: MQF Validation Tool, NIST Message Validator, Message Workbench and more.


FHIR is a nextgen standard framework for data transfer created by HL7. FHIR makes interface building much easier with the Application Programming Interface (API) and building blocks called resources. Moreover, it is convenient to test. FHIR implementers can create an interface and use TestScript to check whether the solution complies with the standard.

But there’s a catch.

The standard only works when it is widely adopted. Taking into account the occasional rigidity of healthcare as a domain, we can see why the majority of providers hesitate and stick to HL7 instead of stepping up their game with FHIR.


DICOM is an international standard for safe medical image view, storage, processing, analysis, and sharing across healthcare organizations. If your app should give a patient access to their X-ray, CT, or MRI test results, QA specialists will have to conduct a series of testing for conformance, integration, interoperability, and interface. Luckily, there’s a shortcut to saving time and budget with automatic testing tools offered by DICOM and HL7.

Challenges, challenges everywhere

Healthcare is sensitive to changes and innovations because lives are literally at stake. This extra cautiousness creates workarounds and roadblocks, which may complicate the creation of a new healthcare app. If the testing phase won’t be consistent with all industry demands and standards, it will make the operation costs skyrocket and make the team look unprofessional. We hope this little guide will serve our fellow QA specialists as a cue card and will save them some time on additional research.

Pavel Novik is a QA Unit Coordinator at A1QA. He is a QA Manager, QA Software Engineer and QA Lead.

Top Electronic Health Record Software Recommendations

1 athenahealth

Visit website

athenahealth, ranked #1 by Best in KLAS in 2023 for three of our top-performing product solutions, athenaOne Small Practice Ambulatory, athenaClinicals Ambulatory EMR, and athenaCollector Practice Management, connects care with cloud-based services and mobile tools for medical groups and health systems, helping providers thrive through change and focus on patient care.

Learn more about athenahealth

TechnologyAdvice is able to offer our services for free because some vendors may pay us for web traffic or other sales opportunities. Our mission is to help technology buyers make better purchasing decisions, so we provide you with information for all vendors — even those that don't pay us.
In this article...