As professional software test engineers working on medical software applications, our focus is patient safety and protecting confidential information. We must ensure data accuracy throughout the varying patient care workflows.
After all, we are all patients. We all have medical records and data out in cyberspace every minute of every day. All of our patient data is made visible to medical practitioners of various occupations to treat our health issues. Now that medical professionals require and desire to use mobile devices for convenience and for improving patient care, a new door has opened that both improves and imperils our ability to maintain secure, accurate and reliable application systems.
For electronic health record and electronic medical record applications, going mobile involves a serious need for good planning because of the unknown, uncharted territory that is the mobile device world. Our ability to test the new ways data will be displayed, stored and transmitted enlarges the scope of our testing responsibility. With mobile devices such as laptop computers, PDAs, smartphones and tablet computers, we increase the risk of loss or unauthorized disclosure of sensitive patient information.
However, security is not the only issue. Medical professionals typically are reluctant to change their established workflow, and in order to get them to use and trust mobile software, we need to ensure that application performance and reliability are solid and always improving.
As a test team manager, plan to cover in depth testing of security, data integrity, display, performance and reliability workflows. Here we examine how each of these factors plays a significant role in test planning for analyzing health care applications on mobile devices.
Security -- HIPAA and data integrity
HIPAA is about data integrity and protection. It means you're responsible for the patient information in your hands and displaying in your application. The Medical Records Institute (MRI) publishes a list of priorities concerning data integrity that makes sense in a test plan for mobile devices. First, data must be accurate and consistent, complete, timely, interoperable, auditable and accessible at any time or place it's needed for patient care.
Mobile security involves multiple layers. Test teams must be prepared to cover the infrastructure, hardware, operating system and user interface layers. As testers, we need to test under the covers of our applications as much as we test the user interface.
Most large health care applications provide interoperability between medical devices and other systems via messaging. All connecting and underlying systems will require security testing including access to your database.
Reliability is a no-brainer. However, medical professionals' complaints about their EHR/EMR system revolve around reliability. Testers typically test so quickly that it's possible to miss the subtle details of the user interface display. Even with automated tests, if they don't validate every detail of the display, they can miss defects that are highly annoying to end users. They may even be eroding end users' trust and respect.
Applications on mobile devices must be reliable or medical professionals simply won't use them. They may have to use your application in their workplace, but they don't have to use it on a mobile device. Would it be more convenient? One would think so, but it's only convenient if it works reliably. If your application has the same or worse reliability issues on a mobile device, you'll lose your end user base. In order to improve reliability in a new technology space, testers must test from different locations.
As a tester, it's imperative to test mobile applications while being mobile. They should get out of the office to simulate actual end user situations. Ensure the apps are as reliable as possible by answering the following questions:
When you move out of the office, away from a guaranteed Wi-Fi or Internet connection, what happens? How does the application react? What happens if it gets disconnected? Is the end user's work lost, or can it be recovered easily and accurately? When moving in between indoor offices with lots of walls and hallways like a typical medical building, does the mobile application still work reliably? Does it drop data, or does information fail to get updated? Can users access the same patient record simultaneously? What if a mobile device gets disconnected and what happens if another user has entered data from the main system on the same patient?
Reliability and performance are inevitably intertwined. Performance just gets noticed first. When users pick up a tablet device or a smartphone they expect speed. We all expect speed. It's not going to be any different because you're running a complicated, integrated health care application responsible for reams of accurate and secure data. It's still going to have to be fast and your application will need to constantly improve.
As testers, this means getting out of the cubicle and into working situations your end users will encounter using their mobile device with your application. Create automated performance tests that simulate connectivity issues in a variety of ways.
If you haven't done performance testing beyond clicking a button and counting to 3, it's time to add complex and detailed continuous testing practices to verify application performance.
In my testing experience, end users complain most about display issues. The screen size on mobile devices varies widely, so testers have to cover various display sizing problems. What happens in the application when you're using a tablet or phone as opposed to a standard laptop screen? Can the user see all the options? Are some field names cut off? Do users have to scroll endlessly? Few things annoy end users more than endless scrolling or having to click repeatedly. Your end users need to get their job done quickly and effectively.
Be sure to verify your application displays data completely. Users must be able to see all the information they need to access with minimal scrolling. Simple display items like button and field names must be intact. Have they been shortened to fit only to become unintelligible? In health care applications, we pass information back and forth to various end points. Is any of that data lost? For example, if a physician enters comments on a medication order meant for the pharmacist, when it gets to the pharmacist on the standard system or a mobile device, can the pharmacist see it?
As a tester, one of my biggest concerns with applications moving to mobile devices is losing display information. Even if it's on there somewhere, users can't find it or see it easily and therefore don't get the information they need. As a test team, it's critical to verify no data is lost, missed or altered to the point it isn't recognized. Data integrity must persist regardless of the hardware device.
Whether or not end users use a mobile device or a standard platform, the system must be reliable, fast, accurate, secure and maintain data integrity. Health care application end users are professionals who need to get work done safely, reliably and accurately. They aren't interested in pretty, cute or nonessential bells and whistles. They need to ensure patient safety and information security with minimal interruption to their established workflow.
As testers, our goal must be to listen to our users and verify that information is secure at all levels, that data is intact and accurate and our applications work reliably and with a high level of performance. Testing mobile applications requires exploring new territory thoroughly and completely. As a test manager, it's imperative to think of mobile ways to test applications that may include alternative testing locations, methods and time-to-test user workflows.