Smart Approach to Healthcare Software Testing

According to IDC Health Insights, 40% of U.S. healthcare providers increased IT investments in 2016, which brought to IT industry over $5 B. As a result, the market for medical software, including electronic health records (EHR), healthcare CRM, mobile apps for medical staff and more, is steadily growing.

Given the strict and specific quality requirements in healthcare, medical applications need a special approach to testing, which makes QA vendors expand their offer with medical software testing services.

Based on our experience in medical application development and testing, we suggest several tips on test management in a healthcare software project.

Medical software testing

How to manage software testing in a healthcare project

Always tied up with numerous tasks, health professionals seek for software that saves their time and effort on routine procedures. Hence, software convenience in healthcare is the top requirement. For doctors and nurses, health software convenience means interoperability, user-friendly interface and the ability to use the application anytime and anywhere.

Together with security concerns, these aspects of healthcare software convenience are main points of reference for medical software testing.

1) Compliance with healthcare industry regulations

Healthcare is a highly regulated industry governed by specific documents and procedures, most important being Healthcare Information Technology Standards Panel (HITSP) and Integrating the Healthcare Enterprise (IHE) initiative. These documents serve as a solid foundation for functional testing of health applications and healthcare workflows, as they provide legal frameworks and testing tools (Gazelle, MESA, Laika and more).

2) High priority to usability

For a testing team, assuring the convenience of a healthcare application involves a comprehensive usability testing based on relevant user scenarios for each user role with regard to rules and regulations provided by industry standards.

For instance, in EHR testing, user stories involve every document required for a patient according to the requirements at each step of his/her visit:

  • Identification and consent forms from  the Receptionists;
  • Patient’s vitals  from the Nurse;
  • Examination, diagnosis, treatment plan and the next visit schedule from the physician.

And the more diverse user stories the better.

As health applications offer complex functionality and multiple user roles, tracking dependencies is important. It is advisable to run a detailed test case management system to preserve and develop test procedure and track requirements and dependencies as well as expected and unexpected results.

3) Protecting sensitive data with HIPAA

As healthcare software tackles sensitive personal health information (PHI), it suffers from vicious cyberattacks. In 2016, the number of cyberattacks on hospitals grew by 63% and in 2017, the rate of raids on healthcare facilities, including private practices, is predicted to grow further. These malicious attacks rob medical facilities of tidy sums amounting to millions of dollars, so testing medical software for vulnerabilities should become a top priority. Luckily, there is a powerful legal source to rely upon.

Health Insurance Portability and Accountability Act (HIPAA) is the U.S. law ensuring security and privacy of health data. Performing software QA for HIPAA compliance requires thorough understanding of the document to ensure that test cases fully cover all parts of the regulations applicable to the product.

HIPAA compliance testing focuses on the following areas:

  1. Authentication and user authorization
  2. Audit log
  3. Data transfers
  4. Information on correct/incorrect data use

Though in this case conformance testing overlaps with security testing, both types of testing are necessary to ensure that sensitive data is securely shielded.

4) Ensuring interoperability

In healthcare, dialogue is what matters most. It’s not only about productive patient-doctor relationships, but also about complex information systems employed in the industry. The major standards for data transfer in healthcare industry are Health Level Seven (HL7), Fast Healthcare Interoperability Resources (FHIR) and Digital Imaging And Communications In Medicine (DICOM). So what do they have in stock for a QA team?


HL7 is a set of standards for exchange, integration and retrieval of electronic health information. HL7 ensures global medical data interoperability and provides the possibility to access and use relevant health data securely.

Thus, software testing for compliance with HL7 features the following:

  • Automated validation testing to make sure messages sent/received from each system comply with HL7. Health Level Seven International generously provides a whole set of tools for the purpose: NIST Message Validator, Message Workbench, MQF Validation Tool, etc. 
  • Integration testing employing relevant user stories to ensure that data flows correctly.
  • End-to-end testing to ensure that communication modules of the applications exchange data correctly and all the modules process external information without errors.

Communication with systems developed by big industry players (Epic, Cerner, eclinicalworks, Allscripts, etc.) may require additional testing efforts. Integration testing should be organized with regard to the peculiarities of HL7 implementations by health IT leaders.


FHIR is a standard framework for data transfer developed by HL7. FHIR provides the so-called resources (building blocks) and the application programming interface (API) enabling users to build a relevant interface very fast. FHIR implementers can easily create an interface and subsequently check whether their system complies with FHIR using TestScript resource. Though FHIR is a next-generation standard, the majority of healthcare providers stick to HL7.


DICOM is an international standard enabling safe medical image view, analysis and sharing across professional communities. Compliance with DICOM is a perennial must for the majority of caregivers. From QA perspective, it involves not only testing for conformance, but also interoperability, interface and integration testing.

All types of compliance testing involve extensive efforts and time investments, so apply automatic testing tools, which are offered by DICOM and HL7.

5) Special focus on mobile apps

Continuous drive for swiftness and convenience explains the growing popularity of mobile apps among healthcare professionals. These apps save time and offer a pool of opportunities to fight off common healthcare challenges, such as time-consuming diagnosis procedures and unnecessary patient visits.

However convenient mobile applications may be for practitioners, they set additional challenges for testing engineers. The work of mobile apps greatly depends on outer conditions (speed of an internet connection, quality of signal, etc.). Thus, along with domain-specific testing (usability, compliance, security), mobile apps require comprehensive load and performance testing. Simulate real conditions to ensure that the app doesn’t fail in sub-optimal environment.

6) Accumulating domain knowledge.

To be credible and readable, all forms, error messages, email notifications, etc. should make use of specific naming procedures accepted in the industry. Testing specialists should study reliable sources of medical information, such as U.S. National Library of Medicine, NHS Choices, Webmd, Medscape, etc.

On a final note

For testing vendors, a continuous increase in health IT investments signals the necessity to go for healthcare software testing, which should be focused on:

  1. Compliance with regulations (HITS, IHE)
  2. Usability (detailed usability testing involving multiple user roles)
  3. Security (compliance with HIPAA and regular security testing)
  4. Stability (comprehensive load and performance testing)
  5. Interoperability (compliance with HL7, FHIR, DICOM or required interoperability frameworks)
  6. Industry awareness (domain knowledge)

This was the basis of healthcare software testing. To learn more about other industry-specific approaches in software QA, stay tuned with our blog.

Every project has its specifics in terms of functionality and target users. We offer software testing services tailored to your business needs.

Related Articles

HIPAA compliance testing for web applications

Ask the Author

Sending the message ...


Sharing Information

In compliance with GDPR, your personal information will be collected and stored for five years on servers located in the Untied States. After this term is expired, your information will be erased. We will share your information with our development center, located at 2 Leanida Biady str., Minsk, Belarus, where it will be processed. At our headquarters and our development center we apply the same level of care in respect of your information as prescribed with GDPR rules. For more information, please refer to our Privacy PolicyYou may request erasing or updating your personal information here.