When thinking about website testing especially in the healthcare industry, in the era of digitalization, it is critical to understand these sites uniqueness. A healthcare website has different quality aspects compared to other websites due to a large set of compliances and regulations that it should conform to, as well as the target personas it serves, that includes both providers and patients.
Depending on the specific health domain, a successful quality strategy for healthcare website would consist of the following 5 pillars:
- Compliance and security validations
- Website user experience, load time, and performance
- Web API testing
- Cross-browser interoperability testing
- Content validation per target personas
Each of the above categories holds inside a large set of testing considerations, that would often vary based on the healthcare domain or services that are being offered.
Let’s elaborate more on each of the topics.
Compliance and Security Validations
One of the key aspects of healthcare website, perhaps more than anything else is the customer privacy and data security. Clients and healthcare providers depend on the healthcare website ability to effectively and continuously retain and protect the most sensitive data they have.
When we think about compliance, security, and data it can be categorized accordingly:
- User authentication and authorization
- Users and healthcare providers data retention and for specific cases and websites also audit trails
- Specific and relevant healthcare compliances
As stated in the above 3 topics (there can be many more to consider, but in this article, let’s focus on these), the main gate to the website if you are a healthcare provider that uses the web or a patient, this is your personal credentials. Managing the end-user’s credentials and assuring their privacy is key. Continuous monitoring of the security of the web and the login capabilities should be part of the quality strategy and processes. These days, we hear more and more about security incidents, and trials for fraud attacks against large websites including healthcare. From a testing perspective, teams can extend the typical of user/pass scenarios (both positive and negative) with 3rd party tools that try to attack and inject malicious code into the websites, as well as constant code scans in production to assure that there are no regressions around the security and privacy of the website.
Regardless of the above, healthcare websites need to always adhere to specific compliances and regulations like HIPAA, FDA in specific cases, and others. With such compliances, the testing will also require evidence of security, audit trails, data retention policies and many more.
Website Load & Performance Testing
At the end of the day, whoever uses a website, either if it’s a healthcare or retail, or any other – user experience is always a pre-conditioned expectation. That means, the fast load time of the website, fast response to searches and form submissions, and any other activity that the user may perform. Specifically, for healthcare websites that carry a lot of data and uses a lot of 3rd parties web services to provide information to their users, performance can be a challenge. Testing and development teams should expect such validations as part of their ongoing quality validations and define acceptable thresholds for the most commonly used user-actions. In addition, such teams should consider using a subset of these performance tests to monitor in production the level of service they provide their customers. Having an alert in production whenever there is a degradation in performance and response time of a specific functionality in the web, can be a huge advantage for teams that are trying to provide great UX to their clients.
Web API Testing and Backend Services Quality
As mentioned earlier, healthcare websites deal with dynamic content, big data, and a lot of users at any given time. Much of the data that is presented on the website is being pulled through web-services and backend APIs that are baked into the website architecture. Web browser changes, network conditions, and the services themselves are often unpredictable and can become unavailable, unstable, or suffer from latencies. The end user does not really see or understand how your website is built, but he does expect to get a reasonable response to his queries. To assure both site stability, as well as great UX, teams must include API testing and production monitoring of these services to be in the know when things are down or suffer from regressions. Like in the above categories, each healthcare website, provider etc., would have his unique services, but still, the category of API testing and site stability that is dependent on the APIs and content being consumed from the site are common and relevant to all.
Cross Website Browsers Interoperability
Regardless of who uses your healthcare website, your site should perform and provide the same service across all key browsers and OS versions. The plethora of browsers and the dynamics of monthly releases of Chrome, Firefox, and Safari browsers present a continuous challenge from a quality assurance perspective. Testing teams should have a good web testing lab, that includes all relevant desktop browsers types configured across the Desktop OS and Browser OS versions – e.g. Chrome Latest on Windows 10, and Windows 8.1, Safari Latest Beta on Mac OS High-Sierra, etc.
To be able to assure proper functionality across these platforms, teams can use Selenium grids that are built locally, or leverage cloud providers to maintain this complex setup as a service. In addition, production monitoring and analytics can help the website teams determine where is the highest traffic comes from, and based on that, build their test lab.
Content Validation and Target Personas
Since healthcare websites provide online services to both healthcare providers like doctors, hospitals as well as patients, the content is at the heart of the web quality assurance. When we try to understand what does ‘content quality’ mean, we should be thinking and focus on the following test aspects:
- Timely content, and content that is updated dynamically
- Make sure that you present updated content that is being obtained through web services and from 3rd parties – e.g., list of up to date healthcare providers
- Make sure that the content that is presented is ‘location-aware’ – based on customer zip code, the list of providers, content that is presented etc. is relevant
- Content that is easily consumed by the users
- Support for various languages based on the location and customers preference should be supported and properly displayed
- Website accessibility is key for healthcare website since the variance of visitors is huge and typically includes customers from all age ranges, as well as from varying health conditions – here, website quality engineers should follow OWASP guideline and other recommended in-browser tools like Google Lighthouse.
- Educational and domain-specific
- Many healthcare website visitors seek to learn more about either the provider services, working hours, but also about specific medications, medical solutions, and more. In such cases, the content needs to obviously be well presented and to adhere to the above considerations regarding languages, accessibility, machine-readable (JSON) formats, etc.
Image Caption: Google Lighthouse Audit Tool (Chrome Browser)
Healthcare websites, especially in today’s digital transformation that introduces competition between brands, are in a tough position. Such websites are expected to be always-on, always functioning, and to provide a high level of serviceability to the varying visitors. As conveyed in this blog, assuring quality for such sites should involve a top-notch quality strategy that considers at least the above mentioned 5 aspects as a continuous practice.