The healthcare industry is quite promising, particularly from the point of view of process optimization. And this is what healthcare providers are interested in. Therefore, technological integration is a logical step they resort to – the industry research results prove this. Investments in healthcare have already reached more than $18 billion. Most of this capital got attracted by startups developing healthcare solutions. A HealthTech survey found that 48% of healthcare organizations will invest in analytics software to improve employee productivity and engagement, so the market is only set to grow.
Since its foundation, the focus of Glorium Technologies has been the healthcare domain: we develop different types of products – from hospital management systems and software for converting medical image data into a 3D model to an application for treating stuttering.
In this article, written in collaboration with Dmitriy Stepanov, Co-founder and CTO of Glorium Technologies, we share our experience working in the healthcare domain. We observe what makes projects of this type different from others and what the features of technology developed specifically for the healthcare industry are.
Content
Five types of the healthcare projects
Healthtech is developing very rapidly and includes many different directions. From our team’s experience, the directions below drive the most significant demand among customers.
1. Mobile technologies and applications:
- Remote monitoring and control of portable devices;
- Development of tools for freeing up the time of medical staff and optimizing the schedule;
- Synchronization of data to control the availability and management of hospital beds, so-called Mobile Computer Carts, or workstations.
2. Data automation and analytics collection:
- Work on algorithms that, through the analysis of a large amount of documentation, contribute to more accurate forecasts and effective allocation of resources;
- Reducing the time hospital and laboratory workers spend on paperwork;
- Automated analytics to help doctors develop individual patient care plans.
3. Cloud IT projects & Data Security:
- Close connection with electronic medical records;
- Safe storage of medical supplies unlimited in terms and volume data and quick access to them;
- Implementation of authentication and various data encryption methods.
4. Electronic health records (EHR):
- An alternative to paper medical documents, they are easy to maintain and update and almost impossible to lose or fake;
- 24/7 access from anywhere for doctors and patients, plus built-in search and filters to quickly collect information for medical history;
- More accurate treatment plans thanks to integration with third parties, Apple, and Google solutions.
5. Telemedicine:
- Remote provision of medical services, such as assessment, diagnosis, and treatment without the need for the physical presence of a doctor next to the patient;
- The possibility of making an appointment remotely via the Internet and online meetings with a doctor, which is especially relevant for people with limited mobility or lack of time;
- Delivery of medicines to both patients and medical institutions.
What are industry restrictions?
The healthcare industry itself is conservative and highly regulated. It is logical because our decisions, albeit varying degrees, affect people’s health. It imposes certain limitations on software developers. There are clear regulations on what is allowed and what is not, and the price of error is high in terms of accountability.
The International Medical Device Regulators Forum (IMDRF) defines regulatory restrictions, classifying Software as a Medical Device (SaMD). This software will be used for medical purposes – even if it is not part of a medical device.
According to the IMDRF classification, there are three types of Software as a Medical Device:
- Software, which in itself is a medical device;
- Software embedded in a medical device;
- Software used during the production or maintenance of a medical device.
The International Forum of Medical Device Regulators is represented in America by the FDA. Chaired by the FDA in 2013, the IMDRF Working Group agreed on key definitions of Software as a Medical Device, a risk classification framework, a quality management system, and clinical evaluation.
As a result, the FDA classification of medical devices has emerged, which includes three classes:
I – medical devices with low to medium risk that require general controls;
II – medical devices with moderate to high risk that requires special controls;
III – medical devices with increased risk that requires premarket approval.
All classes of devices are subject to general controls and, therefore, must meet the basic requirements of the Food, Drug, and Cosmetic (FD&C) Act that apply to all Class I, II, and III medical devices. The classification depends on the possible use of the device. The class to which the device belongs determines the type of premarket submission or application required for FDA approval before market entry.
In addition, the classification is based on risk levels, meaning that the threat the device potentially presents to the patient is the main factor in the assigned class. Class I includes devices with the lowest risk and Class III – with the highest.
Accordingly, the strictness of regulatory norms depends on the class to which the software you develop belongs. It affects the entire development cycle and the process of managing this cycle, which goes far beyond code review.
About security standards
When developing healthcare projects, you need to comply with HIPAA and GDPR. These are the primary standards governing software development for the industry. Their study is the first step in the transition to the healthcare domain for developers.
What is HIPAA?
The US Health Insurance Portability and Accountability Act protects against disclosure (without patients’ consent or knowledge) of their privacy and health records.
If you are developing a product for healthcare, the software must be HIPAA-compliant with the following features:
- user authorization;
- data access control;
- authorization monitoring;
- backup;
- error correction plan;
- emergency mode;
- automatic exit from the system;
- data encryption and decryption;
And many similar requirements.
At Glorium, developers undergo HIPAA Compliance training before starting work on a project. For this purpose, we use Drata Agent, where the employee must take a test to learn HIPAA requirements and rules for handling confidential information.
The training program includes 35 sections, among them:
- privacy, security, and breach notification rules;
- to whom these rules apply;
- terms of cooperation with cloud service providers;
- business partnership agreement;
- what is PHI, or Protected Health Information;
- application of multifactor identification;
- how an employee should protect information.
What is GDPR?
General Data Protection Regulation is a general information protection regulation adopted by the European Union to process users’ data by organizations.
We are talking about sensitive information. It can be the name, passport number, ID card, login, nickname, e-mail address, phone number, IP address, and bank card data – the data that identifies the person.
This set of rules describes the principles of handling personal information. The company’s signature means that we agree to comply with these and are ready to show evidence of compliance with all the specified requirements at any time.
Here is a simple example of whether a company adheres to international security standards. If you go to your account, enter the wrong password, and the system says that it is incorrect, then this is already a violation of privacy rules because it means the system recognizes your password. Your data is protected if you see a message like your credentials are incorrect, meaning you need more authority to log in.
Healthcare software development vs. other types of projects
As a transition from theory to practice, it is worth sharing observations on how regulations affect development in certain examples. Let’s take a startup we worked for. It has existed for 11 years, and we gained the necessary software development experience during our collaboration. This startup’s idea is to provide all medical services within one platform.
- It works both on the web version and through the app.
- Patients see available time slots and book appointments with a doctor through a calendar that we have integrated with Google Maps.
- Our system allows to calculate very precisely how much time you need for a consultation, including the time to get to the patient and back.
- Doctors can plan their working hours more efficiently thanks to the flexible workload calculation.
- We have also automated the delivery and payment of services and goods as much as possible – so orders get processed quickly and conveniently.
Compared to the project in the corporate sector, this project has a list of restrictions due to working with the patient’s data.
All software the developer uses (Redmine, GitLab, Jira, Gmail, Amazon Web Services, etc.) must meet several data security requirements, including encryption, two-factor authentication, etc.
Contracts with the providers of these tools to be HIPAA compliant, as they are not by default. It is worth noting that more than unilateral compliance with security rules is needed. We as a company must also follow a list of procedures designed to ensure that we meet HIPAA requirements, such as Breach Policy, Disaster Recovery, Risk Management, Incident Response, and others.
Only after the conclusion of the contract you can upload or forward through these services any content (screenshots, text files, etc.) containing patients’ data.
Requirements apply not just to software. The developer’s hardware must comply with the specified rules, too: disk encryption and two-factor authentication must be enabled. In addition, it is crucial to have anti-viruses, the correct setting of the screensaver, and compliance with many other requirements for protecting personal information.
Software development for a healthcare project takes more time than for other industries. First, you must be more careful when writing code. When creating a healthcare software product, we are responsible for other people’s health and condition, so the quality of the code is crucial. Second, every new feature must be HIPAA and GDPR-compliant.
There are two options here:
- Compliance with regulations remains at the client’s discretion. Then the team receives a request and can start working immediately.
- Software developers are responsible for compliance with regulations. In this case, it is necessary to engage an expert who will establish and monitor processes ensuring compliance with HIPAA and GDPR.
In other words, someone must act as an internal regulator. At Glorium, the CTO is in charge of this and monitors any changes in the policies of medical data processing. He verifies the processes and product functionality from the view of compliance with the requirements of HIPAA and GDPR.
Speaking of the technology stack for Healthtech, we recommend using Amazon (S3, RDS) or Azure (Blob Storage, SQL Database) cloud services because they support HIPAA-compliant environments. The actual development will be .NET or Java for the back end and Angular or React for the front end since these are Microsoft products. They are actively developed and will dominate in the future. Unity 3D, Flutter, and Ionic are relevant for mobile cross-platform development.
Fundamental approaches and tools that a developer should master are DDD, SOLID, MVC, MVVM, Microservices, Saga, RabbitMQ, MassTransit, and Mediator. All of these are must-haves now if you want to stay in demand, be up-to-date, and create software for years.
Conclusions
- The healthcare industry is evolving quickly, and deep domain expertise will provide a skilled software developer with many advantages.
- At first glance, the regulation of the industry can scare someone away, but our experience shows that this, on the contrary, is a benefit. Working on healthcare projects allows you to hone your skills in writing high-quality production code.
- Considering the tasks’ complexity, the developer works with modern technologies and systems, particularly microservice infrastructure, and develops in domain-driven design.
If you want to grow as a software developer and impact the digitalization of the healthcare industry, we invite you to join our team. View available vacancies and apply here.
