Post on 16-Apr-2017
transcript
How are Your App’s Vitals?—Developing Healthcare Applications
1-855-202-0824 | b izdev@veniceconsul t ing.com | veniceconsul t ing.com
The healthcare industry is exploding, and medical practitioners are increasingly demanding apps to serve their needs.
A busy cohort that moves around a large, complex workspace would seem to be an ideal
market for an app developer, and that can be true… if the app being developed is researched
in advance, planned with its users in mind, and accompanied with appropriate training and
support for a dynamic workforce.
But the first hurdle for any healthcare app developer is going to be complying
with laws and regulations.
A strong opportunity
11-855-202-0824 | b izdev@veniceconsul t ing.com | veniceconsul t ing.com
If your app is going to share the personal health information of users with doctors or healthcare organizations, you may have to be aware of HIPAA.
What is HIPAA?
HIPAA is the Health Insurance Portability and Accountability Act, and it is intended to protect the privacy of patients’ personal health
information (PHI).
What is PHI?
PHI consists of medical records generated by medical professionals. PHI does not include data users keep about themselves, such
as the number of steps walked in a day or pounds of weight lost this year. Most healthcare apps deal with this sort of personal, non-
medical information rather than PHI. If that describes your app, you don’t have to worry about HIPAA.
Take your pill: Records management and compliance
1-855-202-0824 | b izdev@veniceconsul t ing.com | veniceconsul t ing.com 2
Take your pill: Records management and compliance
How hard is HIPAA?
For those who are dealing with PHI, however, beware.
You have a lot of work ahead of you. For instance:
– The HIPAA Security Rule requires you to assess the
security of your database against 75 specific security
controls that, in turn, include particular mandatory
safeguards1
– You’ll need a team member dedicated to HIPAA
compliance
– You’ll need to engage a third-party auditor each year to
analyze your system.
– Encryption, audit trails, access control, and endpoint
security will also need to be addressed
In addition to regulatory compliance, electronic
health records (EHR) are another area of concern for
developers. An EHR (also referred to EMR, electronic
medical records) is the file that contains a patient’s PHI.
– The key takeaway for developers is that EHR can be
HIPAA-compliant, but that doesn’t mean your whole
app is HIPAA-compliant. EHR is just one piece of the
HIPAA puzzle.
HIPAA Compliance Steps R Have a designated HIPAA-assigned
compliance officer on your team.
R Define the roles of everyone in your
organization involved with HIPAA compliance
R Restrict access to PHI to a limited number of
job roles
R Engage a third-party to conduct the mandatory
annual HIPAA security risk analysis
R Mitigate the weaknesses discovered in the
analysis
R Align your policies and procedures with HIPAA
requirements
R Implement strong access controls
R Encrypt PHI strongly
R Use audit trails
R Implement endpoint security
Should you be worried
about compliance?
The short answer is yes, if your
app shares medical records
with medical professionals. But
you shouldn’t be losing sleep
over it. Other developers have
dealt with privacy laws and
regulations before, so you’re
not breaking new ground,
and you can always engage
an expert to help you handle
HIPAA compliance.
And if your app does not handle
PHI, you don’t have to worry at
all. Just build in the same strong
security you’d use for any app
that transmits user information.
1-855-202-0824 | b izdev@veniceconsul t ing.com | veniceconsul t ing.com 31 Ferran, 2015.
An endpoint is any point in the system where data can be entered—in short, it’s a device. Each device is the source of a potential threat to your network, so it’s worth taking time to control access to those endpoints as tightly as possible. Most healthcare apps share two endpoint weaknesses: they are often used by outsourced workers, and they are often accessed from a mobile device.
Outsourced workers
Many healthcare organizations outsource to per diem employees and offshore workers who need access to your healthcare app to do their work. But
this creates challenges for an app developer:
A sterile environment: Access
When a single role may be filled by a different individual every
day or week, leaks are hard to prevent
A per diem employee may work for a department that has
permissions to access specific levels of data on Monday, and
then work for a department with access to higher or lower
levels of data on Tuesday.
Fast credentialing and de-credentialing are a security essential
in this environment, and are also a HIPAA requirement.
Some healthcare organizations offshore their medical
transcription, healthcare data entry processing, and billing and
coding. All the people in the chain have to be trustworthy and
properly credentialed, especially if EHR are being transmitted.
1-855-202-0824 | b izdev@veniceconsul t ing.com | veniceconsul t ing.com 4
A sterile environment: Access
1-855-202-0824 | b izdev@veniceconsul t ing.com | veniceconsul t ing.com 5
Mobile access
Access from mobile devices is mandatory for healthcare apps because users are rarely behind
desks; their work is performed where the patients or their coworkers are located in a given
moment. According to The Healthcare Alert Newsletter, mobile devices present a number of
additional security weaknesses:
– They are easily stolen or misplaced
– They can be lent to friends who may then access sensitive data through them
– The device’s owner or user may download viruses
– The device’s owner may use an unsecured wi-fi network
A mobile device risk management strategy is in order.2 Aspects to consider include encryption,
Bring Your Own Device (BYOD), remote wiping of data, configuration of firewalls, physical
control of the device, and more.
But security is not the only component in a mobile device strategy. You also need to consider
whether you can:
– Connect your users’ mobile device to your back-end systems
– Accommodate spikes in activity
– Deliver a robust infrastructure and architecture to support all devices
– Support 24x7 users3
Access from mobile devices is mandatory for healthcare apps
2 Ferran, 2015. 3 Bhattacharya 2014.
On call all over: Users
Users are funny about healthcare software; while users adopt enterprise apps pretty easily, some healthcare apps are going to find eager corporate buyers but reluctant end users.
On the other hand, apps for personal use, like step trackers, are frequently
used for a burst of time after download, but then less so until they are
neglected entirely.
User adoption among healthcare professionals can be tough. Users in the
healthcare industry tend to be busy and they don’t sit at desks and fiddle
with software unless they have no choice. Also, the cohort is wide-ranging;
some users in this field will be open to new technology but others will not.
Those reluctant adopters have learned to work with their legacy software,
and even if that legacy software is slow, buggy, or hard to use, they
prefer the devil they know and they do not want to spend time learning its
replacement. Once you get the reluctant adopters over the hump, most of
them will enjoy the benefits of your app—but you have to get over that hump.
Dr. B.J. Fogg, founder of the Persuasive Tech Lab at Stanford University,
identifies three needs that must be fulfilled in order to effect change. They
are motivation, triggers, and ability.
– Your users are likely to be motivated to use your app; the signal that
proves their motivation is the fact that they downloaded it, or the fact
that their bosses told them to use it
– You can build in triggers in the form of notifiers, such as alerts that
remind users to upload their data or change their password
– You can give your users the ability to use your app by providing training,
help content, and support via phone , text, or email.
1-855-202-0824 | b izdev@veniceconsul t ing.com | veniceconsul t ing.com 6
The prescription for success: Training
71-855-202-0824 | b izdev@veniceconsul t ing.com | veniceconsul t ing.com
Training healthcare professionals can be difficult because of their schedules. It may be hard to get them all in a room at once if the training is instructor-led, and if the training is web-based, then it’s hard to get them to make time to complete it.
Hopefully, your user interface is so intuitive that your end users won’t need training. However, even the most
intuitive interface will be opaque to some users, so best practice is to offer some sort of online training. A web
page with screen shots will meet the needs of most end users in most cases, but videos are increasingly the
standard.
But perhaps your app is complex. In that case, training will be necessary to its success. If that’s the
case, consider hiring an instructional designer.
81-855-202-0824 | b izdev@veniceconsul t ing.com | veniceconsul t ing.com
When to engage an instructional designer
Don’t wait. Time to market matters, so there is no benefit to
waiting for the app to be complete before you bring in the
training experts. Get them involved during development.
Don’t worry if you can’t picture how that would work; a
good instructional designer can help you understand the
process.
There is one thing the designer will need, and you’ll have
to deliver it if you want a good result: that’s access to the
developers. Be sure your developers understand the value
the instructional designer is providing and will respond to
the designer’s requests for information promptly.
Whether you choose to work with an instructional designer
or not, the first step in developing your training will be to
plan it well.
Begin with the easy part: the logistics
Logistics decisions will be based on three factors:
1. What works best for your end users
2. What makes sense in terms of your app and its
complexity
3. How much you can spend
You probably have a pretty good idea of how to respond to
those factors, but if you aren’t sure, research your market
and your staff intensively to get a solid feel before you move
too far forward.
The prescription for success: Training
91-855-202-0824 | b izdev@veniceconsul t ing.com | veniceconsul t ing.com
Questions to ask
The prescription for success: Training
How will your training be
conducted?
p In person
p By video of a person
p Static screen shots
p Animated screen shots on a website
p Animated screen shots in-app
p Video screen shares
p Hard copy manual
Who will conduct your training?
p Self-paced
p Instructor-led
p A combination of the two
Where will your training be conducted?
p Online
p Will the site be gated?
p Will you use educational software, and if
so, which service?
p Where will your training content be
hosted?
p Can you use YouTube or does that hurt
your brand?
p On customer site
p Does the customer have the appropriate
space to conduct training?
p Does the space have the proper services
(computers, internet, projection system,
electrical service, etc.)?
p Can you ship training materials in
advance?
p Who will book the training and assign
resources?
p Who will you send to conduct the
training?
p How will you capture customer feedback
when the training is over?
p What will you do with that feedback?
p In your own training center
p Do you have appropriate space and
services?
p Do you have the human resources to
book and deliver the training?
p How will you handle customer feedback?
101-855-202-0824 | b izdev@veniceconsul t ing.com | veniceconsul t ing.com
The prescription for success: Training
Once you’ve made some basic decisions about how to deliver your training, you’re ready for the hard part: designing the training. If you’ve engaged an instructional designer, all you have to do is
follow that person’s lead. But maybe you’re doing this on your
own. In that case, you have a number of options and your budget
will drive your decision.
There are a number of software services that can help you
produce a highly-polished training product. They are easy to use,
even if you have no experience in producing training. Alternatively,
you can go it alone and simply produce training on your own,
using the skills you have on your team.
However, if you’re going to produce your own training material,
you’re going to have to balance your resources. Do you really
want to remove a developer from the coding line to have him
create the training infrastructure? On the other hand, don’t
you want the training to be available to end users on the day
of launch? It’s a tricky balance, and no single answer will make
sense for every app developer.
– Feedback should over three aspects:
– Overall quality of training
– Satisfaction with facility/delivery vehicle
– Quality of instructor (if applicable)
– Quality and usefulness of training materials
– Feedback should be collected at the moment the training is over; otherwise,
it’s likely to be ignored by the customer
– If training is instructor-led, the instructor should not be in the room while
end users are completing the form
– Feedback should be put to use
– Compare new results to historical results to identify trends
– Share feedback with stakeholders in the training, such as instructors, so
they can evolve their teaching techniques
No matter which approach to training you choose, don’t forget
a critical activity that is often overlooked: collecting and
utilizing feedback.
Around the clock care: Support
111-855-202-0824 | b izdev@veniceconsul t ing.com | veniceconsul t ing.com
Good support goes a long way toward customer satisfaction. Conversely, no matter how great your app is, poor support can destroy you. You can run your support in-house or outsource it. The choice comes down to a few business factors:
Total cost of ownership (TCO)
Figure out where your costs are the greatest. If you expect
personnel to be expensive, outsourcing is a good option
Scalability
Can you grow your business and still successfully response
to your support tickets? Can you handle spikes in traffic?
If not, outsourcing is a good choice
How great a risk can you take on the quality of your support?
If you can’t risk a single unhappy customer, handle your support in-
house. Otherwise, you have little control over quality
Is personal service important to your brand?
If so, you’ll have to handle your support in-house. Not only will you
be dealing with traditional support tickets, but you’ll be managing
customer questions through Twitter and maybe Facebook as well
In-house support
Unless your app is an enterprise or a mission-critical app, self-service support should meet most of your end users’ needs. Self-service support includes:
– Knowledge sharing
– FAQs
– Searchable knowledge base
The easiest way to get self-service up and running is to use a pre-built solution like SharePoint.
Your SharePoint site will have to be configured properly and you will have to develop a structure
and policies to manage the content that is shared there. The site will need to be populated
with at least basic support information, but as your end users submit questions over time, their
questions and your responses can be incorporated into the knowledge base.
Also, remember that you can share the burden of answering questions. If you set up a forum
for your users, the most committed and knowledgeable users are likely to answer many of their
peers’ questions. Of course, you have to monitor the forum and enforce the forum’s policies, so it
isn’t entirely self-managing. But it can both ease the work of your support staff and educate you
about how people are using your app and what they’d like to see in the next version.
121-855-202-0824 | b izdev@veniceconsul t ing.com | veniceconsul t ing.com
Around the clock care: Support
Post-development care: After your launch
The cost of developing an app is just the beginning of your expenditure. Expect to spend at least 15-20% of the original app development cost each year on updates, patches, and enhancements.4 If you’ve outsourced your app development, these costs should be included in your contract.
If you’ve developed for both iOS and Android, your ongoing costs will be greater. Every time you
update your iOS version, you have to also update your Android version. And remember—every time
a new version of iOS or Android is released, you’ll have to update your app as well. You can reduce
these expenses by developing for a mobile browser in HTML5. Then you’ll only have maintain
one app, not 2 versions of your app. Another alternative is to build a hybrid app that uses web
technology, with all the attendant benefits, but looks like a native app.
131-855-202-0824 | b izdev@veniceconsul t ing.com | veniceconsul t ing.com 4 Chomko, 2012.
Your business wellness program: Ongoing success
141-855-202-0824 | b izdev@veniceconsul t ing.com | veniceconsul t ing.com
As with any business endeavor, you’ll need to keep an eye on the health of your app. According to Kiss Metrics, key success metrics include:
DAU and MAU:
Daily and monthly active users
Retention Rate: Measure daily, weekly, and monthly
retention rates to see whether your app has caused
behavioral change in the lives of its users
ARPU: Average Revenue Per User, or ARPU =
Total revenue generated by the app / Total active users of the app
LTV or Life Time Value: The value of one app user over his or her
lifetime in the app, or LTV = ARPU x (1/CHURN). CHURN is the
number of users that leave the app after a specific amount of time.
You may need to add a few more metrics to understand how well your particular app is doing, but be careful not to track non-
essential information. That’s a common mistake that can cause confusion rather than clarity.
Your investment prognosis: Future funding
151-855-202-0824 | b izdev@veniceconsul t ing.com | veniceconsul t ing.com
Ideally, you were thinking about future funding from the first day you conceived your app. If you were, then you’ve already developed the elements that appeal to investors:
When you’re talking to investors, you don’t have to convince them that your app is going be the next big thing. You have to convince
them that you have a viable model and that you’re prepared to do what it takes to create a success. If you believe in your product
and can explain the problem it solves, the market to which it appeals, and the ability of your team to follow through, and if you’re
prepared to respond with facts and figures to any question flung at you, then you’re ready to move forward.
A well- designed app
Good marketing
A user acquisition strategy
Build an app that thrives: Conclusion
Developing a healthcare app presents all the challenges of developing any app, but with added levels of complexity due to the need to comply with regulations, credential and de-credential a dynamic workforce and deliver training that users who focused on their patients. However, all of those hurdles can be overcome if you start with good research and plan carefully. You also need to be open to
making large revisions during the development phase as you roll out mini-tests and deepen your research.
Have some version of your training ready on launch day, and know that your user support system is going to be very busy while
your new users become familiar with your app.
As time goes on, be sure to monitor key metrics focused on how people are using the app. Also be prepared to continue to invest
in your app because ongoing expenses are significant. Therefore, you may need to seek funding from investors. If that’s the case,
just believe in your product, know your market inside out, and go pitch. If you started with a good idea and did all the groundwork,
you have an app people want.
161-855-202-0824 | b izdev@veniceconsul t ing.com | veniceconsul t ing.com
1-855-202-0824 | b izdev@veniceconsul t ing.com | veniceconsul t ing.com
Venice Consulting Group is an Internet + Mobile application development
company specializing in user experience and process optimization. With
a valuable combination of regulated industry experience and technical
expertise, VCG applies the latest proven technologies to meet our clients’
current objectives and improve their bottom line. VCG offers high-value and
low-risk cost savings through its Hybrid Nearshore Model.
The firm has deep industry experience that cross many regulated markets
from healthcare to media & entertainment to financial services. Some
key firm clients include: AFTRA, American Express with Solver USA,
FOX Broadcasting, Pontiac with Digitas, Sony Connect, The California
Endowment & TeamOne Advertising for Lexus.
Contact VCG today to learn more about our services
About Venice Consulting Group
17