Healthcare Software Consulting

Belitsoft specializes in delivering easy to manage HIPAA-compliant solutions and technology services for medical practices of all sizes. Contact us if you would like to get a HIPAA risk assessment and analysis. According to HHS, business associates are directly liable for violating the HIPAA Security Rule and Breach Notification Rule as well as certain provisions of the Privacy Rule. If an implementation specification is described as “required”, it must be fulfilled. Addressable stipulations must be implemented if it is reasonable and appropriate to do so. Plus, the choice must be documented. Business associates may use any technology solution to align with HIPAA requirements. Having analyzed our experience in healthcare development, we recommend the most suitable technical solutions to comply with HIPAA requirements. Access Control Access Control (required) Enable authorized users to access the minimum necessary information needed to perform job functions. Unique User Identification (required). Assign unique IDs for indicating and tracking user identity. Tech.Solution: Use the employee name or its variation (e.g. jsmith). A set of random numbers and characters (it is more difficult for an unauthorized user to guess, but may also be more difficult for authorized users to remember and management to recognize). Emergency Access Procedure (required). Provide access to necessary ePHI during emergency conditions (when normal environmental systems, such as electrical power, have been damaged due to a natural or manmade disaster). Tech.Solution: If the organization utilizes a cloud-based EHR, the disaster recovery plan addresses disruptions in access to an ISP or cloud-based EHR vendor to ensure the availability of the EHR for both treatment and billing services. Automatic Logoff (A). Apply procedures that terminate an electronic session after a predefined period of inactivity. Tech.Solution: Set a 10-minute period of inactivity after which the system will automatically be locked. In case the device is in the high-traffic area, establish a timeout of 2 to 3 minutes. Equipment used in protected areas with controlled, limited access, such as a lab or an isolated office, could have longer timeout periods. Activate an operating system screensaver that is password protected after a period of system inactivity. Encryption and Decryption (A). All collected and stored ePHI should be encrypted and decrypted by the person with the appropriate keys. Tech.Solution: Store the sensitive data in a secure environment with the proper physical and network security. Choose file/folder level encryption and full disk encryption for storing confidential info on mobile devices. Do not store the password to the PGP or S/MIME key in your system. Recommend your system visitors to enter the password and use cookies to keep the password from page to page. If you store ePHI in a MySQL database you should ensure that the password to that database is not stored in your system. Encrypt the data before saving it in the database for extra security stages. Audit Controls Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use ePHI. Integrity Protect ePHI from improper alteration or destruction in an unauthorized manner by both technical and non-technical parties. Thus, workforce members may make incidental changes that improperly alter or destroy ePHI. Data can also be compromised without human intervention that includes electronic media errors or failures. Mechanism to Authenticate Electronic Protected Health Information (A). Implement electronic mechanisms to protect ePHI from alteration or destruction by a virus or other malicious code. Tech.Solution: Backup the information in the DB and store it on an external cloud service. Block Storage Person or Entity Authentication Person or Entity Authentication. Verify that a person or entity seeking access to ePHI is they claim to be. Tech.Solution: Require something known only to that individual, such as a password or PIN. The password should be the longest possible (between six and 10+ characters) including a combination of numbers, special characters, and a mixture of upper and lower case letters. It should be changed at least every six months or whenever the password becomes known to the other person. And current or previous passwords could not be reused. It is possible to implement functionality that will control the password expiration. This logic will prevent users from logging in with an expired password and force them to change it. Require using a physical device such as a token, or telephone callback function. Require something unique to the individual such as a biometric (e.g. fingerprints, voice patterns, facial patterns or iris patterns). Use two-factor authentication: By SMS/push notification, a person using a username and password to log into a database also has to insert a PIN code to confirm their identity. The request of a fingerprint scan (biometric) with the further entering of a password. Integrate with Google Authenticator or similar service. For iOS For Android Transmission Security Transmission Security. Prevent unauthorized access to ePHI that is being transmitted over an electronic communications network. Integrity Controls (A). Ensure that ePHI is not improperly modified during transmission (it applies to all individual health information that is maintained or transmitted). Tech.Solution: Use network communication protocols. Secure your web-solution with an SSL, PGP or AES encryption. SSL Certificates Do not use FTP to transfer patient data to/from payers and other medical organizations. Choose SFTP instead. Encryption (A). Communication containing PHI (either in the body or as an attachment) that goes beyond an internal firewalled server should be encrypted. It should also be considered that emails containing PHI are part of a patient´s medical record and should, therefore, be encrypted and backed up. This applies to any form of electronic communication - email, SMS, instant message, etc. The encryption requirements apply to every part of the IT system, including servers like Amazon Cloud, Microsoft Azure or Atlantic.net. Tech.Solution: NIST recommends the use of Advanced Encryption Standard (AES) 128, 192 or 256-bit encryption, OpenPGP, and S/MIME. Physical Safeguards Facility Access Controls Facility Access Controls. Limit physical access to the electronic information system, while ensuring that properly authorized access is allowed. Contingency operations (A). Allow facility access to the physical office and stored data even during an emergency. Facility Security Plan (A). Define and document the use of physical access control to protect equipment that stores ePHI from unauthorized access and theft. Access Control and Validation Procedures (A). Control and validate a person's access to facilities based on their role or function, including visitor control, and control of access to software programs for testing and revision. Tech.Solution: Log all the server actions. Maintenance Records (A). Document repairs and modifications to the physical components of a facility which are related to security (for example, hardware, walls, doors, and locks). Tech.Solution: In a small office, documentation may simply be a logbook that notes the date, reason for repair or modification and who authorized it. In a large organization, various repairs and modifications of physical security components may need to be documented in more detail and maintained in a database. Workstation Use Workstation Use. Restrict the use of workstations that have access to ePHI. Specify the protective surrounding of a workstation. Regulate how functions are to be performed on the workstations that can access ePHI. Tech.Solution: Automatic logoff Use and continually update antivirus software. Configure web filtering Device and Media Controls Device and Media Controls. Manage how ePHI is transferred/removed/disposed from the mobile devices if the user leaves the organization or the gadget is re-used, sold, etc. Disposal (required). The data can be permanently disposed of when needed. Yet, you will have to consider all the places where data can be archived, and you will need to ensure that all of those backups will expire and disappear. Tech.Solution: Block Storage Media Re-use (required). Remove ePHI from electronic media before the media are made available for reuse. Tech.Solution: Manual removal of patient data in electronic storage media including memory devices in computers (hard drives) and any removable/transportable digital memory media, such as backup tape, optical disk, or smart card. Accountability (A). Maintain a record of the movements of hardware and electronic media and any person responsible therefore. Data Backup and Storage (A). The HIPAA Rules do not dictate where ePHI may or may not be maintained. Thus, BAs are not prohibited from storing PHI outside of the United States (though there are other laws that may restrict the practice of storing PHI offshore; for example, some state Medicaid programs prohibit the offshoring of Medicaid data). ePHI that is collected, stored and used within your solution has to be backed up. The reserved copy should be stored in a secure environment and according to the best practices, it should have several backups that are stored in different locations. Also, the copy should be readily retrievable if the hardware or electronic media is damaged. Tech.Solution: Automatic data backup. Email archiving. Workstation Security Workstation Security. Implement physical safeguards for all workstations that access ePHI, to restrict access to authorized users. Administrative Safeguards Administrative Safeguards. Administrative Safeguards fall out of the realm of software development, however, there are mandatory guidelines for any business that works with health information. Administrative security tasks involve: Appoint security officers who will regularly perform the risk assessment. Introduce risk management policies and procedures. Train employees on identifying potential cyber attacks and document all training. Restrict third-party access to ePHI. Develop a contingenсy plan to protect the integrity of ePHI, consider data backups and procedures to restore lost data in case of emergency. HIPAA Privacy Rules HIPAA Privacy Rules. HIPAA Privacy Rules refer to the use and disclosure of PHI and apply to any healthcare organizations and their business associates. According to the rules, BA may not use, access, or disclose PHI without the patient's consent, except for purposes of treatment, payment or certain health care operation; certain public safety and government functions, including: reporting of abuse and neglect, responding to government investigations, or disclosures to avoid a serious and imminent threat to the individual. However, before making disclosures for such purposes, BA should consult with CE. Tech.Solution: The app shall have a section (tab, button or equivalent) or active link to its Privacy Policy, and owner represents that commercially reasonable efforts are used to notify users of any material changes to its Privacy Policy. Limited data set. HIPAA Breach Notification Rules HIPAA Breach Notification Rules. Require BAs to promptly notify the Department of Health and Human Services of small security breaches within 60 days after the breach is discovered. Larger breaches (affecting 500+ patients) must also be reported to the media. Plus, BAs must notify their CE, which in turn must notify the individuals. Breach notifications should include the following information: The nature of the ePHI involved, including the types of personal identifiers exposed. The unauthorized person who used the ePHI or to whom the disclosure was made (if known). Whether the ePHI was actually acquired or viewed (if known). The extent to which the risk of damage has been mitigated. In all cases, patients must be notified and informed of steps they can take to mitigate potential damage. Tech.Solution: Prepare a mass mailing plan for this contingency. Maintain Required Documentation Maintain Required Documentation. Maintain the documents required by the Security Rule for six years from the document’s last effective date. Ensure that you have written training standards as well as written penalties that employees are informed of in the case of a violation.

Accountable care organizations (ACOs) - groups of healthcare specialists, centers and other providers who render high-quality care to their Medicare patients on a voluntary basis. Activity-based costing (ABC) - an accounting software methodology enabling medical organizations to calculate costs of each case of care provided like hospital, physician, and medication expenses. Admission, discharge, and transfer (ADT) system - one of the four types of the hospital business system that tracks patients’ admissions, transfers, and discharges. Ambulatory EHR systems - software that is applied in outpatient care facilities and smaller practices allowing physicians to collect specific info about each patient and providing a full-fledged medical picture of their personal health records. Ambulatory Medical Record (AMR) - a computer system for collecting, managing, and retrieving EHRs in the outpatient setting. American Academy of Professional Coders (AAPC) - the expert coding training and certification association for medical programmers, billers, compliance and practice managers in the U.S. Apple HealthKit - a platform for maintaining data from health and fitness tools on iOS and making it available to Apple users via the company’s Health app. Patients can authorize sharing of the data with their healthcare providers, which in turn add it to EHRs. Source: wikipedia.org/wiki/Health_(Apple) Apple ResearchKit - an open-source framework that allows specialists to develop apps for medical research. It is integrated with HealthKit providing access to info collected from a variety of app-enabled monitoring devices. Bidirectional Health Information Exchange (BHIE) - a medical info sharing project that allows for two-way PHI data exchanging between the U.S. Department of Defence and the Veterans Health Administration. Business intelligence (BI) apps - software which supports financial and operational aspects of the healthcare system, including contract negotiations, facility management, measurement of resource utilization, and cost analysis. Certification Commission for Healthcare Information Technology (CCHIT) - a voluntary, private sector organization for certifying health IT products, such as EHRs and the networks over which they interact. Clinical intelligence (CI) apps - a software which deals with medical activities like quality improvement, care management, and population health management. Clinical decision support system (CDSS) - a toolkit that analyzes data to enhance decision-making in the clinical workflow. The software assists physicians and health professionals in, for example, applying a particular diagnosis, specific tests or treatments for their patients. ‘[...] decisions that can benefit from DSS include whether or not to undergo surgery, whether or not to undergo a stress test first, whether or not to have an annual mammogram starting at a particular age, or a computed tomography (CT) to screen for lung cancer, whether or not to utilize intensive care support such as a ventilator, chest shocks, chest compressions, forced feeding, strong antibiotics and so on versus care directed to comfort measures only without regard to longevity.’ Justin D. Pearlman, MD, PhD. Clinical Document Architecture (CDA) - an XML-based markup standard to provide an exchange model for clinical documents. Source: researchgate.net/figure/Fragment-of-HL7-based-clinical-document-architecture-CDA-schema-for-Centers-for_fig4_51614531 Clinical documentation improvement (CDI) - the process, often supported by specialized software, that is intended for physicians to enhance their documentation of patient encounters and procedures. Cognitive computing (CC) - the simulation of human thought process in a computerized model. CC is a branch of artificial intelligence that uses machine learning and natural language processing to reproduce the way the human brain works. The purpose of cognitive computing is to build automated IT systems to solve problems without requiring human assistance. Computer-assisted coding system (CACS) - software that utilizes natural-language processing to analyze healthcare documents and generate appropriate medical codes for specific phrases and terms within the document. Computerized practitioner order entry (CPOE) - the process of listing electronic orders for medications and tests using computerized clinical decision support. Continuity of Care Record (CCR) - a standard for creating and providing timely access to electronic summaries of patient health for other caregivers. Digital Imaging and Communications in Medicine (DICOM) - a standard for storing and transferring medical pictures enabling the integration of medical imaging devices and PACSs from various producers. Direct Project - a secure clinical messaging protocol for enabling data exchange between healthcare providers. Disease management - a system of healthcare interventions and communications for maintaining care and support for patients with chronic illness such as diabetes, HIV/AIDS, and cancer. Electronic health record (EHR) - a patient’s official health document that is shared among multiple medical organizations. All records are stored in a digital format and include the same types of information, like contact and insurance details, a list of medications and surgeries or procedures performed, etc. Learn how we developed a custom EHR for a well-known Company. Electronic Intensive Care Unit (eICU) - a form of telemedicine that uses state-of-the-art monitoring tools to keep an eye on patient’s state of health within the country. ‘We are a second set of eyes for taking care of critical care patients. It’s like an air traffic control center where patients are the blips on radar, and we’re the controllers making sure everything goes smoothly.’ Lisa-Mae Williams, director of telehealth and eICU at Baptist Health South Florida Electronic medical record (EMR) - the patient record created by providers for specific encounters in hospitals and ambulatory environments. The data may be exportable to an EHR. E-prescription - a computer-generated appointment created by a healthcare provider and sent directly to pharmacies to avoid paperwork, phone calls or possible fraud. Fast Healthcare Interoperability Resources (FHIR) - a standard for electronic exchange of healthcare information. FHIR can be used in mobile apps, cloud communications, EHR-based data sharing and among institutional healthcare providers. FDA (Food and Drug Administration) Regulations of mHealth technologies - a legal act which classifies medical devices into three categories based on the associated risk to ensure safety and effectiveness of the gadgets. Federal Health Architecture (FHA) - an e-government initiative that coordinates health IT activities among federal agencies responsible for providing medical services. The FHA helps federal institutions invest in standards-compliant technology and ensure the accountability of governmental health IT programs. General Data Protection Regulation (GDPR) - the set of rules that requires private and public healthcare sectors to demonstrate they are protecting their patients’ data adequately. Any healthcare provider must verify their patients’ identities and organize a system that allows the erasure or rectification of their data. Applicable for companies in EU or targeting EU citizens. These 7 steps will help prepare your software for GDPR. Google Fit - a health-tracking platform that collects data from multiple apps and Android devices. The tool uses sensors in a customer’s activity tracker or gadget to record physical fitness activities to provide a complete view of their vigor. Users can decide who accesses their fitness data as well as delete info at any time. Source: google.com/fit/ Health Employers Data Information Set (HEDIS) - a set of standardized performance measures used by healthcare professionals to compare the quality and services provided by health plans, group practices, and hospitals. Health information exchange (HIE) - reliable and secure sharing of the healthcare-related data among institutions, health information organizations and government facilities in compliance with national standards. Health information organization (HIO) - is a U.S. government-led non-profit medical institution which transfers healthcare info electronically across organizations, including smaller clinics, hospitals, medical societies, major employers, and payers. Health information technology (HIT) - an IT field which involves development, use, and support of information systems for the healthcare industry. Automated and interoperable healthcare information systems are expected to improve medical care, lower costs, increase efficiency and reduce error, while optimizing reimbursement for ambulatory and inpatient healthcare providers. Health Information Technology for Economic and Clinical Health (HITECH) Act - U.S. legislation passed in 2009 to encourage the adoption of electronic health records and the supporting technology. Health Insurance Portability and Accountability Act of 1996 (HIPAA) - U.S. legislation that provides data privacy and security provisions for safeguarding medical data. HIPAA Privacy Rules protects sensitive patient info by establishing a set of rights and standards that apply to healthcare provides gathering and storing it electronically or otherwise. Want to create a HIPAA-compliant app? Contact our healthcare specialists for advice! Health Level Seven International (HL7) - a set of standards, guidelines, and methodologies for transfer, integration, and retrieval of healthcare information. In theory, the ability to exchange data should minimize the tendency for medical care to be geographically isolated and highly variable. Home monitoring - the use of technology to remotely monitor a patient’s medical history from their home to enhance their comfort. Hospital information system (HIS) - a computer system that addresses mainly the administrational needs of hospitals. They manage the data related to the finance department, laboratory, nursing (NIS), pharmacy (PIS), radiology (RIS) and pathology departments. International Classification of Diseases (ICD) - a system used by healthcare providers to categorize and code all diagnoses, symptoms, and procedures. Meaningful use (MU) - the U.S. government EHR incentive program, which sets the standards for using health records and exchanging patient clinical data between healthcare providers, insurers, and patients. Medical algorithm - a step-by-step protocol to address medical challenges like diagnosis or screening. Usually, it is represented as a flowchart or stepwise instruction. Source: wikipedia.org/wiki/Medical_algorithm Medical practice management software (PMS) - a toolkit that is used to manage day-to-day operations of a medical practice, such as appointment scheduling, billing tasks performing and report generating. Medical Scheduling Software - a solution for managing patient appointments and allocating medical staff. Mobile health (mHealth) - the accessibility and exchange of clinical and patients’ information via mobile devices and apps. National Council for Prescription Drug Programs (NCPDP) - a non-profit ANSI-accredited organization that manages a number of standards to improve the communication within the pharmacy industry. National Health Information Network (NHIN) - a set of technologies, standards, policies, programs, and practices that enable medical data to be shared among healthcare decision makers to improve the industry. Office of the National Coordination of Health Information Technology (ONC) - a federal institution that regulates and standardizes health technology for general usage in the U.S. Patient Encounter Costing (PEC) - a cost accounting system that is used to record, analyze, and allocate costs for the individual services provided to patients, such as medications, procedures, analysis, and boarding. Patient portals - a website that allows patients access personal health information and communicate with their healthcare providers online. Personal health record (PHR) - a collection of patient’s self-maintained health-related information. PHRs are stored on a personal device or the Internet and can be shared with third parties only with the consent of the owner. Personal health information (PHI) - medical history, laboratory results, insurance info and other data that a healthcare professional stores to identify an individual and determine appropriate care. Physician Quality Reporting System (PQRS) -  a quality improvement program initiated to determine whether physicians should have their Medicare payments adjusted up or down. Picture archiving and communication system (PACS) - a healthcare imaging technology which provides economical storage and convenient access to the content, including computed tomography (CT) and magnetic resonance imaging (MRI) results. Population health management (PHM) - a discipline that studies and facilitates medical assistance across the general population or a group of individuals. Protected health information (PHI) - any part of a patient’s medical record or payment history that can be used for de-identification before researchers share the dataset publicly. Remote monitoring -  differs from home monitoring with a broader coverage area. The tools are applied to a patient anywhere and send alerts to a nurse station if their condition worsens, reducing the need for close personal monitoring. Revenue cycle management (RCM) - a financial process that healthcare facilities use to track patients care episodes from registration and appointment scheduling to the final payment. Telehealth/Telemedicine - the adoption of telepresence or video conferencing to maintain medical consultations or treatments remotely. Treatment decision support - a set of tools and processes that are used by patients who will receive the treatment to improve their healthcare decision-making. Vendor Neutral Archive (VNA) - a medical imaging technology in which images and documents are archived in a standard format and accessible to healthcare professionals regardless of what proprietary system created the files. Virtual visits - a model of healthcare services provision that is based on remote consultations through video or voice connection. Read more about healthcare software development in our blog: Top Healthcare Mobile Apps Using React Native Python in Healthcare Top 20 Healthcare SaaS Companies from New York Order your EHR system from Belitsoft - a top Healthcare Development Company!

Mobile health is a growing IT sector that focuses on transforming how healthcare providers interact with their patients. According to Zion Market Research, the global mHealth market size is expected to reach $102.43 billion by 2022. Industry experts predict that 70% of healthcare organizations will invest in healthcare mobile app development by 2018. ‘The market for digital health tools is finally starting to catch up to the demand. Unfortunately, this increase can lead to a surge in unreliable tools. Nearly half of consumers today are considered digital health adopters—and that number is only going to rise as the benefits become apparent and tech-savvy generations get older.’ Nitin Goyal, MD, Orthopaedic Surgeon, Founder & CEO at Pulse Platform The following statistic displays the number of mHealth apps available on Google Play. During the last measured period, the store offered just over 51.000 medical apps, representing a 5.7 percent growth over the previous quarter. The most income-generating mHealth apps on Google Play are fitness and calories counter systems. Source: statista.com/statistics/779919/health-apps-available-google-play-worldwide Apps have become an essential part of the healthcare field. Medicare providers and patients all benefit from up-to-date, user-friendly, and free or minimal-cost healthcare apps. Due to rising supply, it has become increasingly important to offer a high-quality product. Thus, designing mHealth apps that provide efficient and convenient ways of providing healthcare services is among the top-most concerns of developers. In this article, we talk about what colors are best suited for healthcare mobile software and give you some examples. We then focus on app notification design. Surely we compare iOS and Android design style and show you some key differences with actual screenshots. Finally, we refer to best practices to customize your app for users with disabilities. Have an idea to create an mHealth app? Contact us to start your business! Familiarizing with colors As part of the development process, it is necessary to choose a proper color scheme and fonts. Users should feel peaceful with confidence that they run a right medicare software to address their needs and concerns. To that end, vibrant colors should be replaced with a more delicate and calm color palette. Fortunately, there are many hues to pick from both cold and warm sides of the spectrum. Cold tones are most often used for the background. These hues establish an overall sense of tranquility that is necessary to help users concentrate on the more important features of the healthcare app. White Fitbit - an activity tracker for iOS and Android Oscar Health - a health insurance app for iOS and Android Blue Calm - a meditation app A pharmacy app by Lewis+Humphreys Grey BioDigital - a 3D health visualization system Clue - a female health app Green Omada - a behavior change program HealthTap - an online doctor consultation app Warm tones are great for accent colors and for attracting attention. However, products designed in this color scheme as their dominant may be used in obstetrics and gynecology. All because in Europe and the USA, pink is often associated with the women. Pink Flo - a fertility and pregnancy calendar Blogilate - a fitness app Purple Zipdrug - a medication delivery app Cliniklik healthcare app design by Pablo Barzet, Source Yellow GoodRX - a drug price tracking app in the USA Red Pills On Time - a medication reminder and pills tracker Orange MINDBODY - fitness, salon and spa booking app App notification design Notifications are crucial to mHealth apps, especially for those that provide tracking and reminders. Giving them different designs enables indicating importance and urgency. For example, an app reminds users of their scheduled time to take a pill. Along with this, it also notifies of an upcoming physician’s appointment. To avoid confusion and highlight relevance, developers have to give the reminders various design elements. To this end, they can use color-coding, font choices, gestures, or notification behavior/animation. CareZone - a medication management app MyTherapy - a medication reminder and pill tracker Couch to 5K - a running trainer Sleep Cycle - an intelligent alarm clock For our take on healthcare software development take a look at the latest EHR we've developed. This article give insights into the approach we used: How to Build an EHR System Android vs iOS: Different design styles Most popular apps, including mHealth, are released for both iOS and Android. The following are some differences to be taken into account when developing a mobile app. — First off, the design rules for Android devices are determined by Material Design, while for iOS - by Human Interface Guidelines. The first one is based on a layered "paper" approach providing more hierarchy with realistic shadows, light, and motion. As for iOS, designers can use the effects of transparency, blurring, gradients or shadows to attract users attention. — Moving between screens is a common action users take on apps. On Android, there is a universal navigation bar at the bottom. The back button is the simplest way to go back to a previous screen and it works in all apps. Runtastic Balance Food Tracker and Calorie Counter for Android The vision on iOS is a little different. As can be seen on the screenshot below, there is no back button here. Thus, the app screen has a button on the top left corner. Moreover, designers can also use the name of the previous page behind the back icon to let customers know where they will go back. Runtastic Balance Food Tracker and Calorie Counter for iOS In addition, Apple introduced a gesture of swiping from left to right in apps to go back. The animation for the collecting samples flow for Bloodline for iOS by Bryce Thompson, Source — Apps have different areas within them, usually organized as tabs. Different sections on Android are displayed on top of the app. In addition, the Android version shows only icons on the tab row, whereas the iOS version also has labels. However, iOS app’s sections are organized as tabs on the bottom of the screen. Doctor On Demand for Android Doctor On Demand for iOS MyFitnessPal for Android MyFitnessPal for iOS — Action buttons are those that enable users to take some actions like share, upload/download etc. Both Android and iOS have their own icon styles. My Diet Coach - a weight loss motivating and tracking app for Android My Diet Coach for iOS Understand target audiences A proper quality design is important for any mobile app, but it’s especially vital when creating a program for sensitive target users. ‘I’m not the first entrepreneur to create a digital health app for patients. But as a surgeon, I’m very aware of the day-to-day issues that arise, including the nuanced relationship between patient and provider. Not all entrepreneurs in digital healthcare have this level of awareness. That means some digital health tools don’t consider a patient’s best interest.’ Nitin Goyal said The following are some obstacles disabled users have met: Blind people may use screen reader software or Braille devices to access content but only text-based. Deaf users cannot access audio content unless it is transcribed. People who can’t use a mouse have to able to access content with a keyboard alone. Users with low vision, dyslexia, or attention deficit are difficult to process extensive texts and require more white space, simple screen images, and proper color contrast. Examples of color disabilities Site: w3.org/WAI/GL/low-vision-a11y-tf/wiki/Overview_of_Low_Vision Since this field is mainly represented by older people, or who might have sensory impairments and other disabilities or technically challenged, it’s necessary to tailor healthcare mobile app design. Source: greatcall.com/greatcall/lp/is-mobile-healthcare-the-future-infographic.aspx Designing for low- and no-vision and hearing: legislation Developing software that can be used by all people without the need for adaptation or specialized design is called “universal design”. Many software companies, unfortunately, focus on the characteristics of the “average” user. ‘The term user experience is now widely used, especially by major players in the industry including Apple, IBM and Microsoft. However, in many cases, the term is contrasted to usability which is often depicted as a much narrower concept focusing on systems being easy to use.’ Tom Stewart, Chair of the ISO sub-committee With a view to making software accessible for people with disabilities, the U.S. Congress has passed legislation in a range of areas. Section 504 of the Rehabilitation Act of 1973 and its amendment 508 suggested in 1986 require that information technology funded/used by the federal government must be designed to be accessible to people with disabilities. The Americans with Disabilities Act of 1990 (ADA) and ADA Amendments Act of 2008 require public software be accessible to users with physical, sensory, or cognitive disabilities, regardless of what audience is targeted. In 2017, the U.S. Access Board published a final rule updating accessibility requirements for information and communication technology (ICT). Further, it boosts international harmonization, in particular with Canada, Germany, France, Australia, New Zealand, and Japan. Designing for low- and no-vision and hearing: best practices The “mobile accessibility” standards address devices that interact with the web, including smartphones, tablets, and wearables. Most often, mobile devices have a small screen size that limits how much information users can actually view at one time. Especially, when zoom is used by people with low vision. Some best practices for helping low-vision users to make the most of small screens include: Cut the amount of the displayed content by providing a dedicated mobile version (providing fewer content modules, fewer images, or focus on important mobile usage scenarios) or a responsive design (on narrow screens the navigation menus may be hidden until a user taps a menu button). The left picture shows a page with no modification, print preview at 100%. The picture on the right shows the same page at 200%. Source: w3.org/WAI/GL/low-vision-a11y-tf/wiki/Printing_Customized_Text Provide a reasonable default size for content and touch controls to prevent text magnification by the user. The content has to be resizable without assistive technology up to 200 percent. Supply with on-page controls to change the text size (e.g. magnifying lens view under user’s finger). Source: pcworld.com/article/3131925 Avoid using complicated and decorative fonts because they can be discerned much harder. Use standard fonts like Arial or Times New Roman instead. Create alternative CSS with a highly contrasting color scheme. The WCAG 2.0. suggests Minimum (at least 4.5:1 or 3:1 for large-scale text) and Enhanced (at least 7:1 or 4.5:1 for large-scale text) contrasts. Arrange interactive elements where they can be easily seen when the device is held in different positions. Use a range of clearly contrasting colors and hues instead of relying on black and white as the design's only contrasting colors. Type1 Diabetes Mobile App Design Source: behance.net/gallery/32173645/Type-1-Diabetes-Mobile-App Avoid hard-to-see color combos, e.g: Green & red. Green & brown. Blue & purple. Green & Blue. Blue & Grey.  Green & Grey. Indicate clearly interactive elements (buttons or links) from non-actionable elements (content, status info, etc.) through the following parameters: Conventional shape: rounded-corner shaded button shape. Iconography:  question mark, home icon, back arrow, etc. for conventional visual icons. Color offset: various text color, shape with a different background color to distinguish the element from the page background. Conventional style: underlined text and different colors for links. To ensure access to all potential audiences, it is essential that software companies develop products to be compatible with assistive technology. When a mobile app is designed to be accessible to users with a broad range of disabilities, the others benefit too. For example, video transcripts enable deaf users to access the content. However, this feature allows for viewing it in a noisy environment, or for whom English is a second language. User-friendly design An important step toward a successful UX design for mHealth apps is to practice simplicity. We’ve reviewed dozens of healthcare apps, both on Google Play and App Store, and noticed there is one thing in common: simplistic or minimalist design. Indeed, such programs give users a clean and professional experience. ‘Don’t re-invent the wheel. Use models and frameworks developed by others, and modify them as needed [...] and incorporate what has worked before. Once that framework is established, it’s easier to go in and add elements that personalize or brand the experience.’ Jeffery Kendall, SVP and GM at Kony Health tracking app by Jakub Antalík Source: dribbble.com/shots/2834322-Health-tracking-app-case-study It is also essential to facilitate the register/sign-in process. User authorization has to take the minimum amount of time avoiding numerous screens and clicks. The simplification principle also applies to emergency data accessing, like doctor phone number, prescription medication, or allergies. Icon sets used in healthcare apps should be highly intuitive so that users can easily understand what a particular icon means. However, more creative symbols can be added while including their description at hand. Thus, developers avoid the possibility of confusing their customers. Medical Icon Set by Vivek Karthikeyan Source: dribbble.com/shots/3121056-Medical-Icon-Set Medical Icons by Asif Hussain Source: dribbble.com/shots/4131178-Medical-Icons Complete Medical App by Asif Hussain Source: dribbble.com/shots/4078004-A-Complete-Medical-Application Conclusion Designing an effective healthcare mobile app requires focusing on what works best for target audiences. Design should be centered around an intuitive UI/UX and proper coloring schemes. Moreover, to reach a wide audience, mHealth apps should be tailored for sensory impairment users. You want your app to have a modern and harmonious look? Our talented designers will liven it up! Contact us for advice!