Healthcare & Health Data QA — testing systems that touch patients
The NZ-localised guide to testing the systems that hold health information and shape clinical care.
Health software is where a defect is not an inconvenience — it is a result attached to the wrong patient, a referral that never arrives, or sensitive health information shown to someone who should never see it. This track teaches you to test clinical systems and patient safety, HL7 v2 and FHIR interoperability, PHI privacy under the Health Information Privacy Code 2020, regulated and medical-device software, and EHR integration across Te Whatu Ora — Health New Zealand and the wider sector.
From the bedside to the integration engine
Clinical Systems & Patient Safety
Why a defect in a clinical system can harm a patient. Clinical risk, the National Health Index (NHI), and the rigour expected when a result lands at a bedside.
~30 min read · ~70 min with exercises · Healthcare QA
Lesson 2HL7 & FHIR Interoperability
HL7 v2 messages and FHIR resources. Reading segments and resources, conformance profiles, and the negative and edge cases that break integration between clinical systems.
~35 min read · ~80 min with exercises · Healthcare QA
Lesson 3PHI & Health-Data Privacy
Testing personal health information under the Privacy Act 2020 and the Health Information Privacy Code 2020. Consent, access controls, audit logging, and de-identification.
~30 min read · ~75 min with exercises · Healthcare QA
Lesson 4Regulated & Medical-Device Software
Software as a Medical Device concepts, the Medsafe context, and the traceability and documentation expectations when software is itself a regulated device.
~30 min read · ~70 min with exercises · Healthcare QA
Lesson 5EHR Integration Testing
eReferrals, lab results, NHI matching, and patient-record continuity across systems. Testing the joins where one system’s output becomes another’s clinical input.
~35 min read · ~80 min with exercises · Healthcare QA
A domain where a defect can reach a patient
Most software fails softly. A broken button frustrates a user, who tries again. Health software can fail in ways that reach a real person. A lab result attached to the wrong National Health Index number puts one patient’s blood test in another patient’s record. A referral lost between two systems means a person waits months for care no one knows they need. A unit silently dropped from a medication dose changes the meaning of the number a clinician reads. The cost of a defect here is measured in safety and in trust.
The good news for a tester is that the domain has clear rules. A patient is identified by their NHI. A message either conforms to its structure or it does not. Health information may be accessed for a permitted purpose or it may not. Once you understand those rules, healthcare gives you something valuable — checkable acceptance criteria where patient safety and privacy are concrete, testable qualities rather than vague aspirations.
This track teaches those rules in the NZ context. By the end you will be able to test a clinical system for patient-safety risk, validate an HL7 v2 message and a FHIR resource against a conformance profile, test PHI handling under the Health Information Privacy Code 2020, reason about regulated and medical-device software, and test an EHR integration end to end — and write the evidence that shows you did.
Other specialised tracks
API Testing
Contract testing, status codes, and idempotency — the foundation under every FHIR API.
SpecialisedPrivacy Testing
The NZ Privacy Act 2020 in practice — consent, data minimisation, and breach response.
SpecialisedSecurity Testing
OWASP, NZISM, and the threat models that matter when the system holds health information.