Nurse Developer Column

By Raymund John Ang, RN, MAN 

Open Nursing Information System (Open-NIS) Project Lead

Citation: Ang, R. J. (2021). Building Applications Using Low-Code and No-Code Platforms. Nurse Developer Column. Canadian Journal of Nursing Informatics, 16(3-4). https://cjni.net/journal/?p=9379

COLUMN

It was customary to spend a lot of time to learn programming to build applications in Nursing or healthcare, in general. Online wikis, forums and coding bootcamps have been essential if one wants to develop user-facing components or design processes or algorithms for the backend. Recent trends have, however, pointed to another direction – using low-code or no-code platforms. Urquhart (2021) described low-code or no-code platforms as event-driven technologies that phased out the need for coding by introducing a more visual approach in creating applications. This technique allows for the democratization of developing software applications, especially for those who are not adept in computer programming.

Vallis (2015) explained that rapid application development (RAD) platforms have shifted the focus of development into the business side, instead of concentrating on the technical aspect of application building. Aside from traversing the divide in IT skills disparity, low-code and no-code platforms as RAD platforms can also address issues in cyber security by favoring custom development within the security infrastructure of the RAD platforms. Nonetheless, developers, either using conventional programming know-how or visual drag-and-drop approach, are still responsible for making sure the application adheres to security and regulatory standards.

Being a customer of a low-code or no-code development platform does not delegate cyber security and regulatory responsibilities to the platform vendor. Vacca (2021) highlighted that customers using these platforms are still liable for any vulnerabilities that may arise, and the associated fallout from these vulnerabilities. A careful review of the user agreement of the low-code or no-code platform, particularly on the section or addendum on data processing agreement, should be done in order to delineate specific measures that need to be addressed by the platform customer. If the customer uses the platform to store and manipulate sensitive personal or health data, does encryption, data backup, audit log and overall data security automatically lie on the platform vendor, or does the data processing agreement or business associate agreement place that burden directly on the customer? These are important things to consider when using low-code or no-code services as RAD development platforms. If left unchecked, this could be the Achilles’ heel that could ultimately spell disaster for the application the nurse is building.

References

Urquhart, J. (2021). Flow architectures: The future of streaming and event-driven integration. O’Reilly Media, Inc.

Vacca, J. R. (Ed.) (2021). Cloud computing security (2nd ed.). CRC Press, Taylor & Francis Group, LLC.

Vallis, S. (2015). Changing attitudes to digital innovation in the public sector. Probrand Magazine, Issue 3.