Blog

Ramblings on code, startups, and everything in between

The following article is the first part of a series on HIPAA and its impact on certain industries in the United States. This piece aims to define HIPAA, identify 2019 HIPAA regulations and violations, and explain HIPAA compliance. Hopefully, this read will be informational, and especially useful, if you are unfamiliar with HIPAA and it’s applicability. The importance of HIPAA (Health Insurance Portability and Accountability Act) has recently hit the U.S. headlines as a trending topic. Particularly, the impact of HIPAA in the healthcare space has circulated throughout the U.S. media. HIPAA compliance recently became a point of emphasis when the United States government made changes to the act, and its surrounding enforcement, in 2019. While HIPAA was enacted over 23 years ago, the significance of this act has evolved as western society has become increasingly involved with- and dependent upon- technology. When initially implemented, HIPAA served to protect personally identifiable information maintained by healthcare companies.

2019 HIPAA Regulations and Violations

In December 2018, the OCR (Office of Civil Rights) issued a request for information to HIPAA covered entities. The OCR was specifically focused on the current Privacy Rule to confirm that HIPAA was not prohibiting, nor discouraging, any patients from proper care. To instill safety and protection over access to patient’s rights and information, the OCR plans to increase enforcement around the Privacy Rule. The OCR is also optimistic that emphasis on HIPAA compliance will help to fight the opioid crisis in the United States. Additionally, the OCR is concerned with the number of email data breaches due to the major problem of phishing in the healthcare industry. If a company is caught in a violation of HIPAA, or fails to comply, they can be faced with serious fines and even incarceration. To ensure that this does not happen, there are a few fundamental precautions healthcare companies can take to warrant compliancy.

Maintaining HIPAA compliance

To guarantee HIPAA compliance, the first preventive measure every company must take is training their employees on HIPAA compliance. By educating an organization on the dangers of using PHI information for personal benefit, the chance of an accidental HIPAA violation can be greatly minimized. It is crucial for healthcare companies to implement policies around the hardware and electronic services that they share with their business associates. To do so, risk management assessments can be performed on security and storage measurements. A majority of recent HIPAA violations have stemmed from the way patient data is being stored, additionally, there are release forms patients must be provided to sign off on the disclose the use of their personal health information. Some practices failed to distribute updated release forms. By administering mandatory notices, and operating with patient consent, in writing, a large portion of ambiguity and uncertainty around HIPAA compliance can be waived.

Industries Impacted by HIPAA

Over the past twenty years, medical records have been transferred from paper to wireless systems, enhancing the need for IT software and applications. As the demand for IT systems to collect and store data grows, the risk of cyber-attacks presents itself. Since data in the health industry is stored on servers, and not in a cloud, IT providers, as well as mobile application companies, also become liable. Some effective practices to prevent data hacking and fraud include: audits, encryption, data breach notifications, and a recovery plan. In regards to software development, some necessary features to consider are: access control, authorization, and backup data.

HIPAA Enforcement

Last year was a record year for HIPAA enforcement. With total fines and settlements reaching over 28 million dollars, healthcare companies have a lot to think about. Ultimately, it is critical to be educated on HIPAA and how to maintain HIPAA compliance. Whether it is negligence, lack of information, or an unfortunate security hack, even companies in cohesion with the health industry can be liable for a HIPAA violation. Stay tuned for our next blog post as we delve into HIPAA in our local sector of Boston, MA.

Posted In: General

Interviewing, and getting hired, in the tech industry is exceptionally difficult. From multi day interviews, ridiculously difficult coding tests and recruiter third-party assessments, this process can take months. To provide more insight on this strenuous practice, I have interviewed three specialists in the industry who have experienced the technical interview first hand. The three interviewees are introduced below.

Moriah Maney
Twitter: @MoriahManey
Title: Front-End Software Engineer at Webflow


Brian Hurst
Twitter: @BrianCeltics1 @ConstantContact
Customer Engagement Specialist at Constant Contact


Georgie Cooke
Twitter: @Georgiecel
User Interface Engineer at Campaign Monitor


How long have you been working in tech? What is your role?

Moriah Maney: 5 years, 3 of the years were undergrad, two post-grad. I am a Software Engineer (Full-Stack Engineer) experience across all areas of tech applications but I focus on Frontend development, primarily using React, the Javascript framework. Middle level / tipping senior. 

Brian Hurst: Since 2016, my role has been in an aspect of technical customer support.

Georgie Cooke: I have been working in tech for about eight years now, having started while I was studying my Masters degree. I’m currently a User Interface Engineer at Campaign Monitor, a company that provides email marketing software for companies and individuals to communicate with their customers. I’ve maintained largely the same role over the course of my career.

What types of projects do you typically work on?

Moriah Maney: I work at Cisco Systems, I work on the Webex Team’s platform (chat and video service platform, similar to Zoom.) I am on the developer experience team, I specifically focus on Open Source software and the Webex Team’s Widgets.

Brian Hurst: My current role is at Constant Contact, I answer inbound customer calls relating to software and digital marketing. Additionally, I have contributed to social media, template design, and innovation. 

Georgie Cooke: I work on building user interfaces with HTML, CSS and JavaScript, but also improving code to make it more maintainable and scalable. The user interfaces I build can be complete pages of UI or entire websites. Right now at work I’m spending a lot of time on a design system with reusable and scalable components, which will make collaboration, maintenance, and the process of putting together UI a lot easier.

How familiar are you with the technical interview process? 

Moriah Maney: Super familiar, approximately 20-25 interviews. 

Brian Hurst: Fairly familiar, most of my interviews haven’t dabbled into the technical space requiring whiteboarding or an in-depth technical assessment (ie. coding)

Georgie Cooke: I am most familiar as the interviewee or person being interviewed. I have not been an interviewer in the technical interviewing process, but I am aware of the process Campaign Monitor goes through with potential hires.

What was your worst experience interviewing in Tech? 

Moriah Maney: I had an interviewer speak to me in an accusatory tone, not believing my knowledge of subject matter due to my age. I have also had challenging interview settings, like open office interviews, which were distracting and noisy.  Once, I was interrupted during a technical screening and told that my work was incorrect, which was extremely off-putting. I later found out that my work was correct.

Brian Hurst: I find it frustrating when companies do not follow up, or keep candidates in the loop about the status of their job opening.

Georgie Cooke: I struggled having to do a Hackerrank test, which is set up online like a timed quiz. It was to test my technical skills and I was given a very brief description of what to expect. The timer was visible on the screen while doing the test and I found it rather stressful, especially because a lot of the test content was not what I expected from the description. I struggled and felt very unconfident because some of the questions were beyond my skill level.

Additionally, I applied for a job through a recruiter. This position did not work out. After moving on, and finding a job on my own, I was still receiving calls and hassled by the recruiter with questions about my new role, and the recruiter still offered me new roles, which I found inappropriate.

What was your best experience interviewing in Tech? 

Moriah Maney: Technical assessment was collaborative with their team, was asked to do an implementation, a current engineer provided a code review, then was asked to make the adjustments accordingly

Brian Hurst: Interview at Constant Contact, efficient process, got to meet the team before accepting the offer. Also, was able to observe the role in real time that I was interviewing for. 

Georgie Cooke: My best experience was with the company I currently work for. I was made to feel very welcome when I arrived on-site, and prior to that, the communication between myself and the company’s recruiter was fantastic. On-site for the interview, I was offered a cup of tea or coffee and this made me feel comfortable. I was shown around the office a bit as well, everyone I encountered was friendly, and this really eased my nerves.

After the interview, I was kept up to date on how things were going with the process, including the fact that other candidates were being interviewed. I did not feel like I was left in the dark.

What advice would you give for people preparing for this process?

Moriah Maney: Easy to get discouraged, go in with low expectations and that it is okay to fail and it is okay to not know how to do something and tell your interviewer that. Do not take the rejection personally. 

Brian Hurst: Try to provide a few different statements and examples of work in advance, so that you can demonstrate your skill set and experience. Also, use specific language in your descriptions to paint a more detailed picture of yourself as a candidate. 

Georgie Cooke: Make sure you do your research on the company you are interviewing for, and don’t be afraid to ask questions. You want to make sure the role is right for you, so ask anything about the role or the company that you are not sure about, because they might help you make a better decision.

I would also suggest going over your best skills and make sure you are able to talk about them verbally or talk about yourself with confidence. While actual coding tests can be difficult, being able to talk about your skills and the work you do can leave a good impression, as the interview is not always solely about the test.

If you could do one thing to change this process what would it be?

Moriah Maney: I would take out whiteboarding because no one does their best work in that position and it does not depict how you would work from day to day in that environment. I would also make tech more accessible, provide more/multiple options, especially for people who are on the job search while employed full-time.

A technical assessment often requires multiple hours of work which applicants do not always have. Instead, assign a paired partner challenge with a current engineer, where you solve problems together, or each solve half. By increasing flexibility and options in a technical interview process, your company is facilitating applicants in showcasing their best work.

Brian Hurst: I think that the interview itself should be more two-sided, so the applicant asks questions as well. Essentially, it would be more of a conversation where both parties exchange back and forth.

Georgie Cooke: It is very important for companies to give feedback and let candidates know if the answer is “no,” and what they can do to improve, or where they missed the mark. It can feel awful to be left hanging. I understand companies go through many, many candidates, but a quick email or phone call would go a long way.

Providing feedback can help the individual improve for future interviews, possibly even re-apply for the same role in the future.

Have tips on how to improve the technical interview process? Comment below or checkout our suggestions here: https://www.forbes.com/sites/theyec/2019/07/26/how-effective-is-your-technical-interview/#74ff59e6b0c0.

Posted In: Interviews

Remember what websites looked like before they became so interactive and graphic savvy? The World Wide Web- in the early 2000s- was not aesthetically pleasing. So, we decided to recreate it. Out with the new, in with the old.

Below, we have provided an example of a modern-looking website. Specifically, we used a Bootstrap template. Then, we have listed the changes we made to the current website code. We discovered that the key to making an old-looking website is not using specific technologies, but using the styles and the aesthetics that your site embraces. Let’s take a Bootstrap template, Clean Blog – Bootstrap Blog Theme, and how we retrofitted it!

The current, modern version looks like:

To make it “look old” I made the following changes:

  • Removed all of the JavaScript
  • Dropped the custom fonts, went back to a fixed width Sans-Serif font (Courier New) and dropped the line-height
  • Switched the background image to something low quality and repeating
  • Filled all the whitespace by setting the content to 100% width
  • Add some obnoxious color – see links and menu items. 
  • Toss in a gradient for good measure

The final Product:

Some other options for replicating an early 21st century website include: the venerable marquee HTML tag, animated GIFs, and of course, anything neon.

Of course there is always the all time GOAT retro website, the original 1996 Space Jam website, which is still up!

Have additional suggestions for how to make an old-looking website, or any formatting requests you’d like to see? Let us know in the comments below!

Posted In: Tips n' Tricks

Tags: , ,

We watched an AWS Cloud webinar, so, you don’t have to. (But if you want to, it’s attached below.) Here are are three aspects of the AWS cloud that make it both unique and useful, particularly for ISVs (Independent Software Vendors.)

  • Architectural Design helps ISV’s customers focus on which services are being used, understand how scalability is managed, and preview how an application looks in the cloud. The priority of the architectural design is to ensure:
    • High performance / ability 
    • Dynamic scalability 
    • Adherence to AWS best practices
    • Flexibility to automate app deployment – using CloudFormation templates, AWS Marketplace, and more
  • Security & Compliances allow ISV’s to provide their customers with risk assessment and mitigation methodologies to strengthen their security posture on AWS. These features supply customers with the documentation to explore how application deployment in AWS meets requirements and reduces a barrier to entry.
    • Architectural security strategy
    • Frameworks for compliance 
    • Policy and controls mapping
  • Cost Optimization assists ISV’s in offering more cost-effective services to their customers. This aspect persuades customers to adopt more solutions by ensuring that software properly utilizes AWS. With increased elasticity, and a minimized resource consumption, customers are facilitated in making decisions to move forward with an application.
    • Minimizes idle resources
    • Properly right-sizing infrastructure 
    • Helps avoid common architecture pitfalls

Posted In: Amazon AWS

Open Data is defined as: “data that can be freely-used, shared, and built-on by anyone, anywhere, for any purpose” (Open Knowledge Foundation Blog.) Open data provides many benefits.

In a similar manner that it is essential to record a nation’s history, recording open data has comparable advantages. Keeping a running log of statistics and information can be used to analyze changes in patterns and sequences. With a measurable starting point, as well as updates, each community can stay informed and up to date about their surroundings. It is useful for the affected society not only to be aware of the changes in their government’s policies and implementations, but also the consequences. With mandatory government submissions and access to open data, local businesses have the ability to develop custom business plans tailored to their company’s surroundings.

Open data often includes demographic statistics in addition to employment information, salary, income, and spending. With open access, local engagement is welcomed and encouraged. Also, there is room for the public sector to make digital and technical transformations, implementing social progression and efficiency. Through this evolution, statistics on unemployment high school dropout rates as well as crime and violence can be targeted and countered.

To insure political justice, reporting open data is mandatory. This is essential for two reasons, it prevents the government from concealing certain statistics and information, and it is not gathered for a specific purpose. What this means is that the options for interpretation, analysis, and creativity are unlimited. People can use this data to make assessments and conclusions that the government may not have wanted to publicize. Additionally, this data can be used to measure and reinforce financial and economic status. From a technical standpoint, open data is very useful and endless in its opportunity for building.

Some examples of projects that have been produced with open data include: a school selection device, a flood print, online voting at events, home health and safety report, traffic and accident browser, damage from disasters assessment, a mobile voting ballot, etc.. The chart below provides the Greater Boston regions that have open data readily available. With this data, endless projects and tools could be designed, so, what will you build?

Posted In: General