Atlantic Business Technologies, Inc.

Author: Yolanda Hyman

  • Testing for HIPAA Compliance

    Testing for HIPAA Compliance

    Healthcare organizations rely heavily on software systems to manage patient data. However, with the increasing risk of data breaches and cyberattacks, testing for HIPAA compliance is extremely important to protect patient health information (PHI) and ensure regulations are met. This involves a rigorous evaluation of the software’s security measures, privacy protocols, and data protection mechanisms to safeguard sensitive patient data.

    Understanding HIPAA Compliance

    The Health Insurance Portability and Accountability Act (HIPAA) sets standards for the privacy and security of PHI. It outlines specific requirements that healthcare providers and their business associates must follow to protect patient information. These requirements include:

    • Access controls and monitoring: Limiting access to authorized personnel.
    • Data integrity: Ensuring the accuracy and completeness of PHI. 
    • Data transmission: Protecting PHI during transmission.
    • Security safeguards: Implementing technical, administrative, and physical safeguards to protect PHI data. 

    Testing for HIPAA Compliance

    By conducting comprehensive testing, healthcare organizations can verify that their software systems meet the necessary standards for protecting patient privacy and security. The following is recommended:

    1. Do a Risk Assessment: 
      • Identify potential vulnerabilities and risks to the PHI.
      • Prioritize risks based on likelihood and impact.
      • Develop a risk management plan to address identified vulnerabilities.
    2. Verify Security Controls:
      • Test access controls to verify that only authorized individuals can access PHI and that appropriate permissions are in place to prevent unauthorized disclosure.
      • Evaluate encryption mechanisms to ensure that PHI is protected during transmission and storage.
      • Assess data backup and recovery procedures to ensure that PHI is protected against loss or corruption.
      • Check the software’s ability to audit and monitor user activities, providing a record of who accessed PHI and when.
    3. Evaluate Data Integrity: 
      • Test data validation and error checking to prevent incorrect or incomplete data entry.
      • Verify data backup procedures and disaster recovery plans.
      • Make sure that data is stored in a consistent and accurate format and is protected against loss or corruption.
      • Assess data auditing and monitoring capabilities to detect unauthorized access or modifications.
    4. Transmission Security:
      • Test secure communication protocols (e.g., HTTPS) to protect PHI during transmission.
      • Evaluate encryption algorithms used to secure data in transit.
      • Assess the security of wireless networks and devices used to access PHI.
    5. Business Associate Agreements:
      • Ensure that business associates have appropriate safeguards in place to protect PHI.
      • Verify that business associate agreements comply with HIPAA requirements.

    Testing for HIPAA compliance is an ongoing process that requires continuous evaluation and improvement. By conducting thorough testing and addressing identified vulnerabilities, healthcare organizations and their business associates can protect patient privacy and maintain regulatory compliance.

  • Enhancing software quality through exploratory testing

    Enhancing software quality through exploratory testing

    Exploratory testing is an unscripted, manual testing method that helps teams deliver higher quality software. It relies on the creativity, intuition, and domain knowledge of the tester to analyze the software and identify things like unexpected defects, edge cases, and accessibility concerns. While planned/scripted tests and automated testing ensure that known features and functionalities work as expected, exploratory testing allows testers to uncover hidden issues as they dynamically probe the software’s functionality and design. By simulating real-world usage, exploratory testing also helps uncover usability issues that might affect the end-user experience. This testing method complements other testing techniques well, especially when there is not enough time to create comprehensive scripted tests for every possible scenario. Since exploratory testing does not require extensive test case preparation, it can also be more cost-effective than traditional testing methods. Due to its flexibility and adaptability, testers can quickly adjust their approach based on the latest software updates or changes.

    Conducting Exploratory Testing

    Exploratory testing is one of my favorite methods. It encourages testers to think outside the box and explore software in a natural, intuitive way. Here are some tips for conducting exploratory testing:

    1. Set the test environment: Start by preparing your testing environment. Ensure you have access to the latest software build, any necessary testing tools, and a clear understanding of the software’s objectives and functionalities.
    2. Outline test areas: Because exploratory testing is less formal, it can sometimes lack detailed documentation. Create a loose outline of the objectives and scope of your exploratory testing. The outline could be a simple list of features that are ready for testing. Having an outline can help you stay focused while allowing flexibility in your approach.
    3. Go play: Start exploring the software. Interact with the software as an end-user would. Guess where potential bugs might exist based on factors such as complexity, areas of frequent change, or past issues, and spend some time testing those areas. 
    4. Log bugs: Document any issues or unexpected behavior you encounter while testing. Provide thorough notes in the bug report to give developers the information needed to reproduce and fix the issues.
    5. Follow the process: Follow your standard process for managing bugs that are logged. Provide any additional information needed by developers, test submitted fixes, and track each bug to resolution.  
    6. Collaborate with Developers: Maintain open communication with the development team throughout the testing process. A collaborative approach between tester and developer helps ensure that any identified issues are addressed quickly and effectively.
    7. Learn: Continuously learn from your testing experiences and refine your approach. The more you test, the more you increase your knowledge of the software and the better you become at identifying potential issues and improving your testing effectiveness.

    Best Practices

    Though exploratory testing is unscripted, there are some things you can do to assure it is effective. Keep these best practices in mind. 

    • Have the right mindset: Approach the software with a mindset of exploration rather than following predetermined test cases. 
    • Focus on real-world usage: Simulate real-world scenarios and user workflows, trying to replicate how actual users might interact with the software. This approach can uncover bugs that arise from unexpected user behavior or edge cases that were not accounted for in the initial design.
    • Do ad-hoc testing: Rely on intuition, experience, and creativity to identify potential issues. Deliberately introduce randomness into the testing approach by varying inputs, configurations, or sequences of actions. 
    • Explore boundary conditions: Test boundary conditions, such as maximum and minimum input values, to see how the software behaves under extreme circumstances. Bugs are often discovered at these boundaries.
    • Use various test environments: Test the software on different operating systems, browsers, and devices. Bugs may manifest differently depending on the environment, so exploring these variations can uncover hidden issues.
    • Have a feedback loop: Continuously provide feedback to developers based on findings during exploratory testing. Again, this fosters collaboration and allows developers to address issues as they are discovered.

    Exploratory testing remains an essential part of software testing. Its ability to uncover hidden bugs and improve the user experience makes it invaluable for testers. By incorporating exploratory testing into your testing strategy, you can ensure that your software is robust, reliable, and user-friendly.

  • NDAs: The Secrets That Make Friends and Why You Need Them

    Earlier this summer, I remember sitting in a meeting with a potential client. They asked about solutions we provided for other companies. Immediately, our team lead jumped in to answer. He referred to some clients by name, but used generic descriptions for others. For example: one client bore the name “a major health insurance provider.”

    Though this seemed to confuse a few in the room, the team lead knew exactly what he was doing. He knew our nondisclosure agreement (NDA) limited how much detail we could share. It even restricted how we publicly referred to some clients. That’s when I realized a crucial truth. It is important to know the basics of your company’s NDAs.

    What is a Nondisclosure Agreement, and why does it matter?

    NDAs are legally-binding agreements between a client and the company they have hired. It keeps secret information about the client, that the client shared, as a part of doing business. They are often used by companies to protect proprietary or sensitive information. It may also come into play to protect an organization’s brand or trademark. In addition, a nondisclosure agreement can exist between individuals. For example, an NDA may exist between a contract programmer and a company. This would protect information the contractor learns about the company’s inner workings.

    Regardless of whether an NDA is between companies or individuals, all parties involved should be aware of the terms. Here are the questions I ask to protect my team when their work involves a nondisclosure agreement:

    What information is confidential?

    • Is there private information that cannot come up in discussions? This might include financials, pending patents, new branding, or a patient diagnosis or test results. Even the company name can find protection under an NDA.

    What information can you share?

    • Protected information in a nondisclosure agreement doesn’t mean that everything is a secret. There may be other parts of the project that would be appropriate to share with the public. For example, a company may be able to post a client logo on their website. But, they cannot expose specifics about what they did for the client.

    Who are the parties involved?

    • Once everyone knows an agreement exists, they need to know all of the parties required to keep the secrets. This is pretty easy when there are just a few individuals involved. However, if the agreement is with a company, anyone in that company who is allowed to receive or use the sensitive information should also know about the agreement and be expected to adhere to it.

    Where is the nondisclosure agreement?

    • The NDA should be available to those who are bound by it in case they need to review or reference it. This can be located in your company’s wiki, for example.

    When do the restrictions apply?

    • Coverage of an NDA can extend beyond the relationship between the parties involved. It’s important to know how long the sensitive information must remain secret as a part of the agreement. In some cases, it may be several years after the business relationship has ended. In other cases, it may be required that the information be kept a secret forever.

    Why is it important to keep the agreement?

    • Breaching or violating an NDA can damage the client/contractor relationship. This unethical behavior can also result in penalty or legal action, so it’s important to adhere to the terms.

    You Need a Strategy for Handling Nondisclosure Agreements

    No matter how familiar your team is with NDAs, you want to have a plan for telling them about new agreements and potential issues. This can be as simple as saying “we have an NDA in place for this project, so please do not mention our relationship with this client publicly.” It’s important to do this as soon as an NDA is in place. Oftentimes it’s best to treat nondisclosure as the norm for all projects until you hear otherwise.

    If members of your team need to sign an NDA to work on a project, make a plan for that too. For an individual, the terms can usually be provided in a form to be signed. For a team, the terms agreed to by the company could be conveyed in a simple meeting at project kick-off. Regardless of whether a nondisclosure agreement is between individuals or organizations, providing everyone with basic information about it will give them a better chance of adhering to it.

    Compliance, in any industry, is something we value here at ABT. The rules and regulations can be difficult to navigate. If you’re in need of someone to help you find the balance between what you want to happen, what should happen, and what needs to happen, with regards to your website, we can help break it down for you.

  • 7 Ways to Make Your Automated QA Testing High Quality

    While creating a quality product doesn’t begin with the QA team, quality assurance is essential to a successful project. However, the numerous tests in the QA process take time to run, and prioritizing the right tests is not easy. To maximize the efficiency of the QA process, many technology companies rely on test automation.

    Test automation is the use of software to execute tests and report the results. This involves automating manual tests to reduce the execution time and manual effort of regression testing. Done right, automated testing can save you a lot of time during a project. Done wrong, automated testing can waste as much time as it saves. For example, it can take a lot of time to find the right automation tool, and once you pick one it takes more time to plan, create, and maintain the tests.

    As a manual tester, I have a love/hate relationship with automated testing. It’s sometimes simpler for me to test a feature myself rather than taking the time to set up an automated test. However, a well-executed automation plan can free up my time to focus on new features and functionality for a project instead of worrying about regression of existing ones. Below are the seven tips I recommend to anyone considering getting started with automated testing in the QA process.

    1. Determine What to Automate in Your QA Testing Process

    When choosing tests to automate, prioritize tests that will run many times during the project. Some common candidates for automation are:

    • Smoke and Regression tests: These tests verify the general functionality of the software. They may include performing simple actions such as adding, modifying, and deleting data.
    • New Features/Functionality tests: When possible, automate new features/functionality once they have passed initial testing. Add these tests to the regression set so they can run after each project build or when there is a release to QA.

    By letting automation handle these basic functionality tests, you’ll save the most time and effort.

    2. Generate a Standard for your Automated QA Tests

    There should be a standard test structure for creating automation scripts. Decide on a naming convention that makes it easy to identify what is being tested. Also, make sure to include some basic information in the scripts, such as:

    • A description of the test purpose/scenario
    • Pre-conditions and setup steps
    • Test steps (These may include instructive comments for more complicated steps.)
    • Input data or a way to access that data
    • Expected results

    3. Add Error Handling

    Ultimately, you want the automated scripts to run unattended so the QA team can perform more important tasks or so the scripts can run overnight. One thing that prevents this is cascading failures. This is when a failure of one test leads to failure of another. In the worst case scenario, one error can cause a complete stop. This means that none of the remaining test scripts will run after this failure. To avoid this kind of break in the test execution, include error handling in your scripts. Log errors, then get the system to a point where it can move on to the next test.

    4. Test & Manage the Automated QA Scripts

    Remember that a script is code. Like any other code, it needs to be debugged and tested to ensure it works as designed. As a script is created, store it in a place that is consistently backed up and easily accessible to the team. Some automation tools provide an easy way to store and manage scripts. If the tool you select doesn’t, consider using source control such as Git to provide storage and versioning.

    5. Set the Automated QA Test Environment

    To correctly test, you must start with a “known good” environment. This is an environment that contains the data, security settings, features, and functionality to ensure you get the results expected from each test. When testing begins with the proper environment, any unexpected failures in the tests will reveal a bug, change in functionality, or a need for an updated test.

    6. Run Tests Regularly

    The time invested in automation really pays off when you run your automated tests on a regular basis.  Because running automated tests is faster than performing the tests manually, the time needed to run regression tests goes from hours to minutes. This reduces execution time for the entire project. In addition, doing this on a regular basis will uncover any issues that arise as the project adds new features and updates.

    7. Remember the Goal
    The end goal of QA is to add value to the product. Automated testing makes this possible by freeing up the QA team to do more rigorous testing and allowing us to expand the test coverage. This increase in coverage results in a higher level of quality for your projects. Additionally, using a bug tracking software could increase efficiency in handling errors, freeing up even more time.

    Ready to Get Started With Automated QA Testing?

    At Atlantic BT, we realize that automated testing is not a replacement for manual testing. Instead, it’s a complement to it. We aren’t at the point where we incorporate automation in all projects because the upfront investment of time for planning and script creation does not work for all of them. However, automation done right can be a powerful tool to bring speed and additional quality to any project. To learn more about how Atlantic BT can bring effective quality assurance to your projects, contact us today.

  • On Edge about Leaving Internet Explorer?

    Our Answers to Your Internet Explorer FAQs

    On January 12, 2016, Microsoft ended support for older versions of Internet Explorer (IE). For those of us in web development, this was cause for rejoicing—we now had fewer browsers to support.

    However, for the many organizations and businesses who have relied on older IE versions to run their applications and websites, this news left them feeling a bit on edge. At Atlantic BT, we’ve heard a lot of questions from our clients who depend on IE: Why is Microsoft ending support?  Which versions are affected?  What happens for applications that remain on IE? And (most importantly) what are next steps I should take?

    Though we don’t know why Microsoft made the decision to end support for older versions of IE, we can help with the other frequently-asked questions.

    What Does End of IE Support Mean?

    Companies like Microsoft announce the end of support when the company feels their product is at the end of useful ‘life’. This decision usually means the company intends to focus its resources on supporting and developing newer software rather than patching older versions.  

    For Internet Explorer, end of support means that Microsoft will:

    • Cease technical support
    • No longer provide downloads of the browsers
    • Stop security updates

    All of these changes are excellent reasons to transition your company away from older versions of Internet Explorer.

    Which Versions Are Affected?

    The end of support announcement affects several versions of IE. Specifically, Microsoft has decided to end support for IE 10 and all previous versions; while IE 11 will continue to receive security updates this year, Microsoft has announced IE 11 will be the last version of Internet Explorer.

    This makes it vital to transition away from Internet Explorer. If you’d prefer to stick with Microsoft’s browser, then you should begin using Edge, Microsoft’s new browser for Windows 10. Microsoft developed Edge to better compete with Chrome and FireFox, so it offers new features found in these browsers. In addition, Microsoft is offering free upgrades to WIndows 10 for a limited time.  Because only Microsoft knows how “limited” this time is, it’s important to upgrade sooner rather than later.

    What Happens to Applications Running on Unsupported Versions?

    Older versions of Internet Explorer will not be automatically uninstalled from computers. So applications running on unsupported versions can still run on old computer systems.  However, this is not recommended because of the risks involved, including:

    • The end to security updates. This risk opens the application or website up to vulnerabilities from malware or malicious attacks. This puts your business application and its data at risk.
    • Appearance issues. If a user attempts to open your application or website in newer browsers, there’s a strong chance your site will not look the way you intended. The user may experience broken images, misplaced buttons and text, and an interface that appears scrambled.

    What Are My Next Steps?

    Considering the answers to these questions, it’s important for your business to plan its transition away from older versions of Internet Explorer. As digital problems solvers, AtlanticBT can provide direction as your business moves to newer technology.  We can help you:

    • Evaluate your current web applications and website to determine the most effective way to upgrade.
    • Redesign apps and webpages using cutting-edge technology that works across modern browsers such as Chrome, Safari, Edge, and Firefox;  these web browsers provide faster and more secure access to websites and services.
    • Develop a solution that is mobile-friendly; this means being more accessible on tablets and mobile devices, unlocking another path for business growth and productivity.

    And once your application or website has been updated, we can help you to stay up-to-date. If you’re interested in learning more about how we can help your business transition away from Internet Explorer, please contact us.

  • Quality Assurance Doesn’t Start with the QA Team

    Ever worked on a project that had no written requirements? How about one that had a one- paragraph specification for a major feature?

    Ever had to skip steps in the process and ‘throw something over the wall’ to Quality Assurance (QA) to meet your deadline? It’s their job to find all of the bugs, right? If you’re feeling really confident, maybe you could just skip QA altogether and push it live?

    Unfortunately, I can say yes to all of these questions. In my past, I have worked from one-line requirements and sometimes even a post-it note from a client. I must admit I have seen my share of work that was not unit tested, but was simply handed over to QA. Predictably, it failed the very first test. I confess I also witnessed the shortening of a QA cycle for the sake of meeting a project deadline.

    But that is in my past.

    How We Ensure Quality at Atlantic BT

    I’ve found a better way, one I’ve learned from working with a team dedicated to providing the BEST digital solutions for our clients. To achieve this, we established several roles and processes to ensure quality doesn’t start with the QA team.

    Project Management

    If you select the wrong resources for the project, your project timeline and the quality of the work will suffer. The Project Manager lays out the project plan and evaluates the project needs to determine the right people for the job. They monitor the timeline, watch the budget, and regularly update the client on the project progress. All this comes together to raise the quality of service we provide to clients.

    User Experience (UX) & Design

    It’s crucial that the project design aligns with the client vision in a way that meets the business needs and provides the best possible user experience. The User Experience and Design team fills this need, capturing the client vision in a way that no one else can. They use persona workshops and stakeholder interviews to examine the needs and preferences of the end users. Then, this team generates concept boards to provide a sense of the design direction, a site outline to visually display the organization of project pages, and wireframes to show how users will navigate the system or site. Bringing this client vision to life is how the UX and Design team contribute to the quality of the project.

    Architecture

    Behind the project’s design are a host of technical details to ensure quality. That’s where our Architecture team excels. They are focused on gathering and documenting requirements that describe the project’s functionality based on client goals. This team collaborates with the client to understand business rules and expands user stories to provide an accurate functional specification document. This document is the basis of what we build. The Architecture team also answers technical questions during the development and QA phases of the project. By creating a strong architecture and specification document, the Architecture team lays the foundation for building a strong, quality product.

    Information Technology (IT)

    During the project, it’s vital that everyone on the team can work on a development server configured the same way as the final production server will be. Our IT team makes this possible by setting up the database servers, CMS, S3 buckets, and other tools to establish stable environments for development and QA testing. This allows us to identify issues with configuration and system resources prior to going live. It also lends to a smoother transition when launching the project, which is essential to guaranteeing quality.

    Development

    Finally, it’s important to create a system that meets client specifications in a way that is efficient and user-friendly. The Development team makes this happen by taking outputs from Architecture, UX, and Design to build the project and ensure the requirements are met. This team also holds code reviews and runs unit tests to check the quality of the code before handing over features to the QA team.

    As you can see, quality is a team effort that begins long before the QA team gets involved. Once my QA team receives the outputs from each of them, we can create and execute test plans that consider the business rules, general requirements, user experience, browser compatibility, and much more.

    I’m grateful to be part of a company that knows quality does not start with the QA team.  At Atlantic BT, quality begins with understanding our clients’ vision and what’s best for their business. It is something we think about in each phase of the project so that our final delivery is something we are proud to put our name on.