Atlantic Business Technologies, Inc.

Category: Quality Assurance

  • Testing for HIPAA Compliance

    Testing for HIPAA Compliance

    Healthcare organizations rely heavily on software systems to manage patient data. However, with the increasing risk of data breaches and cyberattacks, testing for HIPAA compliance is extremely important to protect patient health information (PHI) and ensure regulations are met. This involves a rigorous evaluation of the software’s security measures, privacy protocols, and data protection mechanisms to safeguard sensitive patient data.

    Understanding HIPAA Compliance

    The Health Insurance Portability and Accountability Act (HIPAA) sets standards for the privacy and security of PHI. It outlines specific requirements that healthcare providers and their business associates must follow to protect patient information. These requirements include:

    • Access controls and monitoring: Limiting access to authorized personnel.
    • Data integrity: Ensuring the accuracy and completeness of PHI. 
    • Data transmission: Protecting PHI during transmission.
    • Security safeguards: Implementing technical, administrative, and physical safeguards to protect PHI data. 

    Testing for HIPAA Compliance

    By conducting comprehensive testing, healthcare organizations can verify that their software systems meet the necessary standards for protecting patient privacy and security. The following is recommended:

    1. Do a Risk Assessment: 
      • Identify potential vulnerabilities and risks to the PHI.
      • Prioritize risks based on likelihood and impact.
      • Develop a risk management plan to address identified vulnerabilities.
    2. Verify Security Controls:
      • Test access controls to verify that only authorized individuals can access PHI and that appropriate permissions are in place to prevent unauthorized disclosure.
      • Evaluate encryption mechanisms to ensure that PHI is protected during transmission and storage.
      • Assess data backup and recovery procedures to ensure that PHI is protected against loss or corruption.
      • Check the software’s ability to audit and monitor user activities, providing a record of who accessed PHI and when.
    3. Evaluate Data Integrity: 
      • Test data validation and error checking to prevent incorrect or incomplete data entry.
      • Verify data backup procedures and disaster recovery plans.
      • Make sure that data is stored in a consistent and accurate format and is protected against loss or corruption.
      • Assess data auditing and monitoring capabilities to detect unauthorized access or modifications.
    4. Transmission Security:
      • Test secure communication protocols (e.g., HTTPS) to protect PHI during transmission.
      • Evaluate encryption algorithms used to secure data in transit.
      • Assess the security of wireless networks and devices used to access PHI.
    5. Business Associate Agreements:
      • Ensure that business associates have appropriate safeguards in place to protect PHI.
      • Verify that business associate agreements comply with HIPAA requirements.

    Testing for HIPAA compliance is an ongoing process that requires continuous evaluation and improvement. By conducting thorough testing and addressing identified vulnerabilities, healthcare organizations and their business associates can protect patient privacy and maintain regulatory compliance.

  • Enhancing software quality through exploratory testing

    Enhancing software quality through exploratory testing

    Exploratory testing is an unscripted, manual testing method that helps teams deliver higher quality software. It relies on the creativity, intuition, and domain knowledge of the tester to analyze the software and identify things like unexpected defects, edge cases, and accessibility concerns. While planned/scripted tests and automated testing ensure that known features and functionalities work as expected, exploratory testing allows testers to uncover hidden issues as they dynamically probe the software’s functionality and design. By simulating real-world usage, exploratory testing also helps uncover usability issues that might affect the end-user experience. This testing method complements other testing techniques well, especially when there is not enough time to create comprehensive scripted tests for every possible scenario. Since exploratory testing does not require extensive test case preparation, it can also be more cost-effective than traditional testing methods. Due to its flexibility and adaptability, testers can quickly adjust their approach based on the latest software updates or changes.

    Conducting Exploratory Testing

    Exploratory testing is one of my favorite methods. It encourages testers to think outside the box and explore software in a natural, intuitive way. Here are some tips for conducting exploratory testing:

    1. Set the test environment: Start by preparing your testing environment. Ensure you have access to the latest software build, any necessary testing tools, and a clear understanding of the software’s objectives and functionalities.
    2. Outline test areas: Because exploratory testing is less formal, it can sometimes lack detailed documentation. Create a loose outline of the objectives and scope of your exploratory testing. The outline could be a simple list of features that are ready for testing. Having an outline can help you stay focused while allowing flexibility in your approach.
    3. Go play: Start exploring the software. Interact with the software as an end-user would. Guess where potential bugs might exist based on factors such as complexity, areas of frequent change, or past issues, and spend some time testing those areas. 
    4. Log bugs: Document any issues or unexpected behavior you encounter while testing. Provide thorough notes in the bug report to give developers the information needed to reproduce and fix the issues.
    5. Follow the process: Follow your standard process for managing bugs that are logged. Provide any additional information needed by developers, test submitted fixes, and track each bug to resolution.  
    6. Collaborate with Developers: Maintain open communication with the development team throughout the testing process. A collaborative approach between tester and developer helps ensure that any identified issues are addressed quickly and effectively.
    7. Learn: Continuously learn from your testing experiences and refine your approach. The more you test, the more you increase your knowledge of the software and the better you become at identifying potential issues and improving your testing effectiveness.

    Best Practices

    Though exploratory testing is unscripted, there are some things you can do to assure it is effective. Keep these best practices in mind. 

    • Have the right mindset: Approach the software with a mindset of exploration rather than following predetermined test cases. 
    • Focus on real-world usage: Simulate real-world scenarios and user workflows, trying to replicate how actual users might interact with the software. This approach can uncover bugs that arise from unexpected user behavior or edge cases that were not accounted for in the initial design.
    • Do ad-hoc testing: Rely on intuition, experience, and creativity to identify potential issues. Deliberately introduce randomness into the testing approach by varying inputs, configurations, or sequences of actions. 
    • Explore boundary conditions: Test boundary conditions, such as maximum and minimum input values, to see how the software behaves under extreme circumstances. Bugs are often discovered at these boundaries.
    • Use various test environments: Test the software on different operating systems, browsers, and devices. Bugs may manifest differently depending on the environment, so exploring these variations can uncover hidden issues.
    • Have a feedback loop: Continuously provide feedback to developers based on findings during exploratory testing. Again, this fosters collaboration and allows developers to address issues as they are discovered.

    Exploratory testing remains an essential part of software testing. Its ability to uncover hidden bugs and improve the user experience makes it invaluable for testers. By incorporating exploratory testing into your testing strategy, you can ensure that your software is robust, reliable, and user-friendly.

  • Tools to Help Build APIs

    Tools to Help Build APIs

    One of the most common types of development work done at Atlantic BT is building APIs. An API (Application Programming Interface) is a set of defined rules that allow different software applications to communicate and share data with each other. The APIs we develop at Atlantic BT are used not only by the websites we create, but by external clients and third-party services. Therefore, defining, documenting, and testing these APIs is a critical part of our process. This blog post will showcase several helpful tools that we use while building APIs for our clients.

    Defining and Documenting APIs

    Defining and documenting your API is an important step when building and maintaining an API. Regardless of whether the consumer of your API is an internal or external user, having a clear understanding of how to interact with your API is essential for making the development process as smooth as possible. Fortunately, there exists a suite of tools to help with this.

    Swagger

    https://swagger.io

    Swagger (referred interchangeably with Open API) is a standard, programming language independent way to describe APIs. When defining your API, you create an Open API specification that describes your API’s endpoints, input/output parameters, and authentication methods. This specification can then be used to generate interactive documentation and client SDKs.

    Swashbuckle 

    https://github.com/domaindrivendev/Swashbuckle.AspNetCore

    Swashbuckle is a .NET library that automatically generates Open API standard documentation from your existing API code and provides a user-friendly UI for testing them. This is great for legacy applications that may be missing documentation. With minimal code, Swagger documentation can be generated, giving developers and API users specifications that would otherwise take considerable time to write and maintain. While Swashbuckle is a .NET specific library, there exists comparable tools made in almost every language.

    SwaggerHub

    https://app.swaggerhub.com

    SwaggerHub is a collaborative platform designed for API development that leverages the Swagger/OpenAPI standard. It provides a centralized place to manage and version your API documentation. At Atlantic BT, we use SwaggerHub when building APIs that need to be consumed by our clients. This allows everyone involved to always have the latest API definition, which makes collaboration with our clients much more efficient.

    Testing APIs

    Once your API has been defined, and development has started, testing that API becomes the focus to ensure it is functioning as expected. Once again, there exists a variety of tools to help with this important step.

    Postman

    https://www.postman.com

    Postman is an API testing tool that offers a user-friendly interface for making requests and viewing responses. It allows you to save and organize your requests in collections, which helps if you work on multiple APIs or work with many clients, as we do at Atlantic BT. It allows simple control over the headers and body of the request, which make it our preferred tool when we quickly need to test out an API endpoint. 

    Webhook.site

    https://webhook.site

    One of the common scenarios that leads us to develop an API for our clients is to receive data from a webhook on a third-party site. A webhook is a method used to send notifications to other systems by making an HTTP request to a specified URL whenever a particular event occurs. When developing this webhook API endpoint, the problem is that the computer you use to do development work on often isn’t publicly accessible by the site sending the API request. So how are you supposed to know what the webhook data looks like? One way to solve this problem is using Webhook.site

    Webhook.site gives you a unique publicly available URL that you can have a site send requests to. In addition, it has a simple interface that allows you to view all the requests that are sent to that unique URL. You can then copy the request data that was sent and paste it into Postman running on your computer to send to your in development API.

    ngrok

    https://ngrok.com

    Another solution to testing a webhook is to use ngrok. ngrok is a tool that runs on your computer and creates a secure tunnel from a public URL to your local machine. This allows you to expose and test your local API over the internet. Using ngrok will let you test the full flow of the webhook without having to use the extra steps of having data sent to Webhook.site and then sending the data again using Postman. ngrok also allows you to inspect and replay requests, which is helpful so you don’t have to trigger the webhook repeatedly.

    Conclusion

    Whether an API is public-facing or behind the scenes, it is an integral part of modern web development. Regardless of the purpose of the API, documenting and testing are key steps in our software development process at Atlantic BT. And with the help of the above-mentioned tools, it allows us to be more detailed, rigorous, and consistent when building and maintaining APIs for our clients.

  • Why Your Website Needs Accessibility

    Why Your Website Needs Accessibility

    We’ve all heard the saying that “content is king” when it comes to the web. But what if you’re a sight-impaired person trying to access your favorite website? In a perfect world, your screen would read out all of the text on the page and give you the option to click on links. That’s where website accessibility works: to ensure that everyone has access to the same information and tools, regardless of disability or other factors.

    Most of us already know that there are rules for physical premises when it comes to accessibility for people with disabilities, either physical or socio-economic. Fewer know that accessibility can apply to online content, as well. 

    The Americans with Disabilities Act (ADA) mandates something called WCAG (Web Content Accessibility Guidelines) compliance, which is a means of designing websites, tools, and technologies so that people with disabilities can use them as easily as possible. WCAG compliance covers several types of disabilities, including blindness and low vision, deafness and hearing loss, limited movement, speech disabilities, neurological limitations such as Parkinson’s disease or Alzheimer’s, and cognitive limitations such as learning disabilities. 

    The goal of ADA compliance is the creation of a website that uses a variety of different design and web development practices to assist people with disabilities in successfully navigating the site.

    Who Needs to Have an Accessible Website?

    The ADA requires state and local governments to be accessible under Title I and any business that is open to the public under Title III. 

    State and local government websites, as well as any private business that receives federal funding receive the most scrutiny for accessibility. An inaccessible website can bar users with disabilities from the government entity’s services, events, and activities.

    Websites are increasingly becoming accepted as public spaces and public spaces are required to be accessible in order to be ADA compliant. The Department of Justice has historically interpreted that ADA compliance applies to all “goods, services, privileges, or activities offered by public accommodations, including those offered on the web.” Public websites may include those for:

    • Retail
    • Restaurants
    • Hotels, Inns, and Motels
    • Hospitals and Medical Offices
    • Banks
    • Theaters and Sports Arenas

    What are the Benefits of Accessibility?

    There are numerous benefits to making your website ADA compliant. In terms of customer retention, it’s a good idea to design web content to be as accessible to as many people as possible. Users with disabilities are a highly under-served segment, so ADA compliance can help your organization differentiate itself from competitors. Accessible sites and apps allow more people to engage with your organization, buy your products, or access your services. 

    Some other ways that Accessibility benefits your organization include:

    • Reduced risk of legal complications
    • Improved user experience for everyone
    • Improved website Search Engine Optimization (SEO)

    Simply put, managing your accessibility is part of building a modern, robust digital platform.

    How Do We Know We’re Compliant?

    Companies seeking ADA compliance often undergo a website accessibility audit that includes both automated and manual testing to ensure compliance. The audits help companies identify problems and put them on the path to improving their practices, reaching a broader audience, and avoiding discrimination or legal complications.

    What is the Process for ADA-Accessibility Audits?

    The process is quite straightforward. Once you identify a company that performs accessibility testing, you provide your contact information with the website you’d like the company to review. In particular, you will want your homepage, service/product pages, contact page, and other key landing pages reviewed. Once the report is completed, the company will follow up with a call to discuss their initial findings and share their detailed accessibility audit report with recommendations.

    If problems are suspected, the audit company will set up automated testing to catch code issues that make your site inaccessible. The experts may recommend that you update old, inaccessible document repositories to be compliant with modern standards, and can help you develop your accessibility remediation strategy and work with a trusted partner to ensure your site stays up to date.

    Consult a Professional Web Design and Development Company

    Atlantic BT is an award-winning technology firm located in Raleigh, NC. We offer enterprise web design, website accessibility testing, IT consulting, software development, cybersecurity, and cloud technology to help clients easily manage, secure, and scale their core technologies. We combine full-service digital marketing with custom software development and technology solutions. Our awards stem from outstanding results in all aspects of digital, from UX design to modernizing applications. For more information, contact us or call us at 919-518-0670.

  • How Much Does it Cost to Build & Maintain a Web Application?

    How much does a custom web application cost to build and host? If you are reading this article you are probably trying to figure out if the application you need can be built at an affordable cost. Use this guide as a web application cost calculator. While there are many variables that can impact cost, the key factors generally fall into three categories: 1) size and complexity, 2) refinements and constraints, and 3) hosting and maintenance. 

    Start with the basics: how to determine size and complexity.

    To determine the size and complexity of your application we need to first define what it’s going to do. The specifications for modern software are often defined by ‘user stories’. These user stories are a simple way to describe discrete functionalities your application should provide, from an end-user perspective, and are often used by developers to define and estimate the effort required to build an application. 

    Let’s use Facebook as an example of a web-based application that most people are familiar with. While Facebook may seem relatively simple to use, it is actually a massive web application with many different functionalities for different users. Describing it in user stories would take a very long time, however, if we stick to its most basic functionality we can use it as a good example. Here are some examples of web-based user stories:

    • As a user, I need to register and create a profile
    • As a user, I need to verify my email address to complete my registration
    • As a user, I need to find friends to connect with
    • As a user, I need to request to connect with friends I find
    • As a user, I need to add pictures to my timeline
    • As a user, I need to post status updates to my timeline
    • As a user, I need to browse my feed from other friends
    • As a user, I need to be able to react (like, love, hate, cry, etc) to posts on my feed
    • As a user, I need to be able to comment on posts on my feed
    • As an advertiser, I need to compare the performance of my campaigns
    • As an organizational social media manager, I need to manage roles for my page

    I think you get the idea. Defining this application in user stories would take a very long time, and producing each piece of application functionality takes a lot longer! With the table below we will try to ballpark the relative size of your application using the number of user stories. When you are thinking of your user stories also think of the relative complexity of each user story. For example: ‘As an advertiser, I need to compare the performance of my campaigns.’ is not the same level of effort as ‘As a user, I need to be able to react to posts on my feed.’ 

    We normally apply a ‘level of effort’ attribute to each user story to help scope the application. In development ‘low’ might mean 5-10 hours, ‘medium’ 10 to 20, and ‘hard’ 50 to 100. Any user story more complex than that should be broken down into smaller stories. For example ‘As a user, I need to manage my profile’ is not an acceptable user story and should be broken down into even smaller pieces.

    Micro (< $50,000) Small($50,000-$200,000) Medium($200,000-$1M) Large($1M+)
    10-15 “low effort” user stories 25-50 “low effort” user stories 50-100 “low effort” user stories 200+ “low effort” user stories
    5-10 “medium effort” user stories 10-25 “medium effort” user stories 25-50 “medium effort” user stories 50+ “medium effort” user stories
    1-2 “large effort” user stories 2-5 “large effort” user stories 10-20 “large effort” user stories 25+ “large effort” user stories

    What’s next? Identify application refinements and constraints.

    With any web application development, you must not only consider what your basic functional requirements are, but also include user expectations and behaviors, i.e. usability, and other constraints such as mission criticality and regulatory requirements in your industry.

    Gain a competitive edge by considering user delight.

    With any application you build, you are most likely facing competition in one form or another – in many cases direct competition, but even if not that, you are competing with your users’ expectations of what an efficient and pleasant web interaction feels like. That being the case, you want to refine your application to not only beat the competition but to also be a joy to use. Therefore, you will probably want to pay attention to usability in the design of your application. Software developers often have a basic idea of usability when developing software, but there’s a big difference between a software interface that basically functions and an efficient experience developed by a UI/UX professional. Here are a few classic UX design failures to illustrate the point.

    Good usability is best built into the design and informed by user research. To add a UX professional or team to your software project might add another DevOps chain5-10% (could be more depending on the nature of the application and how important the experience is). That said, this 5-10% can save you much more down the road in avoided rework and enhanced customer satisfaction and retention.

    Criticality, security, and regulatory requirements directly impact application cost.

    Is your application critical to the daily operation and success of your business, or that of others? Does it deal with health and safety or finance? Does it deal with an industry with regulatory requirements, such as PCI or HIPAA? Do federal accessibility requirements apply? If you answer yes to any of these questions, your application needs to be developed with special requirements in mind.

    All of these considerations will increase your budget significantly; not only through the additional requirements, but also due to the need for testing. All well-developed software is tested continually through the development process with both automated testing and human testing and peer review. Software that is extremely sensitive or critical would have additional layers of testing and security added throughout the process. Normal software development would include a 20% cost for testing and security but on critical or extremely critical software that might grow as high as 40% of the total cost.

    Ensure a smooth run with ongoing application support.

    Designing and developing the application is just the start. Once it is built, it must be operated from somewhere by someone (hosting), and all software needs periodic maintenance such as security updates. 

    What about hosting?

    Hosting alone could be an entirely separate article but we’ll take a quick swag at it based on what you found above. For most web applications we recommend a cloud environment for scale and redundancy. Amazon Web Services, Google Cloud Platform, Microsoft Azure to name a few. Processing cycles, storage, bandwidth, backup, disaster recovery, and other details all add to the cost. With a disclaimer on accuracy for your particular application, here are some ballparks below. 

    Micro  Small Medium Large
    < $100 / month $100-$500 / month $1,000-$5,000 / month $5,000-$100,000+ /month

    Don’t forget application management.

    Applications have an ongoing cost of ownership — all software, especially critical applications, need security updates, periodic maintenance, updates to supporting software and technology, and perhaps testing of backup and disaster recovery. To keep your application secure and performing well, these need to be performed as preventive maintenance, not as an emergency response after problems occur.

    To make sure all these happen, you will want some level of application management, whether that’s internal or through a managed service provider like Atlantic BT. Because you have a custom application your best bet in choosing a managed service provider will be a company that can both manage the hosting of your application and the ongoing application development and support. It’s very rare that you “finish” developing your application. Normally, you continue to evolve and improve your application over the course of the time it is in production. Choosing a managed service provider that has a continuous DevOps chain from development through hosting will ensure efficient, continuous operation.

    The costs of managed services around a custom application could range from 5%-20% depending on how well it was built originally and how many features and requests you want to continue to add as the application is used. 

    Are the numbers starting to make sense?

    This web application cost calculator will help guide you in the right direction for a ballpark estimate. More importantly, it tells you how to approach estimation in general for software development and lifecycle maintenance. If you want a more refined estimate, contact us for a free consultation. We can help you with everything from a quick idea over a phone call to structured requirements-gathering and a detailed estimate process. 

  • Accessibility and Section 508 Compliance: Planning, Testing, and Design

    There are many different pieces to obtaining digital accessibility, and it can be an issue that needs clarification. Atlantic BT can help you feel confident that your site is in compliance with the latest accessibility regulations to reach a larger, more inclusive audience for your company.

    But let’s take a step back and think about why it matters. Digital spaces are essential to the way we live our lives. “We” is a collective, inclusive word. So digital solutions wind up affecting the lives of every person who has access to the Internet. It is clear that designing web experiences for all users, regardless of ability or potential needs, is a crucial component of modern web design. Not to mention, it is also the law. Web accessibility is an element of your website that can not be ignored.

    Why Should You Care About Website Accessibility?

    Americans With Disabilities Act

    While the ADA does not explicitly mention websites in its language, it does prohibit discrimination based on disability in places of public accommodation. As many organizations have discovered, the ADA has been applied to lawsuits over inaccessible websites. Perhaps one of the most famous was the National Federation of the Blind’s lawsuit against Target in the mid-2000’s, which led to Target settling the case for $6 million.

    Section 508

    Section 508 of the Rehabilitation Act, is another law that many of our clients have their eyes on. Organizations that are subject to Section 508 have a clear requirement to meet accessibility standards. As of January 2018, these organizations are now required to make sure their websites meet the guidelines laid out in Level A and Level AA of the Web Content Accessibility Guidelines 2.0 (WCAG 2.0).

    Appeal to a Wider Audience

    Aside from the law, there are benefits to making your website more inclusive.

    • Provides key services to people with disabilities
    • Increases the audience or customer base an organization can reach through its website
    • Often makes sites easier for all users

    And the need for accessibility continues to grow. According to the CDC, more than 20% of adults in the United States have a disability. That number is only likely to go up as the population ages.

    How We Create Accessible Websites

    Making accessible websites requires careful planning for success. Of course, not all of our clients have the same accessibility needs, so each is handled on a case by case basis. A typical project looks something like this:

    Make an Accessibility Plan

    During our discovery phase, we identify what accessibility requirements a client has. We will additionally scan for issues that we will need to mitigate later on. For example, a lot of old sites have videos and PDFs that no longer meet accessibility guidelines. Whatever the specifics may be, sticking to the initial audit ensures we know what goals we need to meet.

    [pull_quote]Technology’s value lies in what it allows people to do. By designing inclusively and making digital products accessible to all users, we make our technology more valuable. We bring this perspective to every project which makes our products that much stronger.[/pull_quote]    – Gordon Chadwick, User Researcher, CPACC

    Design a Site Everyone Can Use

    With requirements in hand, our designers apply styles that both function and delight. We’re long past the days when people thought designing an accessible website meant designing an ugly website.

    [pull_quote]Accessibility isn’t just about blind users and screen readers, it is about everyone. Designing for all people encourages exploration of new ideas and solutions that lead to a better product overall.[/pull_quote]  – Maris Hall, User Experience Designer, CPACC

    Develop Using Best Practices

    Building accessible sites doesn’t mean bolting on tons of features, it means following best practices for front end development. Clean, well-structured code is the foundation that allows screen readers and other assistive technology to function.

    [pull_quote]When you start paying attention to the needs of all of your users, you begin to see how wonderfully diverse your audience is and you start looking for ways to give everyone a seat at the table. Since I’m usually working on implementation, I make sure the sites I build provide a good experience for users of assistive technologies like screen readers or magnifiers. [/pull_quote]   – Mark Andrews, JavaScript Developer

    Test and Verify

    Testing is how we ensure that the work we did meets the goals we set during the planning stage of a project. Since meeting success criteria is of critical importance, our testers have several different ways to verify that we hit the mark. Testing methods include:

    • Automated Testing – We use automated checkers to identify accessibility issues in your code.
    • Expert Reviews – Certified accessibility professionals review behavior on your site.
    • User Testing – Go straight to the source and test with users who have disabilities.

    [pull_quote]There is a wealth of information on the web and everyone should have equal access to it. I make sure that we’re making that a reality by accounting for accessibility as we build things instead of after they get released.[/pull_quote]    – Yolanda Hyman, Quality Assurance Manager

    Start Feeling Good About Accessibility

    It’s easy to understand why accessibility is important. However, uncovering potential issues and implementing changes can be a complicated process. Atlantic BT is happy to guide you through requirements and implement the necessary changes to make your website not only compliant, but accessible and inviting to all users. Reach out today for a free consultation or to get in touch with one of our accessibility experts.