We tackle design and technical challenges quickly and effectively, giving your business the boost it needs.
We helped build and maintain custom back-end systems and a responsive website and web app for Emulate, a Boston-based company that specializes in Organs-on-Chips technology.
We built a website, a cross-platform app, and custom internal systems for a full-service online pharmacy.
We built an iOS app and redesigned a web app for an online presentation and collaboration tool.
We rebuilt a website and web app that provides video-based training for Android developers.
Other Work
We redesigned a custom web and mobile app for the #1 microlearning platform for trainers and companies.
We built a website, a web app, and custom internal systems for a food delivery startup.
We developed custom internal data and reporting systems for a worldwide fitness brand comprising 50+ studios around the globe.
We helped build custom web and mobile apps for an online fitness startup.
We redesigned an enterprise voicemail system and a compact VoIP virtual business phone.
We redesigned a suite of product icons for a leading provider of mobile privacy, security, and performance apps.
ShopTwigs
We built a responsive fashion boutique eCommerce website.
Web Video Caster
We redesigned an app that streams web videos to your TV.
Ping
We designed an iOS app for the world's smallest GPS locator.
Agora
We built a browser extension to improve online shopping.
Cookicons
We design the best Material Design app icons.
Papermill Collective
We designed a website for Material Design freelancers.
Our Services
Our services include, but are not limited to:
Development
Design
Want to see what a final design deliverable looks like?
Project Management
The Founding Team
Eliyah Finkelstein
Manager
Jonathan Cook
Developer
Michael Cook
Designer
Who are you?
Hi, I’m Eliyah (pronounced El-ee-yuh).
What would you like to know about me?
Who are you?
Hi, I’m Jonathan.
What would you like to know about me?
Who are you?
Hi, I’m Michael.
What would you like to know about me?
Our Blog
How to Maintain HIPAA Compliance in Software Development for Web and Mobile Apps
Why You Should Write a Specifications Document Before Starting Any Software Development Project
6 Questions You Should Ask Before Working with a Software Development Agency
We tackle design and technical challenges quickly and effectively, giving your business the boost it needs.
If you just want a basic website, there are plenty of people who can help. However, if your ambitions require a custom-tailored approach—or if you need a little extra guidance in figuring out your ideal end result—Stratosphere Digital is the agency for you.
Are you an agency?
Don't risk losing your client's business because of capacity overload or unconventional requests.
Has an important client come to you with a task outside of your team's expertise? No need to expand your team just to fulfill the occasional request—we're here to make sure you can always say "yes" to your clients without stretching yourselves too thin. And you can count on us to blow them away with the result, leaving you looking like the heroes they expect you to be.
The Client
Emulate creates living products for understanding how diseases, medicines, chemicals, and foods affect human health. Their Organs-on-Chips technology, which places human cells in micro-engineered environments, provides researchers with a new platform that predicts human response more accurately than cell culture or animal models.
The Solution
Emulate contacted us in the hope that we could add functionality to their website and web applications while maintaining their brand standards. We’ve improved their website, built custom back-end content management systems, built a custom web app, and created a robust design library with components that can be directly pulled into their codebase, enabling interface changes to be immediately propagated throughout their applications.
Supported Platforms
The Services
The Stack
The Website and Back-end Systems
A Custom Website With a Custom Back-end to Manage It
We worked with Emulate’s designers to update their existing WP Engine website by coding pixel-perfect responsive front-ends and performing quality assurance testing on all major browsers.
Improved page performance
A new navigation menu
A new footer
Parallax effects
Scroll-triggered animation effects
We built custom PHP modules for their back-end to customize almost every aspect of their website, minimizing the need for them to hire developers to make minor changes to text, images, animations, and layouts.
The Web App
A Help Center, an eCommerce Store, and More
We built a web application that functions as a help center, enabling Emulate’s customers to create accounts, review scientific protocols, view FAQs, submit and manage tickets, and buy Emulate’s products through an eCommerce store. Additionally, we built back-end systems for Emulate to manage users, permissions, and invites.
The Pattern Library
A Design System Built For Code
Working with Emulate’s designers, we helped design and coded a Vue.js pattern library that enables interface components to be directly pulled into code. This enables a robust and extensible development cycle whereby any interface changes can be immediately propagated throughout Emulate’s applications.
The Client
A startup founded by Dr. Arvind Movva in Rock Island, Illinois, divvyDOSE is a full-service online pharmacy that sorts medications into personalized packs and delivers them to customer's doorsteps.
The divvyDOSE app provides a full-featured experience across the major platforms and browsers. We employed the Material Design visual language and a modular UI approach to quickly build a consistent, responsive experience that can easily adapt as the divvyDOSE feature set expands.
The app enables divvyDOSE customers to manage their entire pharmacy experience. Features include:
Signup Interface
Calendar
Marketplace
Medication List
Interface Icons
We designed a set of custom interface icons used throughout the app.
We designed and built a website highlighting the benefits of switching to the divvyDOSE pharmacy. The website is responsive and works across the major browsers.
Illustrations
We designed a set of illustrations to showcase the friendly persona of divvyDOSE.
We can't get into the gritty details because they're top secret, but building software that plays nicely with medical systems and industrial hardware is a tricky business. We developed divvyDOSE's internal software that interfaces with legacy pharmacy software, personal health information storage systems, and a pill packaging machine. We also built a custom labeling, shipping, and billing system.
The Client
Wecora is an online visual presentation and collaboration tool targeted at creative professionals, particularly interior designers. Wecora helps professionals collect products and inspiration, organize jobs, and facilitate discussions with clients.
The Solution
We built a native iOS app using a modified Material Design style that we previously developed for Wecora’s web app. Our focus was on simplicity and clarity for non-tech-savvy users.
“We consider discovering Stratosphere one of the best breaks we’ve had thus far with building out the Wecora solution. After many discouraging, overcomplicated and costly partnerships that lead to painful hand-holding and uninspiring results, Stratosphere’s approach was refreshingly relaxed yet extremely productive.
We simply provided the walls in which we wanted his team to structure our app redesign, then they took the concept and ran with it in a way that was thoughtful and attentive to even the most minute detail. After working with these guys, we are confident now of where to land our ideas and already have several on-going projects in their pipeline!”
The Services
Supported Platforms
We designed and coded a native iOS app using the Swift programming language and a modified Material Design style that we previously developed for Wecora's web app.
The main focus of the Wecora web app redesign was to transition to a custom Material Design style and to simplify the interface for non-technical and older users who had difficulty reading or finding things on the screen. We increased the font size, placed visual emphasis on the primary user actions, and were deliberate about distinguishing different kinds of objects within the screen.
In the demo linked above, you’ll notice that all interactive elements respond to the cursor with gentle hover-and-click animations, offering ease of use and visual comfort to users.
The redesign also accommodates mobile screen sizes by making use of Material Design conventions.
The Client
Caster.IO is an education platform for professional Android developers. The company works with top developers in the industry to produce concise video tutorials on a wide range of Android development topics offered through a subscription-based model.
“I come from a background of mixed media and design, so finding a group that matches my high expectations has been challenging. However, upon reaching out to Michael and the team at Stratosphere Digital, I found that luck had finally paid me a visit.
I hired them to design a custom logo and redesign Caster.IO. From the initial video conference consultation with Michael, I found his inquisitive, probing analysis of the project very welcoming. From uncovering concepts, design considerations, user experience recommendations, accessibility implementations, and more, Stratosphere Digital demonstrated that they were the elite group I’d been looking for.
From that point forward, they continued to deliver exceptional design, front-end development, and product direction that ultimately helped turn Caster.IO into what it is today: a learning destination for thousands of professional developers. Stratosphere Digital worked within the product specifications, stayed on budget, and delivered all projects before their deadlines. They continue to deliver outstanding results for all projects we have requested and we look forward to a long relationship with them.”
The Solution
We designed a logo and established a new visual identity for Caster.IO. We teamed up with developer Carlos Jeurissen for a complete visual and technical overhaul of their website and online presence. We created over 60 course illustrations, as well as a template for generating new ones. We continue to work with them to design and implement new features as their site and subscription base grows.
The Services
Website Redesign
New Logo
The Client
ConveYour is a microlearning platform that enables influencers, trainers, and organizations to engage with their audience in a new and effective way—with personalized, bite-size content; mobile-first courses and campaigns; and interactive challenges. By tailoring their content to the specific needs of their audience, companies using ConveYour build a deeper connection to them.
“As a self-funded startup founder, I’ve had to get good at wearing many different hats. For the longest time, the product design hat was one I thought I wore just fine. Yes, user experience and user interface design had always been an area of pain for our team, but it didn’t stop us from shipping product. As ConveYour grew, it became painfully obvious that user experience and clarity had to improve in order to efficiently scale the business.
There was a time where building cool functionality and telling people about it was a business model. Now there are over 7,000 marketing tech SaaS companies alone. The customer has ultimate choice. One cannot just compete on functional merits alone; the customer experience is paramount.
Working with Stratosphere Digital has been downright incredible. Stratosphere brings a level of thought and earnestness to customer experience that I’ve never seen before. Yet, their pace is fantastic. Stratosphere’s work has replaced many of our okay product ideas with masterpieces that can contend with the biggest and the best in ConveYour's industry.”
The Solution
We started our work with ConveYour by doing an audit of their existing design and UX. From there, we established a set of initial goals for a complete redesign of the Learning Portal section of their app. We worked closely with ConveYour to improve the structure, navigation, and feature set of the product.
The redesign was not only an aesthetic refresh, but also the establishment of a growing library of design components, patterns, and assets for use in the current Learning Portal. When the redesign was completed, we worked directly with ConveYour’s developers to support and oversee the implementation. We continue to work with ConveYour on improvements to their app as well as new, unannounced projects.
Supported Platforms
The Services
Themes and Primary Color, UI/Illustrations
Our redesign needed to accommodate and improve the performance of the Learning Portal’s light and dark themes, as well as allow users to set their own primary color and logo. We designed sets of interface elements that worked well in both light and dark modes, and established a balanced, consistent use of primary colors while maintaining high contrast for key content.
Design Library
Underneath the new interface is a collection of improved and expanded design components, navigation patterns, and graphic assets. These elements accommodate responsiveness and themeability. Items in the library are then built out as Vue components, enabling ConveYour’s developers to jumpstart the creation of new features and products.
The Client
Fresher (previously Fitness Ration) is a startup based in Singapore that prepares precisely calibrated, nutritionally balanced meals based on specific fitness goals and delivers them to customer’s doorsteps.
“Stratosphere worked to understand our needs and tailored a solution that fit perfectly. They helped us build fully custom software systems to run the entire back end of our business and also coded our consumer-facing web application to be pixel-perfect based on the designs we provided. I highly recommend Stratosphere's team if you're looking for a solution that requires custom coding.”
The Solution
Starting from designs provided to us, we built a responsive website to showcase Fresher’s beautifully prepared meals; an order wizard to streamline and simplify the experience of purchasing meals, user accounts to enable the managing of customer profiles, preferences, and order histories, and custom internal software to make processing, scheduling, and delivering orders easy and accurate.
Supported Platforms
The Stack
The Website
Starting from designs provided to us, we built a website that highlights Fresher’s prepared meal products, including an order wizard that takes the customer through a simple process to select which meals are right for them. The website is responsive and works across all major browsers.
The App
Starting from designs provided to us, we built a responsive web app that enables customers to create an account and maintain a basic profile, which includes commonly ordered meals, allergy info, and an order history from which they can quickly reorder previously purchased meals.
The Admin
We built internal admin systems used by the Fresher team to manage the entire backend processes of their business. Features include:
The Client
zingfit is a startup based in Boulder, Colorado, that offers online scheduling and engagement software for boutique fitness studios.
“After working with several other sub-par developers, Stratosphere jumped into our custom and complex code base, making changes and improvements quickly and efficiently. Stratosphere successfully executed on tasks that other developers didn't even think were possible. I highly recommend Stratosphere if you're looking for a top-notch team of software developers.”
The Solution
We helped build and maintain the internal software that manages and deploys the web and mobile apps of zingfit’s fitness studio customers from around the world.
The Stack
The Client
Platform28 is a leading cloud communications platform used by government agencies, private enterprises, and the nation’s largest telecommunications providers. They offer a range of services, including cloud-based telecommunication software, professional support, and advanced APIs.
“Stratosphere helped us with fresh designs for our iconography, UI/UX, and graphics, and did a fantastic job. We really appreciate their creativity, intelligence, and how quickly they were able to understand our industry. Stratosphere produces and provides excellent value.”
The Solution
We provide ongoing design support to Platform28 in multiple ways. We create logos for their products and services, design the UI/UX of their web and mobile apps, and create graphics for their promotional materials and presentations.
The Services
App Design
Presentation Graphics
Product Icons
The Client
PSafe is a global leading provider of mobile apps designed to protect people’s freedom to safely connect, share, play, express, and explore online. The company boasts over 130 million installations of their innovative privacy, security, and performance apps.
“The promise I made to my client is that we will be creative, collaborative, and utterly reliable. Talent like Stratosphere allows us to live up to that promise. Stratosphere’s work is precise, elegant, and always well thought through. Unlike many designers who can make beautiful things but can't explain why they make sense, Stratosphere always has a strong and clear perspective on their work, which is appreciated by my clients and by my wider team. There will always be room on my squad for Stratosphere.”
The Solution
We collaborated with Intrepid SF, a new agency in the Bay Area that was helping PSafe remodel its brand architecture and revamp its visual brand identity in preparation for a major push into the North American market.
Our particular focus was on refreshing PSafe’s suite of product icons. We merged two product groups into one unified group and created a new visual style that was minimal, vibrant, and stylistically balanced between the Android and iOS platforms. We designed a set of icons on top of a grid, with shapes that adhered to a consistent set of style patterns.
The result was a reimagined set of icons that will serve as the foundation for future PSafe product icons.
The Services
The Client
Twigs is a fashion boutique in Madison, Wisconsin that offers a mix of apparel and accessories from top designers.
The Solution
Starting from designs provided to us, we built a responsive website on top of the Silver Earth eCommerce platform to showcase Twigs’s collection of fashion apparel and accessories. We worked directly with Silver Earth to develop an improved checkout process, a user review system, and improved product pages.
Supported Platforms
The Stack
The Website
Starting from designs provided to us and using the Silver Earth platform, we built a website to make it easy for customers to purchase products, create an account with saved preferences, write product reviews, and create and share wishlists. The website is responsive and works across the major browsers.
The Client
Used by millions of people, Web Video Caster is an Android app that streams videos from your favorite websites onto your TV. Not only does it let you watch movies, TV shows, sports broadcasts, and live news streams, but it also allows you to cast local videos stored on your phone.
The Solution
The redesign focused on simplifying the UI and refining the Material details. The app now boasts a distinctive charm, thanks to its friendly mascot and a series of illustrations to help users with the more complex elements of the app, such as error messages and the initial onboarding experience.
The Services
Supported Platforms
Interface Refinement
Harnessing Material Design conventions, each screen of the app was cleaned up and refocused.
Even the most reliable streaming video services can have issues occasionally. Personal and sympathetic messages, as well as illustrations with opportunities to contact tech support, help defuse frustration. Emotion-driven messaging and illustrations help defuse users’ frustration by offering empathy and providing opportunities to contact tech support.
Mascot
We designed a friendly mascot to help liven up the app, improve the onboarding experience, and increase conversions to the paid version of the app.
Icon Design
After extensive design exploration, we arrived at a new product icon that weaves together symbolism of Chromecasting, browsers, and video, while capturing the spirit of Material iconography. We made a careful effort to come up with an icon that was not too similar to the wider family of relevant Chromecast trademarks, but was similar enough to remain recognizable and familiar to the user.
The Client
Ping is the world's smallest GPS locator for kids, pets, bikes, luggage—or anything that moves.
The Solution
We designed an app and validated its interface by testing a wireframe prototype with a diversity of users in the client's target demographic. We then used user feedback to design the consumer version of the app, including a logo.
The Services
Supported Platforms
Interface Highlights
The app is designed to help new users quickly set up the Ping GPS device and sync it to their Ping smartphone app. Once set up, the app is ready to locate paired devices, providing confidence and comfort to users. The app design is clean and warm, with soft shadows, gentle color gradients, and bright accents.
Logo
The Ping logo establishes a visual link with the Ping GPS device and the Ping app icon. The letters have a consistent width and are based on repeating circles cut to different lengths, evoking a sense of reliability, friendliness, and simplicity.
The Project
Agora is an online shopping solution that overlays useful features on top of existing online retail websites. We built a system to scrape the details of products across retail websites, as well as an interactive Chrome extension that allows users to grab products right off the page from top retail sites and save them in one organized place. This ambitious startup project is still in development.
Promotional Video
We worked with a video production agency to write, shoot, and edit a video to promote Agora.
The Stack
We brought together many different technologies to create a single coherent product.
Main Features
Grab products right off the page from top retail sites and save them in one organized place.
Get quick access to expanded product images, reviews and more.
Compare the things that matter most with a customizable fullscreen workspace.
Shop in real-time with and get feedback from friends.
Iconography
We designed a set of custom interface icons used throughout the product.
Promotional Material
We designed a series of promotional materials to showcase the features of Agora.
Web Scraping System
We built a sophisticated web-scraping system to accurately get up-to-date product information directly from the product page being viewed.
The Client
Cookicons is an iconography side project of Stratosphere designer Michael Cook. He has been commissioned by a wide range of clients, including independent developers, non-profits, startups, and established companies.
The Solution
Michael makes vibrant, high-performance Material Design app icons for Android, iOS, and the web.
Material Design is a visual style and design framework introduced by Google in 2014. It centers around thinking about interfaces as sheets of versatile digital paper that cast shadows based on their elevation.
The documentation for Material Design contains a section on iconography with brief guidelines for sizing, geometry, color, and lighting. You can view those guidelines here.
Michael's deep familiarity with Material Design documentation has allowed him to take it a step further with Cookicons. He has homed in on the spirit and nuance of the style and uncovered many details present in Google's icons but absent from the guidelines.
Each icon is custom made through a process that considers an app's feature set, personality, and competitive landscape. These factors are brought together to present compelling symbolism with strong composition.
In addition to carefully considering the issues of clarity and aesthetics, Michael performed icon A/B testing during the design process to achieve a boost in install rates.
The Services
Supported Platforms
Cookicons Icon
Android Summit 2017: Adaptive Icons - Case Studies & Principles of Design
Droidcon NYC 2016: Material Icon Design Workshop
The Client
Papermill is a collective of Material Design enthusiasts who specialize in illustration; icon, product, interface, and motion design; and mobile and web development.
The Solution
The website is a demonstration of Material Design, a comprehensive design language produced by Google for use on mobile and the web. The Papermill website meticulously adheres to the guidelines of the design language, but also goes further with bold animation and illustration.
The Services
Supported Platforms
Logo
The logo reflects the core concept of Material Design: digital interfaces composed of overlapping sheets of digital paper at different elevation. Papermill strives to be straightforward, proud, and hardworking, and the icon is desinext to function Next mark of qualit.
Illustration
Why You Should Write a Specifications Document Before Starting Any Software Development Project
If you’re thinking about starting a software development project, this blog post is for you. You’ll learn why a software specifications document can make or break any such project.
Here’s the truth that most businesses don’t know:
Most software projects are delayed and over budget. Many of them never even make it to launch day. Successful projects can often credit their achievement to a clear and comprehensive written specifications document.
What’s a specifications document?
A specifications document is a detailed and specific plan of what you want to build and how you want it to work. Basically, it serves as the ultimate guide for your developer. Without it, a lot of things can — and likely will — go wrong.
The importance of a specifications document
A lot of businesses end up hastily hiring agencies or developers to create their software, thinking it will work out just fine to figure out the details as they go. It’s a common mistake to start software development projects with vague instructions, and one that can end up wasting a lot of your time and money.
If developers don’t completely understand what you’re looking to build, it’s unlikely that they’ll be able to deliver it. This may also damage the effectiveness and of the software, and result in significant portions — or all — of the code needing to be rewritten.
How to write a good specifications document: be as detailed and clear as possible
Your software specifications document should be crystal clear. There should be no room for confusion, misinterpretation, or uncertainty.
Since the specifications document is a guide for your developer, you need to be as detailed as possible. Include what you expect, why, where and how it will be done, and by when.
The key is to give details and explanations for even the simplest procedures. Your interpretation of something might be different from the reader’s. So, it’s important to directly state what you want. Put into words the pictures you are painting in your head. Once your developer sees what you want to happen, they can carry the plans out accordingly.
Don’t be afraid to put in more detail if you feel like it isn’t enough.
As an example, how should a password reset feature be described so that it’s crystal clear? Here’s the level of detail you should be including:
Password reset feature
On the login screen, at the bottom, there should be a text link titled “Reset your password.”
When the “Reset your password” link is clicked, a popup window should appear with the title “Enter your email address to reset your password.” This popup window should have a “Close” button at the top right. It should also have a text field for the user’s email address, as well as a “Submit” button.
When the “Submit” button is clicked, if the user entered an incorrect email, an error message should be displayed in red below the email address text field saying, “The email address you entered was incorrect. Please enter a valid email address.” If the email entered was correct, the user should be taken to a new page within the popup window with a message saying, “Success! We’ve sent you an email link to reset your password.” Using the MailChimp email API, the “password reset email template” email should be sent to the email address provided. Below the “Success! We’ve sent you an email link to reset your password.” message, there should be a text link that says, “I didn’t receive the email. Re-send it.” Clicking that text link should re-send the “password reset email template” email to the email address provided using the MailChimp email API and a message should appear that says, “Success! We’ve re-sent you an email link to reset your password.”
The “password reset email template” lives in MailChimp and should programmatically create a password reset link with random characters in the URL to be included in the email. When the password reset link is clicked, the user should be taken to a web page with the title text, “Enter your new password into the fields below.” Below the title text should be two text fields for the user to enter their new password twice. Below the two text fields should be a “Reset my password” button. When the “Reset my password” button is clicked, if the text in both fields do not match, an error message should be displayed under both text fields saying, “The passwords do not match.” If the text in both fields match, the user should be taken to a new web page with title text that says, “Success! Your password has been reset.” On this page, there should be a “Login” button that, when clicked, takes the user to their account page. At the top of the account page, there should be a banner with the text, “You are now logged in with your new password.” The banner should automatically disappear after 10 seconds and should also have a “Close” button at the top right.
As you can see, this is quite a lot of detail for a password reset feature. However, all of these details are necessary to impart to the developer in order for them to effectively implement this password reset feature, as there are many other ways this feature could work other than what is described above.
Takeaway: Write a specifications document before starting any software development project.
When you write a clear and detailed specifications document before starting a project, you’ll see a great reduction in errors and amount of rework necessary during and after your software is built. The chances that your software will be delivered on time and on budget will increase significantly.
That’s why we highly encourage our clients to take time writing their specifications document so it can be as clear and as detailed as possible. This should always be the first step of any software project. It can be done in collaboration with a software development agency, but it’s important to understand that only you know exactly how your software should work.
More Articles
6 Questions You Should Ask Before Working with a Software Development Agency
Building software is rarely a simple task, and many businesses don’t have in-house developers who can effectively develop and maintain the software they need.
That’s why many businesses choose to hire software development agencies to build and maintain their software.
Why work with a software development agency?
A software development agency knows how to build software from the ground up and can turn your ideas into software that is extensible and easily maintainable. They can write code that not only does what it’s supposed to, but that also doesn’t cost a fortune to maintain. Many businesses don’t consider the cost of ongoing maintenance and feature development of their software, which often ends up being significantly more than the cost of initial development.
So how do you find the right software development agency to work with? Sure, it’s tempting to just pick the first agency you find, but it’s generally a good idea to shop around before making a decision. There are a number of things you should consider before choosing an agency to develop your software.
Here are 6 questions you should ask a software development agency:
This might sound obvious, but a lot of people skip this simple question.
Getting to know the agency you might be working with is an important step. It’s the first step, in fact, of developing a relationship with them. You need to find out how their agency works, how long they’ve been in the business of software development, if they outsource work to junior developers, what they’re good at, and what they’re not so great at.
Just like with any job, the hiring party should look for a portfolio or compilation of past works to determine if the applicant is a good fit given the specific requirements of your project.
You should look into their past projects to see how well they developed the software and what the final products looked like. You should also try to get ballpark numbers regarding initial cost and ongoing cost.
At job interviews, applicants are often required to submit character references. This gives the employer a direct channel to individuals who know the applicant well.
The same applies when hiring an agency. It’s incredibly valuable to get insight from people who have worked with the agency in the past. They can answer any questions you might have, such as what it was like working with the agency, how well they communicated, how organized they were, what problems came up, and how they handled those problems.
The benefit to speaking directly to past clients is that it gives you an idea of the agency’s work ethic and general values, which can be equally as important as technical experience. You don’t want to be working with an agency that might have very different values than you.
Every agency should be able to give you a clear plan or technique for how they communicate with their clients.
Having a software development agency work for you does not mean you get to sit back, relax, and watch them do the job. Collaboration is essential, and developing software requires hands-on participation from you as well. That’s why it’s important that you and your agency can communicate effectively.
Asking this question will help you determine whether the agency communicates effectively, as well as find out what tools they use to keep projects organized and on track. You’ll then be able to gauge if communicating with them will be smooth and seamless.
Software development is not a one-time thing. It requires regular maintenance and new features are often needed after the initial launch. You need a developer who’s willing to work with you in the long run. That means attending to updates, bug fixes, and feature enhancements.
It should be clear how quickly the agency will respond to issues that arise and what guarantee they are making in regards to their availability.
Employees of a company should always acknowledge that any work they do is not theirs—it belongs to the company.
It works the same way in software development. Once you pay the agency, all of the code should be your property. It’s essential that ownership of the work product is transparent.
These are just a few questions that will help you find the right agency.
We hope they’ll save you from the headache of working with unprofessional or inexperienced agencies. Before you pick an agency, make sure you can confidently dismiss any concerns you may have about them by asking these 6 questions.
More Articles
How to Maintain HIPAA Compliance in Software Development for Web and Mobile Apps
With more and more software applications being developed for the medical and health industries, from modern online pharmacies like PillPack and divvyDOSE to Amazon Alexa’s new health care skills, developers are starting to have to take a hard look at the Health Insurance Portability and Accountability Act (HIPAA) when developing web, mobile, or other software applications.
For developers, staying on top of what is required to maintain HIPAA compliance can be incredibly overwhelming. The plethora of outdated and vague guidelines makes it all the more agonizing.
When we first started building HIPAA-compliant apps, we were stunned by the apparent scarcity of information available from the software development perspective.
After having spent countless hours building HIPAA-compliant internal software and consumer-facing web and mobile apps for clients like divvyDOSE, SmartScripts, and Transparent Health Marketplace, as well as other data-sensitive clients like Emulate, Barry's Bootcamp, Zingfit, and ConveYour, we’re confident that the information below will be a helpful starting point for anyone attempting to develop software that requires HIPAA compliance.
A Brief History of HIPAA
HIPAA first came about in 1996 as an all-encompassing reform to the health insurance industry. The bill has a whole section dedicated to the communication and protection of private and sensitive medical data. If you aren’t familiar with what the software development and tech industry was like back in 1996, here are a few facts to give you an idea:
Google was still just a research project at Stanford and was known as “BackRub”
Ebay.com had just been launched
Pokémon was introduced to the world
Only about 100,000 websites existed (compared to about 1.8 billion today)
A Brief Overview of HIPAA Compliance
There are two different components of HIPAA that you should be familiar with: the Security Rule and the Privacy Rule.
The Security Rule deals specifically with electronic information and has set forth guidelines on how to secure protected health information, known as PHI, which is basically any individually identifiable medical information that is transmitted across any medium. The Security Rule breaks down PHI protection into three different categories:
Physical – protections for actual physical devices
Technical – protections in regards to the information itself
Administrative – policies and procedures that help protect against a breach
While HIPAA’s guidelines can be quite ambiguous, the gist is that you’re supposed to “protect against any reasonably anticipated threats or hazards to the security or integrity of such information” by, among many other things, “implementing a mechanism to encrypt and decrypt electronic protected health information.” This is obviously far from clear. Luckily, there are industry standards for HIPAA-compliant encryption used by the major cloud platforms (Amazon, Google, and Microsoft) that provide a great foundation.
The Privacy Rule attempts to determine who's responsible for making sure PHI-related data is handled correctly. Any company or entity that deals with the transmission or storage of PHI—not just health care providers or hospitals—may be liable.
The Privacy Rule divides entities into two categories:
Business Associate – Any person who collects, stores, transmits, or maintains protected information on behalf of a Covered Entity. If a person or organization does not provide a service or function that involves the use of PHI, or has very limited access to PHI, then they might not be considered a Business Associate.
Covered Entities – Health care providers, health care clearinghouses, and health plans who transmit any health information electronically in connection with transactions for which the Department of Health and Human Services (HHS) has adopted standards.
As a developer, you would be considered a Business Associate, which means you would have to sign a Business Associate Agreement (BAA) with the Covered Entity.
The Privacy Rule also mandates that Covered Entities provide their users/patients with a Notice of Privacy Practices, informing them on how their PHI is protected. The regulations laid out by the Privacy Rule are intended to increase awareness of PHI and how it’s used, as well as to give more control to patients/users over who has access to their PHI.
HIPAA Compliance Tips for Developers
Please note that adhering to the points below is in no way a guarantee that your application will be completely compliant. It may be best to seek out an expert HIPAA compliance consultant.
Offload Security to Experts
By using existing HIPAA-compliant tools, you can offload a lot of your security concerns. The burden of expertise on HIPAA compliance should not be solely on you as a developer. Ideally, you’d be able to work with a HIPAA compliance expert who would guide the security decisions for the application.
You’ll also want to find out what other regulations you might need to take into consideration. There are tools available to help with that, such as this guide provided by the FTC.
Avoid Handling Data Whenever Necessary
Try to minimize the data you are storing, accessing, or displaying to only what is absolutely necessary. If you don’t need patients’ addresses, then don’t ask for them. Any personal information used in your application should have a clear purpose.
If you plan to use cloud storage, be mindful that the transmission of data to and from the cloud has to be secure. A BAA is also required in these kinds of situations.
Don’t forget about geolocation data. HIPAA defines geographically identifiable information as any information that narrows a person’s location to a location smaller than a state. Geolocation can take a seemingly harmless and insignificant piece of patient data and turn it into a massive liability.
Transmit and Store Data Securely
With so many HIPAA-compliant protocols and tools available to you today, there’s really no excuse for not making use of them. If data is encrypted locally, stick with known protocols that have withstood the test of time. Don’t try to reinvent the wheel, especially when it comes to security.
If your application sends text messages, be mindful that MMS and SMS are not encrypted protocols, so avoid these when transmitting PHI. Also, push notifications are generally a vulnerable means of communicating with your users. If your application is using these communication methods, be sure that PHI is never displayed, as it’s just too easy for someone other than the intended recipient to see these notifications.
Maintain Application Security
Consider all the different places in which your application is storing data. Backups and log files are often lacking when it comes to security. If the app is consumer-facing, it should feature a local session timeout which forces re-authentication.
Plenty of guidelines for best practices are available online, including OWASP’s list of top 10 mobile risks.
Test Application Security
The last thing you can do to be sure your application is secure and HIPAA compliant is conduct security testing. There are plenty of tools available for you to do this yourself. If you aren’t a security expert, though, then it is in your best interest to seek out a third-party professional to perform penetration testing on your application. Be sure to inform them that the application they’re testing needs to maintain HIPAA compliance.
Protect Yourself with Insurance
If you’ve landed a project that requires HIPAA compliance, you probably have the extra cash to protect yourself with an insurance policy. For about $2,000/year (the price will vary based on the income of your business and some other factors), you can get a $1 million policy. To get insured, talk to an insurance broker.
The policy you’re looking for is called Errors & Omissions insurance (E&O). The thing to be aware of with E&O insurance is that they are Claims Made policies. This means that if you stop coverage you will no longer be able to make a claim, unless you buy what’s called a “tail” or “the extended reporting,” which is essentially just renewing your existing policy.
Maintaining historical coverage is important because it’s possible that years after you last touched PHI, an investigation could determine you to be a liable party in a data breach.
Wrap-up
The guidelines set forth by HIPAA can seem convoluted and overwhelming, but by following the points outlined above, you’ll be well on your way to building a HIPAA-compliant software application.
More Articles