The Handbook

Our Mission

Our mission is to accelerate progress in medical imaging by

with the ultimate purpose of improving patient health.

We do so while providing meaningful, flexible, and financially rewarding careers to our team.

Intended Audience

This handbook describes how we develop great software while maintaining enjoyable, flexible, and financially rewarding careers. We wrote it for a few different audiences.

This handbook is hosted in a git repository. If you have a question that you wish the handbook answered, let us know. Please make a suggestion in #general if you’re a team member, or email us. Team members can also submit pull requests with proposed changes.

Please note that links to the GitHub repository, Slack, and Google Drive are only accessible to Innolitics employees.

Our Values

Our values guide our work. They are a starting point for conversation, although we recognize they can be in tension with one another. Our company values are to:

Pursue a deep understanding

Continue learning

Build quality software

Treat our clients ethically

Integrate the business context

Communicate clearly

Be responsible for our work

Be pleasant to work with

Respect the autonomy of fellow developers

Make the world better

Enjoy our work, and relax

How We Refine and Enact Our Values

We suspect most of these values are not controversial. Still, if you disagree with any of them, or if you would like us to add or modify any of them, please initiate a discussion! Here are a few examples of how our values have changed over time:

Most importantly, if you feel we aren’t following our values, say something! It’s essential that you say what you think. For example, several months after adding our commitment to contribute to open source software, we still hadn’t done so. Someone brought this up, and in response we set up our open source contribution page.

Medical Imaging Software Services

We love developing medical imaging software. Our work helps doctors diagnose and treat clinical patients and assists researchers in making breakthroughs in the lab. We believe that software has the potential to transform the medical imaging industry, and we’re excited to be front and center in this transformation.

Medical imaging software is a specialized field, so we don’t expect everyone who joins our team to have a strong background in it. Many of our projects have challenges that aren’t unique to medical imaging. That being said, you do need to be interested in medical imaging, have some mathematical background, and have a desire to learn more to be a successful part of our software team.

Occasionally we accept projects that are outside of the medical imaging domain if there is a strategic business reason to do so.

We are a Remote-Only Company

We are a remote-only company. We don’t have a central office, and most of our communication occurs in Slack, video calls, and email.

A remote-only company encourages everyone to focus on their value-add instead of hours worked; value-add is more visible than extended hours in a remote setting.

It’s more difficult to develop strong relationships with remote teammates because we can’t grab a beer after work or chat in person. There are a few ways we alleviate this. The first is via conversations on #random. Next are our 10x discussions about various medical imaging and programming topics. Finally, we have retreats once a year. More about these last two items in a bit.

Labor Law Posters

We don’t have physical offices where we can hang labor law posters, so we store them online in a Google Drive folder. Those in the root folder are federal labor law posters. State- and city-specific documents are contained in subfolders. Please review the posters for your state; ask if you have any questions.

Moving

Part of our mission is to provide flexible working conditions for everyone on our team, including the flexibility to move without changing jobs.

If you move within the same state, please be sure to update your address in Gusto.

If you’re considering moving to another state, please discuss this with a partner. Due to complicated labor laws and tax implications that vary by state, we can’t guarantee we can support every move. The chances are high that we can, and we’ll try hard to make it work one way or another, but the earlier you discuss your proposed move, the better.

Our Team

We’re a small team of ten full-time members as of June 2019. We plan on substantially growing the company over the next few years.

Working on a small team means we have relatively little structure and more personal responsibility. As an early member of our team, you’ll have the opportunity to grow with the company and influence how it develops.

Project Structure

We work on projects of varying sizes. Our typical engagement lasts about a year, although we’ve been working with a few for several years. Typically, you’ll be assigned to a single project at a time.

Each project has a project lead who is ultimately responsible for its success. This person’s responsibilities include:

We usually have client progress meetings on Mondays, with additional meetings as necessary in any given week.

10x Time

On Wednesdays from 2:30 – 5:00 PM CT we have 10x time (we choose Wednesdays so we can travel on Monday or Friday). We don’t bill clients for 10x time, so use the entire session for reading or learning, even if you’ve completed all of the weekly reading material.

Some weeks we’ll cancel 10x time if there is an impending deadline or many staff are on vacation. When this occurs everyone is expected to continue working on client projects. We don’t have a 10x time during the week of Thanksgiving or the Wednesday in between Christmas and New Years.

We experiment with different formats, but most often we:

  1. Discuss an article, video, or book chapter. Everyone reads the chapter from 2:30 – 3:45, after which we discuss it in a group video call until 5:00.
  2. Work on a mini-project or course, either individually or in groups.

We try to pick topics that are fun, interesting, and will make us better developers. Please feel free to suggest topics in #learning. If we end up using your suggestion, please add a new item to our list of previous discussions. We try to choose the discussion material or mini-project on Friday afternoon of the previous week. You can see a list of our previous discussions here.

If we’re having a good discussion, we’ll often go 15 minutes or so past 5:00. If you have plans and need to duck out, but can’t get a word in to say so, just drop out of the call and leave a comment in Slack; everyone will understand.

Writing Articles

In addition to 10x time, another great way to continue learning and growing is to write articles for our website. Although articles are written outside of working hours, we do provide bonuses for writing articles.

See this page for details about the process.

Retreats

Meant for Innolitics employees only, we meet once each year to have some fun and get face time with one another. Each retreat usually begins Thursday afternoon and ends Saturday afternoon, with the destination usually changing. The company covers your travel, housing, and food. People often delay their flight back and make a long weekend or vacation out of the trip.

Unless there is a very good reason (and please let us know as soon as possible), everyone is expected to attend each retreat.

You can view (and upload) photos from previous company retreats and events here. Please do not share these photos on social media.

Travel

We usually work remotely. However, sometimes our client work also requires us to travel for kickoff or design meetings. Usually these sessions are short (just a few days), with such meetings being rare. We expect every team member to be able to travel from time to time within the US.

Reimbursements

When you travel, keep receipts for food, transportation (e.g., flights, parking, Ubering to the airport), and accommodation expenses. We can’t reimburse you without receipts, so please be diligent in keeping them!

Please use your best judgment when purchasing food, flights, and hotels. Keep in mind your time is valuable. It’s worth spending an extra $150 to get a direct flight or to avoid having to fly out at an uncomfortably early time. Ask David or Yujan if in doubt.

If you’re driving your own car, track how many miles you drive—ideally by taking a photo of your car’s odometer at the beginning and end of your trip. We use the mileage numbers to calculate the IRS standard mileage rates for reimbursements, which was $0.58/mile in 2019. Note that the standard mileage rates include the cost of gas, so please do not include fuel receipts.

You must create an expense report to be reimbursed. We allow a few different ways to create these, as described below. Pick the option that works best for you. After submitting your report, expect to be reimbursed on the next payroll cycle. If you’re traveling and need to purchase a flight, send an expense report just for your flight and a second detailing all of your other travel expenses.

Expense Reports Using Email

If you only have one or two receipts, email them directly to reimbursements@innolitics.com.

Expense Reports Using Expensify

Download the free Expensify app. After creating an account, you can:

Once all of your receipts are uploaded, download a PDF copy of the report and email it to reimbursements@innolitics.com.

Expense Reports With Excel

Alternatively, fill out this spreadsheet and send it with your receipt images to reimbursements@innolitics.com.

Flexible Schedules

While we value having a flexible work schedule, this doesn’t mean we can work anytime we wish.

Performance Reviews

Innolitics has both mid-year and end-of-year reviews.

When you join our team, we’ll set up a GitHub repository which will only be visible to partners and you. For now, these repositories will contain a single file, README.md.

Reviews occur as follows:

  1. A partner (usually the one with whom you have worked the most since your previous review) will reach out on Slack and schedule a time to meet.
  2. At least one day prior to the review, read through the questions below and write responses in your README.md:

    • Have you been satisfied with your job since our last review?
    • Are you happy with your growth and performance since then?
    • Which of the following changes would make the most significant difference in your job satisfaction? Please sort them from largest change to least change:
      • More time off
      • Increased compensation (either through your salary or other benefits)
      • More responsibility, ownership, or career-growth
      • More interesting or meaningful work
      • More opportunities to learn or develop new skills
      • Something else
    • Do you feel like you have a healthy work/life balance?
    • Project organization and management
      • Do you know what you need to work on?
      • Is the project organized in such a way that you can be productive with your time?
      • Do you wish you had more guidance, or less?
      • Do you ever wish you were working on a different project at Innolitics, and if so, which one?
    • Do you feel like you have opportunities for your career to grow at Innolitics?
    • Do you feel we are acting inline with our company values?
    • Do you feel like Innolitics has moved in the right direction since your last review?
    • Do you have any ideas about open source tools, products, or services that we could offer that would help further our company mission?
  3. Prior to the review, the partner(s) will write their thoughts about your performance in your README.md.
  4. During the review, you and the partner(s) will discuss:
    • Your answers to the review questions
    • Your performance since the last review
    • Your annual raise and bonus (only during our end-of-year review)
  5. After the review, write out any notes from the discussion in the README.md.

Coding Best Practices

Please read through our Coding Philosophy and Best Practices.

Communication Tools

Email

Email is best for non-urgent communication that requires a formal or well thought-out response.

Our preferred email signature is:

First Last
Job Title, Innolitics
+1 (###) ###-####

Our preferred email signature when communicating with possible sales leads is:

First Last
Job Title, Innolitics
Medical Imaging Software Services
+1 (###) ###-####

Slack

Slack is best for most everyday communication. Here are some rules of thumb for its use:

Slack Notifications

In a remote working environment, a Slack mention is the equivalent to walking over to someone’s desk and tapping on their shoulder. The impetus is on everyone to not overuse mentions as they can be disruptive. But when someone does mention you, you’re at your desk and not participating in a call, try to respond quickly! The best way to do so is to use Slack desktop notifications (and audible notifications, if necessary).

To avoid being inundated with notifications, we suggest configuring Slack preferences to only notify you about Direct messages, mentions & keywords. You can set this from your Slack preferences. This article has more details. If you have any channels where you want to be notified of all messages (e.g. a client’s channel), use the channel-specific notification preferences to turn them on for All new messages.

If you need a solid block of time free from interruptions to focus on a technical problem, we suggest setting your status to indicate as such. You might use the robot icon for this (e.g., /status :robot_face: head down coding).

Slack Video

We use Slack for most video calls; we use Skype as a backup.

If someone asks you if you want to jump on a call, by convention you should respond simply by starting the call.

When on a video client call with a client, please follow some etiquette:

External Communication

Quality technical work does not equal quality service.

While our clients care about the technical quality of our work, it’s often the level of service we provide that makes them enjoy working with us.

Clients really appreciate clear and prompt communication. Respond to their emails promptly during the business week, even if it’s only to say that you’ll respond in full as you’re able to do so. By promptly, we mean responding to clients is more important than nearly anything else you may be doing. It’s your responsibility to setup your email and Slack notifications so you’re able to do this.

Be sure to read client emails slowly and completely so you’re certain you address each of their questions and concerns. It’s easy to miss important details or comments after the end of a long quotation block. We strongly recommend rereading client emails twice to be sure you caught everything.

When asking questions of clients, first be sure there isn’t a simple way for you to answer each question on your own by asking another Innolitics team member or by searching Google. Our clients’ time is valuable.

Informal writing is sufficient for internal emails. But when emailing clients, please pay extra attention to your grammar and spelling. Never send any email without first rereading it. It’s all too easy to leave out a word here or there, or to use an incorrect word (e.g., affect when you mean effect). This website provides many common errors, some of which we see every day (e.g., it’s is a contraction meaning “it is,” whereas its is the possessive form of “it”). Such an error reflects poorly on the entire company; recipients may wonder about the diligence we take in working on their projects when they read anything from us that contains such mistakes.

We highly recommend using a tool such as Grammarly to double-check your writing. Let us know and we’ll set up an account for you to use.

Consider the tone of your outbound emails. Because no one can see your facial expression or body language, too often a given phrase—such as one that may possibly be interpreted as being harsh or condescending—might cause an undesired reaction from your recipient. This is why emoticons (a.ka., emoji) were created; use them judiciously (but sparingly) to add clarity.

Internal Communication

It’s usually best to include a time zone when indicating times. That said, assume that times are Central time (CT) in the absence of a specific time zone.

Do not specify standard or daylight time. Too many times someone might cite CST when daylight time is in effect. In that event CDT would be technically correct, but referring to the always-correct CT is adequate—recipients will know when daylight savings time is in effect. (Note that some places, such as Arizona, never adjust for daylight savings time. In relation to the rest of the US, part of the year the state is on Mountain time, the remainder it’s on Pacific time.)

Standups

To retain flexible work schedules, we do not have a morning “standup” unless a client requests one. Instead, we post our progress in the Slack #standup channel.

The frequency and level of detail included in your standup messages should reflect the project and team members you’re working with. If you’re tightly collaborating with several people, daily standups may be worthwhile. But if you’re the only person working on a project, a weekly update is more likely sufficient.

Please post updates at least once each week, as it’s worthwhile for everyone else on the team to be aware of your work. Even if nobody needs to know what you’re working on, writing some details about your work is worthwhile. Doing so increases opportunities for collaboration by informing everyone what you’re working on, what you’re struggling with, and with which technologies you’re experienced.

If you’re working on more than one project at a time, please provide details about which projects you worked on during a given week or day. This will help project leads allocate time when billing our clients.

Please post standups more frequently if team members or your project lead request it.

A typical standup should include:

Paid time off (PTO) is handled using Gusto. Members typically receive two weeks of PTO during their first year, three weeks for year two and three, and four weeks per year thereafter.

Notify your project lead in advance when you want to take PTO, and be sure to request it in Gusto while providing as much notice as possible. If you request a day off for an appointment, but then that appointment is moved to another day, please update Gusto to reflect the new date. This is important because it affects how we handle client billing.

One of the perks of working remotely is enjoying a flexible work schedule. Because of this, sometimes we’ll take off during the week but then make it up over the weekend or in the evenings—without taking PTO. Doing this depends on the demands of the project to which you’re currently assigned; for example, often we have client meetings during the week. Also, sometimes it’s convenient to work on a holiday and instead to take off another day. Feel free to do this if it works for those client projects you’re assigned.

Most importantly, whenever you go on vacation you are legally required to share a photo or short video (ideally an embarrassing one) in #vacation-pics 😜.

Our company holidays are:

If any of these holidays fall on a weekend, we observe them on the closest weekday. See the Gusto company calendar for the precise holiday schedule. Please note that this list doesn’t directly match US federal holidays. For example, we don’t observe Presidents Day nor Columbus Day, while we do observe Black Friday (not a federal holiday).

Payments and Compensation

We run payroll every two weeks using Gusto. The last payroll of the year includes any annual bonuses.

Internet and Equipment Reimbursements

We reimburse:

We’ll need receipts for one internet bill each year, and also receipts for equipment expenses. If you have multiple providers, each less than a $100, send receipts for both and we’ll reimburse you up to the maximum.

The equipment expense rolls over each year. Should you leave Innolitics, you can keep the gear purchased using the equipment reimbursement.

Retirement Savings

We have a 401(k) plan that allows for traditional and Roth contributions. We provide an automatic 3% of your salary to the plan whether or not you choose to invest. Our 401(k) plan provider is Guideline, and it has many low-fee mutual funds available. You become eligible to contribute to the plan after six months of employment.

Health Insurance

We offer health insurance to all full-time employees on our team. Our carrier is Blue Cross and Blue Shield of Texas, and we provide the following plans:

Innolitics will pay $1,196/year of the cost of health insurance, regardless of which plan you choose. If you opt out our company health insurance, we will provide a recurring reimbursement of an equivalent amount. The amount that we reimburse for health insurance will change from year to year, although we do don’t expect that it will change substantially.

Innolitics employees may contact Gusto’s Benefits Care team at benefits@gusto.com or (800) 683-8526 for questions about our insurance.

Sabbatical

An aspect of our mission is to provide flexible careers for everyone on our team. We are tentatively offering the option for everyone to take unpaid sabbaticals. This benefit is tentative because we don’t yet know how this policy will work in practice.

Yujan and David will need to approve any sabbatical. Factors we will consider include:

If you’re considering taking a sabbatical, advise us as early as possible so we can better plan. As we better understand the implications of the policy, we’ll likely add more structure to it. There is also a chance we decide we have to remove it.

Part-Time Leave

You’re entitled to take part-time leave if you’ve worked for Innolitics for a year or longer. During part-time leave you work half a normal workload; your compensation accrues at half its normal rate. On an annual basis, part-time leave is limited to one contiguous block of time ranging from two weeks to three months. To the degree possible, please communicate your part-time leave plans with David or Yujan beforehand so we can adjust client workloads appropriately.

We do not have paid parental leave.

Open Source Contributions

Each quarter we donate $500 to an open source project. We decide which project through discussions with everyone in the company. You can see previous projects we have donated to here.

Information Security

Our information security policies were created to help us protect:

Failure to follow these policies may result in disciplinary action.

Many of these policies are only required if you work with PHI.

Definitions

Health information is data in any medium that originates from a provider, insurer, or other healthcare entity, and that relates to any person’s physical or mental health, or to the billing for healthcare services.

Protected health information (PHI) means identifiable health information that can be linked to any specific person(s).

Electronic protected health information (EPHI) means PHI stored or transmitted in electronic form (e.g., on a computer hard disk).

A breach is the actual or potential acquisition, access, use, or disclosure of PHI outside of approved uses.

A workstation is an electronic computing device—for example, a laptop or desktop computer, a smartphone or other devices that perform similar functions, and any storage media that may be connected to any such devices.

A covered system is a workstation or server that may contain or store EPHI.

A covered connection may exist between a covered workstation and a source of EPHI. The following are examples of covered connections:

Workforce members are employees, subcontracted staff, or others with roles that may interface with sensitive information.

A covered workforce member is an Innolitics workforce member who is able to make a covered connection.

A project lead is the Innolitics employee (typically a partner) who is managing a particular client project.

A security incident is a potential data breach or other possible compromise in the confidentiality, integrity, or availability of protected information.

Password Management

A secure password must be at least eight (8) characters long, is unique, isn’t repetitive, and either includes multiple types of characters or is very long. These are examples of good passwords:

These are bad password examples:

Here are our policies for password management using 1Password:

If you are unfamiliar with 1Password, these video tutorials are helpful.

Although we don’t typically look at it, 1Password keeps a log of when different people log in to different Innolitics 1Password accounts, so you may not want to add personal logins to your company 1Password account. Instead, we recommend setting up a separate password manager for personal use.

Email and Web Security

Before sending a message containing sensitive information, double-check that the recipient’s address is correct. It’s helpful to mention in the message that the contents are sensitive and should not be shared with others.

One trick is create your email first without a recipient address, only adding it as a last step before sending. In this way you don’t inadvertently send an email you haven’t yet fully completed (that is, you avoid the fat finger syndrome). It also lets you be more deliberate as you double-check the recipient’s correct email address.

Spear phishing is an increasingly common tactic that can result in a compromised account, web browser, or workstation. A spear phishing message can be easily disguised to seem legitimate. Often embedded links in the message are designed to exploit a web browser, an attachment exploits the application that interprets it, or the email itself has a call to action that results in divulging information. Once it’s exploited, a workstation might download a malware payload that can execute additional instructions defined by the attacker.

Read this bulletin published by the US Department of Health and Human Services if you’re curious to learn the guidance given to the healthcare industry in general.

A variety of pretext attacks on the web are similar to phishing. Innolitics requires multiple layers of security controls to mitigate the risks of attacks such as these.

Workstation Setup

All covered workstations and systems must implement the following security controls:

  1. Require a password, fingerprint, or facial recognition to log in
  2. Automatically lock after an hour of inactivity
  3. Encrypt internal storage at rest
  4. Automatically update operating system and application security patches, or manually update them once each quarter
  5. Antimalware agents set to automatically update malware definitions

If feasible, non-covered workstations should also be configured in this way. If you opt to use manual updates, we recommend setting a repeating reminder so you don’t forget.

Working with Sensitive Information

To limit the proliferation beyond Innolitics’ control and to meet our agreements with the data originators, sensitive information should only be stored and viewed on covered workstations. Before you start working with sensitive information on a new workstation, inform your project lead so they can record details of the host for tracking purposes. We need to keep such a record to be sure it gets deleted when it’s no longer needed.

Innolitics requires the following practices when working with sensitive information:

Purging Sensitive Data

It may not be necessary to retain sensitive information when finished with a project, and it’s risky to hold on to it longer than necessary. When you’re sure the data is no longer needed, follow these guidelines to purge the files so they cannot be reconstructed, inadvertently or otherwise.

SSH

We frequently use SSH to access remote servers. Here are policies regarding its use:

Working in Public Places

Avoid working with sensitive information in a public place when feasible. If unavoidable, position your screen so it’s not easily visible by others and be careful to lock your workstation before stepping away from it. Never leave your devices unattended.

When working on a publicly shared internet connection, use a virtual private network (VPN) service to tunnel your traffic through the untrusted connection. Note that tethering to a mobile phone is a more secure option.

Annual Training and Audits

If you work with EPHI, you will need to review these documents once each year and configure your devices to meet these security guidelines. Also, your project lead or Innolitics’ security officer will ask you a series of questions regarding how your devices are set up.

This handbook is intended to provide a general overview of Innolitics’ policies and procedures. Nothing contained within it is to be interpreted as a contract, whether expressed or implied.

We may revise, suspend, revoke, terminate, change, or remove—prospectively or retroactively—any of the policies or procedures of the company, whether outlined in this handbook or elsewhere, in whole or in part, with or without notice at any time, and at Innolitic’ sole discretion.