Our mission is to accelerate progress in medical imaging by
We do so while providing meaningful, flexible, and financially rewarding careers to our team.
This handbook describes how we develop great software while maintaining enjoyable, flexible, and financially rewarding careers. We wrote it for a few different audiences.
This handbook is hosted in a git repository. If you have a question that you wish the handbook answered, let us know. Please make a suggestion in #general if you’re a team member, or email us. Team members can also submit pull requests with proposed changes.
Please note that links to the GitHub repository, Slack, and Google Drive are only accessible to Innolitics employees.
Our values guide our work. They are a starting point for conversation, although we recognize they can be in tension with one another. Our company values are to:
We suspect most of these values are not controversial. Still, if you disagree with any of them, or if you would like us to add or modify any of them, please initiate a discussion! Here are a few examples of how our values have changed over time:
After we hired our first developer, we added “We love working with talented people, regardless of their age, ethnicity, sexual-orientation, or background”. A few months later we added “gender” to the list.
We added “We financially contribute to open source projects that we use” to the list because, as a profitable company that uses many such projects, we feel we should give back.
We clarified “We write automated tests to ensure our code works (and continues to work)” by rewriting it as “We write automated tests to guide our design and ensure our code continues working.” This is to highlight our belief that tests not only help catch bugs but also improve our designs.
Originally, one of our values read: “We don’t prescribe solutions to problems; we allow developers to independently discover their solutions first”. After some discussion, we changed this to: “We avoid prescribing solutions to problems upfront; instead we prefer to let developers independently explore their ideas first.”
We did this because we realized that sometimes it’s too time consuming to let everyone to explore their solution—especially junior developers working on problems that have been solved many times already. Here, we believe it can make sense for the more experienced developer to prescribe a solution upfront. We prefer to have junior developers find their solution first because it’s educational and can lead to better solutions (perhaps a new technology was recently developed, or the junior developer comes up with a new approach).
This last example highlights that many situations we run into as developers aren’t black-and-white. Our values form a foundation for discussion, but are often in tension with one another. Another example of this tension can be seen between “We experiment with new technologies to know the best tool for the job” and “We use technologies with our client’s best interest in mind, even if said technologies are less appealing to us as developers.”
Most importantly, if you feel we aren’t following our values, say something! It’s essential that you say what you think. For example, several months after adding our commitment to contribute to open source software, we still hadn’t done so. Someone brought this up, and in response we set up our open source contribution page.
We love developing medical imaging software. Our work helps doctors diagnose and treat clinical patients and assists researchers in making breakthroughs in the lab. We believe that software has the potential to transform the medical imaging industry, and we’re excited to be front and center in this transformation.
Medical imaging software is a specialized field, so we don’t expect everyone who joins our team to have a strong background in it. Many of our projects have challenges that aren’t unique to medical imaging. That being said, you do need to be interested in medical imaging, have some mathematical background, and have a desire to learn more to be a successful part of our software team.
Occasionally we accept projects that are outside of the medical imaging domain if there is a strategic business reason to do so.
We are a remote-only company. We don’t have a central office, and most of our communication occurs in Slack, video calls, and email.
A remote-only company encourages everyone to focus on their value-add instead of hours worked; value-add is more visible than extended hours in a remote setting.
It’s more difficult to develop strong relationships with remote teammates because we can’t grab a beer after work or chat in person. There are a few ways we alleviate this. The first is via conversations on #random. Next are our 10x discussions about various medical imaging and programming topics. Finally, we have retreats once a year. More about these last two items in a bit.
We don’t have physical offices where we can hang labor law posters, so we store them online in a Google Drive folder. Those in the root folder are federal labor law posters. State- and city-specific documents are contained in subfolders. Please review the posters for your state; ask if you have any questions.
Part of our mission is to provide flexible working conditions for everyone on our team, including the flexibility to move without changing jobs.
If you move within the same state, please be sure to update your address in Gusto.
If you’re considering moving to another state, please discuss this with a partner. Due to complicated labor laws and tax implications that vary by state, we can’t guarantee we can support every move. The chances are high that we can, and we’ll try hard to make it work one way or another, but the earlier you discuss your proposed move, the better.
We’re a small team of eleven full-time members as of February 2020. We plan on substantially growing the company over the next few years.
Working on a small team means we have relatively little structure and more personal responsibility. As an early member of our team, you’ll have the opportunity to grow with the company and influence how it develops.
We work on projects of varying sizes. Our typical engagement lasts about a year, although we’ve been working with a few for several years. Typically, you’ll be assigned to a single project at a time.
Each project has a project lead who is ultimately responsible for its success. This person’s responsibilities include:
We usually have client progress meetings on Mondays, with additional meetings as necessary in any given week.
On Wednesdays from 2:30 – 5:00 PM CT we have 10x time (we choose Wednesdays so we can travel on Monday or Friday). We don’t bill clients for 10x time, so use the entire session for reading or learning, even if you’ve completed all of the weekly reading material.
Some weeks we’ll cancel 10x time if there is an impending deadline or many staff are on vacation. When this occurs everyone is expected to continue working on client projects. We don’t have a 10x time during the week of Thanksgiving or the Wednesday in between Christmas and New Years.
We experiment with different formats, but most often we:
We try to pick topics that are fun, interesting, and will make us better developers. Please feel free to suggest topics in #learning. If we end up using your suggestion, please add a new item to our list of previous discussions. We try to choose the discussion material or mini-project on Friday afternoon of the previous week. You can see a list of our previous discussions here.
If we’re having a good discussion, we’ll often go 15 minutes or so past 5:00. If you have plans and need to duck out, but can’t get a word in to say so, just drop out of the call and leave a comment in Slack; everyone will understand.
In addition to 10x time, another great way to continue learning and growing is to write articles for our website. Although articles are written outside of working hours, we do provide bonuses for writing articles.
See this page for details about the process.
Meant for Innolitics employees only, we meet once each year to have some fun and get face time with one another. Each retreat usually begins Thursday afternoon and ends Saturday afternoon, with the destination usually changing. The company covers your travel, housing, and food. People often delay their flight back and make a long weekend or vacation out of the trip.
Unless there is a very good reason (and please let us know as soon as possible), everyone is expected to attend each retreat.
You can view (and upload) photos from previous company retreats and events here. Please do not share these photos on social media.
We usually work remotely. However, sometimes our client work also requires us to travel for kickoff or design meetings. Usually these sessions are short (just a few days), with such meetings being rare. We expect every team member to be able to travel from time to time within the US.
When you travel, keep receipts for food, transportation (e.g., flights, parking, Ubering to the airport), and accommodation expenses. We can’t reimburse you without receipts, so please be diligent in keeping them!
Please use your best judgment when purchasing food, flights, and hotels. Keep in mind your time is valuable. It’s worth spending an extra $150 to get a direct flight or to avoid having to fly out at an uncomfortably early time. Ask David or Yujan if in doubt.
If you’re driving your own car, track how many miles you drive—ideally by taking a photo of your car’s odometer at the beginning and end of your trip. We use the mileage numbers to calculate the IRS standard mileage rates for reimbursements, which was $0.58/mile in 2019. Note that the standard mileage rates include the cost of gas, so please do not include fuel receipts.
You must create an expense report to be reimbursed. We allow a few different ways to create these, as described below. Pick the option that works best for you. After submitting your report, expect to be reimbursed on the next payroll cycle. If you’re traveling and need to purchase a flight, send an expense report just for your flight and a second detailing all of your other travel expenses.
If you only have one or two receipts, email them directly to
email@example.com (note that you must use an Innolitics email address).
Download the free Expensify app. After creating an account, you can:
firstname.lastname@example.org(this is convenient for flight and hotel receipts in emails)
Once all of your receipts are uploaded, download a PDF copy of the report and email it to
Alternatively, fill out this spreadsheet and send it with your receipt images to
While we value having a flexible work schedule, this doesn’t mean we can work anytime we wish.
Innolitics has both mid-year and end-of-year reviews.
When you join our team, we’ll set up a GitHub repository which will only be visible to partners and you. For now, these repositories will contain a single file,
Reviews occur as follows:
At least one day prior to the review, read through the questions below and write responses in your
Please read through our Coding Philosophy and Best Practices.
Email is best for non-urgent communication that requires a formal or well thought-out response.
Our preferred email signature is:
Job Title, Innolitics
+1 (###) ###-####
Our preferred email signature when communicating with possible sales leads is:
Job Title, Innolitics
Medical Imaging Software Services
+1 (###) ###-####
Slack is best for most everyday communication. Here are some rules of thumb for its use:
In a remote working environment, a Slack mention is the equivalent to walking over to someone’s desk and tapping on their shoulder. The impetus is on everyone to not overuse mentions as they can be disruptive. But when someone does mention you, you’re at your desk and not participating in a call, try to respond quickly! The best way to do so is to use Slack desktop notifications (and audible notifications, if necessary).
To avoid being inundated with notifications, we suggest configuring Slack preferences to only notify you about Direct messages, mentions & keywords. You can set this from your Slack preferences. This article has more details. If you have any channels where you want to be notified of all messages (e.g. a client’s channel), use the channel-specific notification preferences to turn them on for Every new message.
If you need a solid block of time free from interruptions to focus on a technical problem, we suggest setting your status to indicate as such. You might use the robot icon for this (e.g.,
/status :robot_face: head down coding).
We use Slack for most video calls; we use Google Meet as a backup.
If someone asks you if you want to jump on a call, by convention you should respond simply by starting the call.
When on a video client call with a client, please follow some etiquette:
Quality technical work does not equal quality service.
While our clients care about the technical quality of our work, it’s often the level of service we provide that makes them enjoy working with us.
Clients really appreciate clear and prompt communication. Respond to their emails promptly during the business week, even if it’s only to say that you’ll respond in full as you’re able to do so. By promptly, we mean responding to clients is more important than nearly anything else you may be doing. It’s your responsibility to set up your email and Slack notifications so you’re able to do this.
Be sure to read client emails slowly and completely so you’re certain you address each of their questions and concerns. It’s easy to miss important details or comments after the end of a long quotation block. We strongly recommend rereading client emails twice to be sure you caught everything.
When asking questions of clients, first be sure there isn’t a simple way for you to answer each question on your own by asking another Innolitics team member or by searching Google. Our clients’ time is valuable.
Informal writing is sufficient for internal emails. But when emailing clients, please pay extra attention to your grammar and spelling. Never send any email without first rereading it. It’s all too easy to leave out a word here or there, or to use an incorrect word (e.g., affect when you mean effect). This website provides many common errors, some of which we see every day (e.g., it’s is a contraction meaning “it is,” whereas its is the possessive form of “it”). Such an error reflects poorly on the entire company; recipients may wonder about the diligence we take in working on their projects when they read anything from us that contains such mistakes.
We highly recommend using a tool such as Grammarly to double-check your writing. Let us know and we’ll set up an account for you to use.
Consider the tone of your outbound emails. Because no one can see your facial expression or body language, too often a given phrase—such as one that may possibly be interpreted as being harsh or condescending—might cause an undesired reaction from your recipient. This is why emoticons (a.ka., emoji) were created; use them judiciously (but sparingly) to add clarity.
It’s usually best to include a time zone when indicating times. That said, assume that times are Central time (CT) in the absence of a specific time zone.
Do not specify standard or daylight time. Too many times someone might cite CST when daylight time is in effect. In that event CDT would be technically correct, but referring to the always-correct CT is adequate—recipients will know when daylight savings time is in effect. (Note that some places, such as Arizona, never adjust for daylight savings time. In relation to the rest of the US, part of the year the state is on Mountain time, the remainder it’s on Pacific time.)
To retain flexible work schedules, we do not have a morning “standup” unless a client requests one. Instead, we post our progress in the Slack #standup channel.
The frequency and level of detail included in your standup messages should reflect the project and team members you’re working with. If you’re tightly collaborating with several people, daily standups may be worthwhile. But if you’re the only person working on a project, a weekly update is more likely sufficient.
Please post updates at least once each week, as it’s worthwhile for everyone else on the team to be aware of your work. Even if nobody needs to know what you’re working on, writing some details about your work is worthwhile. Doing so increases opportunities for collaboration by informing everyone about what you’re working on, what you’re struggling with, and with which technologies you’re experienced.
If you’re working on more than one project at a time, please provide details about which projects you worked on during a given week or day. This will help project leads allocate time when billing our clients.
Please post standups more frequently if team members or your project lead request it.
A typical standup should include:
Paid time off (PTO) is handled using Gusto. Members typically receive two weeks of PTO during their first year, three weeks for year two and three, and four weeks per year thereafter.
Notify your project lead in advance when you want to take PTO, and be sure to request it in Gusto while providing as much notice as possible. If you request a day off for an appointment, but then that appointment is moved to another day, please update Gusto to reflect the new date. This is important because it affects how we handle client billing.
One of the perks of working remotely is enjoying a flexible work schedule. Because of this, sometimes we’ll take off during the week but then make it up over the weekend or in the evenings—without taking PTO. Doing this depends on the demands of the project to which you’re currently assigned; for example, often we have client meetings during the week. Also, sometimes it’s convenient to work on a holiday and instead to take off another day. Feel free to do this if it works for those client projects you’re assigned.
Most importantly, whenever you go on vacation you are legally required to share a photo or short video (ideally an embarrassing one) in #vacation-pics 😜.
Our company holidays are:
If any of these holidays fall on a weekend, we observe them on the closest weekday. See the Gusto company calendar for the precise holiday schedule. Please note that this list doesn’t directly match US federal holidays. For example, we don’t observe Presidents Day nor Columbus Day, while we do observe Black Friday (not a federal holiday).
We run payroll every two weeks using Gusto. The last payroll of the year includes any annual bonuses.
We’ll need receipts for one internet bill each year and for any reimbursable equipment expenses. If you have multiple providers, each less than $100, send receipts for both, and we’ll reimburse you up to the maximum.
The equipment expense rolls over each year. Should you leave Innolitics, you can keep the gear purchased using the equipment reimbursement.
We have a 401(k) plan that allows for traditional and Roth contributions. We provide an automatic 3% of your salary to the plan whether or not you choose to invest. Our 401(k) plan provider is Guideline, and it has many low-fee mutual funds available. You become eligible to contribute to the plan after six months of employment.
We offer health insurance to all full-time employees on our team. Our carrier is Blue Cross and Blue Shield of Texas, and we provide the following plans:
Innolitics will pay $1,196/year of the cost of health insurance, regardless of which plan you choose. If you opt out our company health insurance, we will provide a recurring reimbursement of an equivalent amount. The amount that we reimburse for health insurance will change from year to year, although we do not expect that it will change substantially.
Innolitics employees may contact Gusto’s Benefits Care team at email@example.com or (800) 683-8526 for questions about our insurance.
An aspect of our mission is to provide flexible careers for everyone on our team. We are tentatively offering the option for everyone to take unpaid sabbaticals. This benefit is tentative because we don’t yet know how this policy will work in practice.
Yujan and David will need to approve any sabbatical. Factors we will consider include:
If you’re considering taking a sabbatical, advise us as early as possible so we can better plan. As we better understand the implications of the policy, we’ll likely add more structure to it. There is also a chance we decide we have to remove it.
You’re entitled to take part-time leave if you’ve worked for Innolitics for a year or longer. During part-time leave you work half a normal workload; your compensation accrues at half its normal rate. On an annual basis, part-time leave is limited to one contiguous block of time ranging from two weeks to three months. To the degree possible, please communicate your part-time leave plans with David or Yujan beforehand so we can adjust client workloads appropriately.
We do not have paid parental leave.
Each quarter we donate $500 to an open source project. We decide which project through discussions with everyone in the company. You can see previous projects we have donated to here.
Our information security policies were created to help us protect:
Failure to follow these policies may result in disciplinary action.
Many of these policies are only required if you work with PHI.
Health information is data in any medium that originates from a provider, insurer, or other healthcare entity, and that relates to any person’s physical or mental health, or to the billing for healthcare services.
Protected health information (PHI) means identifiable health information that can be linked to any specific person(s).
Electronic protected health information (EPHI) means PHI stored or transmitted in electronic form (e.g., on a computer hard disk).
A breach is the actual or potential acquisition, access, use, or disclosure of PHI outside of approved uses.
A workstation is an electronic computing device—for example, a laptop or desktop computer, a smartphone or other devices that perform similar functions, and any storage media that may be connected to any such devices.
A covered system is a workstation or server that may contain or store EPHI.
A covered connection may exist between a covered workstation and a source of EPHI. The following are examples of covered connections:
Workforce members are employees, subcontracted staff, or others with roles that may interface with sensitive information.
A covered workforce member is an Innolitics workforce member who is able to make a covered connection.
A project lead is the Innolitics employee (typically a partner) who is managing a particular client project.
A security incident is a potential data breach or other possible compromise in the confidentiality, integrity, or availability of protected information.
A secure password must be at least eight (8) characters long, is unique, isn’t repetitive, and either includes multiple types of characters or is very long. These are examples of good passwords:
ilovetowritehighqualitycode(is very long)
@B1heul!l1(uses special characters and numbers throughout)
These are bad password examples:
hola123!(many people put special characters and numbers at the end)
@B1heul!l2(fine normally, unless you also use
Here are our policies for password management using 1Password:
If you are unfamiliar with 1Password, these video tutorials are helpful.
To the best of our understanding, any passwords contained in your private vault can not be accessed by anyone else at Innolitics. However, 1Password has an activity log that records when you add or edit items in your personal vault. We don’t typically look at this, but if you are concerned about privacy, you may not want to add personal logins to your company 1Password account.
Before sending a message containing sensitive information, double-check that the recipient’s address is correct. It’s helpful to mention in the message that the contents are sensitive and should not be shared with others.
One trick is create your email first without a recipient address, only adding it as a last step before sending. In this way you don’t inadvertently send an email you haven’t yet fully completed (that is, you avoid the fat finger syndrome). It also lets you be more deliberate as you double-check the recipient’s correct email address.
Spear phishing is an increasingly common tactic that can result in a compromised account, web browser, or workstation. A spear phishing message can be easily disguised to seem legitimate. Often embedded links in the message are designed to exploit a web browser, an attachment exploits the application that interprets it, or the email itself has a call to action that results in divulging information. Once it’s exploited, a workstation might download a malware payload that can execute additional instructions defined by the attacker.
Read this bulletin published by the US Department of Health and Human Services if you’re curious to learn the guidance given to the healthcare industry in general.
A variety of pretext attacks on the web are similar to phishing. Innolitics requires multiple layers of security controls to mitigate the risks of attacks such as these.
All covered workstations and systems must implement the following security controls:
If feasible, non-covered workstations should also be configured in this way. If you opt to use manual updates, we recommend setting a repeating reminder so you don’t forget.
To limit the proliferation beyond Innolitics’ control and to meet our agreements with the data originators, sensitive information should only be stored and viewed on covered workstations. Before you start working with sensitive information on a new workstation, inform your project lead so they can record details of the host for tracking purposes. We need to keep such a record to be sure it gets deleted when it’s no longer needed.
Innolitics requires the following practices when working with sensitive information:
It may not be necessary to retain sensitive information when finished with a project, and it’s risky to hold on to it longer than necessary. When you’re sure the data is no longer needed, follow these guidelines to purge the files so they cannot be reconstructed, inadvertently or otherwise.
shred -uto delete a filesystem handle and overwrite the file data multiple times.
We frequently use SSH to access remote servers. Here are policies regarding its use:
Avoid working with sensitive information in a public place when feasible. If unavoidable, position your screen so it’s not easily visible by others and be careful to lock your workstation before stepping away from it. Never leave your devices unattended.
When working on a publicly shared internet connection, use a virtual private network (VPN) service to tunnel your traffic through the untrusted connection. Note that tethering to a mobile phone is a more secure option.
If you work with EPHI, you will need to review these documents once each year and configure your devices to meet these security guidelines. Also, your project lead or Innolitics’ security officer will ask you a series of questions regarding how your devices are set up.
This handbook is intended to provide a general overview of Innolitics’ policies and procedures. Nothing contained within it is to be interpreted as a contract, whether expressed or implied.
We may revise, suspend, revoke, terminate, change, or remove—prospectively or retroactively—any of the policies or procedures of the company, whether outlined in this handbook or elsewhere, in whole or in part, with or without notice at any time, and at Innolitics’ sole discretion.