Compliance Through Code Quality: How Codacy Helps Keep InsideTracker’s Sensitive Customer Data Secure
InsideTracker (Segterra) is a personalized health analytics platform that examines and tracks key body biomarkers to create custom wellness guides for its customers.
Data doesn’t get much more personal or sensitive than a person’s bloodwork, DNA, and daily habits, which is precisely the type of information the platform tracks.
We spoke with Yan Dyshkalps—InsideTracker’s Director of Technology Research, Architecture, and Infrastructure—to understand how Codacy has helped his team keep customer data secure and compliant in the highly regulated world of healthcare data and analytics.
HIPAA and More: How InsideTracker Stays Ready for Audits
A platform like InsideTracker has plenty of compliance mandates to adhere to. One is SOC2 (Service Organization Control Type 2), a cybersecurity compliance framework that ensures companies are storing and processing customer data securely.
Another one is HIPAA (Health Insurance Portability and Accountability Act) compliance, which requires companies with access to protected health information (PHI) to implement key security measures into their networks and processes.
Failure to comply with HIPAA can result in losing your customers’ trust and your company’s credibility. You could also be heftily fined. HIPAA reported that settlements and civil monetary penalties totaled almost $2 million in the first seven months of 2023 alone.
InsideTracker takes no chances when obtaining all necessary certifications and carefully handling their customer’s highly sensitive health data. They needed a failsafe—a partner that would decrease the chances of code errors and security vulnerabilities slipping through the cracks.
“To go through and check the entire codebase every day is impossible. We’re all humans. I can miss something, and my team can miss something as well. That’s why Codacy has been really handy. Having an automated tool for this really helps,” Dyshkalps said.
“Safety First” as a Guiding Principle
HIPAA compliance is obviously crucial for InsideTracker, but it’s not their highest priority. Their main concern is keeping client data secure. Dyshkalps believes that if the focus is placed on identifying and removing security vulnerabilities, the compliance audits will take care of themselves.
“First of all, for us, the main thing is getting rid of the vulnerabilities. I don’t care so much about the audit as I care about being safe. Audits are secondary, safety comes first,” he said.
Codacy helps InsideTracker prioritize code quality and safety, allowing them to identify security vulnerabilities, bugs, and potential bottlenecks in their codebase and fix them.
The InsideTracker team believes so much in Codacy that they actually show screenshots of the Codacy dashboard to auditors.
“We usually do a couple of screenshots, one for the static code analysis and the other for vulnerabilities that have been found and fixed,” Dyshkalps said.
Slow but Certain Team-Wide Adoption
Codacy has slowly but surely become an integral part of the development process at InsideTracker. According to Dyshkalps, senior members of the development team were able to quickly recognize the benefits of the platform and were on board from the get-go. Some of the younger team members were a bit skeptical.
“A few people, especially juniors, were against it. But with time, they could see how it’s useful,” he said.
Codacy can also be used as a great teaching tool for inexperienced coders, giving them suggestions on how they can improve their code. Over time, the entire InsideTracker team bought in.
“Now everyone uses it. Everyone looks at the reports and tries to understand where weaknesses lie in their code and what can stand to be improved.” Dyshkalps concluded.
When security and compliance are absolute priorities, your development team can’t afford to cut corners. Codacy Quality can help you run a tight ship. Our platform catches vulnerabilities your team might miss, offers secure fixes for these issues, and keeps security top-of-mind within your team by sending regular reminders to perform security checks.
To see how Codacy Quality can help keep your code clean and secure, sign up for a 14-day trial today.