Blog

Aptible + AWS + Telepharm Webinar

Sam Yount on June 24, 2015

This week we teamed up with AWS and TelePharm to talk about architecting for HIPAA compliance in the cloud:



Slides:


More questions from the audience:

Does data that is stored long-term in RAM (in Redis, for example) need to be encrypted, or does it only need to be encrypted when persisted to disk? Does HIPAA require that data within a VPC be encrypted? Is data considered encrypted at rest on EBS if the instance is still running?

HIPAA has no specific mandatory requirement that data be encrypted, but regulated entities must take “reasonable and appropriate” measures to safeguard PHI. Whether data is encrypted at the point of breach depends on how a potential breach occurs. It may be more helpful to take a risk-based approach, breaking potential threats into categories and asking: How likely is an attack to be attempted? How likely is it to succeed? What impact to PHI would result?

The Aptible compliance platform helps customers analyze risk using SP 800-30 Revision 1, a federal methodology developed by NIST in collaboration with the Department of Defense and the Office of the Director of National Intelligence.

How do Aptible databases work?

Databases are built from standardized images and run in private subnets, inaccessible from the outside Internet. We attach encrypted storage volumes and make nightly encrypted backups.

The Dockerfiles we use to build database images are open source and available on GitHub. If you don’t see the one you want, you can build a custom database using our specification.

Please see our Reference Architecture diagram, and contact us if you have questions.

What AWS regions is Aptible available in?

Currently any region except GovCloud and China (Beijing).

If a deployment needs to be available in Europe as well as in the US, who is responsible for where the data is stored and how PHI data flows across regions?

Aptible customers define environments for apps and databases. Those environments run in discrete geographic AWS regions that you specify. Communication across regions is routed over the Internet. You can easily and clearly control the countries and legal jurisdictions where your data is stored and moves through.

How does Aptible manage data encryption on/through ELB?

We only pass encrypted data through load balancers. SSL/TLS is terminated on the EC2 instance. (See the webinar, around 24:47.)

I work for a national MSP. I’m a certified AWS Cloud Solution Architect. I have a customer in the healthcare vertical that would benefit from moving certain workloads to AWS. Is Aptible willing to partner?

Yes, we frequently work with technical partners. Please contact us.

Will Aptible and AWS sign Business Associate Agreements?

Of course. A BAA is included with Platform and Production accounts. You can request a BAA with AWS here.

Read more

Aptible at CoreOS Fest

Sam Yount on May 6, 2015

Frank spoke at CoreOS Fest today, about how Aptible uses containers to address security and compliance objectives. [UPDATE: Check out the video below, and visit the CoreOS Fest website to see some of the other topics and speakers.]

Video:

Slides:

If you find this interesting, join us!

Read more

Aptible at AWS re:Invent

Chas Ballew on November 21, 2014

Frank spoke at AWS re:Invent last week, in a session about architecting for HIPAA compliance. The entire panel is worth watching.

Read more

How to Get Into Y Combinator

Chas Ballew on September 18, 2014

Having just come through Y Combinator, we frequently get asked whether it was worth it. The answer is absolutely yes, no hesitation. While the experience is still fresh, I want to encourage you to apply for the next cycle and give some advice for getting in.

Apply Now

You have a early-stage startup, or at least an idea for one. You know Y Combinator is fantastic: the network is legendary, the terms are fair, the other founders are incredible, and it provides an amazing lift for customer acquisition, fundraising, and recruiting.

The catch is that acceptance rates are brutal. Somewhere below 3% of applicants get an offer.

Should you skip this application cycle and apply later, when your company is more mature?

No.

You should apply now, even if you don’t think you are ready.

There are two main reasons for this:

The application process itself is valuable. Preparing the application requires you to think carefully about your idea, your company, your market, your team, and the obstacles in your way. Forcing yourself to reflect honestly is painful, but extremely beneficial. Seize the opportunity to do it now.

You have a better chance than you think. The traits YC looks for in companies and founders are well-known and addressable. By “well-known,” I mean go read PG and Sam’s essays. By “addressable,” I mean you can improve your chances with focused work and practice. If your company doesn’t have the ideal characteristics, you can acquire the important ones. If you have the right ingredients, you can learn to convey that clearly and concisely.

That’s why you should apply now.

Here’s how to get in:

Step 0: Make something people want.

That’s it!

I’m kidding but not really.

“Make something people want” is YC’s motto. It’s also what they look for in companies. It’s not always sufficient, but it is necessary. If you do it, the rest can fall into place. If you don’t do it, you’re toast. Or Clinkle.

Others have written about how to find something to make that people want. I won’t get into that here, but I will add that most of the YC application process reduces to proving you’ve made something people want.

How do you prove it? Having paying customers is convincing. Having a lot of users is also convincing.

Showing that people want something similar to what you made or that you could make something people want are not convincing.

Sign contracts, take preorders, get LOIs, fill a waitlist, collect emails from customers saying how they can’t wait to pay you. Stop reading this and go do whatever you can to prove people want what you make. Now!

Step 1: Apply

Now, armed with proof that you make something people want, you are ready to apply.

Spend time thinking carefully about the questions. Don’t spend any time trying to game the application.

Some tips:

  • Be honest with yourself. You know what your weaknesses are. Don’t shy away from them, but don’t waste too much time worrying if you can’t change them. For example, when we submitted our application, Aptible had no paying customers. We work in a regulated industry (healthcare) where getting security and stability right is critical, and we were confident that waiting was the right choice.
  • Use every question to show that people want what you make. We made sure to explain what our waitlist looked like and how many customers had signed contracts to pay soon.
  • One or two sentences is fine for most answers. Be clear and direct, then move on.
  • Don’t overthink the video. Introduce yourselves, briefly explain what you’re working on, and spend the rest of your time explaining how you know people want what you make. Follow the instructions. Here’s our video.

Step 2: Interview

The application questions are a subset of the questions you may be asked at an interview.

Before our interview, Frank and I:

  • Collected all of the known Y Combinator interview questions we could find
  • Wrote out 1-2 sentence answers
  • Agreed on which founder would lead on the answer, and
  • Practiced with flash cards until we could answer every question fluently

Writing your answers out will help you formulate concise, consistent responses.

To test our fluency, we did mock interviews with each other, with our startup/tech friends, and with YC alums.

Mock interviews are the best way to practice. You will be shocked and disappointed by how incompetent you sound at first. Don’t worry, you’ll improve dramatically with repetition.

As one of our investors puts it, “You’re going to be telling people what you do eight times a day for the rest of the company’s life. Get good at it.”

Below are the questions we used to prepare. I don’t remember where we found each one, so apologies to the original sources. I’ve grouped them into categories by how important I think they are. The groups are my own and do not reflect YC’s views.

Remember: One or two sentences each. If you prepare longer answers, you’ll be flustered when the YC partners cut you off to ask another question. James Cunningham and Colin Hayhurst (GoScale, S12) built a fun app with a timer to help you practice concise answers.

Critical questions

These are the most important questions. They are all different ways of determining if you make something people want. You need to have a good answer, or an excellent reason for not having an answer. Many of these are in the application itself.

  1. What are you working on?
  2. Who would use your product?
  3. How do you know customers need what you’re making? How do you know people want this?
  4. How will you make money?
  5. How much money could you make per year?
  6. Why isn’t someone already doing this?
  7. Why will you succeed over others? What do you understand that others don’t?
  8. What have you learned so far from working on your product?
  9. How much does customer acquisition cost?
  10. How many users do you have?
  11. Where do new users come from? How do users find out about you?
  12. How are you meeting customers?
  13. What is your distribution strategy? How will you grow?
  14. What makes new users try you?
  15. Why do the reluctant users hold back?
  16. What is your growth like?
  17. What is your user growth rate?
  18. What’s the conversion rate?
  19. How many users are paying?
  20. Who is going to be your first paying customer?
  21. What resistance will users have to trying you and how will you overcome it?
  22. How are you understanding customer needs?
  23. What are the top things your users want?
  24. What has surprised you about user behavior?
  25. What’s new about what you make?
  26. What problems and hurdles are you anticipating? How will you overcome them?
  27. Six months from now, what’s going to be your biggest problem?

Important questions

These questions concern narrative, team, and tactics. They are important, but only if you make something people want first.

  1. Why did you choose this idea? Why did you pick this idea to work on?
  2. Where is the rocket science here?
  3. How does your product work in more detail?
  4. What do you understand about your users? What domain expertise do you have?
  5. What are the key things about your field that outsiders don’t understand?
  6. What’s an impressive thing you have done?
  7. How did your team meet?
  8. Why did your team get together?
  9. Who in your team does what?
  10. Who would you hire or how would you add to your team? Who would be your next hire?
  11. What part of your project are you going to build first? What are you going to do next? What is the next step with the product evolution?
  12. If your startup succeeds, what additional areas might you be able to expand into?
  13. Who are your competitors?
  14. Who might become competitors?
  15. What competition do you fear most?
  16. What is your burn rate?
  17. How long can you go before funding?
  18. Have you raised funding?

Answered questions

These are questions that have a correct answer.

  1. What will you do if we don’t fund you? Keep working on this, because it’s a good idea that we can execute.
  2. Would you relocate to Silicon Valley during YC? Yes.
  3. Who is “the boss”? (Agree on one founder.)

Trouble questions

If you get asked these in an interview, either you’re not doing well or you’re being tested. Try to preempt them with good answers to the more critical questions.

  1. How do we know your team will stick together? Will your team stick at this?
  2. What else have you created together?
  3. Are you open to changing your idea?
  4. Someone just showed us an idea like this right before you guys. I don’t like it. What else do you have?

Softballs

Have answers, but don’t stress about these questions.

  1. What systems have you hacked?
  2. Tell us about a tough problem you solved?
  3. In what ways are you resourceful?
  4. What is something surprising you have done?
  5. What’s the funniest thing that has happened to you?
  6. What’s the worst thing that has happened? What’s the biggest mistake you have made?

Step 3: Start Now

Step 3 might be “Accept”, but if you interview, you should have already decided. You give up ~7% of the company for $120k in funding. YC will increase the value of your company by much more than 7%, without question. You will not get a better deal from fairer, more transparent partners anywhere.

You will only have about 100 days between getting accepted and Demo Day to make the most convincing case possible to investors. If you don’t get in, you have about 200 days to prove you can make something people want before you can apply again. Start now.

p.s.

Good job on making it to the end! Feel free to ping me on Twitter or with the contact link above if you have questions. After interview invitations go out, I’ll volunteer a limited number of mock interview spots on Twitter.

You can find the Hacker News discussion for this post here.

Update - October 29, 2016: Formatting edits.

Read more

Hello World

Chas Ballew on August 4, 2014

YES! Finally! The Aptible team and I are very happy to announce our public launch.

Frank and I started Aptible because we saw how difficult it was for technology companies to navigate the regulatory environment in healthcare. We believe that many of the most intractable problems in healthcare can be addressed with great technology, and we are working to empower smart, dedicated people to tackle them.

For the last few months, we have been working closely with a group of companies that represent the future of digital health. We are looking forward to telling you their stories in the coming weeks.


We are also excited to announce our relationships with three fantastic organizations:


Aptible is proud to be part of Y Combinator’s S14 batch. All of the partners have been amazing - YC is one of those rare organizations that is every bit as great on the inside as you hope it would be from the outside. Thanks especially to Justin, Garry, Kat, Jon, and Aaron for helping us prepare for this launch.


We are also part of the seventh Rock Health class. Rock Health is the premier advocate for digital health. Their entire team has been wonderful and made it a joy to come to the office every day. We are particularly grateful to Mollie, Halle, and Malay for their help so far.

Cooper is the top user experience design firm in the country. Through a partnership with Rock Health, they are helping us turn some incredibly complex regulatory and technical applications into beautiful, usable, intuitive tools that delight our customers. Lauren Ruiz and Doug LeMoine have been especially generous with their time, and we thank them!


Today is the beginning of something very special. With an incredible team and the support of our customers and partners, we are going to rapidly accelerate the adoption of technology in healthcare, and help a lot of people on the way. If you want to be part of this, let us know, or email me at chas@aptible.com.

Read more