DEV Community: adhistac

Continuous Integration for Documentation

adhistac — Thu, 11 Feb 2021 05:08:56 +0000

In the software industry, documentation is started usually after a developer writes code and the bugs are fixed. This approach's prevailing problem is that documentation is an afterthought and long release cycles more likely result in inaccurate docs.

What we need to understand is that documentation is not overlooked; however, the workflow is. To document, you need to switch tools. Hence, this switch of context pushes the whole process of documentation to the very end. As of now, the integration of documentation in a continuous workflow is of utmost importance.

Continuous integration (CI) means code is continuously tested, integrated, and merged. While Continuous Deployment (CD) means code is continually deployed with each patch. For documents, CI and CD include the building, testing the content, reviewing, versioning, and publishing the full artifact for each patch.

When we treat documents like code, the integration of them becomes faster. Nowadays, source code based documentation generator like markup languages, latex, pydoc, and javadoc is gaining popularity. Documents like code are always versioned and stored in the version control system. Also, the artifacts for the documents are automatically generated. Furthermore, document files are meticulously reviewed and tested for their accuracy and functionality in the continuous workflow. Overall, there is less human intervention.

To sum up, this practice results in the creation of uniform documents. It also promotes collaboration with the developers by tracking each documentation mistake as a bug. So, applying the software engineering practice to documentation empowers developers to start documenting, which makes the collaboration convenient.

Understanding HIPAA Compliance

adhistac — Fri, 05 Feb 2021 11:35:11 +0000

Last week, I completed a short course on Understanding HIPAA Compliance. This blog summarizes my learnings from the course.

The US Health Insurance Portability and Accountability Act or HIPAA was signed into law on August 21, 1996, by then President Bill Clinton. Overall, it outlines a set of national standards to be abided by the healthcare organizations to maintain the security and confidentiality of sensitive patient information. It covers any type of health-related data, be it physical or electronic. HIPAA gives control to patients over their health-related information and penalties have also been defined in the case of violation.

Initially, HIPAA was introduced to reduce the cost, maintain the privacy of the patient's health-related information, and simplify the administrative processes. Over time, the objectives of HIPAA has changed. Now, HIPAA assures portability ensuring that individuals can maintain health insurance during the job, at the time of job change, or while unemployed. Furthermore, HIPAA assures accountability while maintaining or transmitting health-related information.

Who has to be HIPAA compliant?

Anyone dealing with handling, processing, and transmitting health-related data including, health care providers (doctors or nurses), clearinghouses (public or private), and health plans.

PHI

HIPAA deals with maintaining the security and integrity of PHI, also known as Protected Health Information or Personal Health Information. Simply put, any information that can lead to identifying an individual is called PHI. This information is used, stored, transferred, processed, maintained by health care providers, insurers, and their business partners. It includes information such as the patient's name, date of birth, demographics, medical history, health conditions, insurance information, email address, invoices, treatment details, medical test results, biometric identifiers, etc. These data can be either written, verbal, audio, video, image, or stored in an electronic device.

Unauthorized access, use, distortion, destruction, and sharing of PHI without the consent of the patient is PHI misuse. There is a high risk of PHI misuse. Hence, protected PHI fuels the willingness of the patient to share their information.

Importances of HIPAA

It streamlines the administrative functions.
It ensures PHI confidentiality, availability, and integrity.
It ensures the common data format is followed.
It keeps a check on violations and refrains organizations and individuals from sharing sensitive information intentionally or unintentionally.
It gives patients the right to monitor their health information.
It ensures that the patients get a copy of their health information in case they want to approach a new health care provider.

Some HIPAA Terminologies

Use: PHI should be used within an organization and only for the reason it has been collected.
Disclosure: PHI can only be disclosed after an individual authorizes or in exceptional situations when required by law or for treatment.
Incidental disclosure: Some amount of information about the patient may be disclosed to the people nearby when the patient is being attended to.
Minimum necessary: Only the information required to satisfy the intended purpose should be disclosed.
Role-based access: The access to PHI is given based on the role. For example, a doctor has a different level of access than the front-desk officer.
Covered entity: Covered entity can be anyone providing the health care treatment, managing health care services, or carrying out operational activities, and have access to the PHI. The covered entity should strictly abide by the HIPAA rules.
Business associates: Business associates access or provide service to the covered entities. The business associate must have a contract with the covered entities to fully access and use PHI, ensuring confidentiality, privacy, and protection. For example, a data storage company that maintains PHI on behalf of a covered entity.

HIPAA Rules

Electronic data interchange rule: This rule came into existence in 2002. In the earlier days, all the transactions were documented physically. After the advent of technology, the billing, coding of health-related data, and administrative processes were handled digitally.

Hence, a set of rules were standardized to handle the digital exchange of a patient's health information. The transaction and code set standards aided in maintaining the same software and data structure across the industry maintaining PHI, ultimately increasing the efficiency.

Privacy Rules: This rule came into effect in 2003. It was introduced to safeguard and maintain the privacy of PHI. It defines that a patient has the right to know about their health and how the health information is being used. It is applicable to covered entities and their business associates or anyone who stores, processes, or transmits the information in any form. Patients rights under HIPAA's privacy rules are as follows:
Control or restrict the use and communication of information
Request for disclosure history
Access and review the information and can request corrections
Request a copy of a medical record
Request the notice of privacy practices
File complaints

Furthermore, health care providers must follow the following business practices to ensure the disclosure of minimum information:

Only minimum information can be shared.
The internal protection of PHI must be ensured.
The employees must be trained to protect PHI.
The client should be informed about the business procedure.
Written consent should be obtained from the client to use and disclose the PHI.
Maintain the confidentiality and security of PHI.

To safeguard the PHI, the patient must make sure not to disclose any information unless needed through verbal, written, or electronic means of communication.

Verbal: The patient must not discuss the PHI in public and make sure the information is not overheard.
Written: The patient must securely shred all the documents and must not leave any documents for public access.
Electronic means of communication: The patient must securely dispose of the electronic means of communication and log off the computers when not in use.

PHI can only be disclosed when required by law or government, when it is shared with the patient, for the payment or reimbursement of services, in the case of organ donation, etc.

Security Rule: This rule came into effect in 2005. It focuses on confidentiality, access, and storage of PHI or ePHI. Confidentiality ensures that information is secured from unauthorized disclosure, and in the case of need, only required information is shared. It also includes validation of communication address when the information is to be shared. Integrity ensures that the mode of transmission is secured when the information is communicated. A firewall is a mandate to secure your network in the case you are communicating the information. It will keep a check on suspicious events securing your system and data. Availability ensures that information is made available to the authorized personnel.

The security rules enforce the following to securely transfer and store information:

Administrative procedure: It ensures implementation and maintenance of workforce security on security training and procedures, documenting privacy procedures, identifying employees with access to ePHI, and reporting and addressing security incidents.
Physical safeguards: It ensures all the physical devices are in place to protect the data from unauthorized access and hazards including, CCTV monitoring, biometric, proper door locking system, etc.
Technical safeguards: It ensures the PHI being transferred electronically is accessible and securely transmitted.
Other: Some other procedures include: availability of a complaint filing and handling mechanism, chosen security officer to address any violations, enforcing penalties, training workforce on securing of sensitive information, etc.
American Recovery or Reinvestment Act (ARRA): ARRA was introduced in 2009 to strengthen PHI's privacy and security. As a part of the ARRA, Health Information Technology for Economic and Clinical Act (HITECH) was introduced in 2009. This act encourages the use of electronic health-related information, provides funds to maintain a digital form of records, and strengthens the PHI privacy and security rules. Business associates must agree with HITECH to safeguard PHI and unnecessary disclosure. In 2013, the HIPAA Omnibus Final Rule created a final modification of the HIPAA privacy and security rule. The central purpose was to facilitate the implementation of HITECH mandates. Interestingly, Genetic Information Non-discriminatory Act was introduced, which is a law that protects a patient from being discriminated by health insurers or employers based on their genetic information.

HIPAA Breach and Reporting

A breach is an unauthorized ingress, use, or disclosure of PHI compromising security and privacy. A breach can happen in any form, like accessing data more than the minimum necessary, leaving sensitive documents in a workplace, sharing confidential information, discussing a patient's health in public, sharing PHI with the wrong person unintentionally, or sharing PHI for personal gain. When a breach is encountered, it should be notified without any delay no later than 60 days from the discovery of the breach. Reporting a HIPAA breach aids in its investigation, documentation, and management. It ensures to reduce the damage caused and prevent the occurrence of the same incidents.

HIPAA Enforcement and Compliance

To ensure HIPAA Implementation:

Conduct HIPAA awareness training for security officials and employers of an organization.
Draft and maintain a HIPAA Compliance manual.
Implement the safeguard measures to protect data.
Perform regular audits and records the gaps and their remediation methods.

Finally, to maintain HIPAA Compliance:

Shred all the unrequired documents safely.
Don't disclose sensitive information.
Lock the system when not in use.
Ensure minimum necessary information is shared.
Beware with whom you are sharing the information.
Report the breach immediately.
Don't leave an important document unattended.

Usability Testing - UX Part 4

adhistac — Fri, 18 Sep 2020 12:42:12 +0000

In the previous blog of the UX series, we had discussedThe Heuristic Evaluation and 10 Heuristics for the UX. Today we will dive deeper into usability testing.

Let's get started:

Introduction

Usability Testing is a process of testing a product designed with representative users. The goal here is to identify usability-related problems, collect data, and rate the satisfaction of a user after using the product. Generally, while running a usability test, a test plan is drafted, representative users are chosen, and the findings are analyzed. Usability testing does not require a formal lab and can be conducted remotely.

Advantages of usability testing

One of the main advantages of conducting usability testing is the identification of problems by the design team prior to coding. The early identification of problems, the less expensive the fixes will be. During usability testing, we will know whether participants are able to complete the task, the time taken to complete the task, level of satisfaction, changes required to improve user performance, and analyze whether user objectives are met.

Furthermore, the cost of usability testing depends on the number of days required to complete the testing, the number of participants, and the types of tests that will be performed.

Aspects to be considered while performing usability testing

Time is the major aspect while performing usability testing. Generally, a usability specialist plans time for running the test, analyzing the findings, drafting a report, and presenting the findings to the development teams.

The cost of recruiting is decided based on the requirement. Either participant is hired from the same company within their office hours or by recruiting agencies.

Rental Cost is planned when you secure a room for testing such as; Meeting room or Conference room. Furthermore, if you do not have any equipment to record the evaluation or monitor such as; camera, sound recorder, and projector then it will be added under rental cost.

Compensation for participants are planned for travel or time factor only.

Finally, usability testing is an iterative process. Usability specialists should have a clear idea of why testing is conducted in the first place and implement the changes.

In the upcoming blog, we will dive deeper into How usability testing is planned.

Heuristic Evaluation and 10 Heuristics for the UX - Part 3

adhistac — Sun, 06 Sep 2020 12:40:23 +0000

In the previous blog, we had discussed Processes in the UX. In this blog, we will dive deeper into Heuristic Evaluation and Neilson's Heuristic.

Let's get started:

Heuristic Evaluation

In Heuristic Evaluation, the usability experts compare your website's interface against the widely approved usability principles. Heuristic Evaluation assists in obtaining inexpensive feedbacks early in the design process. This feedback can be incorporated with other usability testing methods. However, it is arduous to find a trained usability expert and can be expensive.

Neilsen's Heuristics

The following lists the ten heuristics refined by Nielsen and defined by himself with Rolf Molich in 1990. They are:

Visibility of the system status
The status of the system must be visible to all the users. For example, Copying 10 items to Drive G: in the progress bar or Windows is shutting down.
Match between system and the real world
The system should speak the user's language and follow real-world conventions. The information should be kept natural and logical. For example, Error 123 can be rewritten as Error while fetching the data.
User Control and Freedom
Your system should support undo, redo, and most importantly emergency exit without allowing a user to go through an extended dialogue.
Consistency and Standard
Consistency in the word, icon, functions while you transit from one to page to another within a website.
Error Prevention
Prevention of an error before it occurs is the key. Otherwise, discard an error-prone situation or present users with a confirmation action, whether they want to proceed or not?
Recognition rather than recall
The user should not have to recall the information from one dialogue to another. Also, make the instructions easily retrievable and visible wherever appropriate.
Flexibility and efficiency of use
It focuses on giving users ways to speed up their work. For example, MAC OS gives privilege to its users to create a custom keyboard and shortcut commands. Another way to increase the efficiency of a user can be to give easy access to its functionalities. For instance, to make an online payment the recent transaction can be made available.
Aesthetic and minimalist design
Dialogue should not contain irrelevant information. Development Community is a great example of this heuristic. It is essentially like a blank page with Write a new post, Edit, and Preview options on the top when you start writing.
Help users recognize, diagnose, and recover from errors
An error message should be expressed in plain language with a necessary solution. If you have entered an incorrect username, then a dialogue with Please enter your correct username should pop up, or the font color for the username should turn red with the message Incorrect username. Also, the username recovery options should be prominent.
Help and documentation
Finally, required or supportive documents and FAQ (Frequently Asked Question) section should be updated.

In the upcoming blog, we will dive deeper into Usability Testing.

Happy writing :)

User Experience (UX) Part 2- Processes in the UX

adhistac — Sat, 29 Aug 2020 13:14:32 +0000

After discussing the basics of User Experience now I will put light on the processes in the UX.

Let's get started;

1.Company Research: Initially, before designing UX for a company, the UX designer must be acknowledged with the company's brand, culture, industry-related news, and competitors.

2.User Research: After company research, the UX designer should focus on gathering user-related information. This step is critical for project success. There are several methods such as; creating a focus group, conducting surveys, card sorting methods, prototyping, interviewing, and so on. Conducting user research will help remove assumptions from the design process. Furthermore, users, in turn, appreciate and be able to use the system benefitting the goodwill of an organization.

3.Information Architecture: After gathering useful information, all the content should be inventoried. Then, content auditing is performed where we analyze What is good or working well? and What is missing? Based on the findings, a new architecture is drafted and tested with users. Finally, the above steps are iterated. Information Architecture helps with findability and understandability from a user and system point of view.

4.Wireframing and Visual Design: Now is the time to get things down on a digital paper. There are two types of wireframing; low-fidelity wireframe and high-fidelity wireframe. Low-fidelity wireframe is quick, easy, and cheap as it allows you to get idea out of your head, just like doodling. High-fidelity wireframe is more detailed, realistic, and is almost near to an actual visual design. Several tools such as; Axure, Sketch, Figma, and so on are used for wireframing.

On the other hand, Visual Design is the aesthetics of a site. It includes elements such as; lines, shapes, color, texture, and typography. To achieve an effective visual design, alignment, contrast, proximity between elements, layout, whitespace, and consistency should be kept into consideration.

5.Usability Testing: Finally, usability testing is a task-based approach in an actual system. Satisfaction is measured based on whether a user can complete the task successfully. Rating Scale (1-10) or baseline is marked, and changes are identified to improve those numbers. While conducting usability testing, test plans are created, the environment is set up, users are identified, tests are conducted, and results are summarized. However, in some exceptional cases, heuristic testing is performed, which is an educated guess.

In the upcoming blog, we will be dive deeper into Ten Usability Heuristics.

Happy writing :)

User Experience (UX) Part 1- Introduction

adhistac — Thu, 27 Aug 2020 11:04:31 +0000

User Experience (UX) encompasses all the aspects of the user's interaction with a company and its product. So, the product has to work, it should be easy to use, and enjoyable at the same time. In the real-world, User Experience (UX) is often misunderstood to be similar to the User Interface (UI). UI includes what the user visualize, for example, text, videos, images, colors, and many more. UX is a user's interaction with those UI elements.

So, what makes great UX? The answer is simple;

It should offer some value, i.e usefulness or allow user to do things.
It should offer usability, i.e easy to use.
It should offer adaptability, i.e easy to get started.
It should offer desirability, i.e fun and engaging graphic/visual design (image, color, fonts, and shapes) and effective content.

Do you think UX matters? Yes, it does. Many top companies in the world hire UX designers to create seamless interaction of their products with customers. Furthermore, UX decreases development inefficiencies making the development task well-ordered for the front-end engineers. After all, the development of quality products will help a company perform better financially.

In the upcoming blog, we will dive deep into Processes in the UX.

How do users remember a product?

adhistac — Sat, 22 Aug 2020 12:25:13 +0000

Here is a quick overview of how a user remembers a product. A product can be a random application, however, the points discussed below implies to all;

Identifying analogous and Discrimination: Products that are similar to the ones a user has used before and different from ones a user has used in the past.
Consistency: Consistency across the entire product ensures quick referencing. Easy navigation, interactive designs, flexibility, and the efficiency of use (Keyboard shortcuts) reinforce the idea of quick referencing. Furthermore, consistency is indispensable between style and UI elements.

A user never remembers the mismatched UI elements, some elements in UI that create confusion, or weak association and navigation throughout.

Gibbs Reflective Cycle: Launching Success in Product Releases

adhistac — Sun, 05 Jul 2020 12:17:08 +0000

There is a quote by John Dewey, We do not learn from the experience, we learn from reflecting on the experience. In 1988, the American sociologist and psychologist Graham Gibbs published a well-known Reflective Cycle model in his book, Learning by Doing.

Gibbs Reflective Cycle encourages individuals to reflect on their experience systematically after encountering a particular situation, event, or activity. In this blog, you will use the Gibbs Reflective Cycle to self-reflect on your experience after a product release.

In the software industry, product release refers to launching a new application. A release manager or coordinator understands the demanding situations when applications are released. The Gibbs Reflective Cycle aids in analyzing your experience and using those insights for a seamless product release.

The first phase of the Gibbs Reflective Cycle is Description. You initiate this phase with a question What happened?. Take a moment to carefully consider the following questions:

When did the release take place?
Did the release happen?
Who was involved in the release?
What did you do yourself?
What did others do?
What were the results of all these actions?

Moving onto the second phase, Feelings. Start documenting what you were thinking. Take a moment to carefully consider the following questions:

What did you feel after the event?
Since we are sticking to the product launch, how did you feel about this?
Is it going to be a success?
If yes, why were the people involved? If not, why were the people involved?
What are your contributions? What are your feelings about it?
What did you think that others felt during the event?
How do you look back on the situation?
What have you learned from the situation?

Moving on to the third phase, Evaluation. You have to decide whether an experience is good, bad, or satisfactory. Take a moment to carefully consider the following questions:

If the experience was good, what was your approach?
If the incident was not up to the mark, why didn't it work?
What are the areas of improvement?
What were your contributions?
What contributions did other people make?

Moving on to the fourth phase, Analysis. Focus on what sense can you make of the situation? Take a moment to carefully consider the following questions:

What are the learnings you want to go ahead and adopt to understand a product better?
What can you do better in the future, and what do you need to convey to your team?
Moving on to the fifth phase, Conclusion. In this phase, you think what else could you have done? Analyze the following:
While expecting a favorable situation, did the activity lead to any negative instances?
So, what is the overall experience?

Finally, the last phase, Action plan. How will you handle the situation in the future? Take a moment to carefully consider the following questions:

What skills do you need to work on for similar events?
What will you do differently next time, and how will you achieve this?

You have taken the time to reflect on the product release process and have key takeaways from your experience. In the upcoming series, I will guide you through my product release experience.

Network Security- Terminology

adhistac — Thu, 02 Jul 2020 11:09:06 +0000

Topics covered

      Security Terminology

      Types of hacker

      Approaches to Network Security

      Threat Classification

Security Terminology

Below are some common network security terminology used by security professionals:

Firewall: It is a barrier between a network and the outer world. Sometimes, it acts as a firewall, standalone server, or a router.
Proxy server: Proxy server hides your internal network IP address and presents its own IP address to the outside world. Proxy server and firewall work in conjunction.
Access Control: It refers to the measures taken to limit access to a resource. For example, logon procedure, encryption, or any method to prevent unauthorized access.
Authentication: It is a method of verifying a authentic user. For example, entering the credentials, or two-factor authentication.
Non-repudiation: It is a method to track actions taken by a user. It ensures a person cannot deny an action performed on a computer. One of the methods is auditing.Auditing is the process of reviewing logs, records, and procedures. It is performed by an auditor.
Least privilege: It means you are assigning enough privilege to any user or device, just to get the job done.
CIA Triad: CIA Triad refers to Confidentiality, Integrity, and Availability. The security measures need to abide by these aspects. Such as, a strong password protects the confidentiality, digital signature ensures integrity, and a backup system increases availability.

Types of hacker

Based on the level of the exploitation of a system, hacker groups are divided into three types:

White hat hacker: If a hacker upon finding the vulnerability, reports it to the vendor anonymously, explaining what the flaw is and how it was exploited, they are White hat hacker.
Black hat hacker: If a hacker gains access to a system with a goal to harm it, they are categorized as the Balck hat hacker.
Grey hat hacker: A grey hat hacker abides by the law but conducts illegal activities because they find it ethical.

Approaches to Network Security

An organization can choose several approaches to secure their networks. Three approaches are:

Perimeter Security Approach: Security efforts are focused on the perimeter of a network including; firewall, proxy server, technology, or procedures. Generally, small organizations that do not store sensitive data and with budget constrain adopt this measure.
Layered Security Approach: Layerwise or segmentwise security efforts implemented on a network, as if it were a separate network. It is a preferred security approach wherever possible.
Hybrid Security Approach: The combination of the perimeter to layered security defense with passive to active approaches implemented is a hybrid security approach.

Threat Classification

Based on what a threat actually does to your system or network, here are three major classifications:

Malware: Malware is a type of threat designed to spread on its own, without the creator having to be directly involved. Computer Virus is a common example of malware. Analogous to a biological virus, a computer virus replicates and spreads by infecting other programs. Likewise, Trojan horse is also a type of malware, that appears benign but secretly downloads other types of malware on your computer. Illegitimate software is prone to a Trojan horse. Furthermore, Spyware is also a type of software that spies on your computer by recording all the keystrokes and periodic screenshots.
Intrusion attacks: Intrusion attacks help to gain access to a system or intrude into a system usually with malicious intent. Hackers generally use the term cracking if they are able to intrude in a system via some operating system or any other means. Some of the intrusion attacks are initiated via social engineering. The intruder relies more on human nature rather than a technology to gain enough information required to access the targeted system.
Blocking attacks: This category of attack deals with Denial of Service Attack (DoS).The attacker prevents a legitimate user to access the system by flooding false connection requests.

TYPES OF NETWORK

adhistac — Mon, 22 Jun 2020 11:30:25 +0000

Networking skills like communication, listening, and social skills are valuable in professional and personal environments. Networking is highly essential to develop relationships with a new contact and promote something valuable. Hence, here are three types of network you should maintain professionally and personally;

Operational Network: The operational network includes people at the workplace, such as the product team (Developers, QA, Engineering Manager, Head Architect, Project Manager, and so on). They help you get your work done. It is internal and current focused.

Personal Network: Personal network includes people who can help you grow personally and sometimes professionally. It is usually external and shares a common interest, such as; friend from workplace or college.

Strategic Network: It includes people who can help you shape your future goals and directions. Such a type of network is either internal, external, or future-oriented such as; teachers, mentors, and so on.

HOW TO WRITE A DEFINITION?

adhistac — Tue, 02 Jun 2020 12:38:48 +0000

While writing a technical document, you start with a definition. The definition needs to clearly outline the term you are defining. Here are some ways you can use while defining a term;

An easy step to get started with a definition is to place a term into a classification and differentiate it from other terms for the same class. For instance,
The how-to article is a type of expository writing that delivers information on the structural way to perform a particular task to an audience.

The how-to article is a term, and expository writing is the classification.

Furthermore, you can add extensions to give precise meaning. For instance,
The how-to article is a type of expository writing that delivers information on the structural way to perform a particular task to an audience. Expository writing is a type of writing where the author intends to either inform or explain the subject to the reader.

"Expository writing is a type of writing where the author intends to either inform or explain the subject to the reader." is an extension.

In the case of defining a term with more than two meanings, you can use qualifiers. The qualifier is used when the general context needs to be established upfront. For instance,

Bug (Computing): An error in code, program, or system.
Bug (Biology): An insect.

In the aforementioned case, computing and biology are qualifiers.

As bonus information:

Process description vs. Mechanism description

A mechanism description delivers details about the physical attributes of a mechanism. A process description lists out the steps in the operation of a mechanism or focuses on the working of conceptual parts. Both are different in the context of content delivered.
Keep writing :)

Six points to consider while adding an image to a technical document

adhistac — Thu, 28 May 2020 04:03:53 +0000

Image is an essential element of a technical document. While preparing a manual or a release note, you need to include a screenshot for a process or step. Here are some points to consider while adding an image to a written text;

Ensure the image included correlates with the mechanisms, processes, or steps that you are trying to clarify.
Always reference an image in the description before its placement. Also, include numbers and titles. Some document generator tools like; Sphinx automatically generate numbers for images.
Use appropriate labels and captions. Besides, used labels and captions should match the text description. For instance, if you are describing the "Add icon" of a UX design, do not call it "Add icon" in the image and "icon to add" in the text.
Use an image when it contains copyrighted information. Also, anonymize critical information if you are using borrowed images.
Avoid using blurry and unclear images. While adding screenshots in a technical document (manual and release note), take a clear picture using screen capture tools such as; Snagit.
An image need not be mandatorily added to the document. However, it can help your audience to self-evaluate a process. Some concepts are so complex. Instead of using an image, it is best to enhance the text.

As a bonus tip, do not exaggerate or misinterpret the original scale of an image. It affects the readability of the text.

Keep writing :)