Complex file-handling with HIPAA compliance

Supervision Assist is a B2B SaaS application that integrates all the tools universities need to manage internship training programs. Uploadcare allows Supervision Assist’s small development team to implement reliable, complex file-handling while still offering HIPAA compliance.

CE Learning Systems offers a B2B SaaS product to universities called Supervision Assist. This application integrates all of the tools needed by university program coordinators to manage their students’ internship training programs. As part of these programs, students need to read policy documentation, sign various agreements, and work with video recordings of counseling sessions. To manage all of this, Supervision Assist must work with a large number of digital files across a range of complex use cases.

As their CTO, Max Schwanekamp leads the development team of CE Learning Systems. His primary goal is to ensure that this team is in a position to best serve the needs of their customers.

Maximillian Schwanekamp, CTO
Maximillian Schwanekamp, CTO
My number one priority is to make sure that the team is on track and making progress towards their goals and towards the features we want to offer to be able to best serve our customers. A lot of what I do is make sure that our developers can be as effective as possible.

Working with a small team, one of Max’s biggest challenges is limited development resources. They need apply their engineering efforts judiciously and with a strong focus on effectively solving their customers’ problems. What they don’t have time for is building and maintaining custom internal tools to solve generic infrastructure problems like file handling.

We can build internal tools, but we’ve been finding that that maintenance burden is just not worth it. We end up having to spend more time working on stuff that is not our application. So, we’re like ‘Let’s spend the money to implement a third-party tool.’ Then they can deal with that maintenance, and we can focus on our code.

This maintenance burden is most readily apparent when it comes to more complex pieces of infrastructure. CE Learning Systems saw this when they added video recording and uploading functionality to their application.

The challenge with accepting video uploads is that the files can become very large very quickly. These large file uploads have unique problems associated with maintaining long connections and resuming interrupted uploads.

Sometimes users are uploading videos or media recordings, and they’re fairly large files. We need to make sure that the upload can complete even if their session gets logged out. We had to do all kinds of machinations around that. We had this chunking system to allow large files to upload successfully and for resuming and all of that. It worked, but it was like ‘Why are we maintaining this when we can just use something else.’

Even more so than basic internal tools, Max and his team have found that complex infrastructure like this poses a significant, ongoing maintenance burden. In this case, they were forced to routinely deal with bugs, failed uploads, partial uploads, and orphaned files.

If an upload didn’t complete, one of our devs would have to go look on the web server, see what data was stored, how much was there. Individually, it’s not any big deal, but over time that adds up.

For the development team of CE Learning Systems, file-handling functionality is a critical piece of infrastructure, but one that has proven to be a painfully time-consuming task to maintain. It routinely splits their focus away from the development of their application and the features needed to move it forward.

In addition to the maintenance burden of internal tooling, Max had another challenge: offering HIPAA compliance.

Working in the healthcare space, HIPAA compliance has become a required part of Supervision Assist’s product offering. An important aspect of HIPAA compliance is that all of the vendors that touch CE Learning Systems’ data must also themselves be HIPAA compliant.

HIPAA was designed to be viral. Every vendor that we work with must have a business associate agreement with ensuring their compliance with HIPAA.

When considering the sensitive nature of healthcare data and the liability of HIPAA penalties, this type of compliance must be taken seriously.

There’s a big liability, somewhere in the neighborhood of a ten to fifty thousand dollar penalty per occurrence, and most of the time penalties occur hundreds or thousands of times in a single incident.

After having wrestled with maintaining their own infrastructure for handling files, CE Learning Systems moved their file handling to Uploadcare. They implemented Uploadcare’s upload widget throughout their application to upload their users’ files and use Uploadcare’s REST API to manage the files from there. This has three direct benefits:

First, they are now able to reliably accept large file uploads: in this case, videos. No longer are they plagued with failed uploads that have to be tracked down and resolved by developer and customers service representatives.

Secondly, they no longer have to spend developer time building and maintaining their file-handling infrastructure. They implemented Uploadcare and largely have been able to forget about the details. Now, when they need additional functionality, they are not forced to weigh the tradeoffs of developing it themselves against progress they could make working on their application proper. They can focus exclusively on building their application and serving their customers.

We’ve really been able to just set it and forget it at this point. All of our development problems right now are in other areas. File handling is one less thing to draw developer time away from working on our application.

Lastly, Uploadcare’s ability to offer HIPAA compliance ensures that CE Learning Systems can continue offering the same to their own customers. Without a business associate agreement in hand, Max would never have had the option to outsource their file-handling at all.