Complex file-handling with HIPAA compliance
- headquartersDenver, CO
- tenure6 years
CE Learning Systems offers a B2B SaaS product to universities called Supervision Assist. This application integrates all of the tools needed by university program coordinators to manage their students’ internship training programs. As part of these programs, students need to read policy documentation, sign various agreements, and work with video recordings of counseling sessions. To manage all of this, Supervision Assist must work with a large number of digital files across a range of complex use cases.
As their CTO, Max Schwanekamp leads the development team of CE Learning Systems. His primary goal is to ensure that this team is in a position to best serve the needs of their customers.
Working with a small team, one of Max’s biggest challenges is limited development resources. They need apply their engineering efforts judiciously and with a strong focus on effectively solving their customers’ problems. What they don’t have time for is building and maintaining custom internal tools to solve generic infrastructure problems like file handling.
This maintenance burden is most readily apparent when it comes to more complex pieces of infrastructure. CE Learning Systems saw this when they added video recording and uploading functionality to their application.
The challenge with accepting video uploads is that the files can become very large very quickly. These large file uploads have unique problems associated with maintaining long connections and resuming interrupted uploads.
Even more so than basic internal tools, Max and his team have found that complex infrastructure like this poses a significant, ongoing maintenance burden. In this case, they were forced to routinely deal with bugs, failed uploads, partial uploads, and orphaned files.
For the development team of CE Learning Systems, file-handling functionality is a critical piece of infrastructure, but one that has proven to be a painfully time-consuming task to maintain. It routinely splits their focus away from the development of their application and the features needed to move it forward.
In addition to the maintenance burden of internal tooling, Max had another challenge: offering HIPAA compliance.
Working in the healthcare space, HIPAA compliance has become a required part of Supervision Assist’s product offering. An important aspect of HIPAA compliance is that all of the vendors that touch CE Learning Systems’ data must also themselves be HIPAA compliant.
When considering the sensitive nature of healthcare data and the liability of HIPAA penalties, this type of compliance must be taken seriously.
After having wrestled with maintaining their own infrastructure for handling files, CE Learning Systems moved their file handling to Uploadcare. They implemented Uploadcare’s upload widget throughout their application to upload their users’ files and use Uploadcare’s REST API to manage the files from there. This has three direct benefits:
First, they are now able to reliably accept large file uploads: in this case, videos. No longer are they plagued with failed uploads that have to be tracked down and resolved by developer and customers service representatives.
Secondly, they no longer have to spend developer time building and maintaining their file-handling infrastructure. They implemented Uploadcare and largely have been able to forget about the details. Now, when they need additional functionality, they are not forced to weigh the tradeoffs of developing it themselves against progress they could make working on their application proper. They can focus exclusively on building their application and serving their customers.
Lastly, Uploadcare’s ability to offer HIPAA compliance ensures that CE Learning Systems can continue offering the same to their own customers. Without a business associate agreement in hand, Max would never have had the option to outsource their file-handling at all.