'/%3e%3cpath%20d='M534.104%20592.554C517.522%20607.15%20492.036%20605.65%20479.37%20587.55C432.827%20521.038%20409.925%20440.343%20415.135%20358.545C420.344%20276.748%20453.298%20199.61%20507.904%20139.54C522.764%20123.194%20548.234%20124.939%20562.83%20141.521L608.023%20192.862C622.619%20209.444%20620.638%20234.536%20607.101%20251.994C581.387%20285.156%20565.941%20325.498%20563.237%20367.978C560.53%20410.458%20570.733%20452.433%20592.032%20488.59C603.245%20507.624%20602.027%20532.765%20585.445%20547.361L534.104%20592.554Z'%20fill='url(%23paint1_linear_154_257)'/%3e%3cpath%20d='M404.368%20499.661L455.381%20493.203L438.013%20356L387%20362.458L404.368%20499.661Z'%20fill='white'/%3e%3cpath%20d='M349%20408.709L355.956%20459.657L492.983%20440.947L486.026%20390L349%20408.709Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_154_257'%20x1='170'%20y1='492.5'%20x2='449'%20y2='508.5'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%236648E0'/%3e%3cstop%20offset='1'%20stop-color='%23413AC9'/%3e%3c/linearGradient%3e%3clinearGradient%20id='paint1_linear_154_257'%20x1='429'%20y1='384'%20x2='549.5'%20y2='380.5'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%235B51FF'/%3e%3cstop%20offset='1'%20stop-color='%233428E6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e)
From Excel to Multi-Tenant SaaS: Building a CCM/PCM Operations Platform
A US-based care coordination company replaced manual Excel workflows with a HIPAA-compliant multi-tenant SaaS platform — complete with RBAC, time tracking, predictive employee scoring, and automated PDF reporting.
Architecture Type
Excel → Production SaaS
Compliance
HIPAA-Ready
Integration
API-First
Ownership
100% Yours
Overview
A US-based Chronic Care Management (CCM) and Principal Care Management (PCM) company was running their entire operation out of Excel spreadsheets: patient rosters, employee paycodes, invoicing, and payment tracking all lived in disconnected files with no access control, no audit trail, and no compliance posture.
The engagement started with a single goal — replace the spreadsheets. It evolved into a multi-phase platform build that eventually became a fully multi-tenant SaaS product other care coordination companies can subscribe to.
Phase 1 — Internal Operations Platform
The first version was a private internal system. The core architecture introduced RBAC (Role-Based Access Control) so each employee could only see and act on patients assigned to them. Managers had elevated access to their team's patient list. Administrators had organization-wide visibility. HIPAA compliance was engineered from day one: encrypted PostgreSQL storage, strict IAM policies, and API-level access controls enforced by FastAPI middleware.
Employee and manager dashboards were built on a React frontend with role-conditional rendering — the same codebase showed a different interface depending on who logged in. PDF invoice and report generation was introduced early, giving operations leadership the first structured view of billing activity and employee output they had ever had.
Phase 2 — Time Tracking and Workforce Intelligence
CCM and PCM billing operates on documented time. CMS requires a minimum of 20 minutes of care coordination per patient per month for standard CCM (CPT 99490). Every minute a care coordinator spends on a patient is a billable asset — or a compliance risk if it's undocumented.
The second phase introduced per-patient time tracking at the employee level, surfacing real data on how much time each coordinator was putting into each patient. Manager dashboards were built to show team-level time distribution, identify patients consuming disproportionate time, and flag employees who were consistently underutilizing or over-extending.
Phase 3 — Predictive Scoring and Patient Reassignment
The third phase tackled a hard operational problem: by the time a manager realizes an employee isn't going to hit their monthly care minutes target, it's often too late to do anything about it. We built an individual employee scoring system that tracks progress against monthly targets on a rolling basis and generates a projected end-of-month coverage estimate. Employees falling behind threshold trigger alerts and surface into a reassignment workflow where managers can temporarily or permanently move patients to another coordinator to protect billing compliance.
Phase 4 — SaaS Conversion
After the internal platform proved its value, the decision was made to convert it into a product other CCM/PCM companies could use. The architecture was refactored from a single-tenant internal tool into a fully multi-tenant SaaS: organization registration, employee onboarding, patient roster management, and all dashboards now operate in isolated per-tenant data environments. A care coordination company can register, add their employees and patients, and be running the same operational infrastructure within minutes.
Key Results
Services Delivered
- HIPAA-Compliant FastAPI + PostgreSQL Backend
- Role-Based Access Control (RBAC) Architecture
- React Dashboards with Role-Conditional Rendering
- Per-Patient Time Tracking & Billing Compliance
- Predictive Employee Scoring Engine
- Automated PDF Invoice & Report Generation
- Multi-Tenant SaaS Conversion
Build this for your organization
I architect systems like this for healthcare operators and SaaS founders. Let's talk about your specific stack and requirements.
Book a Call