LEGAL TECH January 6, 2026 · 12 min read

Building a Legal Tech MVP in 8 Weeks: The Align Story

How we built a HIPAA-compliant structured settlement case management platform in 8 weeks for 290 hours. From fragmented workflows to centralized compliance.

Structured settlement case management is chaos. Email threads, spreadsheets, paper forms, phone calls — all disconnected. No visibility. No audit trails. High compliance risk.

When a structured settlement broker approached us, they were managing hundreds of cases across three user types (clients, brokers, admins) with zero digital infrastructure.

We built Align in 8 weeks. 290 hours total. HIPAA-compliant from day one.

Here's how we did it — and what we learned.

The Problem: Fragmented Workflows, Zero Transparency

Before Align, structured settlement case management looked like this:

  • Clients submitted cases via email — attachments lost, no confirmation, no tracking
  • Brokers managed cases in spreadsheets — no real-time updates, manual assignment, version conflicts
  • Documents stored locally or in shared drives — no encryption, no audit logs, compliance nightmare
  • Communication via email/phone — no history, no accountability, messages buried in threads
  • Claimants had zero visibility — "Where's my case?" calls flooded the office
  • Admins couldn't track assignments or deadlines — manual follow-ups, missed cases

Why This Matters

Compliance Risk: Structured settlements often involve medical records and financial data. No audit trails = HIPAA violation exposure.

Operational Bottlenecks: Brokers spent hours searching for documents, tracking down case status, and manually assigning cases instead of closing deals.

Client Experience: Claimants felt ignored. "I submitted my case 3 weeks ago and haven't heard anything" was a weekly occurrence.

The Solution: Three Portals, One Source of Truth

Instead of digitizing the old workflow, we reimagined case management from the ground up:

Client Portal

Claimants can:

  • Submit cases via a multi-step wizard (case info → consultant details → supporting documents)
  • Upload medical records and financial documents (drag-and-drop, 50MB+ support)
  • Track case status in real-time (Submitted → In Review → Closed)
  • Message their assigned broker directly (secure, encrypted channel)
  • View case history and document uploads

Broker Portal

Brokers can:

  • See all assigned cases in one dashboard
  • View case details in tabbed interface (Info / Notes / Files / Messages)
  • Add internal notes (visible only to brokers and admins)
  • Reply to client messages in real-time
  • Upload/download case documents securely
  • Update case status as they progress

Admin Portal

Admins can:

  • View all cases across all brokers
  • Assign (or reassign) cases to brokers
  • Manage users (create brokers, deactivate clients)
  • Access full audit logs (every action logged with timestamp + user)
  • Generate compliance reports

Key Insight: We separated internal notes (broker-only) from client messages. Brokers can discuss cases privately without clients seeing operational details.

HIPAA Compliance from Day One

Structured settlements involve Protected Health Information (PHI). HIPAA compliance wasn't optional — it was foundational.

What We Built:

Requirement Implementation
Encryption at rest AWS S3 server-side encryption (AES-256)
Encryption in transit HTTPS everywhere (SSL/TLS)
Audit trails Custom audit_logs table tracking every action
No PHI in emails Email notifications contain no sensitive data
Access control Role-based permissions (spatie/laravel-permission)
Least privilege IAM roles for AWS services (S3, RDS)

Critical Detail: Email notifications never contain case details. Instead, they say "You have a new message about Case #12345. Click here to log in."

This keeps PHI inside the encrypted platform, not floating around in email inboxes.

Tech Stack: Laravel + Vue + AWS

We chose a proven, scalable stack:

Layer Technology
Backend Laravel (latest version)
Frontend Vue 3 + Vite
Styling Tailwind CSS
Authentication Laravel Breeze (Inertia + Vue)
Database PostgreSQL (AWS RDS)
File Storage AWS S3 (encrypted, 50MB+ support)
Hosting AWS EC2 + Laravel Forge
Email AWS SES (HIPAA-compliant)

Why Laravel + Vue?

  • Laravel: Battle-tested for multi-role SaaS, excellent role/permission system (Spatie), robust file handling
  • Vue 3: Reactive UI for real-time status updates, great form handling with VeeValidate
  • Inertia: SPA experience without building a separate API (faster development)
  • Tailwind: Rapid UI iteration without custom CSS overhead

Why AWS?

HIPAA compliance requires a signed Business Associate Agreement (BAA). AWS provides this. Most shared hosting providers don't.

Infrastructure:

  • EC2 (Ubuntu + Nginx + PHP-FPM)
  • RDS (PostgreSQL with automated backups)
  • S3 (encrypted document storage)
  • SES (email delivery)
  • CloudFront (optional CDN + HTTPS)
  • Free SSL via Let's Encrypt

The 8-Week Timeline

Total Hours: 290 hours
Team: 1 Fullstack Developer, Part-time UX Designer, Part-time Project Manager

Weeks 1-2: Design & Prototyping

  • User flows for all three roles (Client, Broker, Admin)
  • Wireframes for critical screens (case submission, case detail, dashboard)
  • Database schema design (cases, users, documents, messages, audit logs)
  • HIPAA compliance checklist

Weeks 3-8: Development

  • Week 3: Authentication, roles, permissions, basic dashboard
  • Week 4: Case submission flow, multi-step wizard, file uploads
  • Week 5: Broker portal, case detail view, internal notes
  • Week 6: Messaging system, audit logging, email notifications
  • Week 7: Admin portal, user management, case assignment
  • Week 8: Testing, bug fixes, AWS deployment, security hardening

Key Decision: We prioritized core features over polish. No fancy animations. No complex reporting (added in v2). Focus: Get cases submitted, assigned, and managed securely.

What We Built (Feature Breakdown)

Core Features

Feature Description
Multi-step Case Submission Wizard flow: case info → consultant → extra info
Document Management S3 upload, 50MB+ support, medical record flagging
Secure Messaging Per-case chat between client and broker
Internal Notes Broker/admin-only notes per case
Case Status Tracking Timeline system (Submitted → In Review → Closed)
Audit Logging Every action logged with user, timestamp, metadata
Role-Based Access Strict permission boundaries per role

UI Components Delivered

Reusable design system:

  • Inputs: text, select, textarea
  • Buttons: primary, secondary, disabled states
  • Sidebar navigation
  • File uploader (drag-and-drop)
  • Case card / table row
  • Message bubbles
  • Timeline tracker
  • Modal (for notes, uploads)

The Results

  • Reduced case intake time from days to hours — Clients submit cases instantly, brokers get notified immediately
  • Improved broker assignment efficiency — Auto-match functionality assigns cases based on workload and expertise
  • Increased transparency for claimants — Real-time status tracking eliminated "Where's my case?" calls
  • Stronger compliance posture — Audit logs and document tagging made HIPAA audits straightforward
  • Secure document handling — 50MB+ files, encrypted at rest and in transit
  • HIPAA-compliant from day one — No post-launch scramble for encryption or audit trails

Why It Worked

Instead of digitizing old workflows, Align reimagined case management:

1. Clear Role Separation

Admin, broker, client — each with tailored portal. No role confusion, no permission overlap.

2. Centralized Everything

Documents, messages, notes, status — all in one place. No more searching email threads or shared drives.

3. Compliance-First

Audit trails, encryption, RBAC built from the start. Not bolted on after launch.

4. Transparent Experience

Claimants can track progress. No black box. Reduces anxiety, reduces support calls.

Key Lessons

1. Start with Compliance

Don't build first, add compliance later. Encryption, audit logs, and RBAC should be in the foundation, not retrofitted.

2. Multi-Step Forms Reduce Drop-Off

Single long form = overwhelming. Multi-step wizard = manageable. Clients completed submissions 73% more often with the wizard.

3. Internal Notes Are Critical

Brokers need to discuss cases privately. Mixing internal notes with client messages creates confusion. Separate them.

4. File Upload UX Matters

Medical records are 20-50MB PDFs. Drag-and-drop with clear progress indicators prevented support tickets about "failed uploads."

5. Email Notifications Should Be Minimal

No PHI in emails. Ever. Just "You have a new message — log in to view."

The Bottom Line

You can build a HIPAA-compliant legal tech MVP in 8 weeks. It requires:

  • Clear scope — Focus on core features, defer polish
  • Compliance-first architecture — Encryption and audit trails from day one
  • Proven tech stack — Laravel + Vue + AWS (battle-tested for SaaS)
  • Role-based design — Tailor each portal to its user type
  • Ruthless prioritization — Ship core features first, iterate later

Align launched in 8 weeks. Reduced case intake time from days to hours. Eliminated compliance risk. Gave claimants transparency.

290 hours from chaos to centralized case management.

Building a legal tech MVP for your firm?

We specialize in HIPAA-compliant case management platforms for legal and healthcare industries. From discovery to launch in 8-12 weeks.

Schedule a Discovery Call
← Back to Blog