Case Study 02: CareBridge Health System (Paper)

AI-Generated Content — Use for Reference Only

This content is AI-generated and has only been validated by AI review processes. It has NOT been reviewed or validated by certified Salesforce CTAs or human subject matter experts. Do not rely on this content as authoritative or completely accurate. Use it solely as a reference point for your own study and preparation. Always verify architectural recommendations against official Salesforce documentation.

Practice Information

Before You Start

Print this scenario. Read it twice using the Two-Pass Reading Method — once for understanding, once to extract implicit requirements. Build all 9 artifacts within the 180-minute window.

Project Overview

CareBridge Health System is a regional healthcare system headquartered in Charlotte, NC, serving communities across the US Southeast. Founded 35 years ago as a single community hospital, CareBridge has grown through acquisitions into a multi-facility network.

Company profile:

Attribute	Detail
Industry	Healthcare — Hospital System, Outpatient Clinics, Home Health
Headquarters	Charlotte, NC
Employees	8,500 (2,000 physicians, 3,500 facility nurses, 200 home health nurses, 1,200 admin, 800 IT, 1,000 other clinical)
Facilities	3 hospitals, 25 outpatient clinics across 4 counties (NC and SC)
Active patient records	1.2 million
Annual encounters	3.5 million (growing 8% annually)
Registered portal users	400,000 patients
Remote monitoring patients	5,000 enrolled (growing 200/month)

The CEO has authorized a $12 million, 24-month enterprise transformation to replace their legacy patient management system and custom patient portal with a unified platform. Executive sponsors: CIO, CMO, and CNO.

Stakeholder Quotes

CIO: “We need a single view of the patient that every authorized member of the care team can access — whether in the hospital, at a clinic, or visiting a patient’s home. But access must be role-appropriate. A scheduling clerk should never see clinical notes.”

CMO (Dr. Torres): “Our physicians lose 90 minutes per day toggling between systems. I need to see a patient’s last three visits, current medications, active problems, and pending lab orders without opening Epic separately.”

CNO (Maria Santos): “Home health is our fastest-growing division. Those nurses are driving between rural homes with unreliable cell service. They need to be self-sufficient on their mobile device for the entire day.”

CCO (James Park): “After the VIP incident last year, the board is very focused on access controls. I need to run a report at any time showing who accessed a specific patient’s record in the last 90 days and prove that inappropriate access was impossible.”

Current Technology Landscape

Epic EHR (Clinical System of Record)

Epic is the primary clinical system, implemented 6 years ago ($45M). It manages clinical encounters, physician orders, medication administration records, clinical notes, and problem lists. Epic will remain the clinical system of record.

Exposes data via Epic FHIR R4 APIs (read/write) and legacy HL7v2 feeds
3.5M encounters/year; supports Patient, Encounter, Observation, MedicationRequest, DiagnosticReport, Condition resources
Epic Subscription API supports real-time notifications; OAuth 2.0 with SMART on FHIR scopes
MyChart patient portal used by some departments; leadership wants a unified portal across clinical and non-clinical
Epic Interconnect middleware handles HL7v2 message routing; Caboodle data warehouse for clinical analytics

Meditech (Legacy — Being Decommissioned)

Retained from two hospital acquisitions 8 years ago for administrative functions: demographics, insurance, scheduling, referral tracking. Vendor ends support in 16 months.

850,000 unique patients, 2.1M encounters, 4.5M referral records (8 years of data)
Data quality issues: 15% duplicate patients, 11% incomplete insurance, inconsistent MRN formatting across facilities (Hospital A: numeric 8-digit; Hospital B: alphanumeric with facility prefix)
~40% patient overlap with Epic; 3% orphaned referral records (patient IDs no longer exist)
No modern API — flat-file export only (fixed-width format) or direct database queries
Referral data stored in denormalized flat table; some referrals reference departed providers

Laboratory Interfaces

LabCorp (primary reference lab): 2,500 HL7v2 ORU results/day
Quest Diagnostics (specialized panels): 800 HL7v2 ORU results/day
Both deliver to Epic via HL7v2 through Epic Interconnect; lab results needed in new platform for holistic care coordination
Critical value alerts must remain through Epic — no parallel notification path
~2% of results arrive with patient identifier mismatches (manual reconciliation)

Other Clinical Systems

Cerner PharmNet: Medication dispensing across 3 hospitals; interfaces with Epic. No direct integration needed, but medication data from Epic should be visible.
GE Centricity PACS: Radiology imaging. Reports flow to Epic as HL7v2 ORU. Radiology availability should surface in patient health timeline.

Kronos (Workforce Management)

Manages nurse scheduling and time tracking for all nursing staff. Home health division uses Kronos for daily patient visit schedules with geographic routing.

Home health nurses average 15-20 patient visits/day across ~3,800 square miles
Schedules finalized by 8 PM prior evening, occasionally updated by 6 AM
REST API (v3.2, OAuth 2.0) for schedule retrieval; includes patient ID, address, appointment window, visit type, estimated duration

Custom Patient Portal (Legacy — Being Replaced)

10-year-old Java/Apache Struts portal serving 400,000 users. Known security vulnerabilities.

99.2% uptime (target: 99.9%); patient satisfaction 2.8/5.0; 62% mobile access but not responsive
Username/password only (no MFA); 2.3M historical messages (5 years); Stripe bill payment via iframe
Peak: 18,000 DAU, 2,200 concurrent sessions (Monday 8-10 AM)
Portal dev team (3 Java developers) will be retrained; no new external hires

Remote Patient Monitoring (Philips)

5,000 patients enrolled with blood pressure, glucose, pulse oximeter, and weight scale devices transmitting via cellular to Philips HealthSuite.

15,000 readings/day (3 per patient); growing to ~7,400 patients in 12 months
REST API (JSON, OAuth 2.0); rate limit 1,000 req/min, 100 readings per request
Per-patient alert thresholds; RPM nurses (team of 8) currently monitor a separate Philips dashboard
Generates $2.8M annually in CMS RPM reimbursement (CPT 99453, 99454, 99457, 99458) — accurate time tracking required

Identity and Access Management

Employees (8,500): Microsoft Entra ID; SSO via SAML 2.0/OIDC; MFA enforced; Entra groups map to departments/roles
Patients (400,000): Proprietary username/password database; no federation; ~12,000 dormant accounts
External providers: No portal access today; referral status communicated via fax/phone

DocuSign

Used for patient consent forms, HIPAA authorizations, and telehealth consent (~50,000 docs/year). Signed documents must be linked to patient records and retained 10 years per state requirements.

Regulatory Requirements

HIPAA: Privacy Rule, Security Rule, Breach Notification Rule. BAA required with every cloud vendor handling PHI.
HITECH Act: Meaningful use requirements for EHR and patient data access
State regulations: NC and SC have different consent requirements, breach notification timelines, and retention periods (NC: 11 years; SC: 10 years)
Multi-state nurse licensing: 200 home health nurses may hold licenses in NC, SC, or both under the Nurse Licensure Compact. System must track and enforce.

Departmental Structure

Clinical departments: Cardiology, Oncology, Orthopedics, Neurology, Primary Care — each with distinct physician/specialist populations
Nursing: Organized by unit (ICU, Med/Surg, ED, L&D) for hospitals; by geographic zone for home health
Care Coordination: Cross-departmental team managing care transitions, referrals, post-discharge follow-up
Patient Access: Scheduling, registration, insurance verification — sees demographics but NOT clinical data
Revenue Cycle: Billing, coding, claims — sees encounter details and diagnoses but NOT full clinical notes

Referral Network

Internal referrals between departments + external referrals to/from 350 community physicians and 40 specialty practices
8,000 referrals/month (25% external); external providers need limited referral status view only
Current turnaround: 6.5 days average; target: 2 days

Business Requirements

Open-Ended Requirements

These requirements describe WHAT the business needs, not HOW to implement.

Patient Data Management (Req 1-5)

Unified patient view consolidating clinical and administrative sources with role-appropriate display
Care plans with goals, tasks, milestones, and care team assignments spanning encounters and facilities
Patient health timeline showing chronological encounters, lab results, medications, vital signs, care plan updates from platform and clinical system
Care team composition tracking (primary physician, specialists, nurses, coordinators, social workers) with effective dates
Patient demographics maintained in a single system of record, synchronized across connected systems

Security and Compliance (Req 6-11)

PHI encrypted at rest and in transit; encryption keys managed by CareBridge, not the vendor
Immutable audit trail of every access, modification, and deletion — retained minimum 7 years
Role-based data access per user type (physicians by department, nurses by unit/zone, specialists by referral, care coordinators by program, Patient Access demographics only, Revenue Cycle encounters/Dx only, external providers referral status only)
VIP/sensitive patient restriction layer limiting visibility to directly assigned care team
Multi-state nurse licensing tracked and enforced for home health assignments
Consent forms electronically captured, linked to patient records, retained per state mandates

Patient Portal (Req 12-16)

Modern mobile-responsive portal for 400,000 users: scheduling, lab results, messaging, bill pay, education
Patient authentication with email/password + MFA and social identity providers
Patients view data from both clinical system and new platform in unified experience
99.9% uptime
Message response SLA tracking (urgent: 4 hours, routine: 48 hours)

Home Health Mobile (Req 17-20)

Mobile access to patient history, care plans, and visit schedules including offline
Visit documentation captured on mobile and synced on connectivity restoration; no data loss
Route optimization presenting daily visits in geographic sequence
Remote wipe capability for lost/stolen devices (PHI protection)

Integration (Req 21-26)

Bidirectional clinical system integration (demographics/care plans out, encounters/results in)
External lab results accessible alongside other patient data
RPM vitals flow into platform with automated threshold alerting
Daily nurse visit schedule from workforce management available in mobile experience
Consent documents electronically signed, auto-linked, stored per retention rules
All PHI integrations use encrypted transport, certificate/OAuth authentication, complete audit trail

Data Migration (Req 27-31)

All historical Meditech data migrated preserving data lineage and audit history
Duplicate patients identified and merged with defined survivorship strategy before go-live
4.5M referral records migrated with source, status, dates, and linked relationships preserved
Migration completed before vendor end-of-support (16-month deadline)
Parallel-run period validating data integrity before decommission

Referral Management (Req 32-35)

Internal referral lifecycle tracking with SLA monitoring against 2-day target
External providers: secure limited-access referral status view (no full patient record)
Auto-routing rules based on referral reason, insurance, patient location
Analytics: turnaround time, completion rates, leakage by department and provider

Reporting & Analytics (Req 36-38)

Clinical dashboards: care plan adherence, readmission rates, referral turnaround, RPM alert response
Compliance dashboards: VIP access audits, consent completion, license expiration alerts
Operational dashboards: portal usage, home health visit completion, integration health

Governance and Delivery (Req 39-44)

Environment strategy supporting concurrent development, testing, training, production
Governance model defining data ownership, change management, release management
Scale for 8% annual growth in patient volume for 5+ years
Role-specific training completed before each phase go-live
Phased delivery — no big-bang cutover that impacts patient care
Clinical impact assessment required before all production changes

Constraints

Budget: $12M over 24 months (licensing, implementation, migration, integration, training, 12 months managed support)
Timeline: 24 months to full go-live; Meditech decommission by month 16
Clinical continuity: No phase go-live may cause >2 hours downtime
Epic is non-negotiable: Must complement, not replace
Compliance: Platform vendor must execute BAA; HIPAA-compliant from day one
Mobile devices: CareBridge provisions iPads; solution must run on iPadOS
Data residency: All patient data in US-based data centers
Staff capacity: 6 IT FTEs (2 SF admins, 2 devs, 1 integration specialist, 1 data migration specialist) + 4 clinical SMEs
Change freeze: Last 2 weeks of December + first week of January
Union: 90-day notice before implementing technology changing daily nursing workflows

Risk Register

#	Risk	Likelihood	Impact
R1	Meditech decommission misses 16-month deadline	Medium	Critical
R2	Deduplication reveals higher-than-expected duplicate rate	Medium	High
R3	Physician adoption resistance	High	High
R4	Offline sync data loss for home health	Low	Critical
R5	Patient portal migration causes service disruption	Medium	High
R6	RPM alert latency exceeds clinical threshold	Low	High
R7	Integration point failure cascading to clinical workflows	Medium	Critical
R8	Budget overrun due to integration complexity	Medium	Medium

Deliverables

Produce the following 9 artifacts and present them to the review board:

System Landscape Diagram — all systems and connections
Data Model / ERD — core patient-centric objects and relationships
Role Hierarchy and Sharing Model — access enforcement per user type
Integration Architecture — patterns, protocols, data flows per integration point
Identity and Access Management — employee SSO, patient auth, external provider access
Data Migration Strategy — Meditech to new platform with dedup and quality remediation
Governance Framework — data ownership, change management, release management
Environment Strategy — sandbox topology, CI/CD, deployment model
Phased Delivery Roadmap — sequenced phases with dependencies and go-live criteria

Implicit Requirements

Pay special attention to:

BAA required with every vendor handling PHI (Salesforce, Philips, DocuSign, middleware)
400,000 portal users need credential migration and re-authentication strategy
RPM CMS billing codes (CPT 99453/99454/99457/99458) require precise time tracking
3% orphaned Meditech referrals reference nonexistent patient IDs — must be handled in migration
350+ external physicians need portal access for referral status — no portal exists today
MRN normalization across 3 hospital systems is a master patient index challenge pre-migration
3,000-4,000 visit records created offline daily must sync without data loss or conflict
Epic clinical data: fetch-on-demand vs. persist decision affects PHI duplication and compliance surface

Time Management

Allocate your 180 minutes:

30 min: Read and extract requirements (two passes)
20 min: Security model (Req 6-11)
20 min: Integration architecture (Req 21-26)
20 min: Data migration strategy (Req 27-31)
15 min: System landscape and data model
15 min: Identity and access management
15 min: Environment strategy and governance
20 min: Phased delivery roadmap
25 min: Review and prepare presentation talking points