Skip to content
SF CTA Study Hub

Case Study 02: CareBridge Presentation Notes

AI-Generated Content — Use for Reference Only

This content is AI-generated and has only been validated by AI review processes. It has NOT been reviewed or validated by certified Salesforce CTAs or human subject matter experts. Do not rely on this content as authoritative or completely accurate. Use it solely as a reference point for your own study and preparation. Always verify architectural recommendations against official Salesforce documentation.

Presentation Context

Format: 45-minute presentation + 30-minute Q&A Opening strategy: Lead with HIPAA compliance — it is the non-negotiable that shapes every decision

Presentation Structure (45 Minutes)

Opening (3 min)

“CareBridge is a 3-hospital, 25-clinic healthcare system with 8,500 employees, 1.2M patient records, and a mandate: unified patient visibility while maintaining continuous HIPAA compliance. Every decision I present is shaped by that compliance requirement.”

State platform choice: Health Cloud (care plan/care team/health timeline map to standard data model, BAA coverage from day one). State top 3 risks: HIPAA across 7+ integration points, Meditech decommission with 15% duplicates and 16-month deadline, 400K-user portal replacing a vulnerable system.

System Landscape (4 min)

Walk left to right: Health Cloud + Shield center, MuleSoft integration hub left, external systems right grouped by pattern (Epic FHIR, Labs HL7v2, RPM/Kronos/DocuSign REST). Key point: “MuleSoft is justified — 7 targets, 3 protocols, HIPAA audit on every data flow.”

Data Model (3 min)

Person Accounts for patients. Standard Health Cloud objects: CarePlan, CareTeam, Encounter, Referral. Custom objects only for RPM_Reading, RPM_Alert, Consent_Record. Highlight Health Timeline as a UI component reading from multiple objects, not a storage object.

Security Model (8 min — longest section)

OWD (2 min): “Account is Private because no two user types see the same patient population. Private OWD with targeted sharing rules is the only model that enforces all access patterns simultaneously.”

Sharing walk-through (3 min): Physicians: criteria-based (Department). Specialists: Apex-managed (referral-triggered, dynamic). Hospital nurses: criteria-based (Unit). Home health: Apex-managed (Kronos daily sync). Care coordinators: criteria-based (Care Program). Patient Access: FLS (demographics only). Revenue Cycle: FLS (encounters + Dx only). External providers: sharing set (own referrals only).

VIP (1 min): Restriction Rules run AFTER sharing model. Only VIP_Access permission set bypasses. Addresses CCO audit concern.

Shield (2 min): BYOK encryption (Req 6), Field Audit Trail 7-year retention (Req 7), Event Monitoring for 90-day access reports.

Integration Architecture (7 min)

Present by business value: Epic FHIR (3 min): Bidirectional via MuleSoft. Demographics out via CDC, clinical data in via FHIR Subscriptions. Health Timeline uses on-demand read — displayed but NOT persisted (avoids PHI duplication). Labs (1 min): HL7v2 ORU via MLLP, 3,300/day. RPM (2 min): 5-min polling, threshold alerting via Apex trigger, replaces manual dashboard monitoring. Kronos + DocuSign (1 min): Daily schedule sync + webhook for signed documents.

Data Migration (5 min)

The problem: 850K patients, 15% duplicates, 11% incomplete insurance, 3 MRN formats, 40% overlap with Epic. The approach: 4 phases (profile/cleanse, historical load in hot/warm/cold tiers, parallel run, decommission). Emphasis on MPI and survivorship rules. Timeline: decommission month 14, vendor support ends month 16 — 2 months buffer.

Identity + Environment + Governance (6 min)

Identity (2 min): Employees via SAML 2.0 + Entra ID + JIT. Patients via Experience Cloud Identity + MFA. External providers via Partner Community + MFA. iPads in MDM with remote wipe.

Environment (2 min): 6 sandboxes, CI/CD via GitHub Actions + SF CLI, 80% test coverage gate, PHI masked in all non-production (Data Mask).

Governance (2 min): CAB with clinical impact assessment. Monthly release cadence post-go-live.

Roadmap (4 min)

Walk through Gantt emphasizing sequencing logic: Foundation -> Clinical value for physicians -> Portal + Mobile -> Advanced. Migration runs in parallel.

Close (2 min)

Three key trade-offs: (1) MuleSoft adds cost but 7 integrations across 3 protocols with HIPAA audit cannot be managed point-to-point. (2) Apex-managed sharing is more complex but dynamic referral and schedule-driven access requires it. (3) Health Timeline fetches on-demand from Epic — adds latency but avoids PHI duplication.

“This architecture gives CareBridge unified patient visibility for every role, continuous HIPAA compliance, and a 24-month path with 2 months of buffer on the Meditech deadline.”

Whiteboard Drawing Order

  1. Health Cloud center (anchor)
  2. Shield layer around it (compliance is foundational)
  3. Experience Cloud + Mobile extending (user channels)
  4. MuleSoft left (integration hub)
  5. External systems through MuleSoft
  6. Entra ID + patient auth top (identity layer)
  7. Meditech bottom with arrow through Informatica (migration path)

Anti-Patterns

  • Do NOT spend more than 8 min on security — save detail for Q&A
  • Do NOT describe Epic integration in clinical terminology — focus on data flows
  • Do NOT skip migration timeline — judges check Meditech fits 16-month window
  • Do NOT forget Data Mask for non-production environments