Skip to content
theCodeFlash

Case Study 2: CareBridge Health System - Presentation Notes

Work in Progress

This content is currently being reviewed for accuracy and will be updated soon.

Presentation Guide

This page turns the worked solution into a boardroom delivery outline. Use it after you have completed the case study and reviewed the reference solution.

Presentation Snapshot

FieldDetail
Open afterWorked Solution
Format45-minute presentation + 45-minute Q&A
Study roleRehearse structure, timing, and transitions
Related pagesCase Study Overview, Scenario Paper, Q&A Preparation

Presentation Focus

Lead with HIPAA compliance because it is the non-negotiable that shapes every architecture decision in the case.

Opening (3 min)

“CareBridge is a 3-hospital, 25-clinic healthcare system with 8,500 employees, 1.2M patient records, and a mandate: unified patient visibility while maintaining continuous HIPAA compliance. Every decision I present is shaped by that compliance requirement.”

State platform choice: Health Cloud (care plan/care team/health timeline map to standard data model, BAA coverage from day one). State top 3 risks: HIPAA across 7+ integration points, Meditech decommission with 15% duplicates and 16-month deadline, 400K-user portal replacing a vulnerable system.

System Landscape (4 min)

Walk left to right: Health Cloud + Shield center, MuleSoft integration hub left, external systems right grouped by pattern (Epic FHIR, Labs HL7v2, RPM/Kronos/DocuSign REST). Key point: “MuleSoft is justified - 7 targets, 3 protocols, HIPAA audit on every data flow.”

Data Model (3 min)

Person Accounts for patients. Standard Health Cloud objects: CarePlan (standard object, not legacy Case-based), CareTeam, ClinicalEncounter, Referral, HealthcareProvider. Custom objects for RPM_Reading, RPM_Alert, RPM_Device, Consent_Record, Nurse_License. Highlight Health Timeline as a UI component reading from multiple objects via Salesforce Connect virtual FHIR adapter, not a storage object.

Security Model (8 min - longest section)

OWD (2 min): “Account is Private because no two user types see the same patient population. Private OWD with targeted sharing rules plus Apex-managed sharing is the only model that enforces all access patterns simultaneously.”

Sharing walk-through (3 min): Physicians: criteria-based (Department). Specialists: Apex-managed on Account (referral acceptance trigger inserts AccountShare row, episode close removes it). Hospital nurses: criteria-based (Unit). Home health nurses: Apex-managed on Account, per-patient daily rebuild driven by Kronos 5 AM schedule sync (not zone-based — assignment-level sharing satisfies Req 26 “assigned patients only”). RPM nurses (8): criteria-based on RPM_Enrolled__c = true. Care coordinators: criteria-based (Care Program). Patient Access: FLS (demographics only). Revenue Cycle: FLS (encounters + Dx only). External providers: sharing set (own referrals only).

VIP (1 min): Apex-managed sharing cleanup pattern. Private OWD provides no default access; a VIP trigger deletes criteria-based and Apex-managed share rows for VIP-flagged patients and re-inserts Apex-managed share rows only for users with a direct CareTeamMember record or the VIP_Override permission set. Restriction Rules are not supported on the Account standard object, so the cleanup trigger is the correct alternative. Every VIP share change and break-glass access logs to Shield Event Monitoring. Addresses CCO audit concern.

Shield (2 min): BYOK encryption (Req 8), Field Audit Trail 7-year retention (Req 9), Event Monitoring for the CCO 90-day access report. EventLogFile retention is 30 days without Shield and 1 year with Shield Event Monitoring; logs are exported daily to S3 for the 7-year HIPAA requirement.

Integration Architecture (7 min)

Present by business value. Epic FHIR (3 min): Split pattern — demographics outbound from Health Cloud via Change Data Capture / Pub/Sub API through MuleSoft to Epic; clinical data inbound is on-demand via Salesforce Connect virtual FHIR adapter, displayed in the Health Timeline but never persisted. Epic FHIR Subscriptions are not used because subscription push plus on-demand read would create duplicate state. Key point: Salesforce masters demographics, Epic remains the uncontested clinical SoR. Labs (1 min): HL7v2 ORU via MLLP, 3,300/day. Dual delivery — Epic Interconnect is the primary destination, MuleSoft listener receives a second copy for the Health Cloud lab view. Epic continues uninterrupted during any MuleSoft outage. RPM (2 min): 5-min polling, threshold alerting via Apex trigger, replaces manual dashboard monitoring. Kronos + DocuSign (1 min): Daily schedule sync (triggers per-patient Apex-managed sharing rebuild) + webhook for signed documents. Platform Event budget: ~28K events/day consumes ~11% of allocation; capacity monitored via PlatformEventUsageMetric. External Client Apps replace Connected Apps for all new system-to-system integrations because Connected App creation is disabled by default starting Spring ‘26.

Data Migration (5 min)

The problem: 850K patients, 15% duplicates, 11% incomplete insurance, 3 MRN formats, 40% overlap with Epic. The approach: 4 phases (profile/cleanse, historical load in hot/warm/cold tiers, parallel run, decommission). Emphasis on MPI and survivorship rules. Timeline: decommission month 14, vendor support ends month 16 — 2 months buffer. Warm tier uses archived standard objects (not Big Objects) because custom Big Objects do not support Shield Platform Encryption, sharing rules, or triggers — a PHI least-privilege dealbreaker. Rollback is reversible: Meditech is placed in controlled read-only mode with a documented DBA runbook to restore writable access; a reverse-sync MuleSoft flow is built and exercised twice during parallel run. File storage: 550K consent PDFs at ~1MB × 10-year retention = ~550GB, accommodated within Health Cloud Enterprise file allocation with S3 archive policy for PDFs older than 3 years.

Identity + Environment + Governance (6 min)

Identity (2 min): Employees via SAML 2.0 + Entra ID + JIT. Patients via Salesforce Customer Identity (External Identity license) with Customer Community login-based licenses at $2/login. External providers via Partner Community + MFA. iPads in MDM with remote wipe. System-to-system via External Client Apps with OAuth 2.0 Client Credentials (Connected App creation disabled Spring ‘26).

Environment (2 min): 6 sandboxes, CI/CD via GitHub Actions + SF CLI, 80% test coverage gate, PHI masked in all non-production (Data Mask). Full Copy pre-mask window controls: restricted admin profile, IP restriction, gated verification script, CCO-monitored access logging — the window when PHI exists unmasked must be explicitly governed, not assumed away.

Governance (2 min): CAB with clinical impact assessment. Monthly release cadence post-go-live. BAA inventory covers Salesforce, MuleSoft (separate), Informatica, DocuSign, Philips, and AWS for the cold-tier archive — 6 BAAs total, reviewed annually.

Roadmap (4 min)

Walk through Gantt emphasizing sequencing logic: Foundation -> Clinical value for physicians -> Portal + Mobile -> Advanced. Migration runs in parallel.

Reporting and Analytics (2 min)

CRM Analytics delivers three dashboard tiers. Clinical: care plan adherence, readmission rates, referral turnaround against the 2-day SLA, RPM alert response times. Compliance: VIP access audits from Shield Event Monitoring, consent completion rates by facility, nurse license expiration alerts. Operational: portal adoption trends, home health visit completion from Kronos sync, integration health from MuleSoft Anypoint Monitoring. RPM CMS billing reports (CPT 99453/99454/99457/99458) pull precise time-tracking data for reimbursement documentation supporting $2.8M annual revenue.

Risk Mitigation (1 min)

Top 3 risks and mitigations: (1) Meditech 16-month deadline: decommission targets month 14 with 2 months of buffer; parallel run validates before cutover. (2) 15% patient duplicates: Informatica CDQ profiling starts month 1; composite matching key plus fuzzy matching with clinical SME validation. (3) Physician adoption: Phase 2 delivers clinical value first (90-minute daily time savings per CMO quote); physician champions embedded in UAT.

Close (2 min)

Three key trade-offs: (1) MuleSoft adds cost, but 7 integrations across 3 protocols with HIPAA audit cannot be managed point-to-point. (2) Apex-managed sharing is more complex, but dynamic referral and schedule-driven access requires it. (3) Health Timeline fetches on-demand from Epic, which adds latency but avoids PHI duplication.

“CareBridge gets unified patient visibility for every role, continuous HIPAA compliance, and a 24-month path with 2 months of buffer on the Meditech deadline.”

Whiteboard Drawing Order

  1. Health Cloud center (anchor)
  2. Shield layer around it (compliance is foundational)
  3. Experience Cloud + Mobile extending (user channels)
  4. MuleSoft left (integration hub)
  5. External systems through MuleSoft
  6. Entra ID + patient auth top (identity layer)
  7. Meditech bottom with arrow through Informatica (migration path)

Anti-Patterns

  • Do NOT spend more than 8 min on security - save detail for Q&A
  • Do NOT describe Epic integration in clinical terminology - focus on data flows
  • Do NOT skip migration timeline - judges check Meditech fits 16-month window
  • Do NOT forget Data Mask for non-production environments

Always verify against official Salesforce documentation

This content is study material for CTA exam preparation. Content compiled and presented with AI assistance. Not affiliated with Salesforce.

Personal study notes for the Salesforce CTA exam. Content compiled from VJ's study notes, official Salesforce documentation, community sources, and online publicly available content, then organized and presented with AI assistance. Not affiliated with Salesforce. © 2025–2026 VJ Srivastava.