Case Study 07: VitalGov Health Services — Scenario Paper

AI-Generated Content — Use for Reference Only

This content is AI-generated and has only been validated by AI review processes. It has NOT been reviewed or validated by certified Salesforce CTAs or human subject matter experts. Do not rely on this content as authoritative or completely accurate. Use it solely as a reference point for your own study and preparation. Always verify architectural recommendations against official Salesforce documentation.

Practice Information

Difficulty: Advanced (Full Board Simulation — Hardest Scenario) Domain weights: D1 System Arch: HEAVY | D2 Security: HEAVY | D3 Data: HEAVY | D4 Solution: MEDIUM | D5 Integration: HEAVY | D6 Dev Lifecycle: MEDIUM | D7 Communication: MEDIUM Designed for 180-minute prep window

Before You Start

Print this scenario. Read it twice using the Two-Pass Reading Method — once for understanding, once to extract implicit requirements. Build all 9 artifacts within the 180-minute window.

Project Overview

VitalGov Health Services (VHS) is a state-level health department in the southeastern United States, serving 8 million residents. VHS administers four major public health programs: Medicaid enrollment and eligibility, disease surveillance for reportable conditions, the Women Infants and Children (WIC) nutrition program, and vital records (births and deaths).

Agency profile:

Attribute	Detail
Jurisdiction	US state, 8 million residents
Employees	3,200 state employees across 5 facilities
Facilities	Central HQ + 4 regional offices
Medicaid beneficiaries	2.1 million active enrollments
WIC participants	180,000 active
County health departments	62 (independent IT, varying maturity)
Healthcare provider network	4,500 enrolled providers
Technology modernization budget	$45 million over 3 years

The Governor has authorized a 3-year, $45M technology modernization program to replace fragmented legacy systems with a unified constituent engagement platform. The program must comply with FedRAMP Moderate (required for state agencies receiving federal funding) and HIPAA (all programs handle protected health information).

State CIO (Dr. Angela Torres): “We have five disconnected systems built across three decades. A mother enrolling in WIC cannot see her Medicaid status. A disease outbreak requires manual calls to 62 counties. This modernization is about constituent outcomes, not technology.”

State CISO (Marcus Williams): “FedRAMP Moderate is non-negotiable — our federal funding depends on it. Every system touching PHI must meet HIPAA. And we have 62 county health departments, each with their own Active Directory. Identity is our biggest headache.”

Medicaid Director (Patricia Hernandez): “We process 15,000 eligibility determinations per day. MMIS is a 20-year-old mainframe running COBOL. It cannot be replaced during this project, but our caseworkers need modern tools to interact with it.”

Epidemiology Director (Dr. James Park): “When a reportable disease case comes in, I need to notify the CDC within 24 hours. Right now that involves three systems and manual data entry. During an outbreak, we need real-time situational awareness across all 62 counties.”

Current State

Medicaid Management Information System (MMIS) — 20 years old

• IBM z/OS mainframe running COBOL batch programs
• Processes 15,000 eligibility determinations/day via nightly batch
• 2.1 million active beneficiary records, 45 million historical claims
• No real-time API; all interactions via 3270 terminal emulation or batch file transfer
• CMS (federal) mandates MITA compliance; replacement planned in 5-7 years
• Caseworkers use terminal screens for eligibility lookup — 4-minute average per lookup

State Vital Records System — 15 years old

• Oracle 11g database, custom Java web application
• 130,000 birth registrations and 75,000 death registrations annually
• Connected to Social Security Administration (SSA) and state courts
• On-premises; no cloud connectivity; data extracts via nightly Oracle exports

WIC Management Information System (WIC MIS) — 10 years old

• Custom Java application on aging application servers
• 180,000 active participants; 12,000 new enrollments per month
• USDA-mandated data reporting (monthly FNS-798 reports)
• EBT card integration for benefit disbursement
• No integration with Medicaid (participants often dual-enrolled)

Immunization Information System (IIS) — 8 years old

• CDC-connected via HL7 2.5.1 messaging
• 28 million immunization records for state residents
• Healthcare providers submit via HL7 or manual web portal entry
• Queries from providers average 8,000/day

County Health Department Systems

• 62 independent county health departments with varying IT maturity
• 15 counties use modern EHR systems; 22 use legacy custom databases; 25 use spreadsheets
• All counties submit disease surveillance reports — currently via SFTP (42 different file formats) or fax
• County employees are not state employees — separate employment, budgets, and IT governance
• Each county has its own Active Directory or identity provider

Identity Landscape

User Population	Count	Current Identity	Authentication
State employees	3,200	Okta (state IdP)	SAML 2.0 + MFA
County health workers	4,800	62 county Active Directories	Varies by county
Healthcare providers	4,500	NPI-based registration	Username/password
Medicaid beneficiaries	2.1M	None (walk-in or phone)	N/A
WIC participants	180K	None (in-person at clinics)	N/A
Public (vital records requests)	Variable	ID.me identity verification	NIST IAL2

External Systems and Integration Volumes

System	Function	Protocol	Volume
MMIS (mainframe)	Medicaid eligibility, claims	3270/batch files	15,000 determinations/day
CDC BioSense Platform	Disease surveillance reporting	HL7 FHIR R4	Real-time + daily batch
CMS MITA Hub	Medicaid federal reporting	X12 EDI 837/835	Weekly batch
SSA	Death record verification	SFTP batch	Nightly
USDA FNS	WIC federal reporting	FNS-798 flat files	Monthly
State vital records (Oracle)	Birth/death registration	DB extract	Nightly batch
WIC MIS	Participant management	REST (limited)	12,000 enrollments/month
IIS (immunization)	Immunization records	HL7 2.5.1	8,000 queries/day
Electronic Case Reporting (eCR)	Provider disease reports	HL7 FHIR (eICR)	500-2,000/day (variable)
62 county SFTP feeds	Surveillance data	SFTP (42 formats)	Daily
ID.me	Public identity verification	OIDC	Variable
State ERP (PeopleSoft)	Financial management	SOAP	Monthly
Estimated total			~50,000 transactions/day normal; 500,000+/day during outbreak

Business Requirements

Constituent Services (Req 1-5)

1. Unified constituent profile across all programs — a single view showing Medicaid enrollment, WIC participation, immunization history, and vital records for each resident
2. Online Medicaid eligibility pre-screening and application submission reducing in-person visits by 40%
3. WIC appointment scheduling, benefit balance inquiry, and clinic locator via web and mobile
4. Public vital records request portal with identity verification and secure document delivery
5. Constituents interact through a single portal — not four separate program websites

Medicaid Operations (Req 6-9)

6. Modern caseworker interface for eligibility determination with real-time MMIS data (replacing terminal emulation)
7. Support 15,000 eligibility determinations per day with sub-5-second response for beneficiary lookup
8. Automated renewal processing: identify expiring enrollments 90 days in advance and initiate outreach
9. Provider enrollment and credentialing management for 4,500 healthcare providers

Disease Surveillance (Req 10-14)

10. Electronic case reporting from healthcare providers replacing fax-based reporting
11. County health departments submit and query surveillance data through a modern interface
12. CDC reporting within 24 hours of reportable condition confirmation
13. Outbreak management: real-time dashboards, contact tracing workflows, resource allocation
14. Surge capacity: system must handle 10x normal volume during a public health emergency

WIC Program (Req 15-17)

15. Integration between WIC and Medicaid to auto-identify eligible participants (cross-program enrollment)
16. Clinic scheduling, nutrition assessment tracking, and benefit issuance workflows
17. USDA-compliant reporting with audit trail

Vital Records (Req 18-20)

18. Online birth and death certificate request with identity-verified document delivery
19. Integration with SSA for death record verification (currently 72-hour lag, target same-day)
20. Court-ordered amendments tracked with full audit history

Security and Compliance (Req 21-28)

21. FedRAMP Moderate authorization for all cloud components
22. HIPAA compliance for all PHI — encryption at rest and in transit, access logging, BAA required
23. Role-based access: Medicaid caseworkers cannot see WIC clinical notes; WIC staff cannot see Medicaid claims
24. County health workers access only their county data plus statewide aggregate surveillance dashboards
25. Healthcare providers see only their own patients and submitted reports
26. Beneficiary data accessible only by authorized program staff with need-to-know
27. Complete audit trail for all PHI access meeting HIPAA and state retention requirements (7 years)
28. Section 508 accessibility compliance for all public-facing and employee-facing interfaces

Integration (Req 29-33)

29. MMIS integration must not modify the mainframe — read-only screen scraping or file-based integration
30. Support HL7 2.5.1 (legacy IIS), HL7 FHIR R4 (CDC, eCR), X12 EDI (CMS), and flat-file (USDA) protocols
31. County data ingestion must normalize 42 different file formats into a standard surveillance schema
32. System must function during MMIS planned maintenance windows (weekends) with graceful degradation
33. All integrations must include error handling, retry logic, and dead-letter queuing

Governance (Req 34-37)

34. State procurement rules: all technology must be on the state-approved vendor list or receive waiver
35. Change management with separation of duties between development, testing, and production deployment
36. Quarterly security assessments aligned with FedRAMP continuous monitoring requirements
37. Disaster recovery: RPO 4 hours, RTO 8 hours for all critical systems

Constraints

1. MMIS mainframe cannot be replaced or modified during this project — integration only
2. FedRAMP Moderate requires Salesforce Government Cloud (GovCloud)
3. County health departments are independent agencies — VHS cannot mandate their internal IT choices
4. All PHI must remain within CONUS (continental US) data centers
5. State procurement cycle: 6-9 months for contracts over $1M; existing state contracts preferred
6. Staff technical capacity is limited — 22 internal IT staff total (8 developers, 6 infrastructure, 4 security, 4 management)
7. 62 county formats must be supported as-is during year 1; standardization incentive program in year 2
8. Federal funding (60% of Medicaid IT costs) requires CMS approval for technology changes

Stakeholders

Role	Name	Key Concern
State CIO	Dr. Angela Torres	Unified constituent experience; federal compliance
State CISO	Marcus Williams	FedRAMP + HIPAA; identity management for 62 counties
Medicaid Director	Patricia Hernandez	Caseworker productivity; MMIS integration reliability
Epidemiology Director	Dr. James Park	Outbreak response speed; CDC reporting compliance
WIC Director	Maria Santos	Cross-program enrollment; USDA reporting
Vital Records Registrar	Robert Chen	Public portal security; SSA integration
Deputy CIO — Infrastructure	Kevin O’Brien	Disaster recovery; GovCloud operations
County Health Officers (62)	Various	Minimal disruption; data access for their county
CMS Regional Office	Federal oversight	MITA compliance; federal funding conditions
Governor’s Office	Political leadership	Constituent satisfaction; budget accountability

Budget and Timeline

Phase	Budget	Timeline
Phase 1: Foundation + Medicaid	$18M	Months 1-14
Phase 2: Disease Surveillance + County Integration	$12M	Months 10-24
Phase 3: WIC + Vital Records + Public Portal	$10M	Months 18-32
Contingency + FedRAMP assessment costs	$5M	As needed
Total	$45M	36 months

IT staff: 22 internal (8 developers, 6 infrastructure, 4 security, 4 management). SI partner: FedRAMP-experienced integrator with 25-person team (must be on state contract or receive procurement waiver). CMS provides 60% federal match for Medicaid-related technology costs.

Known Risks

• Mainframe integration fragility: MMIS has no API — screen scraping or batch files only; mainframe maintenance windows cause downtime
• 62 county identity federation: Each county has its own IdP; no centralized directory; some counties have 5 employees, others have 500
• FedRAMP timeline: Authorization can take 12-18 months; GovCloud availability may constrain feature set
• Outbreak surge: 10x volume surge during public health emergencies requires elastic architecture
• Cross-program data sharing: HIPAA minimum necessary rule limits what Medicaid data WIC can see and vice versa
• County adoption: Counties are independent; cannot be forced to adopt new processes
• State procurement: 6-9 month procurement cycles may delay SI partner engagement

Deliverables

Present all 9 CTA solution artifacts in 30 minutes + 30-minute Q&A:

1. System Landscape
2. Data Model / ERD
3. Role Hierarchy & Sharing Model
4. Integration Architecture
5. Identity & SSO
6. Data Migration Strategy
7. Governance Framework
8. Environment Strategy
9. Phased Delivery Roadmap

Board Strategy

This is the hardest scenario in the study set. The dual-compliance environment (FedRAMP + HIPAA), 62-county identity federation, mainframe integration constraint, and outbreak surge requirements create intersecting complexity. Identify your 3-4 highest-risk decisions and demonstrate deep trade-off reasoning.

Key Implicit Requirements

GovCloud limits available Salesforce features (check compatibility). HIPAA minimum necessary principle means cross-program data access must be field-level, not record-level. County identity federation at scale (62 IdPs) requires a hub-and-spoke pattern, not 62 individual SSO configurations. The mainframe constraint means all MMIS integration is read-heavy with eventual consistency. Outbreak surge (10x) demands architecture that scales horizontally without re-architecture.