Case Study 7: VitalGov Health Services - Scenario Paper

Work in Progress

This content is currently being reviewed for accuracy and will be updated soon.

Case Study Prompt

This page is the prompt side of a full-board practice package. Read it first, build your own architecture, and return to the worked assets only after your timed attempt.

Case Study Snapshot

Field	Detail
Start here	This scenario paper
Difficulty	Advanced
Industry	Government and Healthcare
Primary pressure areas	Security, Integration, Data, and Public-Sector Identity
Timing	180 minutes preparation + 45 minutes presentation + 45 minutes Q&A
Coverage available	Case Study Overview, Worked Solution, Presentation Notes, Q&A Preparation
Study flow	Attempt this case study paper first, then review the worked solution, presentation notes, and Q&A preparation after your own attempt.

Recommended Approach

Print this case study. Read it twice using the Two-Pass Reading Method once for the narrative and once for implicit requirements. Then build all nine core artifacts inside the full prep window before you open the support pages.

Project Overview

VitalGov Health Services (VHS) is a state-level health department in the southeastern United States, serving 8 million residents across 62 counties with wide variation in population density and IT maturity. VHS administers four major public health programs: Medicaid enrollment and eligibility, disease surveillance for reportable conditions, the Women Infants and Children (WIC) nutrition program, and vital records (births and deaths).

The political environment is tense. The Governor won re-election partly on a “digital government” platform and has publicly committed to a unified constituent portal by year three. The state legislature appropriated funds with quarterly milestone reporting requirements. CMS (federal Centers for Medicare & Medicaid Services) has flagged the state for MITA non-compliance in two consecutive reviews, placing federal matching funds at risk. County health officers, many of whom are elected officials, have expressed concern about losing control of their data in a state-managed platform.

Agency profile:

Attribute	Detail
Jurisdiction	US state, 8 million residents
Employees	3,200 state employees across 5 facilities
Facilities	Central HQ + 4 regional offices
Medicaid beneficiaries	2.1 million active enrollments
WIC participants	180,000 active
County health departments	62 (independent IT, varying maturity)
Healthcare provider network	4,500 enrolled providers
Technology modernization budget	$45 million over 3 years
Languages served	English, Spanish (~12% of residents), Vietnamese, Korean

The Governor has authorized a 3-year, $45M technology modernization program to replace fragmented legacy systems with a unified constituent engagement platform. The program must comply with FedRAMP High (required for state agencies receiving federal funding and handling PHI at scale) and HIPAA (all programs handle protected health information).

State CIO (Dr. Angela Torres): “We have five disconnected systems built across three decades. A mother enrolling in WIC cannot see her Medicaid status. A disease outbreak requires manual calls to 62 counties. This modernization is about constituent outcomes, not technology.”

State CISO (Marcus Williams): “FedRAMP High is non-negotiable - our federal funding and CMS matching depend on it. Every system touching PHI must meet HIPAA. And we have 62 county health departments, each with their own Active Directory. Identity is our biggest headache.”

Medicaid Director (Patricia Hernandez): “We process 15,000 eligibility determinations per day. MMIS is a 20-year-old mainframe running COBOL. It cannot be replaced during this project, but our caseworkers need modern tools to interact with it. Right now they spend four minutes on every eligibility lookup. Multiply that by 15,000 and ask me why our renewal backlog is six weeks.”

Epidemiology Director (Dr. James Park): “When a reportable disease case comes in, I need to notify the CDC within 24 hours. Right now that involves three systems and manual data entry. During an outbreak, we need real-time situational awareness across all 62 counties. During the last regional outbreak, I had a field team in three counties with no connectivity to our surveillance database.”

WIC Director (Maria Santos): “Our clinic workers see 50 participants per day in rural clinics with unreliable internet. Half our participants are also on Medicaid, but we have no way to verify that without calling the Medicaid office. We lose eligible participants because the enrollment process requires too many visits.”

Vital Records Registrar (Robert Chen): “We process 130,000 births and 75,000 deaths annually. Court-ordered amendments to birth certificates are our highest-risk workflow because they change legal identity documents. Our Oracle system is past end-of-life support, and the team managing it is two people away from retirement.”

Current State

Medicaid Management Information System (MMIS) - 20 years old

• IBM z/OS mainframe running COBOL batch programs
• Processes 15,000 eligibility determinations/day via nightly batch
• 2.1 million active beneficiary records, 45 million historical claims
• No real-time API; all interactions via 3270 terminal emulation or batch file transfer
• CMS (federal) mandates MITA compliance; replacement planned in 5-7 years
• Caseworkers use terminal screens for eligibility lookup - 4-minute average per lookup
• Renewal processing is entirely batch-driven; expiring enrollments are identified weekly, creating a persistent backlog

State Vital Records System - 15 years old

• Oracle 11g database (past end-of-life support since December 2020), custom Java web application
• 130,000 birth registrations and 75,000 death registrations annually
• Connected to Social Security Administration (SSA) and state courts
• On-premises; no cloud connectivity; data extracts via nightly Oracle exports
• Court-ordered amendments average 800/year and require a multi-step approval chain with full audit history
• Only two database administrators remain on staff; both within 3 years of retirement

WIC Management Information System (WIC MIS) - 10 years old

• Custom Java application on aging application servers
• 180,000 active participants; 12,000 new enrollments per month
• USDA-mandated data reporting (monthly FNS-798 reports)
• EBT card integration for benefit disbursement
• No integration with Medicaid (participants often dual-enrolled; estimated 35% overlap)
• Clinic workers in rural locations have intermittent connectivity; no offline capability

Immunization Information System (IIS) - 8 years old

• CDC-connected via HL7 2.5.1 messaging
• 28 million immunization records for state residents
• Healthcare providers submit via HL7 or manual web portal entry
• Queries from providers average 8,000/day

County Health Department Systems

• 62 independent county health departments with varying IT maturity
• 15 counties use modern EHR systems; 22 use legacy custom databases; 25 use spreadsheets
• All counties submit disease surveillance reports - currently via SFTP (42 different file formats) or fax
• County employees are not state employees - separate employment, budgets, and IT governance
• Each county has its own Active Directory or identity provider
• Field epidemiologists and inspectors in rural counties rely on mobile devices with limited connectivity

Identity Environment

User Population	Count	Current Identity	Authentication
State employees	3,200	Okta (state IdP)	SAML 2.0 + MFA
County health workers	4,800	62 county Active Directories	Varies by county
Healthcare providers	4,500	NPI-based registration	Username/password
Medicaid beneficiaries	2.1M	None (walk-in or phone)	N/A
WIC participants	180K	None (in-person at clinics)	N/A
Public (vital records requests)	Variable	ID.me identity verification	NIST IAL2

External Systems and Integration Volumes

System	Function	Protocol	Volume
MMIS (mainframe)	Medicaid eligibility, claims	3270/batch files	15,000 determinations/day
CDC BioSense Platform	Disease surveillance reporting	HL7 FHIR R4	Real-time + daily batch
CMS MITA Hub	Medicaid federal reporting	X12 EDI 837/835	Weekly batch
SSA	Death record verification	SFTP batch	Nightly
USDA FNS	WIC federal reporting	FNS-798 flat files	Monthly
State vital records (Oracle)	Birth/death registration	DB extract	Nightly batch
WIC MIS	Participant management	REST (limited)	12,000 enrollments/month
IIS (immunization)	Immunization records	HL7 2.5.1	8,000 queries/day
Electronic Case Reporting (eCR)	Provider disease reports	HL7 FHIR (eICR)	500-2,000/day (variable)
62 county SFTP feeds	Surveillance data	SFTP (42 formats)	Daily
ID.me	Public identity verification	OIDC	Variable
State ERP (PeopleSoft)	Financial management	SOAP	Monthly
Estimated total			~50,000 transactions/day normal; 500,000+/day during outbreak

Business Requirements

Constituent Services (Req 1-7)

1. Unified constituent profile across all programs - a single view showing Medicaid enrollment, WIC participation, immunization history, and vital records for each resident
2. Online Medicaid eligibility pre-screening and application submission reducing in-person visits by 40%
3. WIC appointment scheduling, benefit balance inquiry, and clinic locator via web and mobile
4. Public vital records request portal with identity verification and secure document delivery
5. Constituents interact through a single portal - not four separate program websites
6. Multilingual support for the public portal in English, Spanish, Vietnamese, and Korean (covering 95%+ of the state’s population)
7. Constituent notification preferences: opt-in SMS, email, and postal mail for renewal reminders, appointment reminders, and eligibility changes

Medicaid Operations (Req 8-13)

8. Modern caseworker interface for eligibility determination with real-time MMIS data (replacing terminal emulation)
9. Support 15,000 eligibility determinations per day with sub-5-second response for beneficiary lookup
10. Automated renewal processing: identify expiring enrollments 90 days in advance and initiate outreach via preferred channel (SMS, email, portal notification)
11. Provider enrollment and credentialing management for 4,500 healthcare providers
12. Caseworker productivity dashboard showing determination volume, average processing time, backlog age, and renewal pipeline
13. Eligibility audit trail: every determination must record the caseworker, data sources consulted, decision rationale, and timestamp for federal audit

Disease Surveillance (Req 14-20)

14. Electronic case reporting from healthcare providers replacing fax-based reporting
15. County health departments submit and query surveillance data through a modern interface
16. CDC reporting within 24 hours of reportable condition confirmation
17. Outbreak management: real-time dashboards, contact tracing workflows, resource allocation
18. Surge capacity: system must handle 10x normal volume during a public health emergency with no degradation to critical workflows (case intake, CDC reporting)
19. Field epidemiologist mobile access to case data with offline capability for areas with limited connectivity
20. Automated outbreak detection alerts based on configurable thresholds (case count by condition, geographic clustering, temporal patterns)

WIC Program (Req 21-24)

21. Integration between WIC and Medicaid to auto-identify eligible participants (cross-program enrollment)
22. Clinic scheduling, nutrition assessment tracking, and benefit issuance workflows
23. USDA-compliant reporting with audit trail
24. Mobile-friendly clinic worker interface with offline data capture for rural clinics with intermittent connectivity

Vital Records (Req 25-29)

25. Online birth and death certificate request with identity-verified document delivery
26. Integration with SSA for death record verification (currently 72-hour lag, target same-day)
27. Court-ordered amendments tracked with full audit history including requestor identity, court order reference, original values, amended values, and approval chain
28. Death-to-benefit cross-reference: when a death record is registered, automatically flag active Medicaid and WIC enrollments for the deceased to prevent benefit fraud
29. Vital records statistical reporting for state legislature (annual birth/death rates by county, demographic breakdowns, trend analysis)

Reporting and Analytics (Req 30-35)

30. Cross-program executive dashboard for State CIO showing enrollment volumes, processing times, compliance status, and county participation rates
31. Program director dashboards with drill-down: Medicaid (eligibility backlog, renewal rates, provider network), Surveillance (case counts by condition, CDC timeliness, county reporting gaps), WIC (enrollment, redemption rates, clinic utilization), Vital Records (processing times, amendment backlog)
32. Federal compliance reporting: CMS quarterly metrics, CDC surveillance timeliness, USDA monthly WIC participation
33. County-level performance scorecards showing data submission timeliness, format compliance, case investigation turnaround, and training completion
34. Population health analytics: outbreak prediction models using surveillance data trends, geographic clustering, and seasonal patterns
35. Legislative reporting package: quarterly constituent outcomes report including portal adoption rates, processing time improvements, cost-per-transaction trends, and county onboarding progress

Security and Compliance (Req 36-46)

36. FedRAMP High authorization for all cloud components hosting PHI; FedRAMP Moderate acceptable for non-PHI supporting services
37. HIPAA compliance for all PHI - encryption at rest and in transit, access logging, BAA required
38. Cross-program data walls: Medicaid caseworkers cannot see WIC clinical notes; WIC staff cannot see Medicaid claims detail
39. HIPAA minimum necessary enforcement at the field level - staff in each program see only the fields required for their function, not the entire constituent record
40. County health workers access only their county data plus statewide aggregate surveillance dashboards (de-identified)
41. Healthcare providers see only their own patients and submitted reports
42. Beneficiary data accessible only by authorized program staff with need-to-know
43. Complete audit trail for all PHI access meeting HIPAA and state retention requirements (7 years minimum)
44. Section 508 accessibility compliance (WCAG 2.1 AA) for all public-facing and employee-facing interfaces
45. Session timeout and automatic logoff after 15 minutes of inactivity for all PHI-accessible sessions
46. Annual HIPAA security risk assessment with documented remediation plan

Data Retention and Archival (Req 47-50)

47. Medicaid eligibility records retained for minimum 7 years per HIPAA; claims data in MMIS subject to CMS retention rules (10 years)
48. Surveillance case records retained for 10 years per CDC reporting requirements; outbreak investigation records retained permanently
49. Vital records retained permanently (birth and death certificates are permanent legal documents); amendment history retained permanently alongside original records
50. Automated archival: records exceeding active retention period moved to read-only archive storage with preserved query access for compliance audits

Performance and Scalability (Req 51-55)

51. Sub-5-second page load for all caseworker interfaces under normal operating conditions
52. Concurrent user capacity: 800 state employee users during peak hours (9am-11am), 200 county worker users, 500 provider portal users, 5,000 public portal sessions simultaneously
53. Surge capacity: 10x normal transaction volume during public health emergency with no system re-architecture required; scale-out and scale-back within 30 minutes
54. API throughput: minimum 20,000 API calls per hour under normal operations; 200,000 per hour during declared surge
55. Batch processing windows: all nightly batch jobs (MMIS extract, SSA sync, county data normalization) must complete within a 6-hour window (10pm-4am)

Mobile (Req 56-58)

56. Field epidemiologist mobile application with offline case data access, GPS-tagged case entry, photo attachment for site inspections, and background sync when connectivity resumes
57. WIC clinic worker mobile interface with offline participant lookup, nutrition assessment entry, and appointment scheduling; sync within 5 minutes of connectivity restoration
58. Public mobile-responsive portal for Medicaid pre-screening, WIC clinic locator, and vital records request status tracking

Integration (Req 59-63)

59. MMIS integration must not modify the mainframe - read-only screen scraping or file-based integration
60. Support HL7 2.5.1 (legacy IIS), HL7 FHIR R4 (CDC, eCR), X12 EDI (CMS), and flat-file (USDA) protocols
61. County data ingestion must normalize 42 different file formats into a standard surveillance schema
62. System must function during MMIS planned maintenance windows (weekends) with graceful degradation
63. All integrations must include error handling, retry logic, and dead-letter queuing

Governance (Req 64-68)

64. State procurement rules: all technology must be on the state-approved vendor list or receive waiver
65. Change management with separation of duties between development, testing, and production deployment
66. Quarterly security assessments aligned with FedRAMP continuous monitoring requirements
67. Disaster recovery: RPO 4 hours, RTO 8 hours for all critical systems; annual DR drill required
68. Training and change management plan for 3,200 state employees and 4,800 county workers, including role-based training paths and quarterly refresher sessions

Constraints

1. MMIS mainframe cannot be replaced or modified during this project - integration only
2. FedRAMP High authorization is required for PHI-bearing cloud components; Salesforce Government Cloud Plus (on Hyperforce) holds the FedRAMP High Provisional ATO and is the required Salesforce environment. MuleSoft Government Cloud and ID.me remain at FedRAMP Moderate, requiring documented Interconnection Security Agreements where data crosses tier boundaries
3. County health departments are independent agencies - VHS cannot mandate their internal IT choices
4. All PHI must remain within CONUS (continental US) data centers
5. State procurement cycle: 6-9 months for contracts over $1M; existing state contracts preferred
6. Staff technical capacity is limited - 22 internal IT staff total (8 developers, 6 infrastructure, 4 security, 4 management)
7. 62 county formats must be supported as-is during year 1; standardization incentive program in year 2
8. Federal funding (60% of Medicaid IT costs) requires CMS approval for technology changes
9. Oracle 11g vital records database is past end-of-life support; no vendor patches available for security vulnerabilities

Stakeholders

Role	Name	Key Concern
State CIO	Dr. Angela Torres	Unified constituent experience; federal compliance
State CISO	Marcus Williams	FedRAMP + HIPAA; identity management for 62 counties
Medicaid Director	Patricia Hernandez	Caseworker productivity; MMIS integration reliability
Epidemiology Director	Dr. James Park	Outbreak response speed; CDC reporting compliance
WIC Director	Maria Santos	Cross-program enrollment; USDA reporting; rural clinic connectivity
Vital Records Registrar	Robert Chen	Public portal security; SSA integration; Oracle end-of-life risk
Deputy CIO - Infrastructure	Kevin O’Brien	Disaster recovery; Government Cloud Plus operations
County Health Officers (62)	Various	Minimal disruption; data access for their county; autonomy preservation
CMS Regional Office	Federal oversight	MITA compliance; federal funding conditions
Governor’s Office	Political leadership	Constituent satisfaction; budget accountability; quarterly milestone visibility
State Legislature	Budget authority	Quarterly progress reports; cost justification; constituent outcomes

Budget and Timeline

Phase	Budget	Timeline
Phase 1: Foundation + Medicaid	$18M	Months 1-14
Phase 2: Disease Surveillance + County Integration	$12M	Months 10-24
Phase 3: WIC + Vital Records + Public Portal	$10M	Months 18-32
Contingency + FedRAMP assessment costs	$5M	As needed
Total	$45M	36 months

IT staff: 22 internal (8 developers, 6 infrastructure, 4 security, 4 management). SI partner: FedRAMP-experienced integrator with 25-person team (must be on state contract or receive procurement waiver). CMS provides 60% federal match for Medicaid-related technology costs.

Known Risks

• Mainframe integration fragility: MMIS has no API - screen scraping or batch files only; mainframe maintenance windows cause downtime
• 62 county identity federation: Each county has its own IdP; no centralized directory; some counties have 5 employees, others have 500
• FedRAMP timeline: Authorization can take 12-18 months; Government Cloud Plus feature parity and release timing may differ from commercial Salesforce
• Outbreak surge: 10x volume surge during public health emergencies requires elastic architecture
• Cross-program data sharing: HIPAA minimum necessary rule limits what Medicaid data WIC can see and vice versa
• County adoption: Counties are independent; cannot be forced to adopt new processes; elected county health officers may resist state-managed systems
• State procurement: 6-9 month procurement cycles may delay SI partner engagement
• Staff attrition: Vital records Oracle team approaching retirement; knowledge transfer risk
• Federal funding dependency: CMS approval delays for technology changes could stall Medicaid-related phases

Deliverables

Present all 9 CTA solution artifacts in 45 minutes + 45-minute Q&A:

1. System Landscape
2. Data Model / ERD
3. Role Hierarchy & Sharing Model
4. Integration Architecture
5. Identity & SSO
6. Data Migration Strategy
7. Governance Framework
8. Environment Strategy
9. Phased Delivery Roadmap

Board Strategy

This is the hardest scenario in the study set. The dual-compliance environment (FedRAMP + HIPAA), 62-county identity federation, mainframe integration constraint, and outbreak surge requirements create intersecting complexity. Identify your 3-4 highest-risk decisions and demonstrate deep trade-off reasoning.

Key Implicit Requirements

Government Cloud Plus on Hyperforce holds FedRAMP High, which in 2026 means Agentforce, Data 360 (formerly Data Cloud), Einstein, and Einstein Trust Layer are available for PHI workloads within the authorization boundary - candidates who treat GovCloud as feature-limited from 2024 are out of date. HIPAA minimum necessary principle means cross-program data access must be field-level, not record-level. County identity federation at scale (62 IdPs) requires a hub-and-spoke pattern, not 62 individual SSO configurations. The mainframe constraint means all MMIS integration is read-heavy with eventual consistency. Outbreak surge (10x) demands architecture that scales horizontally without re-architecture.

---

Always verify against official Salesforce documentation

This content is study material for CTA exam preparation. Content compiled and presented with AI assistance. Not affiliated with Salesforce.