Case Study 07: VitalGov Health Services — Q&A Preparation
AI-Generated Content — Use for Reference Only
This content is AI-generated and has only been validated by AI review processes. It has NOT been reviewed or validated by certified Salesforce CTAs or human subject matter experts. Do not rely on this content as authoritative or completely accurate. Use it solely as a reference point for your own study and preparation. Always verify architectural recommendations against official Salesforce documentation.
Q&A Format
Duration: 30 minutes following 30-minute presentation Strategy: State your position, give the reasoning, acknowledge the trade-off. Do not ramble — keep answers to 1-2 minutes.
Identity & Security
Q1: What happens if Azure AD B2C goes down? All 62 counties lose access?
Yes, county workers lose SSO during an Azure outage. Mitigation: Azure AD B2C has a 99.99% SLA and is FedRAMP authorized. Emergency fallback: Salesforce local login accounts pre-provisioned for county surveillance leads (one per county, 62 accounts) stored in break-glass procedures. These accounts are disabled by default and activated only during a declared identity outage.
Q2: A small county has 5 employees and no IT staff. How do they federate their AD?
For counties without IT capacity, VHS offers two options. Option A: the county joins a shared Azure AD tenant managed by VHS (VHS creates and manages their accounts). Option B: VHS provides a username/password Salesforce community login for that county, bypassing federation entirely. Both options feed into the same permission model. The federation hub handles heterogeneity — not every county must use the same path.
Q3: How do you prevent a Medicaid caseworker from seeing WIC clinical notes on the same Constituent record?
Permission set groups per program control field-level security. The Constituent record itself is visible, but WIC clinical fields (nutrition assessment, dietary notes, breastfeeding status) are hidden from non-WIC permission sets. Restriction Rules provide the enforcement layer. This is HIPAA minimum necessary — same record, different field visibility. I tested this pattern: FLS on Person Account fields works with permission set groups in GovCloud.
Q4: FedRAMP Moderate requires continuous monitoring. What does that look like operationally?
Four recurring activities. Monthly: automated vulnerability scans (Qualys or Tenable, FedRAMP-approved) with 30-day remediation window for high findings. Quarterly: third-party security assessment reviewing controls. Annually: full penetration test. Continuously: Shield Event Monitoring feeds a SIEM (Splunk GovCloud) for real-time anomaly detection. POA&M tracking for all open findings, reviewed at every HITGB meeting. CISO owns the FedRAMP package and signs off before every production deployment.
Q5: GovCloud has feature limitations compared to commercial Salesforce. What did you give up?
Key GovCloud restrictions: no Einstein AI features (GPT, Copilot) at time of design, limited AppExchange availability (apps must be FedRAMP assessed), no Hyperforce flexibility (fixed US data centers only). I designed around these: no AI-dependent features in the architecture, all AppExchange packages validated against GovCloud compatibility before selection, and US-only data residency actually aligns with the CONUS PHI constraint. The biggest practical impact is AppExchange — every third-party package needs GovCloud vetting.
Integration
Q6: RPA for mainframe integration is fragile. Why not build a proper API layer on the mainframe?
Constraint 1 explicitly prohibits modifying the mainframe. An API layer requires mainframe-side code changes (CICS web services or z/OS Connect). RPA is the only non-invasive option. I acknowledge the fragility — this is an explicit bridge pattern. MuleSoft RPA includes screen field detection that alerts within 5 minutes of layout changes. The batch file path provides bulk data even when RPA is down. The MMIS replacement in 5-7 years eliminates this pattern entirely.
Q7: During an outbreak, 10x surge volume. Walk me through what happens technically.
Normal: ~50K daily transactions flow through MuleSoft GovCloud directly to Salesforce. During surge: eCR volume spikes to 20K+/day. MuleSoft routes overflow to Heroku Private Space (FedRAMP authorized). Heroku Postgres buffers events. A scheduled process writes to Salesforce via Bulk API at a throttled rate that respects API limits. Surveillance dashboards read from both Salesforce and Heroku during surge for real-time situational awareness. Post-surge, Heroku drains completely into Salesforce. Annual outbreak response drill validates this path end-to-end.
Q8: 42 different county file formats. How do you normalize that without a multi-year project?
MuleSoft DataWeave with county-specific mapping files. Each county format gets a declarative mapping (DataWeave transformation script) that converts to the canonical surveillance event schema. No custom code per county — just a mapping file. For the 25 counties using spreadsheets, VHS provides a standardized Excel template; those that adopt it get the simplest mapping. Year 1: support all 42 formats as-is. Year 2: incentive program (state funding tied to format standardization) reduces format count. This is pragmatic governance — mandate adoption by making it easier, not by forcing it.
Q9: You have HL7 2.5.1, FHIR R4, X12 EDI, SFTP, and SOAP all in one architecture. How do you staff for that?
The SI partner must demonstrate competency across these protocols — this is a non-negotiable in the procurement evaluation. MuleSoft provides pre-built connectors for HL7, FHIR, X12, and SFTP that abstract protocol complexity. Internally, VHS has 8 developers. I would cross-train 4 on MuleSoft with protocol-specific specialization: 2 on healthcare protocols (HL7/FHIR), 2 on government protocols (EDI/SFTP/batch). SI partner handles build; state team handles steady-state operations.
Data & Migration
Q10: 2.1 million Medicaid beneficiaries — how do you deduplicate against WIC when WIC has no shared identifier?
Medicaid uses Medicaid ID; WIC uses WIC Participant ID. Neither system has a shared key. Matching strategy: SSN (deterministic, highest confidence) where available, then probabilistic matching using first name + last name + DOB + address. SSN match = auto-merge. Probabilistic match above 90% = auto-merge. Between 70-90% = manual review queue (estimated 5-8% of WIC records). Below 70% = separate records. State-assigned Constituent ID created post-match as the golden key going forward.
Q11: Claims data stays in MMIS. What if a caseworker needs claims history for an eligibility review?
RPA retrieves claims summary on demand. Caseworker clicks “View Claims History” on the constituent record; MuleSoft RPA navigates MMIS claims screens and returns a summary view. Data is not persisted in Salesforce — displayed in a read-only Lightning component and discarded after the session. This avoids storing claims PHI in Salesforce (reducing HIPAA scope) while giving caseworkers the information they need. If RPA is unavailable, caseworker falls back to direct MMIS terminal access.
Q12: How do you handle PHI in sandbox environments for testing?
Zero production PHI in sandboxes. Post-refresh Apex batch job runs automatically, masking all PHI fields: SSN replaced with synthetic values, names randomized, DOB shifted by random offset (preserving age range), addresses generalized to ZIP code only. Alternatively, fully synthetic test data generated by a data factory script. FedRAMP requires documented evidence of data masking procedures. Full Copy sandbox used for performance testing gets masked data with realistic volume distribution.
Governance & Delivery
Q13: State procurement takes 6-9 months. How do you start Phase 1 on time?
Two parallel paths. Path A: use existing state master contracts for Salesforce and MuleSoft (both are typically on state cooperative purchasing agreements like NASPO). Path B: for the SI partner, issue an RFP immediately at project authorization; 6-month procurement runs concurrent with GovCloud setup and FedRAMP preparation (internal work, no SI dependency). SI partner joins at month 6-7 when foundational infrastructure is ready. CMS federal match approval submitted in parallel — 60-90 day review cycle starts at project authorization.
Q14: CMS requires MITA compliance for federal funding. How does Salesforce align?
MITA (Medicaid Information Technology Architecture) defines a maturity model for state Medicaid systems. Salesforce Health Cloud maps to MITA business processes: member management, provider management, and care management. I would document the MITA maturity assessment showing current state (Level 1-2) and target state (Level 3) with Salesforce. CMS cares about outcomes, not specific technology. The key artifact is the Advance Planning Document (APD) that maps Salesforce capabilities to MITA business areas and justifies the 60% federal cost share.
Q15: The Governor’s office cares about constituent satisfaction. How do you measure success?
Three measurable outcomes tied to program goals. First: Medicaid eligibility determination time reduced from 4 minutes (terminal lookup) to under 30 seconds (Salesforce + RPA) — measured via case resolution metrics. Second: disease surveillance reporting time reduced from 72 hours (manual) to under 24 hours (electronic) — measured via CDC submission timestamps. Third: constituent portal adoption — target 40% of Medicaid renewals via self-service within 12 months of launch, reducing in-person visits. Dashboard shared with Governor’s office quarterly. These are outcome metrics, not technology metrics.
Question Categorization
| Domain | Questions |
|---|---|
| D1 System Architecture | Q5, Q7 |
| D2 Security | Q1, Q2, Q3, Q4 |
| D3 Data | Q10, Q11, Q12 |
| D5 Integration | Q6, Q8, Q9 |
| D6 Dev Lifecycle | Q13 |
| D4 Solution / D7 Communication | Q14, Q15 |
Q&A Survival Rules
- Answer the question asked — do not pivot to a topic you prepared better for
- State position first, then reasoning: “I chose X because Y. I rejected Z because W.”
- Name the trade-off proactively — judges respect honesty over pretending there is no cost
- Government scenarios invite “what-if” questions about compliance failures — have a response for “what happens if you fail FedRAMP audit” (answer: POA&M remediation plan, not panic)
- Stay within 1-2 minutes per answer