Skip to content
theCodeFlash

Scenario 01: WellPath Clinics

Work in Progress

This content is currently being reviewed for accuracy and will be updated soon.

Scenario Snapshot

FieldDetail
DifficultyBeginner
IndustryHealthcare (outpatient clinics)
Heavy domainsData and Security
Prep window150 minutes total: 90 min preparation + 30 min presentation + 30 min Q&A
CoverageQuestion + Solution

Recommended Approach

Read this scenario twice using the Two-Pass Reading Method: first for understanding, second for implicit requirements. Build your architecture before opening the solution page.

Project Overview

WellPath Clinics is an independently owned outpatient network with 12 primary care locations across two counties in the Pacific Northwest. It has operated for nine years, serving a largely working-age population with routine and chronic care needs.

The executive team has approved a 12-month migration to Salesforce Health Cloud to replace two aging systems and a collection of spreadsheets. Budget: $900,000 covering licenses, implementation, migration, and year-1 support.

AttributeDetail
Employees280 (48 clinicians, 60 medical assistants and nurses, 72 front desk, 30 billing, 70 operations and admin)
Clinic locations12 outpatient sites, 2 counties
Active patients~38,000
Annual appointments~195,000 (~3,750/week across all sites)
Revenue~$22M annual, fee-for-service, 3 major payer contracts
Growth2 new sites planned in year 2
RegulatoryHIPAA Privacy Rule and Security Rule; single state

Stakeholder Perspectives

Dr. Amara Osei, Chief Medical Officer: “A patient can walk into any of our 12 clinics and the front desk has no idea who they are. We re-enter everything on paper. Clinicians need to see a patient’s history, allergies, and medications from any site, but day-to-day they should only be working with their own site’s patients.”

Marcus Tran, VP of Operations: “Our billing team spends two hours every morning copying visit data from CliniBase into BrightClaim by hand. We have a 9% claim error rate and the billing director blames that manual step. That handoff needs to be automatic and fully traceable.”

Priya Khatri, IT Manager: “We have two people in IT with no Salesforce background. Whatever is built has to be simple enough for us to maintain. We also need to be HIPAA-ready from day one. There is no room for a breach in year one.”

Current Systems and Pain Points

Legacy Patient Management System (CliniBase 3.1)

On-premise Windows application installed in 2015, connected to all 12 clinics over VPN. Vendor has announced end-of-support in 14 months.

  • Three access levels only (Administrator, Clinical, Read-Only): no per-clinic data separation
  • ~38,000 active patient records; ~185,000 historical visit records across 7 years
  • ~6% duplicate records (~2,280), mostly patients who visited multiple sites; ~4% missing date of birth or insurance
  • CSV flat-file export only; no referential integrity across export files
  • No audit log of record access or modification

Manual Billing Process and BrightClaim

Billing staff manually copy visit charges from CliniBase into an Excel file each morning, then upload a CSV to BrightClaim. BrightClaim has a documented REST API (v2, OAuth 2.0).

  • 9% claim error rate; ~$1.98M in annual claims at risk from manual transcription errors
  • No traceability between a submitted claim and the originating visit record
  • ~530 claims submitted per business day

Per-Clinic Scheduling Spreadsheets

Each clinic maintains its own scheduling spreadsheet on a shared network drive with no cross-clinic visibility.

  • Double-bookings roughly twice per week across the network
  • 11% no-show rate; no automated appointment reminders

Business Requirements

Patient Data Management

  1. Migrate ~38,000 active patient records from CliniBase into Health Cloud, including demographics, insurance, allergy lists, medications, and PCP assignment.
  2. Migrate ~185,000 historical visit records, retaining visit date, visit type, attending clinician, clinic site, and diagnosis codes; preserve free-text notes in read-only form.
  3. Before migration, deduplicate ~2,280 records (6%) using a defined survivorship rule: retain the most complete demographics and consolidate all visit history under a single surviving record.
  4. Flag ~1,520 records (4%) missing date of birth or insurance information for front desk remediation before go-live; track each item to closure.
  5. Each patient record must carry a primary clinic site and PCP assignment to drive access control and care continuity.
  6. Support multiple insurance policies per patient (primary and secondary) with effective dates and group numbers.
  7. Retain all historical visit records for a minimum of 7 years from date of service; records for patients inactive more than 5 years must remain accessible to authorized clinical and compliance users.

Access Control and Security

  1. Clinicians and medical assistants see only patients whose primary site matches their own clinic assignment.
  2. Any clinician may view the full record (demographics, allergies, medications, and visit history) for a patient presenting at their site from another site; this cross-clinic access must be auditable.
  3. Billing staff can view visit fields needed for claim submission (visit date, procedure codes, diagnosis codes, clinician NPI, insurance ID) but must not access clinical notes, allergy details, or medication lists.
  4. Front desk staff can view and update demographics and scheduling information but must not see clinical notes, diagnosis codes, or billing details.
  5. All patient record access must be logged: user, record, action (view, create, edit), and timestamp. Logs retained for 6 years, queryable on demand by the compliance officer.
  6. Terminated employees must have all access revoked within 4 hours of HR notification without requiring manual steps from the IT team.
  7. All PHI must be encrypted at rest and in transit; field-level restrictions must block unauthorized access at both UI and API layers.
  8. The compliance officer requires read-only access to every patient record across all sites, with all access included in the same audit log as clinical access.

Integration

  1. When a clinician finalizes a visit record, the billing fields (visit date, CPT codes, ICD-10 codes, clinician NPI, patient insurance ID) must transmit automatically to BrightClaim via its REST API within 15 minutes.
  2. BrightClaim must return a claim acceptance acknowledgement; any rejection or timeout must generate a task for the billing team. No visit record should end the business day without a confirmed transmission status.
  3. A daily reconciliation report must show total visits finalized, claims transmitted, acknowledgements received, and open exceptions for the billing manager’s morning review.

Reporting and Analytics

  1. Each clinic manager needs a daily dashboard showing appointments scheduled, appointments completed, no-shows, and open data quality flags for their site.
  2. The CMO requires a monthly network-wide summary: top 10 diagnoses by visit count, average visits per active patient, and patients with no visit in the past 12 months.
  3. The compliance officer must be able to generate an on-demand audit report for any patient record showing all access events over a configurable date range, exportable to CSV.
  4. The billing team requires a weekly exception report listing visit records where BrightClaim transmission failed or was unacknowledged after 24 hours.

Data Quality and Governance

  1. New patient records must be checked for potential duplicates in real time before saving; likely duplicates must prompt the user to confirm or merge rather than creating a second record silently.
  2. Date of birth, at least one insurance policy, and primary site assignment are mandatory on all patient records; incomplete records from integrations must fail validation visibly.
  3. The system must maintain a field-level change history for patient demographics (name, date of birth, address, insurance fields) showing previous value, new value, changed-by user, and timestamp; the compliance officer must be able to read this history.

Constraints

  • CliniBase vendor support ends in 14 months; all clinical operations must be live on Health Cloud before that date
  • $900,000 total program budget; no budget for a standalone middleware platform
  • Internal IT team: 2 staff, no prior Salesforce experience; solution must be maintainable post go-live
  • BrightClaim integration must use BrightClaim REST API v2 with OAuth 2.0; no changes to BrightClaim are available
  • No patient data may exist in sandbox or non-production orgs; migration testing requires anonymized or synthetic data
  • Compliance officer must approve any configuration change affecting data access, field-level security, or audit logging before production deployment

Implicit Requirements

The scenario does not state these, but an architect must address each:

  • Requirements 8 and 9 create a direct tension: site-based separation must coexist with auditable cross-clinic access. The sharing model must resolve both.
  • Object-level access alone will not prevent billing staff from seeing clinical fields; field-level security is required
  • Five distinct user populations need a profile and permission set design a two-person IT team can maintain over time
  • Integration error handling must produce actionable tasks for billing staff without surfacing Salesforce internals
  • The “no PHI in sandbox” constraint must be reconciled with the need to test deduplication at realistic data volumes

Time Management: 150-Minute Practice Session

Prep , first 30 min: Read the scenario twice. Extract explicit and implicit requirements. Flag the sharing model tension (Requirements 8 and 9) and the deduplication scope.

Prep , middle 30 min: Design your architecture. Settle the security model, sharing rules, and field-level security before moving to data model and integration.

Prep , final 30 min: Build your artifacts. Prioritize the security model diagram, data model sketch, and integration design , these are the most likely presentation targets.

Presentation (30 min): Lead with decisions, not descriptions. Cover system landscape, data model, security model, integration, and migration plan.

Q&A (30 min): Expect probing on the sharing model tension (Requirements 8 and 9), your deduplication strategy, and how integration failures surface to billing staff.

Deliverables Checklist

  • System landscape: current state (CliniBase, spreadsheets, BrightClaim) and future state (Health Cloud + BrightClaim)
  • Data model: Patient (Person Account), Visit, Insurance Policy, Clinic Site, and Clinician; call out any Health Cloud standard objects you extend
  • Security model: role hierarchy, profiles, permission sets, sharing rules, and field-level security per user population
  • Integration design: trigger, payload, error handling, retry, and daily reconciliation for BrightClaim
  • Migration plan: field mapping, survivorship rules, data quality remediation for incomplete records, and sandbox data strategy

Always verify against official Salesforce documentation

This content is study material for CTA exam preparation. Content compiled and presented with AI assistance. Not affiliated with Salesforce.

Personal study notes for the Salesforce CTA exam. Content compiled from VJ's study notes, official Salesforce documentation, community sources, and online publicly available content, then organized and presented with AI assistance. Not affiliated with Salesforce. © 2025–2026 VJ Srivastava.