Federally Facilitated Exchange (FFE) and Data Services Hub (Hub) Overview July 25, 2012
Agenda Background Technical Overview Project Management Overview 2
Background Patient Protection and Affordable Care Act of 2010 (PPACA or ACA) Health Care and Education Reconciliation Act of 2010 Health Insurance Exchange (HIX) Federally Facilitated Exchange (FFE) State Based Exchange (SBE) Data Services Hub (Hub) Connectors to Federal partner agencies, states, issuers 3
Technical Overview 4
FFE Concept Diagram 5
Hub Concept Diagram XML/ EDI/ CSV Exchange 1 FTP FTP Agency 1 Web Service Message Exchange 2 Agency 2 Message Data Service Hub Web Service Exchange 3 Agency 3 6
Conceptual Architecture 7
Technical Architecture Shared Platforms Access Management Portal JBOSS Stack Business Services Data Services ETL EIDM (& RIDP) MDM Database (Marklogic) Continuous Delivery Unique Platforms EDI Translator Data Warehouse BI Backend 8 8
Service Life Cycle
Hub Services Service(s) Verify SSN, Citizenship, Incarceration, SSA Income, Quarterly Coverage, Death Verify Lawful Presence Calculate Max Advanced Premium Tax Credit Annual Household Income Verify Non ESI Mimimum Essential Coverage (MEC) Verify ESI MEC Verify Residency Verify Current Income Remote Identity Proofing Data Source SSA DHS IRS IRS Medicaid/CHIP, Medicare, Tricare, VHA, PeaceCorp, OPM, Indian Health Services <TBD> <TBD> <TBD> Experian
HUB Messaging Architecture
Web Services Security Standards: Notional Reference Model Security Management Identity Management WS-Trust WS-Federation Liberty Alliance XKMS SAML Message Security Reliable Messaging Policy WS-SecureConversation WS-ReliableMessaging WS-Policy WS-Security WS-Reliability Access Control SOAP Foundation XACML SAML XML Security XML Encryption XML Signature Use the reference model to recognize the different functional layers of typical web service implementation Use the model as a guide for selecting the implementation strategy for securing the web services exchange at DSH Transport Layer Security SSL/TLS Network Layer Security IPSec
Security Schemes for Services Transport Layer Security using X.509 Certificates and HTTPS: Provides brokered authentication using X.509 certificates on the transport layer and used to secure point to point communication. Messages do not require intermediaries to process them and they are not securely persisted for any period of time, i.e. securing the messages on the wire not at rest. Message Layer Security: Represents an approach where all the information related to security is encapsulated in the message. Parts of the message or the entire message can be encrypted.
Project Management Overview 14
HUB Development to Date Verify SSN, Citizenship, & Incarceration Status (SSA) Verify Annual Household Income and Family Size Business Service Definition (IRS) Verify Lawful Presence (DHS) Verify Current Household Income (TBD) Advance Payment Calculations (HUB) Verify Non ESI for Other Public Minimum Essential Coverage (MEC) Individuals & (Multiple) Household Used to check MEC with Medicaid, CHIP, BHP, Medicare, TRICARE, Veterans Health Program (VHP), or Peace Corps Account Transfer from Exchanges to Medicaid/CHIP or from Medicaid/CHIP to Exchanges Eligibility Information store from Exchanges (e.g., FFE and SBEs, Medicaid/CHIP TBD) to the CMS common data storage
HIX DSH Services Current State The Services are deployed on the ESB The Service end points are published via EWS (Enterprise Web Server) of JBoss SOA stack The current end points are accessed via SOAP over HTTP Run time enforcement of governance policies like security, compliance, reliability, transport and protocol mediation etc still in progress
FFE and DSH Release Artifacts Summary Artifacts: Service Notes Release Overview Release/Sprint Plan Release Notes BSDs Data Models WSDL's & XSD's RTM SDD Test Scenarios Test Cases Test Summary Defect Reports SoapUI Projects ICDs Source Code Blue Prints High Level Arch. User Guides Business Rules Spec. UI Spec *Note: Artifacts are broken out by Internal and External Stakeholders need, responsible parties and artifacts development schedule during release.
FFE and DSH Artifacts for Medicaid/CHIP Artifacts: Service Notes (HUB & FFE) Release Overview (HUB & FFE) Release Notes (FFE) BSDs (HUB) Data Models (FFE) WSDL's & XSD's (HUB & FFE) ICDs (HUB) Test Scenarios (HUB) Test Data (HUB) Business Rules (FFE) Tools: Service Repository, zone CALT, zone CALT, zone BSDs (HUB) CALT Service Repository CALT CALT CALT CALT, zone Distribution Schedule Start of Sprint: BSDs Sprint (End): Service Notes, Data Models, WSDL/XSD, Test Scenario/Data End of Release: Release Overview, Notes, ICDs, Business Rules
HUB BSD Overview
Sample HUB BSD Process Flow Diagram
Sample HUB BSD XML Schema
Milestones (ACA Go Live Dates) Essential Health Benefits Benchmark (August 2012) RQA for QHP Application (November 2012) Plan Evaluation and Certification (Jan 2013) Rate and Benefit Evaluation (Feb 2013) Educational Consumer Portal (Jan 1, 2013) Edge Servers Operation (July 1, 2013) FFE Call Center Operations (July 1, 2013) Consumer Portal (October 1, 2013)
Appendix Supporting Materials
Sprint Life Cycle / Agile Development Release planning meeting (1 month prior to start of release) Monthly sprints (development and system testing) Quarterly releases (Alpha and Beta testing periods) Internal Validation External and Partner Validation (states, issuers, Federal agencies) 24
CMS Environments Terremark Region: DEVELOPMENT Development Environment supports sprint builds and testing support defect fixes across releases business owner demonstration Release N+2 Continuous Integration Continuous Build central CM repository code and other artifacts Terremark Region: TEST Quarterly promotion for: beta, GA External Validation Environment supports independent validation testing User Acceptance Test Release Code migrated for quarterly release N+1 Internal Validation Environment supports post sprint testing and defect fixing Integration Test Release Code migrated after monthly sprint N/N+1/N+2 Partner Validation Environment supports partner testing User Acceptance Test Code migrated for quarterly releases Quarterly promotion for: beta, GA Release N+1 Terremark Region: IMPLEMENTATION Pre Production Environment supports security and load testing Pre Production Code staged for production Release N/N+1 Key: N Release in production N+1 Release completed and in some level of testing or preprod N+2 Release in development with sprints being developed Production/DR Environment supports production/dr operations Production full code migrated after ORR Release N Terremark Region: PRODUCTION/DR 25
Testing Strategy Testing strategy through stages and stakeholders: Development Internal Validation (CMS) Partner/External Validation (states, agencies, issuers) Implementation Production