tra – technical reference architecturetra – technical reference architecture 8/26/2016 scdhhs -...

TRA – Technical Reference Architecture

Version 0.1 8/26/2016

Prepared by: South Carolina Department of Health and Human Services (SCDHHS)

Enterprise Services (ES)


8/26/2016 SCDHHS - Confidential of 17

Table of Contents

1 Introduction .................................................................................................................................... 4

2 Intended Audience .......................................................................................................................... 4

3 Disclosure ........................................................................................................................................ 4

4 Technical Approach ......................................................................................................................... 4

4.1 Overview.................................................................................................................................. 4

4.2 SCDHHS Portal ......................................................................................................................... 6

4.2.1 Identity Access Management (IAM) .................................................................................. 6

4.2.2 User Interface (UI) and User Experience (UX) .................................................................... 7

4.2.3 Data Access ...................................................................................................................... 8

4.3 Integration Hub ........................................................................................................................ 8

4.3.1 Enterprise Service Bus (ESB) ............................................................................................. 8

4.3.2 Interface to the Enterprise Data Services .......................................................................... 9

4.3.3 File-Based Exchanges ...................................................................................................... 10

4.4 Enterprise Data SErvices (EDS)................................................................................................ 10

4.5 Trading Partners..................................................................................................................... 12

4.6 Electronic Data Interchange (EDI) ........................................................................................... 13

5 Standard’s Supplements ................................................................................................................ 13

6 Appendices .................................................................................................................................... 15

6.1 Revision History ..................................................................................................................... 15

6.2 Acronyms and Glossary .......................................................................................................... 16

6.2.1 Acronyms ....................................................................................................................... 16

6.2.2 Glossary of Terms ........................................................................................................... 16

6.3 Referenced Documents .......................................................................................................... 17

6.4 Approvals ............................................................................................................................... 17



Table of Figures Figure 1 – Enterprise architecture diagram .............................................................................................. 5

Figure 2 - SCDHHS portal ......................................................................................................................... 6

Figure 3 - Liferay identity access management ......................................................................................... 7

Figure 4 - Integration hub ........................................................................................................................ 8

Figure 5 - ESB interface to the EDS framework ......................................................................................... 9

Figure 6 – The EDS framework ............................................................................................................... 10

Figure 7 - Data management pipeline .................................................................................................... 11

Figure 8 – MES data flow ....................................................................................................................... 11

Table of Tables Table 1. – Technical Reference Architecture standards, supplements, and abstracts.............................. 13

https://team.scdhhs.gov/pmo/RR/ArchitectureStandardsAndGovernance/Standards/TRA%20Technical%20Reference%20Architecture.docx#_Toc460251948







1 INTRODUCTION

The South Carolina Department of Health and Human Services (SCDHHS) is implementing a modernized,

modular Medicaid Enterprise System (MES) in accordance with the Medicaid Information Technology

Architecture (MITA). This Technical Reference Architecture (TRA) document provides an overview of the

technical approach of the solution as well as the standards and tools that govern its implementation and

operation.

As SCDHHS implements components and adds new technologies or techniques, it will update the TRA

with additional standards, guidelines, and governance structures as applicable.

Section 5 - Standard’s lists the standards and the governance model that support the TRA.

2 INTENDED AUDIENCE

The SCDHHS TRA audience includes SCDHHS staff, trading partners, and third-party vendors who will be

implementing, integrating, managing, or operating the SCDHHS MES.

The SCDHHS TRA provides the reference model by which technologies and components of the SCDHHS

MES will be measured for development and implementation.

3 DISCLOSURE

SCDHHS expressly restricts the distribution of this document to include only those SCDHHS staff,

SCDHHS processing environment contractors, or any entity given explicit access to this document with

SCDHHS executive or management approval.

4 TECHNICAL APPROACH

The SCDHHS MES is a collection of loosely connected, highly integrated components. With this modern

approach, SCDHHS will be able to replace components without impacting the rest of the MES or (more

importantly) disrupting Medicaid processing.

As such, SCDHHS is focusing on strategic investments in the following areas:

Identity management and access control

Platform infrastructure governance

System integration and operations

Enterprise data governance

4.1 OVERVIEW

The SCDHHS MES facilitates a distributed Medicaid Management Information System (MMIS) by

integrating, managing, and distributing data across trading partners, SCDHHS staff, and the Federal Data

Services Hub.



The major components of the MES can be classified into:

SCDHHS Portal – The portal framework encapsulates the user interface for Medicaid

constituents to interact with the MES.

Integration Hub – The central integration point for web services, messaging, and file exchanges

utilizes an enterprise services bus (ESB) to facilitate loose coupling of components.

Enterprise Data Services (EDS) – A coordinated system of data integration technologies

designed to manage, access, ingest, materialize, and deliver SCDHHS data. Encapsulates the

Operational Data Store (ODS) and the technologies that maintains it.

Figure 1 – Enterprise architecture diagram

Loose coupling across the enterprise allows SCDHHS to retire legacy components over time (as SCDHHS

replaces legacy functionality), without impacting business operations or other components.

Trading partners interact with the MES by:



Consuming portlets exposed by the SCDHHS portal

Consuming web services and file exchanges exposed by the integration hub

Conversely, these trading partners expose their own portlets, web services, or file exchanges for

consumption by the MES.

4.2 SCDHHS PORTAL

SCDHHS utilizes the Liferay Enterprise Web Platform to standardize a single, unified user experience

with common branding for all its constituents. The SCDHHS portal directs relevant system modules,

content, and information to individual users, groups, and roles, adapting page content based on user

attributes.

To ensure secure, authorized access, the SCDHHS portal

facilitates user requests, interacts with the identity

management solution to manage access rights and

privileges, and provides single sign-on for services accessed

via the integration hub.

Critical components of the portal include:

Identity federation for organizational, non-

organizational, and public identities.

Federated identity provider for SCDHHS- and

vendor-supported subsystems through open

security standards, such as Security Assertion

Markup Language (SAML) and OAuth.

Self-service profile management solutions to meet

non-organizational and public security standards.

Common branding to provide a unified user experience for consumers.

Seamless user experience served by a robust, open integration framework.

Personalized and contextualized content delivery for critical MMIS content, such as fee

schedules and operational manuals.

4.2.1 Identity Access Management (IAM)

The integration hub encapsulates the IAM framework as an enterprise service. When an end-user

request is directed at the SCDHHS portal, the portal calls the IAM enterprise service for authentication.

Similarly, when an end-user request is directed at a public web service, the authentication framework

calls the IAM enterprise service for authentication.

Any subsequent interaction with the integration hub and web services exposed by the integration hub

utilizes the identity tokens obtained from the IAM enterprise service.

The SCDHHS portal integration framework (implemented in Liferay) serves as the security and identity

infrastructure for the distributed MMIS ecosystem. Utilizing open identity standards, the portal

Figure 2 - SCDHHS portal



framework unifies the security profile across the distributed MMIS subsystems and provides an identity

access management solution with single sign-on functionality where appropriate.

The IAM solution meets or exceeds identification, authentication, and accounting (auditing) standards

defined in the MARS-E Document Suite, Version 2.0, for organizational, non-organizational, or other

constituent/consumer user access to the MMIS enterprise or services.

Figure 3 - Liferay identity access management

4.2.2 User Interface (UI) and User Experience (UX)

Portlets expose system functionality via the portlet’s user interface, making system functionality

available to end users in a consistent fashion with a common user experience, branding, and standards.

The SCDHHS portal standards provide the framework for this common user experience by defining:

508 compliance requirements

Responsive design considerations

Styling

Branding

Page layout

Modal and non-modal behavior

Navigation elements

Graphical components

Scripting

Native and remote portlet integration



An industry-standard framework guarantees common platform capabilities and supports efficient and

cost-effective replacement of subsystems for business-to-business (B2B) and business-to-consumer

(B2C) interactions.

4.2.3 Data Access

Portlets receive data only through requests to the integration hub; the ESB administers the requests to

the integration hub. The integration hub encapsulates enterprise processes and business services to

fulfill the requests. The SCDHHS MES does not allow direct access to the database and point-to-point

integrations across the enterprise.

The ESB strictly administers data and service requests, decouples system dependencies, and facilitates

transitioning modules from the legacy system into the new modular solution.

Standards define the mechanisms by which SCDHHS designs, develops, and delivers enterprise services

based on the payload (amount of data) that the requests carry.

4.3 INTEGRATION HUB

The SCDHHS MES uses a service oriented architecture (SOA)

with system functionality implemented into loosely coupled

components and subsystems. The ESB exposes and

coordinates the functionality of these components and

subsystems as enterprise services. The interface provided by

the ESB and the collection of enterprise services the ESB

exposes are collectively referred to as the integration hub.

The capabilities that the integration hub exposes to the

SCDHHS portal and trading partner systems include (but are

not limited to):

Identity management and authentication.

Access to system services, which perform small system

functions such as creating, retrieving, updating, and deleting data records.

Access to process services, which perform business functions such as submission of a claim for

processing, determination of eligibility, or provider enrollment.

Mediation and synchronization of service requests.

Batch processes.

File exchanges.

4.3.1 Enterprise Service Bus (ESB)

SCDHHS utilizes the Oracle Fusion Middleware SOA Suite and the Oracle Service Bus to serve as the ESB

for the MES. The components of the Oracle Fusion Middleware that facilitate the ESB include:

Service Bus

SOA Suite

Figure 4 - Integration hub



B2B

BPEL Process Manager

Business Process Management

Metadata Store

Data Integrator

Managed File Transfer

4.3.2 Interface to the Enterprise Data Services

All data requests across the MES are passed to the integration hub for CRUD (create, read, update, and

delete) functions. The integration hub completely encapsulates access to the EDS framework by

exposing data access and data processing services.

The MES only allows access to the EDS framework through the integration hub.

Figure 5 - ESB interface to the EDS framework



4.3.3 File-Based Exchanges

The ESB facilitates the exchange, transfer, decoding, and processing of files. These files include:

Electronic data interchange (EDI) file transfers (encoded in the X-12 format) between SCDHHS

and its trading partners.

Delimited-and fixed-width file exchanges between legacy systems and components of the MES.

Structured files such as JSON and XML received from web services or systems.

File-based exchanges require a high level of security, both at the source and the destination. To ensure

appropriate protection of sensitive data, SCDHHS uses secure file transfer protocol (SFTP) locations and

the Oracle Managed File Transfer (MFT) tool.

4.4 ENTERPRISE DATA SERVICES (EDS)

SCDHHS is the clearinghouse for all Medicaid data

associated with the citizens of South Carolina. Trading

partners throughout the distributed MMIS will exchange

data with SCDHHS according to their respective trading

agreements and contractual obligations. Additional data

sources include:

The Federal Data Services Hub

Other state agencies (e.g., Department of Social

Services, Social Security Administration, etc.)

SCDHHS systems of record (e.g., Case

Management, Financial Management, Document

Management, etc.)

The integration hub exposes the data in the EDS framework to whichever system component or trading

partner requires it, according to the data sharing agreements and appropriate use considerations for

each entity.

Data flows through this ecosystem by means of a well-defined data management pipeline, consisting of

the following activities:

Access – Access data from the mainframe, middle-tier databases, and files using a set of

processes and technologies.

Ingest – Transport data from its source and ingest, in raw format, into EDS.

Materialize – Transform data into a consolidated taxonomy and master member, provider,

reference, claims, and encounter data.

Deliver – Expose data via web services, file exchange, and direct access (internal systems only)

for processing and consumption.

Consume – Process and present data throughout the enterprise.

Figure 6 – The EDS framework



Figure 7 - Data management pipeline

SCDHHS is currently evaluating NoSQL technologies to serve as the backbone of its EDS environment.

NoSQL technology will allow SCDHHS to ingest data in its source format to form a “data lake” of raw

data. Using NoSQL technology, the MES can accept data in any format without protracted data modeling

and analysis.

As metadata becomes available for each data source, individual elements can be identified for further

processing. This metadata, together with the raw data in the “data lake,” materializes records that the

MES can correlate, master, cleanse, and consolidate to form a comprehensive view of:

Members

Providers

Claims

Encounters

Outcomes

Reference data

ConsumeDeliverMaterializeIngestAccess

Figure 8 – MES data flow



The integration hub exposes operational data for consumption. The portal, web services, and file

exchanges all request data from the integration hub which, in turn, obtains it from EDS. When the data

consumer updates records, web services of the integration hub submit the changed information to the

EDS framework and inform the appropriate system of record (determined by the type of data) of the

change.

The EDS framework includes a consolidated repository of data collected from distributed SCDHHS

systems in order to provide ready access to critical decision-making data elements for operations, data-

trading, business process redesign, and analytics activities. Leveraging an ODS, the EDS framework will

capture enterprise transactions and support operational decision-making, while segregating the

repositories and data stored for historical and cross-functional data analysis. The EDS framework will

reduce management and technical stress on subsystems by providing a near real-time consolidated

operational view of MMIS data for SCDHHS operational and program staff.

The EDS framework consists of the following:

Highly available enterprise databases that support online transactional processing (OLTP) for

data entry and retrieval of the systems of record.

The NoSQL repository of raw data.

Metadata repository that defines the context of the raw and processed data.

The NoSQL repository of processed and mastered data.

Data marts that contain contextual data (based on individual operational needs) used mainly for

reporting purposes.

Security and privacy controls that govern:

o Encryption-at-rest using database standards such as transparent data encryption (TDE).

o Encryption-in-transit using industry connection/networking standards such as secure

sockets layer (SSL) and virtual private network (VPN).

o Connection or context-specific redaction based on data governance rules.

4.5 TRADING PARTNERS

SCDHHS exchanges data with its trading partners according to the agreed-upon trading agreements and

contractual obligations. Trading partners include, but are not limited to:

The Federal Data Services Hub

Administrative service organization (ASO) providing fee-for-service claims processing and

provider enrollment services

Dental administrative service organization (Dental) providing dental service claims processing

Pharmacy benefits administration (PBA) services, providing pharmacy claims processing

Business intelligence system (BIS) providing decision support processing and services

Managed care organization (MCO) providing managed care and encounter processing

Third party liability (TPL) organization, managing the legal obligation of third parties to cover

health care services



SCDHHS systems of record

South Carolina Department of Social Services

4.6 ELECTRONIC DATA INTERCHANGE (EDI)

Oracle Fusion B2B, integrated with EDIFECS, facilitates EDI file processing, although other technologies

are currently under investigation.

5 STANDARD’S SUPPLEMENTS

The Technical Reference Architecture (TRA) is a collection of architecture and standards artifacts that

govern the implementation of the South Carolina Medicaid Enterprise System. The table below lists the

supplements, each covering standards according to its purpose. This list will be updated as new

supplements are added to the TRA.

Table 1. – Technical Reference Architecture standards, supplements, and abstracts

Document Description

TRA - Technical Reference Architecture Overview of the SCDHHS Medicaid Enterprise System

Architecture. Defines the SCDHHS strategy, major

components of the MES and standards that govern its

implementation.

TRA01 – Infrastructure Management Architectural overview of the SCDHHS Medicaid systems

technical infrastructure. Summarizes segmentation of the

network and the access control mechanisms utilized to

authenticate users, systems, and components.

TRA01.01 – Network Network segmentation overview with details on the DMZs,

including cloud assets in the network landscape and

disaster recovery.

TRA01.02 – Access control and identity

management

Definition of identity management implementation across

portal, database and service assets. Defines the use of

service accounts that make component-to-component

calls.

TRA01.03 – Virtualization Definition of the virtualized environment, including

applicability of the virtual desktop and requests for a

virtual environment for dev/test/uat/prod.

TRA01.04 – Cloud-based computing SCDHHS position on cloud-based computing, protection of

PHI and PII, certification, and audits.

TRA02 – Shared Services – Service

Oriented Architecture

Overview of SOA, the portal framework, EDS, integration

hub and interaction with each layer of the architecture.

TRA03 – Web Portal Overview of the user interface layer, its architecture,

portal technologies implementing the user interface layer

and governance on native- and external portlets.




TRA03.01 – Portal Architecture Description of the portal architecture and governance of

the portlets that support the portal architecture.

TRA03.02 – Portlet Design Standards covering design considerations for portlets,

including user experience, service integration, and data

access.

TRA03.03 – Portal Style Guide Standards covering portal and portlets styles.

TRA03.04 – Web user interface guide Design considerations for web-based systems including

508 compliance, responsive design, consistency, and

usability.

TRA03.05 – Content Management Processes and procedures for including enterprise content

management capabilities within the portal architecture.

TRA04 – Integration hub Overview of the integration hub, the ESB, enterprise

services, logging, error response handling, architecture,

publishing, discovery, etc.

TRA04.01 – ESB Overview of the ESB role in the SOA and the

implementation guide utilizing the Oracle Service Bus.

TRA04.02 – Web services Development guide for web services and integration into

the ESB.

TRA04.03 – Authentication Guide for authentication of web services including

requests from internal and external components.

TRA04.04 – Business Rules Guide for extracting business rules into the business rules

engine and associated technologies.

TRA04.05 – ETL Standards on ETL processing, ETL integration in the ESB

and expectations on data that leaves the DMZ.

TRA04.06 – MFT Standards and guidelines governing transferring files

securely; both inbound and outbound.

TRA04.07 – EDI Guidance on when to use the X12 standards, when other

formats (XML, JSON) are allowed. Decoding,

interpretation and encoding of X12 files.

TRA05 – The EDS framework Overview of the data architecture and the data flow.

TRA05.01 – Transactional databases Governance on transactional database creation and use.

Data flow between the databases and the ODS.

TRA05.02 – Operational database Overview of the operational data store (ODS) and how the

MES ingests, materializes, delivers, and consumes data.

TRA05.03 – Analytical data store(s) Overview of data extraction from the ODS to feed OLAP

data warehouses or data marts. Governance on data mart

creation and contents.

TRA05.04 – Business Intelligence Business intelligence and analytical reporting capabilities.




TRA05.05 – Master Data Management Defines the role of MDM in the overall MES strategy.

Specifies how the MES sources and uses master data.

TRA06 – Technology Products Portfolio Overview of the technology products portfolio (TPP) and

the process governing the TPP.

TRA06.01 – Open Source Products SCDHHS’ position on open source software.

TRA06.02 – Standard Product List The listing of information technology products used to

implement and maintain the MES. Maps MES activities to

the supporting products.

TRA07 – Validation and Risk Management Overview of risk management by functional, performance,

and vulnerability testing.

TRA07.01 – Performance Testing Performance testing objectives and the results required

for component, system, or release acceptance.

TRA07.02 – Vulnerability Testing Vulnerability testing, the tools used and when SCDHHS

performs vulnerability testing and the results required for

component, system, or release acceptance.

TRA07.03 – Intrusion Detection Policies defining procedures upon detection of intrusion or

identification of a major vulnerability.

TRA07.04 – Security breach SCDHHS policies defining procedures to follow upon the

inadvertent (or malicious) compromise of PII or PHI.

TRA08 – Architecture Governance The governance model to be followed should any of the

TRA components (architecture, major systems

components, and standards) require to be changed

TRA09 – Project Delivery Framework Overview of ITIL, the Project Lifecycle, and SDLC and their

location.

TRA09.01 – ITIL SCDHHS ITIL framework and links to the appropriate

process and implementation documentation.

TRA09.02 – Project Lifecycle SCDHHS project expectations, deliverables, risk model,

incident management, and reporting requirements.

TRA09.03 – SDLC The SDLC structure(s) followed by SCDHHS IT projects and

required deliverables to pass phase gate reviews.

6 APPENDICES

6.1 REVISION HISTORY

Version Number

Date Author(s) Description of Change

0.1 7/12/2016 Gerhard Ungerer Initial draft



6.2 ACRONYMS AND GLOSSARY

6.2.1 Acronyms

Acronym Description

COTS Commercial-off-the–shelf products

EDI Electronic data interchange

ES Enterprise systems

ESB Enterprise service bus

GOTS Government off-the-shelf

IAM Identity and access management

MARS-E Minimum Acceptable Risk Standards for Exchanges

MDM Master data management

MFT Managed file transfer

MITA Medicaid Information Technology Architecture

MMIS Medicaid Management Information System

NoSQL Non-SQL. Structured Query Language (SQL).

ODS Operational data store

OLAP Online analytical processing

OLTP Online transactional processing

PMO Project Management Office

SAML Security Assertion Markup Language

SCDHHS South Carolina Department of Health and Human Services

SOA Service-oriented architecture

SSL Secure socket layer

TDE Transparent data encryption

TRA Technical Reference Architecture

VPN Virtual private network

6.2.2 Glossary of Terms

Term Description

Data Mart The access layer of the EDS framework that is used to get data out to the

users. The data mart is a subset of the EDS framework that is usually

oriented to a specific business line or team. Whereas the EDS framework

cover an enterprise-wide depth, the information in data marts pertains to

a single department. In some deployments, each department or business

unit is considered the owner of its data mart including all the hardware,

software, and data.



OAuth Open standard for authorization, commonly used as a way for internet

users to start using third-party websites.

Reference Architecture Depiction of Technology Architecture and the standards that govern its

implementation and operation.

Modal System behavior where a screen temporarily blocks interactions with any

other view or screen. Typically an input screen where “Accept” or

“Submit” needs to be pressed to continue.

Non-modal A popup or screen that allows the user to interact with the rest of the

system while the non-modal screen is displayed.

6.3 REFERENCED DOCUMENTS

Referenced Document Title

Document Location and/or URL

6.4 APPROVALS

Signature: Date:

Print Name:

Title:

Role:

Signature: Date:

Print Name:

Title:

Role: