tra – technical reference architecturetra – technical reference architecture 8/26/2016 scdhhs -...
TRANSCRIPT
TRA – Technical Reference Architecture
Version 0.1 8/26/2016
Prepared by: South Carolina Department of Health and Human Services (SCDHHS)
Enterprise Services (ES)
TRA – Technical Reference Architecture
8/26/2016 SCDHHS - Confidential Page 2 of 17
Table of Contents
1 Introduction .................................................................................................................................... 4
2 Intended Audience .......................................................................................................................... 4
3 Disclosure ........................................................................................................................................ 4
4 Technical Approach ......................................................................................................................... 4
4.1 Overview.................................................................................................................................. 4
4.2 SCDHHS Portal ......................................................................................................................... 6
4.2.1 Identity Access Management (IAM) .................................................................................. 6
4.2.2 User Interface (UI) and User Experience (UX) .................................................................... 7
4.2.3 Data Access ...................................................................................................................... 8
4.3 Integration Hub ........................................................................................................................ 8
4.3.1 Enterprise Service Bus (ESB) ............................................................................................. 8
4.3.2 Interface to the Enterprise Data Services .......................................................................... 9
4.3.3 File-Based Exchanges ...................................................................................................... 10
4.4 Enterprise Data SErvices (EDS)................................................................................................ 10
4.5 Trading Partners..................................................................................................................... 12
4.6 Electronic Data Interchange (EDI) ........................................................................................... 13
5 Standard’s Supplements ................................................................................................................ 13
6 Appendices .................................................................................................................................... 15
6.1 Revision History ..................................................................................................................... 15
6.2 Acronyms and Glossary .......................................................................................................... 16
6.2.1 Acronyms ....................................................................................................................... 16
6.2.2 Glossary of Terms ........................................................................................................... 16
6.3 Referenced Documents .......................................................................................................... 17
6.4 Approvals ............................................................................................................................... 17
TRA – Technical Reference Architecture
8/26/2016 SCDHHS - Confidential Page 3 of 17
Table of Figures Figure 1 – Enterprise architecture diagram .............................................................................................. 5
Figure 2 - SCDHHS portal ......................................................................................................................... 6
Figure 3 - Liferay identity access management ......................................................................................... 7
Figure 4 - Integration hub ........................................................................................................................ 8
Figure 5 - ESB interface to the EDS framework ......................................................................................... 9
Figure 6 – The EDS framework ............................................................................................................... 10
Figure 7 - Data management pipeline .................................................................................................... 11
Figure 8 – MES data flow ....................................................................................................................... 11
Table of Tables Table 1. – Technical Reference Architecture standards, supplements, and abstracts.............................. 13
TRA – Technical Reference Architecture
8/26/2016 SCDHHS - Confidential Page 4 of 17
1 INTRODUCTION
The South Carolina Department of Health and Human Services (SCDHHS) is implementing a modernized,
modular Medicaid Enterprise System (MES) in accordance with the Medicaid Information Technology
Architecture (MITA). This Technical Reference Architecture (TRA) document provides an overview of the
technical approach of the solution as well as the standards and tools that govern its implementation and
operation.
As SCDHHS implements components and adds new technologies or techniques, it will update the TRA
with additional standards, guidelines, and governance structures as applicable.
Section 5 - Standard’s lists the standards and the governance model that support the TRA.
2 INTENDED AUDIENCE
The SCDHHS TRA audience includes SCDHHS staff, trading partners, and third-party vendors who will be
implementing, integrating, managing, or operating the SCDHHS MES.
The SCDHHS TRA provides the reference model by which technologies and components of the SCDHHS
MES will be measured for development and implementation.
3 DISCLOSURE
SCDHHS expressly restricts the distribution of this document to include only those SCDHHS staff,
SCDHHS processing environment contractors, or any entity given explicit access to this document with
SCDHHS executive or management approval.
4 TECHNICAL APPROACH
The SCDHHS MES is a collection of loosely connected, highly integrated components. With this modern
approach, SCDHHS will be able to replace components without impacting the rest of the MES or (more
importantly) disrupting Medicaid processing.
As such, SCDHHS is focusing on strategic investments in the following areas:
Identity management and access control
Platform infrastructure governance
System integration and operations
Enterprise data governance
4.1 OVERVIEW
The SCDHHS MES facilitates a distributed Medicaid Management Information System (MMIS) by
integrating, managing, and distributing data across trading partners, SCDHHS staff, and the Federal Data
Services Hub.
TRA – Technical Reference Architecture
8/26/2016 SCDHHS - Confidential Page 5 of 17
The major components of the MES can be classified into:
SCDHHS Portal – The portal framework encapsulates the user interface for Medicaid
constituents to interact with the MES.
Integration Hub – The central integration point for web services, messaging, and file exchanges
utilizes an enterprise services bus (ESB) to facilitate loose coupling of components.
Enterprise Data Services (EDS) – A coordinated system of data integration technologies
designed to manage, access, ingest, materialize, and deliver SCDHHS data. Encapsulates the
Operational Data Store (ODS) and the technologies that maintains it.
Figure 1 – Enterprise architecture diagram
Loose coupling across the enterprise allows SCDHHS to retire legacy components over time (as SCDHHS
replaces legacy functionality), without impacting business operations or other components.
Trading partners interact with the MES by:
TRA – Technical Reference Architecture
8/26/2016 SCDHHS - Confidential Page 6 of 17
Consuming portlets exposed by the SCDHHS portal
Consuming web services and file exchanges exposed by the integration hub
Conversely, these trading partners expose their own portlets, web services, or file exchanges for
consumption by the MES.
4.2 SCDHHS PORTAL
SCDHHS utilizes the Liferay Enterprise Web Platform to standardize a single, unified user experience
with common branding for all its constituents. The SCDHHS portal directs relevant system modules,
content, and information to individual users, groups, and roles, adapting page content based on user
attributes.
To ensure secure, authorized access, the SCDHHS portal
facilitates user requests, interacts with the identity
management solution to manage access rights and
privileges, and provides single sign-on for services accessed
via the integration hub.
Critical components of the portal include:
Identity federation for organizational, non-
organizational, and public identities.
Federated identity provider for SCDHHS- and
vendor-supported subsystems through open
security standards, such as Security Assertion
Markup Language (SAML) and OAuth.
Self-service profile management solutions to meet
non-organizational and public security standards.
Common branding to provide a unified user experience for consumers.
Seamless user experience served by a robust, open integration framework.
Personalized and contextualized content delivery for critical MMIS content, such as fee
schedules and operational manuals.
4.2.1 Identity Access Management (IAM)
The integration hub encapsulates the IAM framework as an enterprise service. When an end-user
request is directed at the SCDHHS portal, the portal calls the IAM enterprise service for authentication.
Similarly, when an end-user request is directed at a public web service, the authentication framework
calls the IAM enterprise service for authentication.
Any subsequent interaction with the integration hub and web services exposed by the integration hub
utilizes the identity tokens obtained from the IAM enterprise service.
The SCDHHS portal integration framework (implemented in Liferay) serves as the security and identity
infrastructure for the distributed MMIS ecosystem. Utilizing open identity standards, the portal
Figure 2 - SCDHHS portal
TRA – Technical Reference Architecture
8/26/2016 SCDHHS - Confidential Page 7 of 17
framework unifies the security profile across the distributed MMIS subsystems and provides an identity
access management solution with single sign-on functionality where appropriate.
The IAM solution meets or exceeds identification, authentication, and accounting (auditing) standards
defined in the MARS-E Document Suite, Version 2.0, for organizational, non-organizational, or other
constituent/consumer user access to the MMIS enterprise or services.
Figure 3 - Liferay identity access management
4.2.2 User Interface (UI) and User Experience (UX)
Portlets expose system functionality via the portlet’s user interface, making system functionality
available to end users in a consistent fashion with a common user experience, branding, and standards.
The SCDHHS portal standards provide the framework for this common user experience by defining:
508 compliance requirements
Responsive design considerations
Styling
Branding
Page layout
Modal and non-modal behavior
Navigation elements
Graphical components
Scripting
Native and remote portlet integration
TRA – Technical Reference Architecture
8/26/2016 SCDHHS - Confidential Page 8 of 17
An industry-standard framework guarantees common platform capabilities and supports efficient and
cost-effective replacement of subsystems for business-to-business (B2B) and business-to-consumer
(B2C) interactions.
4.2.3 Data Access
Portlets receive data only through requests to the integration hub; the ESB administers the requests to
the integration hub. The integration hub encapsulates enterprise processes and business services to
fulfill the requests. The SCDHHS MES does not allow direct access to the database and point-to-point
integrations across the enterprise.
The ESB strictly administers data and service requests, decouples system dependencies, and facilitates
transitioning modules from the legacy system into the new modular solution.
Standards define the mechanisms by which SCDHHS designs, develops, and delivers enterprise services
based on the payload (amount of data) that the requests carry.
4.3 INTEGRATION HUB
The SCDHHS MES uses a service oriented architecture (SOA)
with system functionality implemented into loosely coupled
components and subsystems. The ESB exposes and
coordinates the functionality of these components and
subsystems as enterprise services. The interface provided by
the ESB and the collection of enterprise services the ESB
exposes are collectively referred to as the integration hub.
The capabilities that the integration hub exposes to the
SCDHHS portal and trading partner systems include (but are
not limited to):
Identity management and authentication.
Access to system services, which perform small system
functions such as creating, retrieving, updating, and deleting data records.
Access to process services, which perform business functions such as submission of a claim for
processing, determination of eligibility, or provider enrollment.
Mediation and synchronization of service requests.
Batch processes.
File exchanges.
4.3.1 Enterprise Service Bus (ESB)
SCDHHS utilizes the Oracle Fusion Middleware SOA Suite and the Oracle Service Bus to serve as the ESB
for the MES. The components of the Oracle Fusion Middleware that facilitate the ESB include:
Service Bus
SOA Suite
Figure 4 - Integration hub
TRA – Technical Reference Architecture
8/26/2016 SCDHHS - Confidential Page 9 of 17
B2B
BPEL Process Manager
Business Process Management
Metadata Store
Data Integrator
Managed File Transfer
4.3.2 Interface to the Enterprise Data Services
All data requests across the MES are passed to the integration hub for CRUD (create, read, update, and
delete) functions. The integration hub completely encapsulates access to the EDS framework by
exposing data access and data processing services.
The MES only allows access to the EDS framework through the integration hub.
Figure 5 - ESB interface to the EDS framework
TRA – Technical Reference Architecture
8/26/2016 SCDHHS - Confidential Page 10 of 17
4.3.3 File-Based Exchanges
The ESB facilitates the exchange, transfer, decoding, and processing of files. These files include:
Electronic data interchange (EDI) file transfers (encoded in the X-12 format) between SCDHHS
and its trading partners.
Delimited-and fixed-width file exchanges between legacy systems and components of the MES.
Structured files such as JSON and XML received from web services or systems.
File-based exchanges require a high level of security, both at the source and the destination. To ensure
appropriate protection of sensitive data, SCDHHS uses secure file transfer protocol (SFTP) locations and
the Oracle Managed File Transfer (MFT) tool.
4.4 ENTERPRISE DATA SERVICES (EDS)
SCDHHS is the clearinghouse for all Medicaid data
associated with the citizens of South Carolina. Trading
partners throughout the distributed MMIS will exchange
data with SCDHHS according to their respective trading
agreements and contractual obligations. Additional data
sources include:
The Federal Data Services Hub
Other state agencies (e.g., Department of Social
Services, Social Security Administration, etc.)
SCDHHS systems of record (e.g., Case
Management, Financial Management, Document
Management, etc.)
The integration hub exposes the data in the EDS framework to whichever system component or trading
partner requires it, according to the data sharing agreements and appropriate use considerations for
each entity.
Data flows through this ecosystem by means of a well-defined data management pipeline, consisting of
the following activities:
Access – Access data from the mainframe, middle-tier databases, and files using a set of
processes and technologies.
Ingest – Transport data from its source and ingest, in raw format, into EDS.
Materialize – Transform data into a consolidated taxonomy and master member, provider,
reference, claims, and encounter data.
Deliver – Expose data via web services, file exchange, and direct access (internal systems only)
for processing and consumption.
Consume – Process and present data throughout the enterprise.
Figure 6 – The EDS framework
TRA – Technical Reference Architecture
8/26/2016 SCDHHS - Confidential Page 11 of 17
Figure 7 - Data management pipeline
SCDHHS is currently evaluating NoSQL technologies to serve as the backbone of its EDS environment.
NoSQL technology will allow SCDHHS to ingest data in its source format to form a “data lake” of raw
data. Using NoSQL technology, the MES can accept data in any format without protracted data modeling
and analysis.
As metadata becomes available for each data source, individual elements can be identified for further
processing. This metadata, together with the raw data in the “data lake,” materializes records that the
MES can correlate, master, cleanse, and consolidate to form a comprehensive view of:
Members
Providers
Claims
Encounters
Outcomes
Reference data
ConsumeDeliverMaterializeIngestAccess
Figure 8 – MES data flow
TRA – Technical Reference Architecture
8/26/2016 SCDHHS - Confidential Page 12 of 17
The integration hub exposes operational data for consumption. The portal, web services, and file
exchanges all request data from the integration hub which, in turn, obtains it from EDS. When the data
consumer updates records, web services of the integration hub submit the changed information to the
EDS framework and inform the appropriate system of record (determined by the type of data) of the
change.
The EDS framework includes a consolidated repository of data collected from distributed SCDHHS
systems in order to provide ready access to critical decision-making data elements for operations, data-
trading, business process redesign, and analytics activities. Leveraging an ODS, the EDS framework will
capture enterprise transactions and support operational decision-making, while segregating the
repositories and data stored for historical and cross-functional data analysis. The EDS framework will
reduce management and technical stress on subsystems by providing a near real-time consolidated
operational view of MMIS data for SCDHHS operational and program staff.
The EDS framework consists of the following:
Highly available enterprise databases that support online transactional processing (OLTP) for
data entry and retrieval of the systems of record.
The NoSQL repository of raw data.
Metadata repository that defines the context of the raw and processed data.
The NoSQL repository of processed and mastered data.
Data marts that contain contextual data (based on individual operational needs) used mainly for
reporting purposes.
Security and privacy controls that govern:
o Encryption-at-rest using database standards such as transparent data encryption (TDE).
o Encryption-in-transit using industry connection/networking standards such as secure
sockets layer (SSL) and virtual private network (VPN).
o Connection or context-specific redaction based on data governance rules.
4.5 TRADING PARTNERS
SCDHHS exchanges data with its trading partners according to the agreed-upon trading agreements and
contractual obligations. Trading partners include, but are not limited to:
The Federal Data Services Hub
Administrative service organization (ASO) providing fee-for-service claims processing and
provider enrollment services
Dental administrative service organization (Dental) providing dental service claims processing
Pharmacy benefits administration (PBA) services, providing pharmacy claims processing
Business intelligence system (BIS) providing decision support processing and services
Managed care organization (MCO) providing managed care and encounter processing
Third party liability (TPL) organization, managing the legal obligation of third parties to cover
health care services
TRA – Technical Reference Architecture
8/26/2016 SCDHHS - Confidential Page 13 of 17
SCDHHS systems of record
South Carolina Department of Social Services
4.6 ELECTRONIC DATA INTERCHANGE (EDI)
Oracle Fusion B2B, integrated with EDIFECS, facilitates EDI file processing, although other technologies
are currently under investigation.
5 STANDARD’S SUPPLEMENTS
The Technical Reference Architecture (TRA) is a collection of architecture and standards artifacts that
govern the implementation of the South Carolina Medicaid Enterprise System. The table below lists the
supplements, each covering standards according to its purpose. This list will be updated as new
supplements are added to the TRA.
Table 1. – Technical Reference Architecture standards, supplements, and abstracts
Document Description
TRA - Technical Reference Architecture Overview of the SCDHHS Medicaid Enterprise System
Architecture. Defines the SCDHHS strategy, major
components of the MES and standards that govern its
implementation.
TRA01 – Infrastructure Management Architectural overview of the SCDHHS Medicaid systems
technical infrastructure. Summarizes segmentation of the
network and the access control mechanisms utilized to
authenticate users, systems, and components.
TRA01.01 – Network Network segmentation overview with details on the DMZs,
including cloud assets in the network landscape and
disaster recovery.
TRA01.02 – Access control and identity
management
Definition of identity management implementation across
portal, database and service assets. Defines the use of
service accounts that make component-to-component
calls.
TRA01.03 – Virtualization Definition of the virtualized environment, including
applicability of the virtual desktop and requests for a
virtual environment for dev/test/uat/prod.
TRA01.04 – Cloud-based computing SCDHHS position on cloud-based computing, protection of
PHI and PII, certification, and audits.
TRA02 – Shared Services – Service
Oriented Architecture
Overview of SOA, the portal framework, EDS, integration
hub and interaction with each layer of the architecture.
TRA03 – Web Portal Overview of the user interface layer, its architecture,
portal technologies implementing the user interface layer
and governance on native- and external portlets.
TRA – Technical Reference Architecture
8/26/2016 SCDHHS - Confidential Page 14 of 17
Document Description
TRA03.01 – Portal Architecture Description of the portal architecture and governance of
the portlets that support the portal architecture.
TRA03.02 – Portlet Design Standards covering design considerations for portlets,
including user experience, service integration, and data
access.
TRA03.03 – Portal Style Guide Standards covering portal and portlets styles.
TRA03.04 – Web user interface guide Design considerations for web-based systems including
508 compliance, responsive design, consistency, and
usability.
TRA03.05 – Content Management Processes and procedures for including enterprise content
management capabilities within the portal architecture.
TRA04 – Integration hub Overview of the integration hub, the ESB, enterprise
services, logging, error response handling, architecture,
publishing, discovery, etc.
TRA04.01 – ESB Overview of the ESB role in the SOA and the
implementation guide utilizing the Oracle Service Bus.
TRA04.02 – Web services Development guide for web services and integration into
the ESB.
TRA04.03 – Authentication Guide for authentication of web services including
requests from internal and external components.
TRA04.04 – Business Rules Guide for extracting business rules into the business rules
engine and associated technologies.
TRA04.05 – ETL Standards on ETL processing, ETL integration in the ESB
and expectations on data that leaves the DMZ.
TRA04.06 – MFT Standards and guidelines governing transferring files
securely; both inbound and outbound.
TRA04.07 – EDI Guidance on when to use the X12 standards, when other
formats (XML, JSON) are allowed. Decoding,
interpretation and encoding of X12 files.
TRA05 – The EDS framework Overview of the data architecture and the data flow.
TRA05.01 – Transactional databases Governance on transactional database creation and use.
Data flow between the databases and the ODS.
TRA05.02 – Operational database Overview of the operational data store (ODS) and how the
MES ingests, materializes, delivers, and consumes data.
TRA05.03 – Analytical data store(s) Overview of data extraction from the ODS to feed OLAP
data warehouses or data marts. Governance on data mart
creation and contents.
TRA05.04 – Business Intelligence Business intelligence and analytical reporting capabilities.
TRA – Technical Reference Architecture
8/26/2016 SCDHHS - Confidential Page 15 of 17
Document Description
TRA05.05 – Master Data Management Defines the role of MDM in the overall MES strategy.
Specifies how the MES sources and uses master data.
TRA06 – Technology Products Portfolio Overview of the technology products portfolio (TPP) and
the process governing the TPP.
TRA06.01 – Open Source Products SCDHHS’ position on open source software.
TRA06.02 – Standard Product List The listing of information technology products used to
implement and maintain the MES. Maps MES activities to
the supporting products.
TRA07 – Validation and Risk Management Overview of risk management by functional, performance,
and vulnerability testing.
TRA07.01 – Performance Testing Performance testing objectives and the results required
for component, system, or release acceptance.
TRA07.02 – Vulnerability Testing Vulnerability testing, the tools used and when SCDHHS
performs vulnerability testing and the results required for
component, system, or release acceptance.
TRA07.03 – Intrusion Detection Policies defining procedures upon detection of intrusion or
identification of a major vulnerability.
TRA07.04 – Security breach SCDHHS policies defining procedures to follow upon the
inadvertent (or malicious) compromise of PII or PHI.
TRA08 – Architecture Governance The governance model to be followed should any of the
TRA components (architecture, major systems
components, and standards) require to be changed
TRA09 – Project Delivery Framework Overview of ITIL, the Project Lifecycle, and SDLC and their
location.
TRA09.01 – ITIL SCDHHS ITIL framework and links to the appropriate
process and implementation documentation.
TRA09.02 – Project Lifecycle SCDHHS project expectations, deliverables, risk model,
incident management, and reporting requirements.
TRA09.03 – SDLC The SDLC structure(s) followed by SCDHHS IT projects and
required deliverables to pass phase gate reviews.
6 APPENDICES
6.1 REVISION HISTORY
Version Number
Date Author(s) Description of Change
0.1 7/12/2016 Gerhard Ungerer Initial draft
TRA – Technical Reference Architecture
8/26/2016 SCDHHS - Confidential Page 16 of 17
6.2 ACRONYMS AND GLOSSARY
6.2.1 Acronyms
Acronym Description
COTS Commercial-off-the–shelf products
EDI Electronic data interchange
ES Enterprise systems
ESB Enterprise service bus
GOTS Government off-the-shelf
IAM Identity and access management
MARS-E Minimum Acceptable Risk Standards for Exchanges
MDM Master data management
MFT Managed file transfer
MITA Medicaid Information Technology Architecture
MMIS Medicaid Management Information System
NoSQL Non-SQL. Structured Query Language (SQL).
ODS Operational data store
OLAP Online analytical processing
OLTP Online transactional processing
PMO Project Management Office
SAML Security Assertion Markup Language
SCDHHS South Carolina Department of Health and Human Services
SOA Service-oriented architecture
SSL Secure socket layer
TDE Transparent data encryption
TRA Technical Reference Architecture
VPN Virtual private network
6.2.2 Glossary of Terms
Term Description
Data Mart The access layer of the EDS framework that is used to get data out to the
users. The data mart is a subset of the EDS framework that is usually
oriented to a specific business line or team. Whereas the EDS framework
cover an enterprise-wide depth, the information in data marts pertains to
a single department. In some deployments, each department or business
unit is considered the owner of its data mart including all the hardware,
software, and data.
TRA – Technical Reference Architecture
8/26/2016 SCDHHS - Confidential Page 17 of 17
OAuth Open standard for authorization, commonly used as a way for internet
users to start using third-party websites.
Reference Architecture Depiction of Technology Architecture and the standards that govern its
implementation and operation.
Modal System behavior where a screen temporarily blocks interactions with any
other view or screen. Typically an input screen where “Accept” or
“Submit” needs to be pressed to continue.
Non-modal A popup or screen that allows the user to interact with the rest of the
system while the non-modal screen is displayed.
6.3 REFERENCED DOCUMENTS
Referenced Document Title
Document Location and/or URL
6.4 APPROVALS
Signature: Date:
Print Name:
Title:
Role:
Signature: Date:
Print Name:
Title:
Role: