Health, Education & Government Government & Public Sector Public Health & Human Services

Public Health Informatics

Multi-agency, multi-stakeholder programs where procurement, compliance, and mission alignment determine success.

Oracle Cerner Epic Rhapsody Arcadia
Inside this journey
  1. Pre-Discovery

    Align stakeholders and document the current technical and decision landscape before solution design.

    1. Stakeholder Alignment

      Confirm decision roles, data stewards, timelines, and funding/procurement constraints across state, local, and lab stakeholders.

      Alignment Questions

      Starting with Who’s In the Room

      • Who will be the primary users, approvers, and sponsors for this program? (List roles/titles) Options: CIO/IT Director, Public Health Informatics Director, Epidemiologist, Laboratory Director, Immunization Program Lead, Procurement Officer, Other
      • What is the single most important outcome you want this project to deliver in the next 12 months? Options: Meet CDC reporting requirements, Reduce lab-reporting lag, Consolidate registries, Improve outbreak response speed, Reduce manual reconciliation, Other
      • How urgent is this initiative on a scale from needed for compliance to optional improvement? Options: Immediate (compliance deadline ≤6 months), Near-term (6–12 months), Planned (12–24 months), Exploratory/longer-term
      • Who owns the budget or funding line that would pay for this work? Options: State health operating budget, Federal grant (DMI/CDC), State capital funds, Local/municipal budget, Hybrid/multiple sources, Unknown
      • What recent audit, mandate, or event prompted this initiative?

      Are We Sure We Know Who Decides?

      • If this project succeeds, who in your organization will be publicly recognized — and if it fails, who will be held accountable?
      • Who has final authority to sign contracts and approve budgets for IT projects of this size? Options: CIO/State IT Board, Commissioner of Health, Procurement Office, Grants Office, Legislative approval required, Other
      • Which committees or governance bodies will need to review or approve requirements, and how often do they meet? Options: IT Governance Board, Public Health Advisory Committee, Procurement Review Board, Interagency Working Group, None/Ad-hoc
      • Who are the technical data stewards (lab systems, immunization, vital records) and how do they prefer to be engaged? Options: Lab IT, Immunization Registry Lead, Vital Records Office, EHR Integration Team, External Lab Partners, Other
      • How stable are these stakeholders’ priorities — have decision owners changed recently or are they likely to change in the next year? Options: Very stable, Some turnover expected, Significant change likely, Unsure

      Where the Data Stalls — Mapping Current Reality

      • Which legacy registries, siloed systems, or vendor products are currently central to surveillance and reporting?
      • What lab reporting pathways do you receive today (select all that apply)? Options: Real-time HL7 ELR, Batch HL7, FHIR-based feeds, Flat-file uploads (SFTP), Fax/Scanned PDFs, Manual entry by staff, Other
      • List the interfaces you currently maintain (EHRs, LIS, hospitals, regional labs) and the approximate number of partners per interface type.
      • How timely and complete are your current data feeds on average? Options: Near real-time and high completeness, Moderate latency (hours–days), some gaps, Significant delays (days–weeks), incomplete, Highly variable by partner
      • What recurring failure modes or bottlenecks do you see when trying to modernize these feeds (e.g., mapping drift, partner capacity, vendor lock-in)?

      When the System Fails — Pain, Incidents, and Impact

      • Tell us about a recent incident where delayed, missing, or incorrect data caused operational or public-health harm (what happened and who was affected?).
      • Which of the following impacts have you experienced or fear most from data problems? Options: Missed outbreak detection, Incorrect CDC reporting, Policy/legal exposure, Eroded public trust, Excess staff overtime, Loss of funding
      • On average, how many staff-hours per week are spent on manual reconciliation, phone/fax follow-up, or data cleaning related to surveillance feeds? Options: <5 hours, 5–15 hours, 15–40 hours, >40 hours, Unknown
      • How do these failures make your team feel — frustrated, burned out, resigned, or something else? Give an example of a recurring frustration.
      • When issues occur, who is expected to remediate them and how long does it typically take to resolve critical outages? Options: In-house IT, Vendor support, Partner/hospital IT, Mixed response, Resolution time varies widely

      What Would ‘Right’ Actually Look Like?

      • If our platform delivered a clear win for your department, what single outcome would convince leadership you made the right choice?
      • Which outcomes below should be prioritized for this engagement? Options: CDC-compliant reports, Interoperable ELR and IIS, Faster outbreak detection, Reduced manual work, Consolidated case management, Other
      • Please define 2–3 measurable success metrics you would use to accept the implementation (e.g., report latency < X hours, completeness > Y%).
      • Are there any absolute constraints that cannot be changed (data residency, specific security certifications, maximum annual spend)? Options: Data residency requirement, Specific security standard (e.g., FedRAMP/HIPAA), Max annual budget cap, Procurement method constraint, None absolute, Other
      • Who outside your organization needs to see these results to be satisfied (CDC, local jurisdictions, legislature)? Options: CDC, State leadership/commissioner, Local health jurisdictions, Legislature/oversight committee, Grantors, Other

      Can the Platform Fit Your Real Workflows?

      • Which real-world workflows do vendors typically underplay but are central to your operations (examples: lookup reconciliation, lab result triage, vaccine inventory matching)?
      • Please describe 2 representative data scenarios (source → transformation → destination) that must work exactly as you expect.
      • Which interface types must be supported for a successful implementation? Options: HL7 v2 ELR, FHIR (R4), ADT feeds, Flat-file SFTP, API-based integrations, Manual uploads, Other
      • What CDC reports and specific formats/versions are required for your jurisdiction (select all that apply)? Options: NNDSS/CDC forms, ELR to CDC, IIS forecasting, Meaningful Use/Promoting Interoperability, Custom state reports, Unknown
      • How much historical data must be migrated and what is the minimum acceptable fidelity/date range? Options: No migration needed, Last 1 year, Last 3 years, Full historical record, Selective critical records only

      Budget, Timelines, and the Procurement Minefield

      • What single procurement requirement is most likely to delay or kill this purchase (e.g., procurement vehicle, vendor certification, budget timing)?
      • What is your target go‑live timeframe and are there immovable dates tied to grant cycles or mandates? Options: Immediate (≤3 months), Short (3–6 months), Medium (6–12 months), Long (>12 months), Linked to grant/mandate date
      • What funding source(s) will you use and what approval steps are required before funds can be committed? Options: Federal grant (CDC/DMI), State appropriation, Local budget, Hybrid, Unknown
      • Which contracting model do you prefer or require? Options: Fixed-price SOW, Time & materials, Subscription SaaS, Hybrid, State master contract/agency vehicle
      • What is the expected length of procurement / contracting from RFP to signature under your process? Options: <3 months, 3–6 months, 6–12 months, >12 months, Varies widely

      People, Training, and Change Readiness

      • If adoption stalls after go‑live, whose responsibility is it to drive ongoing use and how would they be measured?
      • What internal teams will support day‑to‑day operations (select all that apply)? Options: State IT/Infrastructure, Public Health Informatics, Laboratory IT, Local jurisdiction IT, Vendor-managed support, Other
      • What type(s) of training do your users prefer and expect (classroom, remote live, self-paced, train-the-trainer)? Options: Live instructor-led, Recorded self-paced, Train-the-trainer, Role-based workshops, On-site shadowing, Other
      • What level of testing and validation will you require before we can declare acceptance (unit, integration, CDC-specified validation, parallel run)? Options: Unit testing, Integration testing, CDC validation tests, Parallel production run, User acceptance testing (UAT)
      • What existing runbooks, SOPs, or governance artifacts must we align with or update during deployment?

      What Would You Need from Us to Say Yes?

      • What's the smallest, most convincing deliverable we could produce in 60 days to unblock procurement or leadership? Options: Pilot with one lab, Mapping & gap analysis, Interface proof-of-concept, Security/compliance package, Costed implementation plan
      • What acceptance criteria must be demonstrably met for a pilot to be considered successful?
      • What are the top three risks you fear in this program and how would you like us to mitigate them?
      • Who should be on the executive steering list and who is the single person we should brief with updates?
      • What is your ideal communication cadence for status updates during discovery and implementation? Options: Weekly, Bi-weekly, Monthly, Ad-hoc for critical issues only
    2. Current State Mapping

      Document legacy registries, lab reporting paths (including fax/flat-file), interface inventories, and failure modes that block modernization.

      Current State

      Set the Stage: What Does 'Normal' Look Like Here?

      • Briefly describe the core systems, teams, and data flows that make up your surveillance ecosystem today.
      • Which core registries and systems are actively used for surveillance and reporting? Options: Case surveillance registry, Immunization Information System (IIS), Laboratory Information System (LIS), Syndromic surveillance system, Vital records, Other
      • Who owns or is the primary steward for each system you listed (team or role)?
      • How confident are you in the accuracy and completeness of data feeding federal reporting from these systems? Options: Very confident, Somewhat confident, Uneasy about gaps, Not confident at all
      • When was the last major upgrade, migration, or vendor change for any of these registries? Options: Within the last year, 1–3 years ago, 3–7 years ago, 7+ years ago, Never
      • Name one process or system that actually feels reliable today—and why it deserves that trust.

      If Something Breaks, Who Notices First?

      • Think back 12 months: what single system failure caused the most operational panic, and why did it escalate?
      • Which stakeholders experienced the biggest impact when that failure occurred? Options: Epidemiologists/analysts, CIO/IT operations, Laboratory leadership, Clinical partners, CDC/state reporting team, Local public health officials, Other
      • How long did it typically take your team to detect that class of failure? Options: Minutes, Hours, Same day, Days, Weeks
      • How long did it take to restore normal operations after that incident? Options: Under an hour, Several hours, Same day, Multiple days, Weeks
      • After that event, did your organization change priorities or resources toward modernization? If so, how? Options: Accelerated plans, No change, Deprioritized other work, Added temporary resources, Started procurement
      • Are there recurring failure patterns you expect to return? Please describe one such pattern and its downstream impact.

      Where Does Your Data Really Live (and Who's Still Trusted?)

      • Which legacy registry or data store feels like the single biggest bottleneck to progress—and what makes it so sticky?
      • List the legacy products and versions currently in production (e.g., product name + version or year).
      • Which data models and storage formats are we working with across registries? Options: Proprietary schema, HL7 v2 message store, FHIR resources, Flat CSV/Excel files, Relational database (SQL), Other
      • Are any registries technically decommissioned but still relied upon as the source of truth? Options: Yes, No, Unsure
      • If some decommissioned systems are still trusted, which ones and why do people keep relying on them?
      • How often do you run deduplication, reconciliation, or manual corrections to keep registries usable? Options: Daily, Weekly, Monthly, Quarterly, Rarely/Never

      How Do Lab Results Actually Arrive (The Real Story)?

      • If you trace a single positive lab result from the submitting lab to your surveillance dashboard, where are the most fragile handoffs?
      • Which lab reporting paths are currently active with your jurisdiction's systems? Options: HL7 v2 over MLLP, FHIR REST API, Flat-file (SFTP/CSV), Fax, Email attachments, Manual entry via portal, Other
      • Approximately how many sending labs or facilities still submit results via fax or paper? Options: None, 1–10, 11–50, 51–200, 200+
      • When faxed or paper results arrive, who digitizes them and what is the typical turnaround time?
      • Do you have automated parsing for flat files and non‑standard feeds, or are they manually processed? Options: Fully automated parsing, Partially automated with human review, Manual processing, No consistent process
      • How frequently do missing or malformed lab messages cause CDC or state report delays? Options: Daily, Weekly, Monthly, Rarely, Never

      Who Owns the Connectors — and Are They Healthy?

      • If an auditor reviewed your interface inventory tomorrow, what single discovery would be most embarrassing or risky?
      • Which types of interfaces and connectors are in use across your ecosystem? Options: HL7 v2 over MLLP, HL7 v2 via SFTP, FHIR APIs, Flat-file SFTP/CSV, VPN/Direct secure link, SMTP/email ingest, Fax ingestion, Manual CSV uploads, Other
      • How many unique sending partners (hospitals, reference labs, clinics) do you actively manage? Options: 0, 1–10, 11–50, 51–200, 200+
      • Who is responsible for daily interface maintenance and triage? Options: State IT team, Vendor/managed service, Local jurisdiction IT, Shared model (state + vendor), Other
      • How often do you run end-to-end interface tests that include data being processed through to reporting? Options: Monthly, Quarterly, Annually, Only ad hoc/when issues arise, Never
      • What documentation exists per interface (message spec, contact, SLA) and where is it stored? Options: Complete and centralized, Partial and scattered, Sparse, None

      Migration Nightmares We Should Know About

      • What hidden technical debt or political obstacle would derail a migration if we ignored it?
      • Have past modernization or migration efforts failed or stalled? Tell us when, what happened, and why.
      • Which of the following blockers have you encountered during previous modernization attempts? Options: Funding gaps, Procurement delays, Staffing shortages, Incompatible data models, Third‑party vendor issues, Stakeholder misalignment, Regulatory/mandate changes, Other
      • Do you have test environments, sandbox data, and CI/CD pipelines available for partner integration work? Options: Full test environments and realistic data, Partial test environments, Test environments without real data, No test environments
      • How do data governance, privacy, and consent requirements tend to surface as blockers during projects?
      • Which fiscal, legislative, or grant timelines must we align with to avoid project stalls? Options: Procurement windows, Legislative sessions, State fiscal year/funding cycle, Grant award cycles, No fixed constraints, Other

      What Would a Safe, Fast Modernization Actually Feel Like?

      • Imagine modernization succeeded in six months—what would be the single most visible change for your team or the public?
      • Which outcomes should we prioritize (select all that matter most)? Options: Timely CDC reporting, Interoperable ELR/IIS, Reduced manual processing, Faster outbreak detection and response, Improved data quality and deduplication, Lower operational cost, Actionable analytics and dashboards, Other
      • What non‑negotiable constraints must any solution respect (budget, procurement rules, data residency, no downtime, etc.)? Options: Budget cap/limits, Procurement/contract constraints, Staffing limits, Data residency/compliance rules, No disruption to live CDC reporting, Mandated reporting timelines, Other
      • Who must be engaged in governance and sign‑off (roles or specific people)? Options: CIO/IT Director, Epidemiology lead, Laboratory director, Immunization program lead, Legal/privacy officer, Procurement officer, Local health jurisdiction reps, Other
      • What measurable success metrics would make you declare a 90‑day win and a 12‑month win?
      • Realistically, when could you commit to a one‑week technical discovery workshop with your technical leads and an appropriate sandbox? Options: Within 2 weeks, 2–6 weeks, 1–3 months, 3+ months, Unsure
  2. Outcome Discovery

    Prioritize desired outcomes (CDC compliance, interoperable ELR/IIS, outbreak responsiveness), success metrics, and non-negotiable constraints.

    Discovery Questions

    Quick Pulse: Which Outcome Matters Most Right Now?

    • Which single outcome is the highest priority for your agency at this moment? Options: CDC compliance (timely, accurate reports), Interoperable ELR/IIS, Outbreak responsiveness and contact tracing, Data modernization / replace legacy systems, Reduce manual fax/flat-file processing, Improve data quality and deduplication, Other
    • Tell us a recent moment or event that made this outcome feel urgent—what happened and who noticed it?
    • Which roles feel this priority most acutely inside your organization? Options: CIO/IT director, Epidemiology director, Laboratory director, Immunization program lead, Data steward/analyst, Procurement, Other
    • How urgent is progress on this outcome from a delivery perspective? Options: Critical — must deliver within 3 months, High — 3–9 months, Medium — 9–18 months, Low — >18 months
    • If we could deliver one visible improvement in the next 90 days, what would you pick?

    If We Don’t Fix It, What Actually Breaks?

    • What’s the single worst consequence you’ve quietly come to accept because current systems don’t deliver the outcomes you need?
    • How often does that consequence occur and disrupt your operations? Options: Daily, Weekly, Monthly, Quarterly, Rarely
    • How long have you been tolerating this problem? Options: <6 months, 6–18 months, 1–3 years, 3–7 years, >7 years
    • How does that consequence affect public health outcomes, staff capacity, or stakeholder trust?
    • When these failures happen, who outside your team notices first and what do they demand? Options: State leadership, CDC contacts, Local health departments, Clinical partners/labs, Media/public, Other

    What Would Success Actually Feel Like?

    • Imagine a day when surveillance and reporting 'just work' — what does your team do differently that day?
    • Pick the measurable indicators that would prove success to you (choose up to 4). Options: Timeliness of ELR to CDC, Percent automated reports vs manual, Lab report ingestion success rate, IIS reconciliation accuracy, Mean time to case detection, User satisfaction score, FTE hours reduced for manual processing, Other
    • For each key indicator you selected, what is the current baseline (numbers, percent, or anecdote)?
    • Which one of those indicators would have the largest positive impact on funding or political support if improved? Options: Timeliness of ELR to CDC, Percent automated reports vs manual, Lab report ingestion success rate, IIS reconciliation accuracy, Mean time to case detection, User satisfaction score, FTE hours reduced for manual processing, Other
    • Who internally would be the loudest advocate if those measures improved, and what would they say?

    Non-Negotiables: The Red Lines We Can’t Cross

    • What constraints or conditions would make you stop, renegotiate, or walk away from a proposed solution even if it meets technical goals?
    • Which of these are absolute dealbreakers for your project? Options: Inability to meet CDC reporting formats, No support for HL7 or FHIR interfaces, Requires additional state legislation, Exceeds budget caps, Fails security/compliance audits, Vendor unwilling to sign BAAs, Long lock-in clauses, Insufficient training/resourcing, Other
    • Are there specific contractual, privacy, or regulatory requirements that must be spelled out before you can proceed?
    • Which technical security standards or data residency rules must we comply with? Options: Data stored in-state, FIPS/NIST compliance, Encryption at rest & in transit, Detailed audit logs & retention, Role-based access controls, Other
    • If a vendor met most technical goals but could not accommodate one of your dealbreakers, what mitigation would you consider acceptable?

    Data & Interfaces: The Gritty, Necessary Details

    • If you asked your lab and hospital integrators to rate interface reliability, what score would they give and why?
    • Which interface types are actively feeding your surveillance ecosystem today? Options: HL7 v2, FHIR, Flat-file CSV/Excel, Fax / scanned PDFs, APIs (custom), ADT feeds, Other
    • Approximately how many unique data sources (hospitals, labs, clinics) send you data now? Options: <10, 10–50, 51–200, 201–500, >500
    • What percent of incoming lab reports are fully automated versus requiring manual handling today? Options: 0–25%, 26–50%, 51–75%, 76–99%, 100%
    • Which failure modes should we prioritize first to unlock outcomes? Options: Missing patient identifiers, Duplicate records, Incorrect LOINC/LOINC mapping, Delayed batched uploads, Unreadable fax data, Interface downtime, Other
    • Who owns onboarding new interfaces today and how much bandwidth do they have for additional work?

    People, Process & Politics: Who Moves the Needle Here?

    • Who inside or outside your agency could realistically block progress even if technology and budget are aligned—and why?
    • Which stakeholders must sign off before a go-live? Options: CIO/IT director, Epidemiology director, Laboratory director, Legal/compliance, Procurement, Governor's office/leadership, Other
    • How aligned are those stakeholders today on the prioritized outcomes? Options: Fully aligned, Mostly aligned with minor gaps, Divided with competing priorities, Unknown
    • What formal change-management resources exist (communications, training teams, SME networks)? Options: Dedicated change team, Training staff, Subject matter experts, No formal resources, External contractors/partners
    • What would make your executive sponsors publicly champion this project?

    Money, Schedule & Risk: The Hard Boundaries

    • If the project slips on budget or timeline, which consequence would be most damaging—compliance, service delivery, or leadership credibility?
    • What budget range is approved or expected for this modernization effort today? Options: Under $250k, $250k–$1M, $1M–$5M, $5M–$20M, >$20M, Unfunded/contingent
    • What procurement timeline must we fit into (RFP, award, contract signature)? Options: Immediate (30 days), 60–90 days, 3–6 months, 6–12 months, Longer/undefined
    • How flexible is the rollout approach—are pilots acceptable or is a big-bang required? Options: Prefer pilot → phased rollouts, Need big-bang ASAP, Open to either with clear milestones, Undecided
    • What are the top three risks you worry about (technical, operational, political) and how would you like them mitigated?
    • Would you consider a risk-reducing pilot that delivers partial outcomes sooner but defers full scope? Options: Yes, Maybe with conditions, No

    Commitment & Next Steps: What Would Make This Real?

    • What specific evidence or assurances would move you to sign a Statement of Work within the next quarter?
    • Which artifacts do you need before contracting (select all that apply)? Options: Signed SOW with acceptance criteria, Proof-of-concept using our data, Security & privacy assessments, Reference site visits, Formal pricing & T&Cs, Legally reviewable contract, Other
    • How would you like us to participate in defining acceptance criteria and success metrics? Options: We lead with vendor input, Collaborative build, Vendor leads with our sign-off, Minimal involvement
    • Who will be the initial project sponsor and can they commit to a recurring governance cadence? Options: CIO/IT director, Epidemiology director, Laboratory director, Program/project manager, Other
    • When would you like to schedule a technical workshop to validate outcomes using your real data? Options: Within 2 weeks, 2–4 weeks, 1–3 months, Later / undecided
  3. Solution Experience

    Validate how the platform delivers the prioritized outcomes using the customer’s real workflows, data scenarios, and reporting requirements.

    Experience Meetings

    • Solution Experience Kickoff & Current-State Confirmation
    • Data & Interface Mapping Workshop
    • Workflow Replay — Live Scenario Run (End-to-End)
    • Reporting & Regulatory Validation Session
    • Stakeholder Validation & Sign-off
    • Agree explicit acceptance thresholds and SLAs for go/no-go decisions.
    • Host to update effort estimates and flag any items requiring escalation to project management.
    • Environment & Test Data Sanity Check
    • Demonstrate, with customer data, that the platform produces the outcomes needed to meet the future-state statements.
    • Identify any remaining mapping or business-rule gaps and prioritize fixes.
    • Obtain explicit validation or rejection of scenario results from domain SMEs.
    • Produce a short list of configuration/engineering tasks required before formal acceptance testing.
    • Host to log all discrepancies in a tracking artifact and assign owners with target dates for remediation.
    • Customer SMEs to provide formal validation responses (Y/N with comments) for each scenario within 3 business days.
    • Host to update transformation rules and re-run any failed scenarios as a follow-up test.
    • Customer to confirm any business-rule clarifications needed for automated case creation or reconciliation logic.
    • Recap Evidence from Live Runs
    • Confirm that CDC and IIS outputs meet regulatory expectations or document required adjustments.
    • Introductions & Meeting Objectives
    • Produce a remediation plan for any compliance-level gaps with owners and timelines.
    • Host to produce a regulatory validation report comparing platform outputs to legacy outputs and call out variances.
    • Customer to confirm acceptance thresholds and sign off in writing or escalate open issues within 5 business days.
    • Host to update report templates or CDC payload formatting per agreed adjustments and re-run validation as scheduled.
    • Executive Recap: Current State, Consequence, Future State
    • Obtain explicit stakeholder validation for each prioritized scenario against documented acceptance metrics.
    • Agree a remediation and retest timeline for any 'Accept with Conditions' or 'Reject' items.
    • Handoff clear, signed next steps into Solution Scope and Mutual Commit with named owners and dates.
    • Customer executive sponsor to provide formal sign-off (or formal conditional sign-off) for the solution experience evidence within 3 business days.
    • Host to compile an evidence bundle (run logs, mapping spec, regulatory validation report) and attach it to the Solution Scope handoff.
    • Host and Customer to schedule the Solution Scope meeting and Mutual Commit planning within the agreed timeframe.
    • Assigned owners to track remediation items in the shared backlog and update status weekly until closed.
    • Produce a single, agreed one-sentence current-state description.
    • Document quantified consequences tied to current-state failures.
    • Agree a single operational future-state outcome and 2–4 validation scenarios with success metrics.
    • Collect and schedule delivery of all artifacts and logistical needs for hands-on sessions.
    • Customer to deliver anonymized sample messages (HL7/FHIR/flat-file/fax extracts) and representative failure logs within 5 business days.
    • Customer to name technical SME(s) and regulatory SME(s) who will attend subsequent workshops.
    • Host to provision test environment and message simulator access, and confirm credentials by the agreed date.
    • Host to circulate the finalized one-sentence current-state, consequence, and future-state statements for confirmation.
    • Recap Current-State, Consequence, Future-State
    • Produce a draft field-level mapping document for the prioritized scenarios.
    • Identify and prioritize top failure modes that must be tested and mitigated.
    • Agree acceptance criteria for successful parsing/transformation for each scenario.
    • Assign owners and timelines for any missing artifacts or additional samples.
    • Host to deliver draft mapping spec (field mappings and transformations) within 3 business days.
    • Customer to provide additional edge-case samples identified during mapping within 5 business days.
    • Customer technical SME to confirm availability of any external interface partners for test endpoints.
    • One-Sentence Current State
    • Scenario A: ELR Ingest to CDC Report
    • Sample Message Review
    • Evidence Pack Presentation
    • CDC Report Output Comparison
    • IIS Reconciliation & Audit Trails
    • Field-by-Field Mapping
    • Consequence Quantification
    • Scenario B: IIS Immunization Reconciliation
    • Forced Validation Poll
    • Scenario C (optional): Case Trigger & Outbreak Escalation
    • Failure Modes & Edge Cases
    • Acceptance Thresholds & SLAs
    • Open Items, Risks & Remediation Plan
    • Define Future State (Outcome Statement)
    • Estimate Effort & Acceptance Criteria for Mappings
    • Regulatory Edge Cases & Mitigation
    • Sign-off, Next Steps & Handoff
  4. Solution Scope

    Define included modules (ELR, syndromic, IIS, case management), interfaces, data migration, roles, and measurable acceptance criteria.

    Scope Configuration

    • Deploy HL7 v2 Ingestion Interface
    • Configure FHIR API Endpoints and Resources
    • Implement Electronic Laboratory Reporting (ELR) Pipeline
    • Enable Syndromic Surveillance Feed (ADT/BioSense)
    • Migrate Immunization Registry Data into IIS
    • Deploy Reportable Condition Case Management Module
    • Automate CDC and State Report Generation Submissions
    • Normalize Lab Codes (LOINC/SNOMED) and Value Sets
    • Integrate Flat-File Batch Ingest and Mapping
    • Provision Role-Based Access Control and SSO
    • Process Vital Records (Birth/Death) Integration
    • Deliver End-User Training and System Onboarding

    Scope Questions

    Deploy HL7 v2 Ingestion Interface

    • Do you currently receive HL7 v2 messages from external partners? Options: Yes, No, Partially
    • Which HL7 v2 versions do your senders use? Options: 2.3.1, 2.5.1, 2.6, Other / Unknown
    • Which message types are required to ingest (e.g., ADT, ORU, ORM)? Options: ADT, ORU, ORM, MDM, VXU, Other
    • Preferred transport method for HL7 v2 (select all that apply)? Options: MLLP/TCP, SFTP (batch files), HTTP/S with MLLP proxy, Other
    • What is the expected message volume per day (approx)? Options: <1000, 1,000-10,000, 10,000-100,000, >100,000, Unknown
    • Do you require message-level ACK/NACK handling and reprocessing controls? Options: Yes, No
    • Are there existing transforms or mapping specs for incoming HL7 messages? Options: Yes - specs available, Partially documented, No

    Configure FHIR API Endpoints and Resources

    • Which FHIR version should be supported? Options: R4, R4B, STU3, Other/Unknown
    • Which FHIR resources do you need exposed or ingested? Options: Patient, Observation, Immunization, DiagnosticReport, Condition, AllergyIntolerance, Other
    • What authentication/authorization method will be used for FHIR APIs? Options: OAuth2 (SMART), mTLS, API Key, SAML/OIDC via gateway, Other
    • Do you require Bulk FHIR (Bulk Data) export/import capabilities? Options: Yes, No, Maybe - need guidance
    • Are there specific profiles or implementation guides to support (e.g., CDC PHIN, US Core)? Options: US Core, PHIN Implementation Guide, Custom Profiles, Unknown
    • Describe any expected workflow-driven APIs (e.g., case creation via FHIR) or custom endpoints.

    Implement Electronic Laboratory Reporting (ELR) Pipeline

    • Are sending labs already transmitting ELR to you today? Options: Yes, many, Yes, a few, No
    • What ELR transport/formats do you need to support? Options: HL7 v2 ORU, FHIR DiagnosticReport/Observation, Flat-file CSV, Other
    • Do you require mapping of local test codes to LOINC/SNOMED CT? Options: Yes - many local codes, Limited mapping needed, No
    • Which reportable condition rule sets or jurisdictional case definitions apply? Options: State-defined, CDC standard, Local health department rules, Other/Unknown
    • What is the expected ELR message volume per day? Options: <500, 500-5,000, 5,000-50,000, >50,000, Unknown
    • What acceptance criteria should be used to confirm ELR pipeline readiness (e.g., % successful parsing, latency)?

    Enable Syndromic Surveillance Feed (ADT/BioSense)

    • Do you currently receive ADT or syndromic feeds from hospitals/EDs? Options: Yes - most senders, Yes - a few senders, No
    • What ADT/Syndromic message triggers are required (e.g., ADT^A01, A08)? Options: A01 (Admit), A03 (Discharge), A08 (Update), Other/Unknown
    • Do you need BioSense/FHIR-IG compatibility or direct BioSense submission? Options: Yes - BioSense compatible, No, Unsure
    • What patient matching strategy will you rely on for syndromic feeds? Options: Deterministic (SSN/ID), Probabilistic, Hybrid, Other/Undecided
    • Are there specific syndrome definitions or ESSENCE queries to implement? Options: Yes - list available, No, Need help defining
    • What latency SLA is required for syndromic data ingestion and availability? Options: Near real-time (<1 hour), Same day, Daily batch, Other

    Migrate Immunization Registry Data into IIS

    • What is the source of existing immunization data (legacy IIS, spreadsheets, vendor DB)? Options: Legacy IIS, Vendor system, Spreadsheets/CSV, Other
    • Approximately how many immunization records and patient profiles need migration? Options: <100k, 100k-1M, 1M-10M, >10M, Unknown
    • Do you require historical immunization event retention (full history) or only current status? Options: Full history, Current status only, Custom range
    • Which coding systems must be supported or normalized (e.g., CVX, MVX)? Options: CVX, MVX, CPT, Other / Local codes
    • Are there data quality or reconciliation rules required (e.g., duplicate patient resolution)? Options: Yes, No, Need guidance
    • What acceptance tests confirm IIS migration success (e.g., reconciliation %, load performance)?

    Deploy Reportable Condition Case Management Module

    • Which case workflows need to be supported (investigation, lab linkage, contact tracing)? Options: Investigation, Lab confirmation linkage, Contact tracing, Vaccination follow-up, Other
    • Do you have standard case definitions and state reporting triggers to automate case creation? Options: Yes - documented, Partially documented, No
    • What roles and permissions are needed for case management users? Options: Epidemiologist, Investigator, Data Steward, Admin, Other
    • Should the case module link directly to lab results, immunization, and vital records? Options: Yes - all links, Some links, No
    • Are there required automated notifications or escalations (email/SMS/workflow)? Options: Yes, No, Need guidance
    • What measurable acceptance criteria apply for case management (e.g., case creation accuracy, time-to-investigation)?

    Automate CDC and State Report Generation Submissions

    • Which external reports must be automated (select all that apply)? Options: NNDSS, MMWR/MSPR, IIS weekly/monthly, Custom state reports, Other
    • What submission methods are required for each report (PHINMS, API, HL7, CSV)? Options: PHINMS, API (FHIR/REST), HL7 v2 outbound, CSV/SFTP, Other
    • How frequently must each report be submitted (real-time, daily, weekly, monthly)? Options: Real-time, Daily, Weekly, Monthly, Ad-hoc
    • Are there existing ETL or mapping specs to CDC/state schemas? Options: Yes - specs available, Partially, No
    • Do you require automated validation and reject handling before submission? Options: Yes, No
    • What acceptance criteria define successful automated submission (e.g., 100% schema-valid, acknowledgements received)?

    Normalize Lab Codes (LOINC/SNOMED) and Value Sets

    • Are local lab codes used today that require mapping to LOINC or SNOMED CT? Options: Yes - many, Yes - some, No
    • Do you have an existing terminology service or prefer us to provide mapping? Options: Existing terminology server, Require vendor-provided mapping, Undecided
    • Which value sets must be supported and kept up-to-date (select all that apply)? Options: LOINC panels, SNOMED CT lab results, CDC condition value sets, Custom local sets
    • What is the expected cadence for terminology updates (monthly, quarterly, ad-hoc)? Options: Monthly, Quarterly, Ad-hoc, Other
    • Do you require automated mapping reconciliation reports and manual review workflows? Options: Yes, No
    • How will unmapped or ambiguous codes be handled during acceptance (quarantine, vendor review, auto-map)? Options: Quarantine for review, Auto-map with confidence threshold, Reject, Other

    Integrate Flat-File Batch Ingest and Mapping

    • What flat-file formats do you need to support? Options: CSV, TSV, Fixed-width, Excel, Other
    • How are files delivered (SFTP, HTTPS upload, shared drive)? Options: SFTP, HTTPS upload, Shared network drive, API, Other
    • What is the typical batch size and expected frequency? Options: Small (<1k rows) - daily, Medium (1k-10k) - daily/weekly, Large (10k+) - weekly/monthly, Variable/Unknown
    • Do you have sample files and field-level specifications available for mapping? Options: Yes - samples available, Partially, No
    • How should errors be handled for batch records (reject entire file, partial ingest, quarantine)? Options: Reject entire file, Partial ingest with error report, Quarantine for review, Other
    • Are there PII/PHI encryption or retention policies we must follow for batch files? Options: Yes, No, Need details

    Provision Role-Based Access Control and SSO

    • Which identity providers do you plan to use for SSO? Options: Okta, Azure AD, Ping, Local LDAP, Other/None
    • Which SSO protocol will be used? Options: SAML 2.0, OIDC/OAuth2, mTLS client certs, Other
    • How many distinct user roles or role templates are required? Options: 1-3, 4-7, 8-15, 16+
    • Do you require attribute-based access controls (ABAC) or purely role-based (RBAC)? Options: RBAC, ABAC, Hybrid
    • Are audit logging and access reporting required for compliance (HIPAA, state law)? Options: Yes, No, Need guidance
  5. Mutual Commit

    Finalize commercial terms, procurement timelines, governance, CDC reporting obligations, and change-control expectations.

    Agreement Modules

    • Non-Disclosure Agreement (NDA)
    • Master Services Agreement (MSA)
    • Statement of Work (SOW)
    • Pricing & Commercial Terms
    • Procurement & Purchase Order Timeline
    • Funding & Fiscal Approval Certification
    • Governance & Steering Committee Charter
    • CDC Reporting Obligations Annex
    • Data Use Agreement / Business Associate Agreement (BUA/BAA)
    • Security & Compliance Addendum
    • Integration & Interfaces Annex
    • Data Migration & Reconciliation Plan
    • Acceptance Criteria & Test Plan
    • Change Control & Change Order Process
    • Service Level Agreement (SLA) & Support Model
    • Transition, Training & Knowledge Transfer Agreement
  6. Deployment

    Operationalize rollout with readiness checks, sequencing, enablement, and validation.

    1. Pre-Deployment Readiness

      Confirm data inventories, access, test environments, interface partners, and resourcing needed to execute safely.

      Readiness Questions

      Getting Grounded: Who's In the Room and What They Own

      • Who will be our primary deployment point of contact and who are the 1–2 backups we should plan to loop in? Options: State CIO/Deputy CIO, Informatics Director, Integration/EHR Lead, Lab IT Lead, Program Manager, Other
      • Which environments do you currently operate that we must consider during deployment (select all that apply)? Options: Production, Staging / Pre-Prod, Sandbox, Legacy registry environment, Partner test endpoints, None / Unsure
      • Please list the legacy registries, lab systems, and reporting endpoints we will need to inventory or migrate from (include system name and owner).
      • What internal governance or steering committee meetings already exist that must approve deployment milestones? Options: Weekly executive steering, Biweekly technical working group, Monthly governance board, Ad hoc approvals only, None

      What Could Break During Cutover (and Why It Matters)

      • If deployment goes sideways tomorrow, what single operational failure would cause the most critical public‑health impact? Options: Loss of ELR feeds, Incorrect CDC report submissions, IIS reconciliation failures, Case management outages, Mass misrouting of lab results, Other
      • Tell us about a past deployment or integration that had an unexpected failure—what happened, who noticed it first, and how long did it take to restore normal operations?
      • How much downtime (if any) is acceptable for each critical capability during cutover? Options: Zero tolerance (must be live), Under 1 hour, 1–4 hours, Up to 24 hours, Multi-day allowed only with prior approval
      • Who needs to be notified immediately (roles/teams) if a cutover incident threatens CDC reporting or hospital operations? Please include contact methods.

      Who Holds the Keys: Access, Credentials, and Bottlenecks

      • Do any of your systems rely on a single person or contractor for credentials or admin access that would block testing or go‑live if they were unavailable? Options: Yes, one person, Yes, one contractor, No, distributed access, Unsure—need to check
      • Please enumerate systems that require privileged credentials for vendor testing (e.g., LIS, IIS admin, SFTP, ADP) and the average lead time to obtain access.
      • What is your standard process and SLA for provisioning vendor/test credentials and network access (VPN/IP allowlist)? Options: <48 hours, 3–7 days, 1–3 weeks, Longer / paper process
      • Are there any audit, legal, or HR approvals (e.g., background checks, BAAs, state vendor onboarding) that typically slow down access for external teams? Options: Yes—background checks, Yes—state vendor onboarding, Yes—legal/BAA, No major approvals, Unsure

      Interfaces: Which Connections Are Fragile, and Who Will Help?

      • Which interfaces do you suspect are under‑documented or ‘fragile’ and likely to require custom troubleshooting? Options: Hospital ELR (HL7 v2), Lab LIS connections, EHR ADT feeds, FHIR endpoints, Flat‑file/fax conversions, Statewide IIS interfaces, Unsure
      • For each partner system (hospitals, reference labs, commercial labs, EHR vendors), do we have a technical contact and agreed test windows? If not, which partners are outstanding?
      • Do you have sample messages (HL7 v2, FHIR resources, flat files) we can use in early validation, and can we get them with real-world variations (e.g., different facility codes, missing fields)? Options: Yes—full samples available, Partial samples available, No samples available, Unsure
      • Which message types and versions must be supported during initial interface configuration? Options: HL7 v2.3.1, HL7 v2.5.1, FHIR R4, Fixed-width/CSV flat-file, Other

      Data Reality Check: Can the Legacy Data Be Trusted?

      • How confident are you that migrated legacy data will be complete and accurate enough to drive reporting without manual reconciliation? Options: Very confident, Somewhat confident, Skeptical, Not confident / expect heavy cleanup
      • What known data quality issues should we expect (e.g., mismatched patient identifiers, missing lab result codes, inconsistent timestamps)?
      • Do you maintain a data stewardship team or documented data dictionary that we can reference during mapping and migration? Options: Yes—formal data steward/team, Informal stewards across teams, No documented steward, Unsure
      • Would you be open to a short joint data profiling run (sample extracts + automated report) before we scope migration effort? Options: Yes—schedule it, Maybe—need approval, No

      Test Environments: Where We Fail First (and How to Avoid It)

      • Do you have a production‑representative test environment where we can run end‑to‑end validation, including partner endpoints and a realistic volume of messages? Options: Yes—fully representative, Partially representative, No dedicated environment, Unsure
      • How often is that test environment refreshed with production data (anonymized) and who owns the refresh process? Options: Daily, Weekly, Monthly, Rarely/never, Unsure
      • What level of vendor access to test systems are you comfortable granting (read-only, write/test submits, admin)? Options: Read-only, Write/test submits, Admin access, Limited by request, Unsure
      • Which tests would you expect to run in test environments before any production cutover (select all that apply)? Options: Interface connectivity, Message parsing & reconciliation, CDC report generation, IIS reconciliation, Performance/load tests, User acceptance testing (UAT)

      People & Timing: Is Your Team Really Available?

      • Be candid: during the proposed deployment window, what percentage of your core informatics team can be dedicated to vendor testing and cutover activities? Options: 100%, 60–99%, 30–59%, Less than 30%, Unavailable/unknown
      • Which roles will need to be present for technical validation and final sign‑off (e.g., lab SME, epidemiologist, IIS admin, procurement)? Options: Lab SME, Epidemiologist, IIS admin, Clinical informaticist, Procurement/Legal, Other
      • Are there seasonal workloads, staffing constraints, or planned public‑health events that would make particular dates risky for go‑live? Options: Yes—seasonal (e.g., flu season), Yes—planned events (conferences, audits), No major conflicts, Unsure
      • What training cadence and format helps your users adopt new workflows fastest (role‑based live training, recorded modules, train‑the‑trainer)? Options: Live role‑based, Recorded modules, Train‑the‑trainer, Onsite shadowing, Hybrid

      Risk & Rollback: Can We Undo a Bad Day?

      • If the new system caused reportable-data issues or an outage, do you have a defined, rehearsed rollback or mitigation playbook we must align with? Options: Yes—documented & rehearsed, Documented but untested, No playbook, Unsure
      • What concrete rollback triggers should we agree on (e.g., CDC report mismatch > X%, more than Y failed messages per hour)?
      • How do you expect CDC/state reporting continuity to be handled during a rollback or partial outage? Options: Send via legacy processes, Manual interim reporting, Pause non-essential reports, Other
      • Who is authorized to declare a rollback or emergency stop (names/roles), and what is the expected notification timeline to partners and stakeholders?

      Acceptance & Go‑Live: What 'Good' Actually Means

      • Are your acceptance criteria specific, measurable, and assigned to named approvers—or are they still broadly defined? Options: Specific & assigned, Defined but need owners, Broad/vague, Not defined yet
      • Which of the following must pass before go‑live (select all that apply)? Options: All ELR messages parsed and reconciled, CDC reports match legacy by X%, IIS reconciliation within tolerance, No critical defects open, User acceptance testing complete
      • Who will sign final go/no‑go (title and authority), and what is the expected timeframe for final acceptance after the last test?
      • What post‑go‑live monitoring period and criteria do you require before declaring the deployment ‘stable’? Options: 30 days with daily checks, 14 days with targeted checks, 7 days with audits, Other

      Commitments That Make Readiness Real

      • What's the single, non‑negotiable commitment your organization can make today to reduce the biggest deployment risk?
      • Which procurement, legal, or funding milestones must be cleared before we can schedule detailed test windows? Options: Signed contract, PO issued, BAA executed, Budget appropriation, None
      • When would you be ready to begin joint pre‑deployment activities (data profiling, test endpoint setup, credential provisioning)? Options: In 2–4 weeks, Immediately, In 1–3 months, Later / unsure
      • Who should we schedule a 30‑minute readiness walk-through with (roles) to convert this discovery into an actionable pre‑deployment plan?
    2. Deployment Enablement

      Coordinate schedules, configure interfaces (HL7/FHIR/flat-file), execute migration steps, and conduct role-based training for go‑live.

    3. Validation Checklist

      Run acceptance tests: data exchange integrity, CDC report accuracy, IIS reconciliations, and operational runbooks sign-off.

      Validation Questions

      Start Here: Quick Snapshot of Your Validation World

      • Who is our primary point of contact and final decision-owner for acceptance testing? Options: CIO/CTO, Informatics Director, Epidemiology Lead, Laboratory Director, Project Manager, Other
      • Who else needs to be in the room (internal and external) when we run acceptance tests? Options: State epidemiology, Laboratory informatics, IIS manager, Procurement/Legal, Vendor IT/Integration, External lab/hospital partner, Other
      • What is your target acceptance-testing window or go‑live date (month/year)? Options: Within 1 month, 1–3 months, 3–6 months, 6–12 months, No firm date yet
      • Briefly describe any previous experience running platform acceptance tests (tools used, major gaps, or things that went well).
      • Are there non-negotiable external deadlines we must validate against (e.g., CDC reporting cutover, grant milestones)? If yes, name them and their dates.

      If This Goes Sideways, What Breaks First?

      • What single integration, report, or process failure would cause the most operational harm on day one of go‑live?
      • How often have you experienced that failure mode in the last 12 months? Options: Weekly, Monthly, A few times a year, Once, Never documented
      • Which known failure modes should we prioritize in testing (select all that apply)? Options: HL7 parsing errors, FHIR mapping mismatches, Flat-file misreads, Missing lab identifiers, Duplicate patient merges, IIS reconciliation mismatches, Report generation timing failures, Other
      • How quickly do you typically detect a critical data flow failure today? Options: <1 hour, 1–4 hours, Same day, 1–3 days, Longer / unknown
      • Share a recent incident (what happened, impact, how it was fixed) that reveals a validation blind spot we should plan to test against.

      How Perfect Does the Data Need to Be?

      • Which CDC or state report cannot tolerate more than a tiny error rate—call out the report and acceptable error threshold. Options: ELR (Lab positives), IIS vaccination counts, Reportable conditions totals, Syndromic alerts, Other
      • For each selected reporting stream, what numerical error thresholds are acceptable (e.g., 0%, <1%, <5%, <10%, other)? Options: 0%, <1%, <5%, <10%, Depends — explain in next field
      • Describe the reconciliation cadence and owner for IIS and ELR discrepancies (how often and who signs off).
      • Which data elements are mission‑critical and must be validated end‑to‑end during acceptance (select all that apply)? Options: Patient identifiers (MRN/SSN), Lab test codes/LOINC, Result values, Specimen collection dates, Vaccination lot numbers, Provider facility IDs, Case status fields, Other
      • How tolerant is your team of transient discrepancies immediately post‑go‑live (hours/days/weeks) before escalation? Options: Hours, Same day, 1–3 days, Up to a week, Longer — acceptable for now

      Prove It: What Acceptance Tests Will Convince You?

      • If we ran a single 'make‑or‑break' test that would prove the system is production‑ready, which test would that be and why?
      • Select the test types you require as part of formal acceptance (we'll orchestrate these): Options: HL7 v2 message ingestion and parsing, FHIR resource validation, Flat‑file batch processing, ELR to CDC report generation/format, IIS reconciliation and match rates, End‑to‑end case creation from lab result, Load/performance under expected peak, Security/role‑based access tests, Backup/restore and DR failover
      • For each required test type, what pass/fail criteria should we use (e.g., matching rate >= X, latency < Y seconds)?
      • Do you require synthetic test data, de‑identified production samples, or live partner feeds for validation? Options: Synthetic test data, De‑identified production extracts, Live partner feeds, Combination, Undecided — need vendor recommendation
      • Which external partners must participate in acceptance tests (labs, hospitals, IIS vendors)? Please name or describe their roles.

      Who Holds the Pens? Governance, Acceptance, and Change Control

      • Who has final authority to sign 'Acceptance Complete'—title and organization? Options: CIO/CTO, Informatics Director, Epidemiology Director, Program Manager/Grant Lead, Cross‑functional committee, Other
      • What governance steps (review boards, technical validation, legal/procurement) must happen before sign‑off? Options: Technical review, Clinical/epidemiology signoff, Legal/procurement review, Security/compliance review, Executive approval, Other
      • Describe the formal acceptance artifacts you require (e.g., test report, reconciliation logs, runbook approvals).
      • How will change requests discovered during acceptance be triaged (rapid patch, deferred backlog, block acceptance)? Options: Must be fixed before acceptance, Critical fixes only, Document and defer to backlog, Case‑by‑case with governance
      • What is your expected turnaround for sign‑off once passing test artifacts are delivered? Options: <48 hours, 3–5 business days, 1–2 weeks, Longer / depends

      Practice, Fail, Learn: Runbooks, Simulations, and Rollback

      • Imagine a sudden surge in positive lab results during cutover—what immediate actions must be executable from an agreed runbook?
      • Do you already have runbooks for validation, cutover, and post‑go‑live troubleshooting? Options: Yes — complete and tested, Yes — draft only, No — need templates, Unsure
      • Which runbook owners or roles must attest they understand the procedures before go‑live? Options: Epidemiology lead, Lab informatics, IIS administrator, Vendor technical lead, Helpdesk/Operations, Other
      • What rollback criteria would trigger returning to legacy flows (e.g., data loss, >X% missing reports, SLA breach)?
      • How often would you like us to run live drills or simulations before go‑live (to exercise runbooks)? Options: Weekly, Biweekly, Monthly, One full dress rehearsal, None requested

      After Go‑Live: How Will You Know It's Working?

      • What are the top 3 early‑warning metrics you'd watch in the first 30 days (be specific: e.g., ELR daily volume match rate, IIS reconciliation delta)?
      • What dashboarding or alerting thresholds do you want in place for automated escalation? Options: Message parsing failure > X%, Report mismatch > X%, Latency > X minutes, Interface down > X minutes, Other — describe
      • Who should be on the incident escalation list for the first 90 days post go‑live? Options: Vendor on‑call, State IT operations, Epidemiology lead, Lab informatics, IIS admin, Other
      • How long do you expect the vendor to remain in a high‑touch support mode after acceptance? Options: 30 days, 60 days, 90 days, 6 months, Other
      • What ongoing governance cadence would make you comfortable for monitoring and continuous improvements (weekly, biweekly, monthly)? Options: Weekly, Biweekly, Monthly, Quarterly

      Documentation and Evidence: What Do We Need To Leave Behind?

      • Which formal documents must be delivered and signed as part of acceptance (select all that apply)? Options: Test execution reports, Reconciliation logs, Runbooks and playbooks, Configuration freeze checklist, Security/compliance evidence, Data migration validation report, Other
      • Do you require traceable test artifacts that map each test case to acceptance criteria (e.g., test case ID → result → evidence)? Options: Yes, required, Nice to have, No
      • Are there any formats or templates your procurement or audit teams insist we use for acceptance documentation?
      • Who will archive and maintain acceptance artifacts for future audits, and where will they be stored? Options: State records/IT, Program office, Vendor repository, Shared cloud drive, Other
      • Is evidence of successful CDC reporting (sample transmitted reports and confirmation receipts) required before sign‑off? Options: Yes — mandatory, Preferred but not mandatory, No
  7. Success

    Review outcomes against success metrics, schedule ongoing governance cadence, and maintain a shared backlog for issues and enhancements.

    Success Reviews

    • Success Metrics Review (Monthly)
    • Governance Cadence Kickoff (Initial)
    • Shared Backlog Grooming & Prioritization (Bi‑weekly)
    • Operational Health & Validation Check (Monthly)
    • Quarterly Outcomes & Funding Review (Quarterly Executive QBR)

    Issues & Enhancements

    • Ensure runbooks, on-call rosters, and recovery steps are current and tested.
    • Backlog Health Review
    • Ensure a living, prioritized backlog aligned to success metrics and CDC obligations.
    • Establish clear acceptance criteria for prioritized items to enable validation.
    • Identify scheduling constraints and dependencies that affect delivery timelines.
    • Update backlog statuses and move top-priority items into the upcoming release plan.
    • Document acceptance criteria and test scenarios for each prioritized item.
    • Notify external integration partners of committed work and request any required inputs.
    • System Health Summary
    • Confirm operational integrity of data flows and identify any immediate corrective actions.
    • Validate the accuracy of CDC-bound reports and reconcile discrepancies.
    • Welcome & Objectives
    • Open incident remediation tasks for any failed exchanges and assign technical owners.
    • Perform targeted reprocessing or data fixes for reconciliations that failed accuracy checks.
    • Update runbooks and schedule a tabletop drill where gaps were identified.
    • Executive Summary of Outcomes
    • Secure executive commitment for required funding and procurement timelines.
    • Align roadmap priorities with regulatory changes and public-health operational needs.
    • Ensure visibility of program risks and mitigation plans at the executive level.
    • Prepare a funding request packet with outcomes data and ROI evidence for the finance/procurement office.
    • Update the product roadmap and release dates based on executive direction.
    • Document executive decisions and circulate an action tracker for procurement and governance follow-up.
    • Confirm which success metrics meet targets and which require remediation.
    • Assign owners, acceptance criteria, and deadlines for high-priority remediation items.
    • Ensure clarity on regulatory/compliance risks tied to metric deviations.
    • Publish updated success-metrics dashboard and distribute to governance roster.
    • Create remediation tickets for each metric deviation with owners and target dates.
    • Schedule focused follow-up working session for any remediation requiring technical design.
    • Introductions & Scope of Governance
    • Ratify a governance charter including meeting cadence and participant list.
    • Document and agree decision authorities and an escalation path for disputes.
    • Agree the standard reporting package and who must deliver it prior to each meeting.
    • Publish the governance charter and distribute to all named stakeholders.
    • Create recurring calendar invites for the agreed cadence and meeting types.
    • Assign a governance secretary to circulate pre-reads and capture decisions/action items.
    • Data Exchange Integrity
    • Prioritization Exercise
    • Roles, Authorities & Escalation Paths
    • Dashboard Walkthrough
    • Trends & Impact (ROI/Risk)
    • CDC Reporting Accuracy & Reconciliations
    • Deviations & Consequences
    • Define Scope & Acceptance Criteria
    • Cadence & Meeting Types
    • Funding & Procurement Status
    • Scheduling & Dependencies
    • Interface Partner Status
    • Roadmap Alignment & Policy Changes
    • Reporting Package & KPIs
    • Root Cause & Remediation Options
    • Decisions & Owner Assignment
    • Decision Rights & Change-Control
    • Runbook & Recovery Drill Readiness
    • Executive Decisions & Commitments
    • Owner Commitments & Risks
    • Next Steps & Scheduling
First-Party AI

1-2 minutes please — Your AI agent is working

First-Party AI™ can make mistakes. Always check important information.