~\

•
CONTRACT
~}
~ . ~..
(fee-for-goods or services contract with an individual, business, non-profit, or governmental entity of
another state)
'•">;'ri""'•'
Begin Date End Date Agency Tracking # Edison Record ID

October 1, 2016 September 30, 2020 31865-004 70 51758

Contractor Legal Entity Name Edison Vendor ID

Deloitte Consulting, LLP 0000135163

Goods or Services Caption (one line only)
Systems Integration Services for Eligibility Modernization Project
Contractor CFDA #
rgj Contractor 93.778 Dept of Health & Human ServicesfTitle XIX
Funding-
FY State Federal Interdepartmental Other TOTAL Contract Amount
2017 $3,456,867.00 $31 '111 ,803.05 $34,568,670.05
2018 $7,276,273.30 $48,993,687.74 $56,269,961.04
2019 $4,249,721 .59 $21 ,329,615.48 $25,579,337.07
2020 $2,275,798.74 $7,566,043.72 $9,841,842.46
2021 $717,563.61 $2,152,690.83 $2,870,254.44
TOTAL: $17,976,224.24 $111 '153,840.82 $129,130,065.06

Contractor Ownership Characteristics:

0 Minority Business Enterprise (MBE): African American, Asian American, Hispanic American, Native American
0 Woman Business Enterprise (WBE)

0 Tennessee Service Disabled Veteran Enterprise (SDVBE)

0 Tennessee Small Business Enterprise (SBE): $10,000,000.00 averaged over a three (3) year period or employs
no more than ninety-nine (99) employees .
cgj Other: Limited Liability Partnership
Selection Method & Process Summary (mark the correct response to confirm the associated summary)
RFQ
cgj Competitive Selection
0 Other
Budget Officer Confirmation: There is a balance in the
appropriation from which obligations here der are required
to be paid that is not air ady e cumbere ay other
obligation

fAr -
SPeed Chart (optional) Account Code (optional)
 CONTRACT
BETWEEN THE STATE OF TENNESSEE,
DEPARTMENT OF FINANCE AND ADMINISTRATION,
DIVISION OF HEALTH CARE FINANCE AND ADMINISTRATION
AND
DELOITTE CONSULTING LLP

This Contract, by and between the State of Tennessee, Department of Finance and Administration,
Division of Health Care Finance and Administration (HCFA), hereinafter referred to as “HCFA” or the
“State”, and the Contractor, Deloitte Consulting LLP, hereinafter referred to as the “Contractor”, is for the
provision of Systems Integration Services to support the State in completing the Eligibility Modernization
Project, hereinafter referred to as “EMP,” as further defined in the “SCOPE OF SERVICES.” State and
Contractor may be referred to individually as a “Party” or collectively as the “Parties” to this Contract.

The Contractor is a Limited Liability Partnership

Contractor Edison Registration ID # Number: 0000135163

Contractor Place of Incorporation or Organization: New York

A SCOPE OF SERVICES
A.1 The Contractor shall provide all goods or services and deliverables as required, described, and
detailed below and shall meet all service and delivery timelines as specified by this Contract.

A.2 Nothing in this Contract shall be deemed to be a delegation to the Contractor of the State’s non-
delegable duties under the TennCare program administered by the single state agency, as
designated by the State and the Centers for Medicare and Medicaid Services (CMS), pursuant
to Title XIX of the Social Security Act (42 U.S.C § 1396 et seq.) and the Section 1115 research
and demonstration waiver granted to the State and any successor programs, or the Federal
Children’s Health Insurance Program (CHIP), known in Tennessee as “CoverKids,” administered
by the State pursuant to Title XXI of the Social Security Act. Applicable Definitions and
Abbreviations relative to this contract are located in Attachment 7.

A.3 The descriptions of Contractor deliverables in this Contract do not include every possible duty,
task, or intermediate deliverable necessary to achieve success on this Contract. The Contractor
shall receive written approval by the State for deliverables requiring State approval to be
effective. The Contractor understands and agrees that any perceived lack of detail in a specific
area does not indicate that the Contractor will have no duties in that area. The Contractor shall
fulfill the State’s Contract goals and requirements in a cost-effective manner. This includes all
intermediate steps, deliverables or processes reasonably necessary to achieve the desired
outcome described in each Section of the Contract. Intermediate steps, processes or
deliverables will be detailed in the Control Memorandum (CM), developed by the parties at the
inception of each Gate Review of the Contract, using the CM process described in Section A.29
below.

Where any service or delivery timelines are specified as a number of days or other measure of
time from the effective date (whether or not capitalized) or project start date or other term
intended to reference the start of the project, the parties agree that such period of time shall be
tracked from the Project Start Date, where the “Project Start Date” means the later of the
Effective Date or the first Monday following receipt of all approvals and execution of this
Contract.

A.4 Tennessee Eligibility Determination System (TEDS or Solution) Overview

1
 A.4.1 The Contractor shall design, develop, implement, maintain and operate a rules-based
Medicaid eligibility determination system that includes a:

Worker portal;

Member portal; and

Partner portal.

A.4.2 The Solution shall have the ability to perform the following activities, including but not
limited to:

Determining eligibility automatically and without worker intervention when all

eligibility criteria have been satisfied according to the State’s Medicaid policies
and Verification Plan.

Receiving application data

Performing member matching

Verifying eligibility data with Federal and State data sources

Determining MAGI and non-MAGI Medicaid eligibility and redetermination of

eligibility,

Terminating or denying eligibility

Sending and receiving account transfers with the Federal Facilitated Marketplace

Providing Managed Care Organization selection

Sending and reconciling all necessary eligibility and enrollment information with
other systems such as MMIS and the FFM for the MEC check

Mailing or electronically mailing applicable notices and letters

Performing case maintenance activities and receiving complaints and requests for
appeals.

A.4.3 The Contractor shall design, develop, implement, maintain and operate an electronic
content management system to scan and store eligibility documents.

A.4.4 The Contractor shall demonstrate that the system is compliant with the CMS Seven
Standards and Conditions guidelines as published in December 2015. The Contractor
shall adhere to the CMS-defined critical success factors as documented in “EE CSF
2016-02-18”.

A.4.5 The Contractor shall demonstrate that the system is compliant with the CMS Eligibility
and Enrollment Supplement for MITA 3.0.

A.5 Governance

A.5.1 As part of the State’s Medicaid Modernization Program (MMP), the State is implementing
governance processes for IT-enabled transformation projects. The first iteration of the
MMP Governance Framework was developed by the State’s Technical Advisory Services

2
(TAS) Contractor and administered by the State’s Strategic Program Management Office
(SPMO) Contractor. It focuses on business and technical governance of the Eligibility
Modernization Project (EMP). The Contractor shall be governed by the State’s
Governance Framework and participate in all Gate Reviews of this project where required
by the State’s Governance Framework as defined in the Program. The Contractor shall
comply with the State’s Governance Framework including:

The Contractor shall fully participate in periodic oversight meetings and reviews
with State personnel, the State’s TAS, SPMO and Independent Validation and
Verification (IV&V) contractors, and other internal and external stakeholders. Full
participation includes, but is not limited to, making visible the status of Gate
Review deliverables throughout the process, including in draft form.

The Contractor shall coordinate with the SPMO in its role as governance
administrator and the IV&V contractor in its independent review role to facilitate
the successful oversight of the Eligibility Modernization Project.

State Framework Deliverables. The Contractor shall comply with all applicable
State and Federal policies and standards as well as all State Framework
Deliverables. State Framework Deliverables include documents and plans
created pursuant to the State’s contract for Technical Advisory Services for
integration into the MMP Governance Framework located at
http://www.tn.gov/assets/entities/hcfa/attachments/KPMG.pdf. All applicable
State Framework Deliverables are contained in Attachment 8, Framework
Deliverables Table.

A.5.1.3.1 Current Framework Deliverables. The Contractor shall comply with all
Current Framework Deliverables. Current Framework Deliverables are
all approved documents and plans within the State’s Governance
Framework as of the Effective Date of this Contract. The Contractor
acknowledges that current Framework Deliverables are subject to
revision. If revised, the updated Current Framework Deliverable will be
delivered by the State to Contractor. The State and Contractor shall
work in good faith to resolve any recommendations from Contractor, with
the State making final determinations. State shall then deliver the
Framework Deliverable to the Contractor in a Control Memorandum as
described in Section A.29.

A.5.1.3.2 Future Framework Deliverables. Future Framework Deliverables are

certain Framework Deliverables, identified in Attachment 8, that are not
scheduled to be finalized before the Effective Date of this Contract. The
Contractor acknowledges that these Framework Deliverables are critical
aspects of the State’s information technology strategy and shall comply
with all Future Framework Deliverables. Once final, Future Framework
Deliverables will be delivered by the State to Contractor. The State and
Contractor shall work in good faith to resolve any recommendations from
Contractor, with the State making final determinations. The State shall
then deliver the Framework Deliverable to Contractor in a Control
Memorandum.

A change order will be used to implement Framework Deliverables that alter

Contractor’s scope, responsibilities, or Deliverables.

The Contractor shall participate in governance training provided by the State.

3
 The Contractor shall cooperate with the State’s internal technical review boards
(the Technical Architecture Review Board (TARB) and the Technical Change
Control Board (TCCB)) to facilitate the successful oversight of the Operations and
Maintenance phase of this project.

A.6 Release Plan and Project Roadmap

A.6.1 In building the Solution, Contractor shall comply with the requirements contained in this
Contract, including but not limited to, those requirements contained in Contract
Attachment 9 hereof, the Contractor’s negotiated Response.

A.7 Enterprise and Solution Architecture Alignment

A.7.1 The Contractor shall align all Solution designs with the State’s target system architecture
and with the State’s Enterprise Architecture Business Operating Model (EA-BOM)
Management Plan. In addition, the Contractor shall meet the following requirements:

The Contractor shall adhere to architecture design standards as specified in the

EA-BOM Management Plan.

The architecture design artifacts prepared by the Contractor shall adhere to

architecture principles as established by the HCFA TARB.

The Contractor shall, as necessary and at no additional cost to the State, resolve
any non-compliance of the Solution with the State’s design standards. Exceptions
may only be granted by the State’s TARB in writing on a case by case basis.

The Contractor shall maintain solution architecture artifacts and design models in
an industry standard Computer-Aided Software Engineering Tool. This includes
the ability to create new and maintain existing architecture artifacts. Contractor’s
design tool shall be interoperable with the State’s design tool to facilitate import
and export of enterprise and solution architecture artifacts between the State and
the Contractor. The artifacts that must be maintained in a design tool include, but
are not limited to, the models, matrices, and lists specified in the EA-BOM
Management Plan.

The Contractor shall keep the State continually informed of to the status of
architecture artifacts as required during the SDLC through such means as reports,
web pages, a query tool, etc.

A.8 Project Management

A.8.1 The Contractor shall develop a Project Management Plan (PMP), to be approved in
writing by the State, upon start of work under this Contract. The PMP shall define the
approach to managing delivery of Project Management Lifecycle (PMLC) Services on the
EMP and shall be developed in alignment with industry standards in the Project
Management Body of Knowledge (PMBOK) for program and project management, and
the State’s MMP PMP template.

The Contractor shall define Scope Management processes and procedures to

ensure that all scope updates are escalated appropriately and addressed in a
timely manner.

4
 The Contractor shall define Communication Management processes and
procedures to ensure that all relevant information is escalated appropriately and
addressed in a timely manner.

The Contractor shall define Risk and Issue Escalation processes and procedures
to ensure that important risks and issues are escalated appropriately and resolved
in a timely manner.

The Contractor shall define Schedule Management processes and procedures to

ensure that the project remains on schedule.

The Contractor shall define Quality Management processes and procedures to

ensure continuous improvement.

The Contractor shall define Configuration Management processes and

procedures to ensure all project artifacts can be tracked and identified throughout
the project lifecycle.

The Contractor shall define Performance Management processes and procedures

to ensure that goals are consistently being met in an effective and efficient
manner.

The Contractor shall define Human Resource Management processes and

procedures to onboard resources, provide appropriate training and orientation to
the TEDS processes.

The Contractor shall define Financial Management processes and procedures to

ensure budget tracking and earned value management.

A.8.2 The Contractor shall create a baselined Project Plan within the PMP that shall be used to
track project tasks, deliverables, milestones, dependencies, and resources to ensure
accurate project status reporting. The Contractor shall continuously update the Project
Plan and provide the latest version to the State immediately upon request. The
Contractor’s Project Management Plan shall include tasks for the State and the State’s
Contractors as appropriate. In addition, Contractor shall develop and submit a Release
Project Plan for every release. The Contractor’s Project Plan for every release shall be
approved in writing by the State. The Contractor’s Project Plan milestones shall be
integrated into the MMP Integrated Master Schedule (IMS) in coordination with the
State’s SPMO to provide a MMP-wide project schedule view.

A.8.3 The Contractor shall adhere to the State’s PMLC guidance. If issues, risks, or system
defects are not addressed in a timely manner, or if system defects or errors persist or
recur, the State reserves the right to require the Contractor to develop and execute a
State approved Corrective Action Plan (CAP), as described in Section A.17.2.8. The
State also reserves the right to mandate that the project management methodology be
revised or that the processes and procedures necessary to meet any of the State
required milestones or deliverables be altered, in order for completion of timely and
quality project deliverables, and to eliminate or minimize negative affects to the EMP’s
success.

A.8.4 The Contractor shall coordinate with the State and State Contractors, as defined as
including the Strategic Program Management Office (SPMO), the Technical Advisory
Services (TAS) team, and the Independent Verification and Validation (IV&V) team, as
well as any other contractor to the State as deemed necessary to ensure the successful
management of the Eligibility Modernization Project.

5
 A.8.5 For purposes of clarification, wherever in this Contract the Contractor is obligated to ensure
an event occurs or outcome is achieved that includes dependencies outside of Contractor’s
control (e.g., performance by other State contractors or agencies), the Contractor shall have
satisfied its obligations if the Contractor worked in a collaborative and good faith manner
and alerted the State to any impediments so that the State can take appropriate action.

A.9 Solution Infrastructure

A.9.1 The Contractor shall be responsible for developing and/or configuring the Solution to
meet the requirements of this Contract. The State of Tennessee Strategic Technology
Solutions (STS) group within the Department of Finance and Administration shall provide
secure hosting facilities and services for the Solution. The Contractor shall comply with all
STS processes (e.g. the Build Book process), procedures, and standards. The
implementation for the Solution includes two (2) data centers in Tennessee. The South
Data Center is the primary hosting location in Smyrna, TN and the North Data Center is
the secondary hosting located in Nashville, TN. A more distant hosting site may be
selected and procured by HCFA IS to align with CMS guidance concerning geographic
separation for Integrated Eligibility application disaster recovery site selection. The
primary host site is also known as the production site, while the secondary site is planned
to be used as a disaster recovery site. The Contractor shall work with the State to
determine the disaster recovery hosting option.

A.9.2 STS shall configure all of the network, server, and storage hardware at all State data
centers up to the operating system level, under the direction of the Contractor and HCFA
IS, to implement the Solution and supporting systems. The Contractor shall provide, in
the timeframe defined by the project schedule, STS with the configuration specifications
for the network, storage, virtual machines, hardware, and operating systems. The
specifications include security hardening settings, under the direction of the Contractor
and HCFA IS. STS provides patch management services for the operating system and
underlying virtual hosting technology. The host hardware (e.g., servers), security devices
(e.g., encryption devices, firewalls), routing devices (e.g., load balancers, switches), and
communications link interfaces are provided and maintained by STS. This includes full
rack configurations for all equipment; full rack uninterruptable power supplies, rack
cooling, rack temperature and humidity sensors, and cable management. STS shall also
provide connectivity within all State facilities and networks including the internet egress,
excluding such technologies specific to TEDS. The Contractor shall validate and verify
that all of specifications have been met as documented.

A.9.3 The Solution specific commercial off-the-shelf (COTS) software and applications shall be
maintained by the Contractor for the duration of the Contract. All Operating System (OS),
applications, and COTS software updates are coordinated between the State and all
applicable State contractors via the Technical Change Control Board processes, as
changes in one application may impact the Solution or other HCFA system operations.
The COTS software versions and OS versions shall be maintained by the Contractor
within one major version of the latest release unless explicitly waived in writing by the
Technical Change Control Board.

A.9.4 The Contractor shall use state approved tools and methodologies for maintaining
oversight and control of the infrastructure build process. The Contractor shall be
responsible for ensuring that the construction of the system infrastructure conforms to the
requirements and design specifications contained in this Contract.

A.9.5 The Contractor shall be responsible for providing all of the following infrastructure, as
required for Print Output Management:

Infrastructure

6
 Hardware

Software

Security

Network

A.10 System Development Lifecycle (SDLC)

A.10.1 Gate Review

The Contractor shall be responsible for all materials and presentations associated
with the Gate Reviews in the CMS Information Technology Enterprise Lifecycle
(IT ELC) System Development Lifecycle and any mandates made by CMS relative
to the System Development Lifecycle, including the requirements of the Medicaid
Eligibility and Enrollment System Review Process (MEESRP). The parties shall
use the Gate Reviews and the approved deliverables for the purposes of the CMS
Milestone Reviews and associated MEESRP checklists.

The Contractor shall participate in both the State Gate Review and the MEESRP.

The Contractor shall produce all required deliverables associated with each Gate
Review and shall meet CMS MEESRP submission requirements. As the passing
of each State Gate Review and MEESRP Milestone Review, as defined in
MEESRP, is of critical importance to continued federal funding and adherence to
the anticipated implementation schedule, failure to pass a State Gate Review or
Milestone Review shall be considered a material breach of this Contract. The
State may initiate the Termination for Cause provisions located at Section D.6 in
the event of such a Milestone Review failure.

The Contractor shall comply with the State’s design reviews to ensure the
technical fit of the design of the Eligibility Modernization Solution with Federal and
State conditions and standards and that it is inter-operable with other Federal and
State systems defined in the target system architecture for Eligibility
Modernization.

The Contractor shall participate in consultation with the State, CMS, TAS, SPMO,
IV&V and other State Contractors or State entities as required to prepare for Gate
Reviews and CMS Milestone Reviews.

Any new requirements or changes to requirements introduced into the project at

the time of Gate Review shall be added via a Change Order as described in
Section A.28 and shall not serve to delay payment for successful unconditional
pass of all requirements for which Contractor is responsible for that Gate Review.

A.10.2 Stakeholder Analysis and Management

The Contractor shall work directly with assigned project Organizational Change
Management and Training (OCMT) Team Members for any identified OCMT,
Stakeholder, or Communication needs, as required by the State to ensure
adherence with State-approved OCMT methodology.

7
 The Contractor shall assist the OCMT Team in assessing the EMP to initially
define and/or refine OCMT scope and overall approach as inputs for the
development of any stakeholder engagement plans.

The Contractor shall work with the OCMT Team to identify appropriate
stakeholders and messaging for project-related communication and engagement
needs.

The Contractor shall adhere to the OCMT MMP Stakeholder Management Plan(s)
and follow relationship/interaction mapping requirements when identifying and/or
engaging stakeholders for the purpose of data and information collection.

The Contractor shall coordinate and communicate stakeholder engagement

needs and results to the designated OCMT Stakeholder Register Manager.

The Contractor shall coordinate with the State Project Director in compliance with
communication plan(s) on all identified communication needs, to ensure any
communication needs are in alignment with, and/or added to, the approved
project-specific communication(s) plan as defined by the project team.

The Contractor shall provide access to key documentation as the State deems
reasonable to support assessing organizational impact and other OCMT activities
as needed.

The Contractor shall provide the project plan and validate major milestones and
timing, as requested to the state, to ensure alignment with Stakeholder and/or
OCMT activities across the project lifecycle.

The Contractor shall provide resources sufficient to support the following OCMT
Approach activities, including but not limited to:

A.10.2.9.1 All the activities defined to support the various phases of the OCMT
Approach (Analysis, Design, Development, Test, Implementation, O&M,
and Evaluate) and/or Stakeholder Analysis and Management Plan, both
documents being defined by the State.

A.10.2.9.2 Proactively identifying or assisting in the identification of areas of impact

and the potential resolution areas of impact as they pertain to
organizational design requirements and applicable stakeholder
engagement plans.

A.10.2.9.3 Supporting the identification of key stakeholders.

A.10.2.9.4 Validating identified change impacts (both system and process related).

A.10.2.9.5 Providing subject matter experts in specific work areas, processes,

applications, etc. to support awareness building sessions and/or other
stakeholder engagement activities.

A.10.2.9.6 Providing subject matter expertise gained from implementations in other

states on national topics such as MARS-E, 1095b issuance, user-centric
self-service portal designs, account transfers/MEC check, CMS Gate
Reviews and other FDSH hub services and operational activity.

8
 A.10.2.10 Stakeholder involvement for the self-service portal should include
beneficiaries to ensure user-centric design.

A.10.3 Business Analysis Management

The Contractor shall document its standards, methodologies, and tools for
conducting business analysis within the Requirements Management Plan, and
demonstrate the alignment to industry standards as defined by the International
Institute of Business Analysis.

The Contractor shall identify the delivery schedule and frequency of requirement
artifacts (such as, but not limited to, Business Requirements Document (BRD),
System Design Document (SDD)).

The Contractor shall integrate its business analysis activities into the State
Enterprise Architecture and enterprise governance processes.

The Contractor shall document its approach to ensure provision of qualified

Business Analysts with appropriate Medicaid domain knowledge and Business
Analyst experience.

A.10.4 Refine/Elaborate requirements

The Contractor shall identify the stakeholders necessary for participation in the
business analysis and requirements gathering activities.

The Contractor shall review proposed requirements as documented by the State,

identify gaps, identify necessary clarifications, and offer alternatives to support
solution development.

The Contractor shall secure clarification from relevant business and technical
Subject Matter Experts (SMEs) to resolve ambiguous or conflicting requirements.

The Contractor shall conduct requirements gathering and refinement sessions

with appropriate State and State-designated business and technical stakeholders,
following industry standards such as those articulated by the International Institute
of Business Analysis and the Business Analysis Body of Knowledge (BABOK).

The Contractor shall document any refined requirements for State approval in the
Requirements Traceability Matrix, while maintaining requirement version control
and archiving.

The Contractor shall write any new or revised business requirements such that
they are understandable to the business stakeholders and not technical in nature.

A.10.5 Support Design

The Contractor shall review the State Enterprise and Business Architecture to
gain an understanding of the desired business processes for Medicaid eligibility
determinations.

The Contractor shall provide a Business Case Document describing the analysis
that was completed in Section A.10.4.2, and highlighting the benefits of moving
forward with the Solution.

9
 The Contractor shall ensure that all aspects of the system are analyzed for the
use of industry standard practices, focusing at a minimum on:

a) Meeting the requirements of this Contract in a safe and secure manner

(including Access Management and threat vulnerability assessment);

b) Meeting the needs of external stakeholders (including, but not limited to,
residents of Tennessee, Medicaid and CHIP applicants, State and Federal
government agencies such as CMS, Internal Revenue Service, Social
Security Administration, State of Tennessee Strategic Technical Services,
State of Tennessee Department of Human Services, and other State-
approved contractors);

c) Ensuring State-approved approach for Business Continuity/Disaster

Recovery (BC/DR).

A.10.6 Support Change Requests

The Contractor shall review Business Services Definitions issued by CMS and
provide the State with a Solution impact analysis on requirements, business rules,
and interfaces within seven (7) calendar days of receipt of change request.

The Contractor shall perform impact analysis on change requests to identify

impacts across business processes and business rules.

The Contractor shall perform risk analysis on change requests to identify risks and
potential mitigations associated with development and deployment of the change.

The Contractor shall perform alternatives analysis for change requests, to support
the Eligibility Modernization Project Steering Committee (Project Steering
Committee) with relevant information concerning alternative approaches to
addressing the business need underlying the request.

The Contractor shall perform cost analysis for change requests as part of the
Change Order process described in Section A.28. All change requests shall
indicate implementation and full lifecycle costs for the proposed change.

The Contractor shall work with State management to understand the impact of
human resource costs as well as cross-project impacts associated with fulfilling
the change request.

The Contractor shall provide analysis to support timing decisions for deployment
of change requests, in compliance with the State release management process.

A.10.7 Business Process Management (BPM)

The Contractor shall develop, for State approval, a BPM Plan. The Contractor
shall execute this plan. This plan shall include at a minimum:

A.10.7.1.1 The tools that the Contractor shall use for documenting and managing
business processes.

A.10.7.1.2 The documentation standards that shall be used for business processes.

10
A.10.7.1.3 The process by which business processes shall be evaluated, for both
new and revised processes.

A.10.7.1.4 The roles and responsibilities of the Contractor, the State, and other
MMP Contractors in BPM for the project. This includes supporting the
entire business process by defining, documenting, and proposing
improvements to business process standards.

The Contractor shall validate State future state business processes against the
Solution and provide a gap and alternatives analysis.

The Contractor shall ensure that the business processes, as documented, are in
alignment with the State Business Architecture.

The Contractor shall ensure that business processes are reviewed and approved
by the State designated project stakeholders.

The Contractor shall use industry-standard software in capturing the business

processes end-to-end. Any such software shall at a minimum:

A.10.7.5.1 Capture all workflows, including workflows with human-to-human

processes, human-to-system processes, and system-to-system
processes.

A.10.7.5.2 Allow updates to be applied to workflows with minimal effort and allowing
for the capture of the dynamic changes to the modified workflow and that
demonstrates traceability between business processes and business
requirements.

A.10.7.5.3 Provide process flow documentation, consistent with the standards

outlined in Tennessee Business Solutions Methodology Business
Process Description (found at
http://www.tn.gov/assets/entities/finance/attachments/TBSMBusinessPro
cessDescription.xlsx) and the BABOK.

A.10.7.5.4 Maintain versions of business processes, beginning with a baseline or

current version, and maintaining each version when updates are applied,
including graphical representation of the same business processes.

A.10.7.5.5 Provide traceability of business processes to the Business Architecture

and business rule(s) that apply to the documented process.

The Contractor shall design a Solution that allows for execution of the business
processes. Any such Solution shall, at a minimum:

A.10.7.6.1 Comply with and use, to the extent possible, technologies outlined in the
Enterprise Architecture.

A.10.7.6.2 Comply with or include a Business Rules Engine (BRE) or Business

Rules Management software for handling the business rules governing
the processes.

11
 A.10.7.6.3 Comply with documented enterprise and Business Architecture. The
Contractor shall secure State written approval, through the appropriate
State governance body, for any variance from the State architectural
standards.

A.10.7.6.4 The Contractor shall ensure that the implementation is compatible with
the Enterprise Architecture, and is approved in writing by the State as
being able to meet the technical and business requirements of this
Contract. The Contractor agrees and understands using a custom
implementation that is not natively compatible with the Enterprise
Architecture requires a State-approved exception.

The Contractor shall document changes to the business processes that have
been identified and approved by the State.

The Contractor shall ensure that the tool being used to manage business
processes shall be able to identify and model the effects of the change to other
business processes.

The Contractor shall work with the State to submit any proposed changes to a
business process to the Project Steering Committee and other governance or
review boards as designated by the Project Steering Committee.

The Contractor shall perform an impact analysis on any proposed changes to

business processes. Such analysis shall include, at a minimum:

A.10.7.10.1 Cost implications of making the change

A.10.7.10.2 Security and privacy implications of the change

A.10.7.10.3 Identification of the impact of the change on related business processes

A.10.7.10.4 Identification of configuration changes needed based on the proposed

change

A.10.7.10.5 Analysis of new business requirements against current requirements to

ensure that any new requirements are not in conflict with current
requirements

A.10.7.10.6 Identification of project risk implications associated with the proposed

change

A.10.7.10.7 Identification of project assumptions and constraints associated with the

proposed change.

The Contractor shall ensure that any proposed changes that may affect the
Business or Enterprise Architecture shall be reviewed by the TARB for approval
before implementation of the change.

The Contractor shall conduct an impact analysis, as needed, to support proposed

or anticipated retirement of a business process or solution.

A.10.8 Business Rules Management

12
 The Contractor shall develop a Business Rules Management Plan to include and
execute on the following activities:

A.10.8.1.1 Identify an industry-recognized BRE or Business Rules Management

System (BRMS) which the Contractor shall use to document business
rules.

A.10.8.1.2 Provide the State a written justification describing the preferred BRE or
BRMS solution and the selection process used to compare the preferred
solution with other industry-recognized solutions.

A.10.8.1.3 Implement BRE or BRMS solution only after the State has given
approval to use the preferred BRE or BRMS solution.

A.10.8.1.4 Allow for execution of the business rules, as well as the ability for expert
State business users to review and test the business rules.

A.10.8.1.5 Ensure that the implemented BRE or BRMS is compliant with the
Minimum Acceptable Risk Standards for Exchanges (MARS-E), and
properly aligned with the project Security Plan.

A.10.8.1.6 Define business rules documentation standards, subject to State

approval, and consistent with CMS Seven Conditions and Standards.

A.10.8.1.7 Identify responsibilities for Business Rules Management, including

critical access and segregation of duties considerations.

A.10.8.1.8 Review the BRD and obtain State approval for any changes made.

A.10.8.1.9 Demonstrate to the State that the implementation of any new business
rules have not resulted in any circular errors or broken cases elsewhere.

A.10.8.1.10 Leverage applicable rules from other states for MAGI, non-MAGI, and
CHIP.

Define Business Rules Format:

A.10.8.2.1 The Contractor shall ensure that the business rules contain a unique
identifier for each rule.

A.10.8.2.2 The Contractor shall ensure that the business rules contain a description
of the rule.

A.10.8.2.3 The Contractor shall ensure that business rules capture any relationship
between other business rules and business requirements.

Define Business Rules Standards:

A.10.8.3.1 The Contractor shall separate business rules from core programming, as
specified by the MITA Modularity Standard.

A.10.8.3.2 The Contractor shall write business rules as a clear directive or

statement specific to one topic.

13
A.10.8.3.3 The Contractor shall write business rules that are understandable to the
business owners and not technical in nature.

A.10.8.3.4 The Contractor shall provide business rules in human-and machine-

readable format.

A.10.8.3.5 The Contractor shall engage appropriate State business Subject Matter
Experts to assist the Contractor in writing the business rules.

A.10.8.3.6 The Contractor shall write business rules that convey what shall happen
or what can only happen if a certain condition is met.

A.10.8.3.7 The Contractor shall provide a mechanism and a process to maintain

business rules and regularly review for accuracy, updates, or retirement
as necessary.

A.10.8.3.8 The Contractor submit all business rules to the State for their written
approval.

Implementing Business Rules:

A.10.8.4.1 The Contractor shall, as needed, conduct requirements analysis and

secure requirements approval from the State for proposed changes to
business rules.

A.10.8.4.2 The Contractor shall, as needed, conduct design definition and review
sessions to support a proposed update to business rules, and shall
secure State approval for the proposed change.

A.10.8.4.3 The Contractor shall submit updates to business rules as regulatory,

business, functional, security, technology, or other factors dictate and
shall secure State approval for the proposed change.

A.10.8.4.4 The Contractor shall be responsible for providing all required supporting
information, including cost and impact analysis, relative to proposed
business rules changes for presentation to the Project Steering
Committee and any other State architecture or governance review
bodies as designated by the Project Steering Committee.

A.10.8.4.5 The Contractor shall update the Requirements Traceability Matrix as

needed to reflect any approved changes to requirements associated with
the business rules, including changes to downstream requirements.

A.10.8.4.6 The Contractor shall implement changes to business rules only upon
State approval of the change, while maintaining business rules version
control and archiving.

A.10.8.4.7 The Contractor shall ensure that the Business Rule configuration items
(CI) are updated and maintained.

Traceability within the System Development Lifecycle:

A.10.8.5.1 The Contractor shall ensure bi-directional traceability between rule-

related requirements and the associated business rules.

14
 A.10.8.5.2 The Contractor shall ensure that business requirements are inclusive of
all business rules.

A.10.8.5.3 The Contractor shall ensure that business rules are assessed against
functional and non-functional requirements, as well as any proposed
technical solutions or implementation.

A.10.8.5.4 The Contractor shall ensure that designs are inclusive of all business
rules.

A.10.8.5.5 The Contractor shall document acceptance criteria approved by the

State for all business rules to support test execution.

A.10.8.5.6 The Contractor shall provide a test plan that includes testing the
implementation against the constraints dictated by the business rules.

A.10.8.5.7 The Contractor shall have in place a process to identify and track post-
implementation defects between the implemented Solution and business
rules as part of the software problem resolution process.

A.10.8.5.8 The State shall be responsible for notifying the Contractor of any
changes to business rules that are an outcome of policy changes.

A.10.8.5.9 The Contractor shall have in place a process in which any changes to
the business rules are reviewed by the State before being updated in the
BRE or BRMS.

A.10.8.5.10 The Contractor shall be responsible, through the Stakeholder

Management Process, in notifying key stakeholders when business rules
need to change based on a Project Steering Committee approval to
make the change.

A.10.9 Requirements Management

The Contractor shall be responsible for producing and executing a Requirements

Management Plan, subject to State approval, that follows the State framework
standard. The Requirements Management Plan shall

A.10.9.1.1 Describe the project’s methodology for requirements that meet the
State’s standard.

A.10.9.1.2 Identify and maintain a list of stakeholders necessary for participation in

the requirements lifecycle, clearly documenting their roles in the process.

A.10.9.1.3 Describe the performance measures, processes, and methods that shall
be used by the Contractor to monitor and enforce compliance with
requirements while maintaining quality requirements management
throughout the project lifecycle.

A.10.9.1.4 Provide a process for the disciplined management of requirements

across the requirements lifecycle, from ideation through implementation
and retirement.

15
A.10.9.1.5 Include a detailed standard operating procedure manual for the
definition, maintenance and change process for requirements in the
Contractor’s requirements management tool.

Requirements Definition & Management

A.10.9.2.1 The Contractor shall incorporate State-defined requirements associated

with the State’s business operating model into the aggregate
requirements documentation and requirements management tool.

A.10.9.2.2 The Contractor shall be responsible for managing the review and
approval process for newly identified business or Solution requirements,
or the iteration of State-defined requirements through to the end of the
requirements lifecycle.

A.10.9.2.3 The Contractor shall be responsible for defining transition requirements

in support of the designed Solution, as per the State standard, and
subject to State approval.

A.10.9.2.4 The Contractor shall be responsible for completing the following tasks
during business, solution or transition requirements definition and
management:

a) The Contractor shall conduct necessary requirements gathering

activities to document all requirements and associated requirement
types to meet the requirements under this Contract and achieve
CMS compliance.

b) The Contractor shall engage all necessary stakeholders, including

the State, Strategic Technology Services (STS), and other State-
designated entities, in requirements definition activities, to support
completeness of solution and transition requirements.

c) The Contractor shall validate requirements with relevant State

personnel to validate that requirements are well-defined, understood,
and documented.

d) The Contractor shall document requirements in a manner consistent

with the CMS Business Requirements Writer’s Guide.

e) The Contractor shall document all requirements in a requirements

document that aligns to the CMS and State Requirements Document
template.

f) The Contractor shall ensure that requirements specifications have

been developed for all hardware and software subsystems in a
sufficient level of detail to ensure successful implementation.

g) The Contractor shall ensure that that all maintenance requirements

for the system are completely specified.

h) The Contractor shall elicit and document performance requirements

(e.g. timing, response time and throughput) to satisfy the
requirements of this Contract.

16
i) The Contractor shall describe and document all system interfaces
precisely, by interface protocol and by function, including input/output
control codes, data format, polarity, range, units, and frequency.

j) The Contractor shall identify and document known constraints or

limitations early in the requirements gathering process.

k) The Contractor shall ensure that the requirements at a minimum:

1) Are uniquely identified throughout their lifecycle

2) Include system calculations, data manipulation and processing,

user interface and interaction with the application, and other
specific functionality showing how user requirements shall be
satisfied.

3) Describe the existing technical environment, systems, functions,

and processes.

4) Describe hardware/software requirements that will limit the

design and/or use of COTS options. These may include laws,
regulations, hardware limitations, interfaces, development
environment, operational environment, criticality, safety, and/or
security.

5) Describe hardware requirements and any related processes.

This shall include a detailed description of specific hardware
requirements, associated to specific project
functionality/deliverables, and shall include information such as
type of hardware, brand name, specifications, size, and security,
and other relevant characteristics.

6) Describe software requirements and any related processes. This

shall include a detailed description of specific software
requirements associated to specific project
functionality/deliverables, and shall include all relevant
information, such as security standards, version numbering,
functionality, data, interface requirements, and specifications.

7) Describe performance requirements and any related processes,

including a detailed description of specific performance
requirements associated to specific project
functionality/deliverables. This shall include information such as
system capacity, cycle time, speed per transaction, test
requirements, minimum defect counts, screen refresh rates,
reliability, utilization and other criteria necessary to define
performance and capacity.

8) Describe all of the Non-functional Requirements that affect

availability, including hours of operation, level of availability
required, down-time impact, support availability, accuracy, and
any other criteria necessary to define availability.

17
9) Describe all of the non-functional requirements that affect
supportability and maintainability such as coding standards,
naming conventions, maintenance access, and required utilities.

10) Describe the requirements for any user documentation and help
systems, including context-based application support.

11) Describe all of the user interface requirements (e.g., user

navigation, presentation of application and associated
functionality, screen location of interface elements, data display
and manipulation), system interfaces, and hardware and
software requirements that affect interfaces, protocol
management, scheduling, directory services, broadcasts,
message types, error and buffer management, and security.

12) Summarize and make reference to the Privacy Impact

Assessment, as defined in Section A.27, and its impact on
security requirements and provide justifications for why a specific
privacy item is needed.

13) Provide security categorization if available and describe all of the

non-functional requirements that affect security such as security
audits, cryptography, user data, system
identification/authentication, resource utilization, and facility
access times.

14) Describe the existing compliance environment as it affects

project requirements, and the standards that solution
development must follow. Include an overview of the compliance
or standards requirements necessary to achieve the project’s
objectives. List all that are applicable to the project.

15) Include a section that applies to the systems that are required to
be Section 508 and WCAG 2.0 AA compliant and describes how
Section 508 of the Rehabilitation Act and WCAG 2.0 AA affects
the system, citing the technical standards it shall meet.

i) The Contractor shall maintain all requirements under formal

configuration control.

ii) The Contractor shall secure State approval of all baseline

requirements.

iii) The Contractor shall make no changes to the requirement

baseline except where the requirement change has been
approved by the Project Steering Committee.

iv) The Contractor shall update project and test plans for any
new requirements approved by the Project Steering
Committee.

v) The Contractor shall document requirements to support

traceability through design, build, and test to validate and
verify that the system performs as intended and contains no
unnecessary software elements.

18
 vi) The Contractor shall provide a process for identifying,
avoiding, and resolving conflicts or duplication of
requirements and business rules.

vii) The Contractor shall identify testing or completion criteria for

each requirement, subject to State review and approval.

Requirements Traceability & Requirements Management Tool

A.10.9.3.1 The Contractor shall provide an industry standard Requirements

Management tool, Test Management tool, and Business Rules
Management tool.

A.10.9.3.2 The Contractor shall be solely responsible for maintaining business,

solution and transition requirements in an industry standard requirements
management tool.

A.10.9.3.3 The Contractor’s Requirements Management tool must be interoperable

with industry standard requirements management tools, the Contractor’s
Test Management tool, and the Contractor’s Business Rules
Management tool.

A.10.9.3.4 The Contractor shall be able to demonstrate the traceability between

requirements and solution design elements, business rules, data
elements, architecture artifacts, and test cases as per the State’s
Requirements Management Plan standard, within the Contractor’s
toolsets. Traceability shall include the ability to trace business
requirements to solution requirements, backward and forward traceability
between solution requirements and other solution requirements, and
solution requirements to transition requirements. Traceability shall also
include solution requirement ordering to show dependencies between
requirements.

A.10.9.3.5 The Contractor shall give the State unrestricted access to the
requirements management tool throughout the project SDLC.

A.10.9.3.6 The Contractor shall ensure that individuals responsible for managing
requirements are trained in the appropriate requirements management
procedures and use of the project’s requirement management tool.

A.10.9.3.7 The Contractor shall use its requirements management and test
management tool to trace requirements to test cases and results.

A.10.9.3.8 The Contractor’s requirements management tool at a minimum shall:

a) Assign or allow for the assignment of a unique identifier to each

requirement

b) Collect the source of the business requirement

c) Collect a title of the requirement

d) Collect the detailed description of the requirement

e) Collect the owner of the requirement

19
 f) Collect any assumptions applied to the business requirement

g) Assign a date and user stamp for the requirement when created

h) Assign or allow for the assignment of the business requirement type

(e.g., functional, non-functional, technical.)

i) Allow for reporting the current status of the business requirement in

the lifecycle

j) Allow for identifying the business process(es) to which the

requirement applies

k) Allow for the attachment or referencing of external documents

related to the requirement

l) Have the ability to track changes made to the requirement in a way

that allows for generating a historical view of the requirement,
capturing when and by whom the change was made

m) Identify and demonstrate the relationship between requirements,

functional or otherwise; business rules; and artifacts that directly
affect the requirement (e.g. process flows)

n) Allow for hierarchical creation and sorting of requirements

o) Provide a reporting mechanism that allows requirement reports to be

generated based on:

1) requirement status

2) requirement type

3) the hierarchy to which they are assigned, or

4) the business process/architectural feature to which they relate

A.10.10 Test Management

The Contractor shall be responsible for performing or supporting, as applicable,

any and all testing required for building and implementing the TEDS.

The Contractor shall provide test cases and scenarios for use by the State during
user acceptance testing. The State shall have the ability to create additional test
cases, as necessary.

The Contractor’s test cases shall cover interface performance in support of the
eligibility determination process.

The Contractor shall create and execute a Test Management Plan for State
approval, prior to any release or approved configuration change that defines the
testing methodology, the types of tests to be performed during the lifecycle,
testing schedule, and how the testing functions shall be performed.

20
 The Contractor shall ensure that the Test Management Plan is in compliance with
the CMS Testing Framework and adheres to the appropriate Gate Reviews as
prescribed in this Framework.

The Contractor shall ensure that the Test Management Plan is in compliance with
security standards as set by the CMS Testing Framework, CMS Information
Security Standards, and Acceptable Risk Safeguards, and the security standards
included in this Contract.

The Contractor shall ensure that the Test Management Plan appropriately
addresses compliance with Minimum Acceptable Risk Standards for Exchanges
(MARS-E), Social Security Administration (SSA), and Federal Tax Information
(FTI) security requirements.

The Test Management Plan shall conform to the standards outlined in the HCFA
Test Management Plan and shall outline the Contractor’s approach, methodology,
and associated documentation for defining:

A.10.10.8.1 The scope of test work planned, partitioned into logical modules based
on functional or other characteristics that shall provide an appropriate
level of clarity for understanding and monitoring testing progress.

A.10.10.8.2 The types of tests the Contractor shall use to test the release, which
shall conform to the testing types designated by the CMS Testing
Framework and the HCFA Test Management Plan.

A.10.10.8.3 The testing environments (hardware and software) required to support

testing activities in a way that Testing and Development environments
shall manage all data in compliance with State and Federal regulations
and policies.

A.10.10.8.4 The strategy for addressing testing-related activities associated with

Gate Reviews and providing State-approved test coverage, as
applicable.

A.10.10.8.5 The strategy for use of State-approved testing tools that the Contractor
shall use to perform all testing responsibilities, ensuring that such tools
are available to complete full integration, security, performance,
regression and stress testing in the appropriate environments.

A.10.10.8.6 The expected timeline for completing each test phase, including
contingency plans (CP) if for any reason milestones become at risk for
not being completed within the set timeline.

A.10.10.8.7 The testing sequence and frequency and the reporting recurrence for
test results.

A.10.10.8.8 The assumptions, constraints, and risks involved with the testing activity,
to include any mitigation plans, workarounds, or deferments that have
been approved by the State and taken into consideration during testing.

A.10.10.8.9 The Contractor’s responsibilities for authoring, administering, and

executing any and all test cases.

21
A.10.10.8.10 The key stakeholders and their roles for each of the testing phase,
including but not limited to the Contractor resources, State’s business
and technical resources, and other State Contractors.

A.10.10.8.11 The strategy for retesting failed test cases to ensure early identification
and remediation of potentially persistent project issues.

A.10.10.8.12 The strategy for communicating testing progress, status, and outcomes
across each testing phase by module, highlighting variances in module
characteristics that require modification to accurately communicate
testing progress.

A.10.10.8.13 The strategy/process for determining test success criteria and reaching
agreement with State on passing results for various test types.

A.10.10.8.14 The entry and exit criteria for each testing phase, including the
appropriate Gate Reviews and success factors for each phase.

A.10.10.8.15 The testing documentation that shall be produced to support IV&V

activities.

The Contractor Shall ensure that the Test Management Plan, at a minimum,
incorporates the following as needed and agreed upon by the State:

A.10.10.9.1 Unit Testing

A.10.10.9.2 Smoke/Sanity Testing

A.10.10.9.3 Functional Testing

A.10.10.9.4 Regression Testing

A.10.10.9.5 Ad-hoc Testing

A.10.10.9.6 Exploratory Testing

A.10.10.9.7 Usability Testing

A.10.10.9.8 GUI Software Testing

A.10.10.9.9 GUI Navigation Testing

A.10.10.9.10 Accessibility Testing

A.10.10.9.11 Security Compliance Testing

A.10.10.9.12 Compatibility Testing

A.10.10.9.13 Boundary Testing

A.10.10.9.14 Negative Testing

A.10.10.9.15 Error Handling Testing

A.10.10.9.16 Alert/Monitoring Testing

22
A.10.10.9.17 Capacity Testing

A.10.10.9.18 Performance Testing

A.10.10.9.19 Recovery Testing

A.10.10.9.20 Reliability Testing

A.10.10.9.21 End-to-End Testing – End-to-End Testing shall include scenarios-based

test cases that cover the lifecycle of an application, from entry into the
Solution, through Eligibility Determination noticing and appeals.

A.10.10.9.22 Enterprise Testing

A.10.10.9.23 User Acceptance Testing – The State shall have access to Contractor
test cases during User acceptance testing.

A.10.10.9.24 Operational Readiness Testing – This testing shall ensure that the
operational readiness testing is appropriately comprehensive and
inclusive of all elements of the State enterprise impacted by the TEDS
Release deployment.

A.10.10.9.25 Business Rules Testing

A.10.10.9.26 Availability Testing

A.10.10.9.27 Interface Testing

A.10.10.9.28 Beta Testing

A.10.10.9.29 Conversion Testing

A.10.10.9.30 Component Integration Testing

A.10.10.9.31 Quality Control Testing

The Contractor shall review the Test Management Plan with the necessary
stakeholders prior to beginning test activities and secure State approval of the
Test Management Plan by the State designated testing lead prior to any tests
being executed.

The Contractor shall execute the Test Management Plan and deliver all test
requirements.

The Contractor shall conduct a review of the Test Management Plan with the
State at the completion of each Release to assess its effectiveness and determine
any necessary adjustments to the Test Management Plan, and shall make
necessary approved changes to the Test Management Plan as identified through
this review process.

The Contractor shall support the State on program level testing of the information
security requirements.

23
 The Contractor shall include appropriate static and dynamic application security
testing approaches in the Test Management Plan to ensure required levels of
application security.

The Contractor shall provide the IV&V Contractor the necessary support to
facilitate IV&V Attestation.

The Contractor shall provide the IV&V Contractor the necessary support to
validate and verify all testing activities throughout the System Development
Lifecycle.

The Contractor shall provide the State the necessary support to facilitate MARS-E
self-attestation requirements.

The Contractor shall coordinate with assessment teams to provide information

and remediate findings for the Security Assessment Review.

A.10.10.18.1 The Contractor shall coordinate with the State and other contractor’s
designated by the State to conduct a Security Control Assessment (SCA)
both during the initial implementation and annually in subsequent M&O
years.

A.10.10.18.2 The Contractor shall plan and facilitate SCA-related activities including,
but not limited to:

a) Provide environments and user accesses

b) Provide documentation

c) Provide access to contractor personnel

A.10.10.18.3 The Contractor shall take account the lead time on each of the
assessment activities required by the SCA and CMS reviews in order to
meet the project time objectives.

Authoring Tests:

A.10.10.19.1 The Contractor shall schedule Environment Readiness Review(s)

(ERRs) to include necessary State designated personnel.

A.10.10.19.2 The Contractor shall document all tests and testing activities in
accordance with the Test Management Plan. Minimally every functional
and non-functional requirement (including load, performance, capacity,
and availability requirements) must be tested by a documented test case
or cases, and each test case shall be State-approved and accompanied
by the following information:

a) The associated requirements

b) The environment in which the test is to be performed

c) The release in which the test case is performed

d) The test type

24
 e) The data and/or test harnesses to be used in executing tests

f) Test designer, performer, reviewer, and approver roles, to support

segregation of duties and assure performance of tasks by qualified
personnel

g) Expected test results

h) The specific steps and sequences to be performed in completing the

test

A.10.10.19.3 The Contractor shall ensure that test cases account for testing of all
State required browsers and versions as well as accessibility
considerations specified by Section 508 and WCAG 2.0 AA standards.

A.10.10.19.4 The Contractor shall update corresponding test cases impacted by code
or requirement changes based on approved changes to solution
requirements, as approved by the Project Steering Committee.

A.10.10.19.5 The Contractor shall review tests with appropriate stakeholders and shall
secure approval from the State designated testing lead prior to executing
the tests.

A.10.10.19.6 The Contractor shall provide system security documentation with

appropriate State stakeholders to facilitate security testing.

Executing Tests:

A.10.10.20.1 The Contractor shall assign personnel to perform tests in alignment with
the roles specified in the designated test plan(s).

A.10.10.20.2 The Contractor shall use current industry standard testing and defect
tracking tools approved by State.

A.10.10.20.3 The Contractor shall use State approved automated testing tools for
regression testing and as needed for other high frequency testing
activities.

A.10.10.20.4 The Contractor shall work in conjunction with State and Strategic
Technology Solutions (STS) to provide necessary environments to
support all testing activities as approved and defined by State.

A.10.10.20.5 The Contractor shall ensure that the test performers have the necessary
skills and appropriate access to perform the test(s) effectively.

A.10.10.20.6 The Contractor shall demonstrate and ensure that an State-approved

number of staff are allocated to testing activities to efficiently deliver a
quality product, maintain project schedule, and support its
implementation approach.

A.10.10.20.7 The Contractor shall perform and document the peer review process for
unit tests and test plans.

A.10.10.20.8 The Contractor shall document the test performer, reviewer, and
approver for each test.

25
A.10.10.20.9 The Contractor shall record outcomes of the tests and re-test and
provide evidence to demonstrate the complete execution of all State
approved tests.

A.10.10.20.10 The Contractor shall document test results with the associated
requirements in the Requirements Traceability Matrix.

A.10.10.20.11 The Contractor shall record any defects or errors as outlined in the
State’s Defect Management Process Software Problem Resolution
Standards/Procedures Process.

A.10.10.20.12 The Contractor shall retest any State-failed and/or Contractor-failed

tests.

A.10.10.20.13 The Contractor shall, in cases of recurring test failures, provide access to
the related code for third party review upon request from State.

A.10.10.20.14 The Contractor shall re-execute all modified tests resulting from changes
to solution requirements as approved by the Project Steering Committee
as defined in the State’s Program Governance Management Plan.

A.10.10.20.15 The Contractor shall provide personnel as requested by the State to

participate in the Implementation Readiness Review(s) (IRRs).

Reporting Test Status and Results:

A.10.10.21.1 The Contractor shall publish the status of current and upcoming test
activities that fall within the reporting timeline specified in the Test
Management Plan.

A.10.10.21.2 The Contractor shall secure State approval for the frequency of test
reporting.

A.10.10.21.3 The Contractor shall support State by providing ad hoc reporting for
requests approved by the eligibility modernization Steering Committee.

A.10.10.21.4 The Contractor shall customize test reports based on the intended
audience.

A.10.10.21.5 The Contractor shall secure State approval in defining test reporting
metrics.

A.10.10.21.6 The Contractor shall publish test results to include, at a minimum:

a) Test progress

b) Test results (e.g. pass, fail, deferred, failure reason by category,

failure resolution, test category by module, test category by function).
Failure reasons include poorly written code, poorly written test
scripts, environment, etc.

c) Test results rates

d) Retest results rates

26
 e) Trends of test results

f) Evidence files

A.10.10.21.7 The Contractor shall provide additional analysis, as requested by State,

to identify patterns in failed test cases and patterns of failures within the
modules.

A.10.10.21.8 The Contractor shall provide technical documentation as well as test

results for non-functional requirements to support user acceptance
testing of the completed system requirements.

A.10.11 Interface/Integration Management

Plan Interface/Integration Management Approach:

A.10.11.1.1 The Contractor shall develop and execute a TEDS Interface/Integration

Management Plan that conforms to the standards outlined in the HCFA
Interface/Integration Management Plan and shall include but not be
limited to:

a) The approach to developing and managing internal and external

interfaces.

b) Technical tools that shall be used for extract, data transformation

and loading and for resolving errors.

c) Requirements that identify any conversion and Extract, Transform,

and Load (ETL) process as needed.

d) A description of how the Contractor’s development standards shall

be reconciled, to reflect use of an Enterprise Service Bus (ESB) and
web services as wrappers to legacy systems. The Contractor shall
produce example scenarios for integration reflecting their
infrastructure components and toolset.

e) Tasks, deliverables and resources necessary to complete interface

development, testing, and implementation.

f) Test Management Plan that identifies testing management and

scheduling between interface partners and all State agencies.

g) Automated monitoring and alerting mechanisms that shall address

interface errors and provide automated escalation to all relevant
stakeholders.

h) All interfaces that need IV&V attestation including appropriate

scheduling activities associated with the attestation activities.
Description of how the solution development and test systems shall
work with internal and external interfaces.

i) Descriptions of the process for managing changes to the interfaces,

both in the production and non-production environments.

j) List of Solution interfaces, data format, frequency of updates and

27
 expected data volume.

k) Process for interfacing and collaborating with interface partners,

including roles, responsibilities, deliverables, priority, and timelines.

l) Process for ensuring that the development and test environments

work with the internal and external non-production interfaces.

m) Communication Management Plan to establish automated

monitoring and alert procedures for contacting Key Personnel in the
event of interface/integration interruptions.

n) Communication Management Plan to establish automated

monitoring and alert procedures for contacting Key Personnel in the
event of the failed delivery of a scheduled interface file.

A.10.11.1.2 The Contractor shall identify risks in the development and maintenance
of interfaces and devise risk mitigation strategies.

A.10.11.1.3 The Contractor shall ensure that integrations and interfaces are in
compliance with all relevant security and privacy standards.

A.10.11.1.4 The Contractor shall ensure integrations and interfaces appropriately

address compliance with Minimum Acceptable Risk Standards for
Exchanges, Social Security Administration, and Federal Tax Information
security requirements.

A.10.11.1.5 The Contractor shall manage connectivity and operate in terms of

Solution availability.

Document Requirements and Design:

A.10.11.2.1 The Contractor shall confirm identification of all sub-systems or sub-

system components, previously identified by the State and the Technical
Advisory Services Contractor, that require interfacing.

A.10.11.2.2 The Contractor shall review and, as needed, identify the interface
requirements that define at a minimum the scope of work, design,
development, installation, integration, testing and commissioning of the
sub-systems.

A.10.11.2.3 The Contractor shall work with the State to secure necessary
agreements with third parties (including CMS, relevant State of
Tennessee agencies, federal institutes and other interface partners) for
interfaces and integrations.

A.10.11.2.4 The Contractor shall work in cooperation with the State and Interface
partners to specify the information to be exchanged over the interface by
documenting this in Interface Control Documents to provide precise
technical definitions of interface data flows and protocols.

28
A.10.11.2.5 The Contractor shall develop the Interface Control Document, based on
the CMS Interface Control Document template, to document and track
the necessary information required to effectively define the TEDS
interfaces as well as any rules for communicating with them in order to
give the development team guidance on architecture of the system to be
developed.

A.10.11.2.6 The Contractor shall validate all interface control documents with the
State Security team.

A.10.11.2.7 The Contractor shall specify and be managed to performance and

availability criteria, subject to State approval, for each interface or
integration including but not limited to budget, uptime requirements,
outage coverage, maintainability, scalability, sustainability, portability,
efficiency and usability.

Develop Interfaces and Integrations:

A.10.11.3.1 The Contractor shall plan and develop interfaces and/or integrations to
support, manage, and monitor the timely and accurate exchange of
information between the TEDS and all other necessary systems,
including but not limited to the Federal Data Services Hub (FDSH), State
of Tennessee Department of Human Services, Strategic Technology
Services (STS), Social Security Administration (SSA) and other federal
and state external data sources as needed (see Contract Attachment 5).

a) The Contractor shall coordinate and collaborate with third-party

vendors with regards to operational interfaces for existing systems.

b) The Contractor shall plan and develop interfaces and/or integrations

for all newly developed systems.

A.10.11.3.2 The Contractor shall manage and operate the interface connection
between the TEDS and the FDSH.

A.10.11.3.3 The Contractor shall provide for secure and real-time data exchanges
during operation of the TEDS.

A.10.11.3.4 The Contractor shall obtain approval by the State Information Security
Steering Committee or its designated proxy on Interface Design
Documents to ensure appropriate access to information when executing
data exchanges.

A.10.11.3.5 The Contractor shall coordinate integration efforts with Interface Partners
and all State agencies.

A.10.11.3.6 The Contractor shall provide control mechanisms for each integration, to
ensure successful and complete exchange of all interface and integration
data.

A.10.11.3.7 The Contractor shall provide fail-over approaches to address high

availability, prevent service interruptions, and ensure system availability
due to maintenance or unanticipated events.

Test Interfaces and Integrations:

29
A.10.11.4.1 The Contractor shall provide control mechanisms for each integration, to
ensure successful, appropriate, and complete exchange of all specified
data elements.

A.10.11.4.2 The Contractor shall establish an escalation plan, approved by the State,
for the resolution of issues in the event that interface partners cannot
come to an agreement.

A.10.11.4.3 As part of the Test Management Plan, the Contractor shall develop,
manage, and monitor testing schedule and use it to coordinate with all
Interface Partners.

A.10.11.4.4 The Contractor shall test all relevant elements of interfaces and
interchanges in conjunction with HCFA IS and provide supporting
documentation of successful test completion to the State and secure
State sign-off, documenting completion of the integrations and interfaces
to the specified Contract requirements. These tests shall demonstrate
accuracy, completeness, timeliness, and performance of interfaces and
interchanges.

A.10.11.4.5 The Contractor shall conduct End-to-End testing with the State’s
interface partners after completion of system testing, and define the
Solution entry and exit criteria for this phase of testing with State
approval.

A.10.11.4.6 The Contractor shall develop the necessary test cases and scenarios to
validate and verify Solution interfaces function as expected by
requirements. To this end, boundary value testing, negative testing, and
white and black box testing approaches shall be incorporated into the
test cases and scenarios, as well as communicated to the appropriate
Interface partners, to ensure proper test coverage and collaboration,

A.10.11.4.7 The Contractor shall provide test data and test harnesses where
appropriate to State IS.

A.10.11.4.8 The Contractor shall provide the IV&V Contractor the necessary support
to facilitate IV&V Attestation.

Deploy Interfaces and Integrations:

A.10.11.5.1 The Contractor shall ensure completion/readiness of all designated

interface and integration deployment risk mitigation plans.

A.10.11.5.2 The Contractor shall participate in pre-deployment Gate Reviews and

provide documentation to ensure readiness of interfaces and integrations
for deployment.

A.10.11.5.3 The Contractor shall deploy all approved interfaces and integrations into
production, following an agreed upon change, configuration, deployment
and release management procedures.

A.10.11.5.4 The Contractor shall ensure successful deployment of the interfaces and
integrations through smoke test results or other processes as agreed by
the State.

30
 Operate Interfaces and Integrations:

A.10.11.6.1 The Contractor shall establish automated monitoring and alert

procedures for contacting Key Personnel in the event of
interface/integration interruptions in real time, available twenty-four (24)
hours per day, seven (7) days per week, and three hundred and sixty-
five (365) days per year (24/7/365).

A.10.11.6.2 The Contractor shall track, validate, and report completion of all specified
data exchange activities.

A.10.11.6.3 The Contractor shall track, report, and analyze all interface and
integration exceptions and errors and shall work with interface and
integration partner entities and the State’s operations as needed to
identify a resolution path and communication plan for the errors.

A.10.11.6.4 The Contractor shall manage and adhere to the State’s Software
Problem Resolution process for investigating and resolving reported
problems and potential defects.

A.10.11.6.5 The Contractor shall monitor the need for interface and integration
changes and shall follow the technical change control process to initiate
approval for changes.

A.10.11.6.6 The Contractor shall update interfaces and integrations, as approved

through the HCFA Technical Change Control Board, to address new
requirements and achieve continued or improved effectiveness in
meeting existing requirements.

A.10.11.6.7 The Contractor shall ensure that there is root-cause analysis performed
for all unexpected service interruptions due to failed
interfaces/integrations.

A.10.11.6.8 The Contractor shall identify and develop recovery and any needed
remediation procedures for known errors

A.10.11.6.9 The Contractor shall identify and develop approved escalation

procedures.

A.10.11.6.10 The Contractor shall coordinate with HCFA and develop a BC/DR plan in
compliance with State and Federal requirements supporting the State’s
ATC.

A.10.12 Integrated System Implementation Management

Develop Implementation and Deployment Plan:

A.10.12.1.1 The Contractor shall develop and execute an Implementation and

Deployment Plan consistent with the standards outlined in the CMS
Implementation Plan Template, to define the activities, sequence, roles
and responsibilities associated with moving the TEDS into production.
Production cut-over shall accommodate a multi-phased approach. This
plan shall include at a minimum:

a) Outline the deployment approach.

31
 b) Define the entry criteria required to commence deployment activities.

c) Provide the names of the responsible organization(s), and titles and

telephone numbers of the staff who serve as points of contact for the
deployment. These points of contact shall include the Contractor
Project Manager and Technical Lead and Key Personnel, the State
technical and business owners, the State key resources, as well as
Other State Contractors and representatives from other entities such
as STS, CMS, and State of Tennessee Department of Human
Services.

d) Define the timeline and schedule of deployment activities.

e) Document deployment risks and provide detailed risk mitigation

plans.

Develop Roll Back Plan

A.10.12.2.1 Define and execute a Roll Back Plan for the State’s approval, to provide
a contingency option in case of deployment complications or failure, to
include at a minimum:

a) Criteria required for a roll back to occur

b) Defined sequence of events prior to and during execution of a CP

c) Communication matrix including stakeholders to contact in the event

a roll-back or CP must occur

d) Escalation process

Document criteria for implementing the system in the production environment and
necessary documentation required to proceed with the implementation process.

The Contractor shall develop and execute a System Maintenance, Support, and
System Transition Plan.

A.10.12.4.1 The Contractor shall document the entry and exit criteria for transition
activities, as approved by the State, to commence and complete
transition to operations.

A.10.12.4.2 The Contractor shall describe the Contractor’s approach for supporting a
multi-phased release of functionality to provide the State value as early
as possible during the project timeframe.

A.10.12.4.3 The Contractor shall document the Contractor’s approach, resources,

and organizational structure to support efficient Operations and
Maintenance activities including approved workarounds, enhancements
and defect fixes for software CIs included in the production release while
simultaneously supporting major software CIs in development for
subsequent releases.

32
A.10.12.4.4 The Contractor shall document the Contractor’s approach, resources,
and organizational structure to support efficient development of software
CIs for future functionality releases without compromising Operations
and Maintenance activities for software CIs in production.

A.10.12.4.5 The Contractor shall describe the approach for issue reporting and
resolution of issues identified during the post go-live stabilization period
prior to the post implementation review.

A.10.12.4.6 The Contractor shall document exit criteria, including service level
agreements and applicable performance standards that shall be used to
define a stable production environment, as well as the required duration
for stable performance to ensure completion of the stabilization period.
Exit criteria shall be contingent on State approval.

A.10.12.4.7 The Contractor shall document assumptions, constraints, dependencies,

risks and issues applicable to the transition to operations.

A.10.12.4.8 The Contractor shall identify risk mitigation plans and owners for
transition activities.

A.10.12.4.9 The Contractor shall develop and execute a Cut-Over Plan as described
in Section A.15.1 that provides continuity of service in Medicaid and
CHIP for the State of Tennessee.

A.10.12.4.10 The Contractor shall develop a plan to manage the activities and issues
related to the transition from a determination to an assessment state.

A.10.12.4.11 The Contractor shall prepare CMS required change control

documentation that applies to significant changes in compliance with
CMS change management process.

Prepare for Implementation

A.10.12.5.1 The Contractor shall provide information as requested by the IV&V

Contractor to ensure that the system is fully compliant with functional and
non-functional requirements, configuration management requirements,
and service level agreements.

A.10.12.5.2 The Contractor shall complete implementation preparation activities that

shall be used to drive a ‘Go/No-Go’ decision, including at minimum:

a) Completion of a holistic Operational Readiness Assessment that

shall outline critical system and business components, and each
individual/business unit required to provide sign-off

b) Demonstrated completion of entry criteria for the start of

implementation activities, as defined in the Implementation and
Deployment Plan, with sign-off from the State.

c) Provision of implementation checklists, for final approval by the

State, to support accurate completion of all implementation activities.

33
A.10.12.5.3 The Contractor shall request a ‘Go/No-Go’ decision from the State and
shall receive a ‘Go’ decision prior to entering into implementation
activities.

A.10.12.5.4 The Contractor shall plan and execute an appropriate communication

strategy for all implementation affected stakeholders in cooperation with
the State’s OCMT personnel and Strategic Program Management Office
personnel.

A.10.12.5.5 The Contractor shall support training activities in conjunction with the
State and other state contractors.

Execute Implementation and Deployment Plan:

A.10.12.6.1 The Contractor shall follow the implementation documentation,

checklists, and tools developed in the Plan Implementation activity to
support successful completion of a system implementation.

A.10.12.6.2 The Contractor shall complete implementation execution activities once a

‘Go/No-Go’ decision has been reached, including at minimum:

a) Deployment activities to occur upon receiving State approval for

implementation

b) Overall sequence and site-specific implementation specifications

c) Manage coordination activities with Strategic Technology Solutions

(STS) and all interface partners.

d) Management of Operations and Maintenance resources

e) As needed, execute CPs as defined in the Implementation and

Deployment Plan activity.

A.10.12.6.3 The Contractor shall provide Release Notes that outline the overall
implementation process.

A.10.12.6.4 The Contractor shall convert data from existing data sources associated
with the specific release, and perform substantial initial data loads from
legacy operational systems.

Execute Transition Plan:

A.10.12.7.1 The Contractor shall provide the appropriate level of resources and
organizational structure to support efficient Operations and Maintenance
activities including bug fixes and enhancements for software CIs
included in production release while not compromising productivity for
major software CIs in development.

A.10.12.7.2 The Contractor shall ensure that Operations and Maintenance staff is
trained, onsite, ready and capable of providing Operations and
Maintenance services four (4) weeks prior to go-live.

34
 A.10.12.7.3 The Contractor shall provide an agreed to quantity of personnel to the
Operations and Maintenance production control that shall include at a
minimum Configuration/Release Manager, Continuous Improvement
Process (CIP), Problem/Incident Manager, and a Production
Control/Operations Manager.

A.10.12.7.4 The Contractor shall provide the appropriate level of resources and
organizational structure to support efficient development of software CIs
for future functionality releases while not compromising O&M activities
for software CIs in production.

A.10.12.7.5 The Contractor shall publish risk and issue reporting and resolution.

A.10.12.7.6 The Contractor shall identify and execute resolution plans, subject to
State approval, for any issues identified during the post go-live warranty
period prior to the post implementation review.

A.10.12.7.7 The Contractor shall ensure satisfactory completion of transition exit

criteria as defined in the State’s Implementation and Deployment Plan
and performance levels as identified in relevant service level
agreements.

A.10.12.7.8 The Contractor shall complete full fail-over testing with all system
monitoring activities in place.

A.10.13 Post Implementation Evaluation

Support evaluation planning:

A.10.13.1.1 The Contractor shall provide information to indicate availability and

schedule for providing data to support the evaluation.

A.10.13.1.2 The Contractor shall provide prototypes of data to confirm fit and format
of data to support the post implementation evaluation.

Provide information

A.10.13.2.1 The Contractor shall provide data, as specified and in a format approved
by the State, to document Solution performance, and supports
user/customer and performance assessment activities.

A.10.13.2.2 Provide required deliverables as outlined in the post-implementation

review Gate Review.

Provide recommendations

A.10.13.3.1 The Contractor shall document lessons learned.

A.10.13.3.2 The Contractor shall provide the State with documentation of lessons
learned, as compiled through the lifecycle and in the Post-
Implementation Evaluation, to support improved project performance on
future Solution Releases and, where applicable, other MMP projects, to
include topics such as:

a) Best practice identification

35
 b) Issue root causes

c) Risk and issue mitigation

d) Performance improvement opportunities

A.10.13.3.3 The Contractor shall provide recommendations for process improvement

to the system development lifecycle.

A.10.13.3.4 The Contractor shall participate in lessons learned activities for each
release and provide constructive feedback, both positive and negative,
with respect to their role in the Solution lifecycle.

A.10.13.3.5 The Contractor shall provide Solution recommendations, supported by

analysis to include cost, risk, security, business, and organizational
impacts, and that outline:

a) Functions that may warrant refinement or replacement to support

improved performance or architectural alignment

b) Functions that may warrant enhancement, to derive increased value

from the existing Solution investment

c) New functions that can provide compelling value in addressing the

State’s business needs.

The Contractor shall engage in Annual Operational Assessments (AOAs) that

reports on:

A.10.13.4.1 Performance of the Solution

A.10.13.4.2 User satisfaction with the Solution

A.10.13.4.3 Adaptability to changing business needs

A.10.13.4.4 New technologies that might improve the investment

Develop/Implement Enhancements

A.10.13.5.1 Upon determination by the State that enhancements (changes and

modifications to the system during O&M, over and beyond original
specifications and requirements) are warranted, the Contractor shall
create an Enhancement Change Order for the State’s approval.
Enhancement Change Orders shall follow the Change Order process
defined in Section A.28 below.

A.10.13.5.2 The Contractor and the State shall prioritize, document, implement, and
test enhancements based on the HCFA Technical Change Control
Process.

A.10.13.5.3 Enhancement activities are in addition to the O&M activities and shall be
performed by separate Contractor staff.

36
 A.10.13.5.4 The Contractor shall complete Service Design Packages describing
changes to original design documents when enhancements impact
technical designs.

Disposition Plan

A.10.13.6.1 The Contractor shall develop and execute a Disposition Plan in

compliance with the CMS System Disposition Plan.

A.10.13.6.2 The Contractor shall include project closeout activities, data archiving
strategies, hardware destruction procedures, and capacity reallocation in
the Disposition Plan.

A.10.13.6.3 The Contractor shall review the Disposition Plan and obtain State
approval.

A.11 Deliverable Submission Process

A.11.1 The Contractor shall follow the defined deliverable submission process for each
deliverable included in the Table of Deliverables (Section A.27) below. The Contractor
may submit additional steps which shall be documented in the PMP.

A.11.2 At a minimum, the Contractor shall submit a DED via the CM process for each
deliverable at least one month prior to the first submission date unless a shorter time
period prior to the first submission date is agreed to in writing, and request approval from
the State.

A.11.3 The Contractor shall create deliverables as defined in each approved deliverable’s DED.
The DED shall govern the contents of the deliverable for each version of the deliverable,
enumerate the State’s expectations, and outline what is to be included in the deliverable
by the Contractor.

A.11.4 The Contractor shall facilitate for each deliverable a minimum of one walkthrough with the
State one week prior to the deliverable submission date, unless a shorter time period prior
to the deliverable submission date is agreed to in writing.

A.11.5 The Contractor shall submit for each deliverable a first submission on the agreed
submission date and allow the State to review and provide responses. The State shall,
within the applicable Review Cycle set forth in Section A.11.10, or such other period of
time as is mutually agreed to in writing, review and either approve the deliverable through
a Notice of Approval, if it conforms with the requirements set forth in the applicable
approved DED, or reject the deliverable through a Notice of Deficiencies. Deficiencies may
be conceptual deficiencies or specific deficiencies, in each case identified with reference
to the applicable portion of the DED. Conceptual deficiencies could be considered
deficiencies of the entire deliverable.

A.11.6 After resolving all deficiencies identified by the State in a Notice of Deficiencies, the
Contractor shall re-submit each deliverable for review by the State. The State will then
review the deliverable and provide a notice to the Contractor in accordance with the
process and within the timeframe described in Section A.11.5.

A.11.7 The approved deliverable will be relied upon by the Contractor to perform the Services.
The Contractor shall resolve deficiencies identified by the State in a Notice of Deficiency
prior to each deliverable’s final submission.

37
 A.11.8 The Contractor shall submit a final (as of the particular Gate Review) of each deliverable
at least six (6) weeks prior to a State Gate Review and/or CMS Milestone Review, unless
a shorter time period prior to a State Gate Review and/or CMS Milestone Review is
directed by the State through a Control Memorandum.

A.11.9 Reserved.

A.11.10 The State and Contractor shall follow the review and response times assigned to each
deliverable in the Table of Deliverables (Section A.27), as follows:

Table 1: Table of Deliverables

Deliverable Length of State Review Period for each Length of Contractor Update Period
Classification Review Cycle after Receiving State Updates
Type A Seven (7) days Seven (7) days
Type B Ten (10) days Ten (10) days
Type C Twenty (20) days Twenty (20) days

A.12 System Requirements

A.12.1 Contractor shall ensure that the Solution meets the State’s Functional and Non-
Functional Requirements. In building the Solution, Contractor shall comply with those
requirements, contained in this Contract.

A.12.2 The Contractor’s Solution shall automate all of the defined functional requirements,
unless otherwise stated within the respective requirement language approved by the
State.

A.13 Environments

A.13.1 The Contractor shall build, support, document, and maintain the environments necessary
to support all releases of the TEDS. This includes, but is not limited to, development, data
conversion, testing, training, operational readiness, and production. Environments shall
be housed and hosted by the State’s STS.

A.13.2 The Contractor shall develop and document an environment strategy and approach that
shall ensure State-approved environments to support all requirements defined within the
Contract.

A.13.3 The environment strategy and approach shall support the need for two concurrent
releases in development, in addition to regular maintenance releases. Therefore, a
minimum of four (4) sets of development and testing environments shall be required.

A.13.4 The Contractor shall provide the environments below. Any deviation from the list of
environments below shall be supported by the Contractor’s environment strategy and
approach and approved by the State. The Contractor may utilize additional application
environments based on their development methodology and their understanding of the
project roadmap.

Production Environment with Failover Clustering

Production Support Environment with Failover Clustering

Staging/Penetration Testing Environment with Failover Clustering

38
 Technical Sandbox Environment

Development Environments

A.13.4.5.1 Development Environment

A.13.4.5.2 Interface Development Environment

A.13.4.5.3 Unit/Automated Test Environment

A.13.4.5.4 Component Integration Test Environment

A.13.4.5.5 Conversion Development Environment

Test Environments

A.13.4.6.1 System Integration Test Environment

A.13.4.6.2 Functional Test Environment

A.13.4.6.3 Automated Regression Test Environment

A.13.4.6.4 Interface Test Environment

A.13.4.6.5 Performance/Stress Test Environment with Failover Clustering

A.13.4.6.6 Conversion Test Environment

A.13.4.6.7 User Acceptance Test Environment

A.13.4.6.8 Quality Control Testing Environment

A.13.4.6.9 Beta Test Environment

Training Environment

Disaster Recovery Environment with Failover Clustering

A.14 Data Conversion

A.14.1 The Contractor shall be responsible for planning, developing, testing, implementing,
maintaining, and managing the secure data conversion process in all environments of the
TEDS.

A.14.2 The Contractor shall identify the legacy systems and other data sources, as determined
by the State, to be loaded into the Solution.

A.14.3 The Contractor shall be responsible for converting all data from all legacy eligibility
determination systems that are necessary for the TEDS to support ongoing eligibility
determinations, redeterminations, appeals, audits, and other processes as required by
Federal and State regulations and policies.

A.14.4 The Contractor shall document and recommend selection criteria to the State to be used
to identify the data to be extracted (by the State) from the source data.

39
A.14.5 The Contractor shall define and document whether the data conversion process for a
data source shall be an automated data conversion process or a manual data conversion
process.

A.14.6 The Contractor shall provide an explanation indicating the reason an automated
conversion of a data source is not feasible or otherwise not recommended.

A.14.7 The Contractor shall provide details on data collection tools and load processes for any
data conversion processes that are identified as necessary.

A.14.8 The Contractor shall provide logical and physical data models for the TEDS, including but
not limited to, an Entity Relationship Diagram, Data Flow Diagram, and Data Dictionary.

A.14.9 The Contractor shall provide a detailed data element mapping crosswalk between the
data sources and the data target.

A.14.10 The Contractor shall map source data elements to target data elements with
transformation rules.

A.14.11 The Contractor shall define data cleansing, reporting, and remediation processes and
procedures for each data source, with organizational roles and responsibilities.

A.14.12 The Contractor shall provide tools to be utilized for development and execution of the
Extract, Transform, and Load (ETL) processes required to complete automated data
conversion.

A.14.13 The Contractor shall provide estimated data volumes and conversion runtimes by data
source.

A.14.14 The Contractor shall describe the QA processes to be executed and reports to be
delivered to HCFA IS to verify the completeness, integrity, and readiness of the
converted data for use in the Target system.

A.14.15 The Contractor shall define reconciliation processes to track the ETL process for each
row from source to target system.

A.14.16 The Contractor shall define change control authorization and audit processes to authorize
and track changes applied outside of the Solution to converted data in order to correct
errors identified in the data during pre or post Go-Live of the Solution following the data
conversion.

A.14.17 The Contractor shall be responsible for the development of conversion software and
performing manual data conversion. This activity shall include testing conversion
programs and procedures and the preliminary conversion of all data.

A.14.18 The Contractor shall be responsible, through facilitation with the State, for coordinating
and collaborating with other necessary contractors to resolve data conversion issues.

A.14.19 The Contractor shall be responsible for maintaining the data after go-live and ensure that
maintenance of the source DBMS after Go-Live does not adversely impact the referential
integrity of the data.

A.14.20 The Contractor shall be responsible for maintaining an original copy of the source
conversion data to be used during testing within a staging area in the data conversion
database(s).

40
A.14.21 The Contractor shall be responsible for reconciling and vetting data source (e.g., CHIP,
MMIS, Accent data) mapping errors and allotting the appropriate timing to correct these
errors prior to converting the data into the target system.

A.14.22 The Contractor shall be required, at the direction of the State, to directly work with the
State and other State contractors to analyze the data to be converted and develop extract
specification and testing processes to ensure completeness of data conversion.

A.14.23 The Contractor shall provide an Extract Control Document, as a part of the Data
Conversion and Synchronization Plan defined in Section A.27, for each data source.

A.14.24 The Contractor shall coordinate with the State and other State contractors to develop a
Data Conversion and Synchronization Plan describing the approach, strategy,
constraints, assumptions, and specifications for converting and migrating data from
current legacy sources.

A.14.25 The Contractor shall develop and deliver to State stakeholders, and execute a
comprehensive Data Conversion and Synchronization Plan. The Data Conversion and
Synchronization Plan shall be reviewed and baselined for each Release of the TEDS.
The Data Conversion and Synchronization Plan shall include, but is not limited to, the
following:

Identification of source and target systems/environments

Provision for a non-disruptive conversion (no or minimal down-time)

Description of any automated methods of conversion that require limited

intervention by the State

Description and addressing of security measures that shall enforce referential

integrity of all data

A mechanism for identifying and reporting conversion errors

A mechanism for error resolution

A method to reconcile data and differentiate between converted data and new
system data

Provision of a capability to automatically reverse or undo a conversion

Identification of conversion validation and verification procedures and activities

required for system testing.

Identification of the testing tools and scripts and the validation and verification of
resulting test data, in preparation for data loading.

Provision of a mapping of the source to destination, considering intermediate

processing requirements.

Data cleansing process, including but not limited to, usage of HCFA’s 4-match or
7-match processes

Frequency of data conversion in all environments (such as Component Integration

Testing /SIT, UAT, and Production)

41
 Sequencing of data loads

Data Conversion Schedule

Roles and Responsibilities

Confirmation/denial of the need for parallel runs of the old and new systems
during the conversion process or a one-time cut-over to the new system.

Identification of criteria for a Go/No-Go decision.

Assumptions

Risks, including workarounds in the event that data conversion will be significantly
delayed.

List of tools needed to execute the conversion

Strategy for data QA and control

Strategy for populating data not contained in legacy systems/sources

Approach for converting and migrating scanned documents/images from legacy

systems

A.14.26 The Contractor shall define and document how referential integrity of all the data will be
maintained, both during and after the conversion process.

A.14.27 The Contractor shall develop manual conversion procedures for loading data that cannot
load to the Target new system environment using an automated conversion process. The
Contractor shall be responsible for all activities required for Target system for manual
data conversion.

A.14.28 The Contractor shall produce a before-and-after conversion report to the State which
shall include, but is not limited to, the following:

Conversion count

Conversion errors

Error rate

Data type conversion source type to native type failures

Validation and completeness for conversion

A.14.29 The Contractor shall reconcile any errors produced from any data conversion run.

A.14.30 The Contractor shall ensure that as a result of the data conversion process any eligible
member maintains his/her Medicaid and CHIP healthcare coverage before and after the
production data conversion.

A.14.31 The Contractor shall ensure that converted data follows the protection and privacy
protocols established by the SSP and security control outlined by the State and security

42
 compliance regulations. Security measures shall be enforced regarding data sensitivity
issues.

A.14.32 The Contractor shall identify the data cleansing, validation, and initiation requirements for
the data conversion activities.

A.14.33 The Contractor shall provide to the State a list of data conversion tools and the scripts
used to perform data conversion, intermediate data processing, and loading cleansed
data into the destination or target data repository. This shall include both automated
conversion program and manual data entry procedures.

A.14.34 The Contractor shall provide a Contingency Plan for all data conversion runs.

A.14.35 The Contractor shall be responsible for coordinating, addressing, and reconciling with the
State any data QA and control issues prior to a given data conversion cycle. In addition,
the Contractor shall be responsible for identifying types of data quality problems that may
occur, including but not limited to the following considerations:

Invalid Content

Data Type redefinitions (e.g., alphas in dates, numbers in data field [including but
not limited to Zip Codes and SSNs that have leading zeroes]).

Incomplete records (e.g., uninitialized data)

A.14.36 The Contractor shall be responsible for running a number, as approved by the State, of
mock data conversions to achieve a one hundred percent (100%) pass rate. Each mock
conversion shall simulate the real go-live process with live data and actual volumes.

The pass rate shall be determined by the accumulative average of all records
correctly converted in every field, in every extract file, coming from the data
sources. For a record to be correctly converted, the target record must either:

a) Match exactly how it is in the data source

b) Match in accordance with the detailed data element mapping crosswalk.

A.14.37 The Contractor shall not use default values in production for missing data (e.g., SSN,
birth date) without written prior approval by the State.

A.14.38 The Contractor shall define a process to ensure that any changes to data model design
due to change requests or additional functional requirements are promptly addressed in
the conversion efforts and do not negatively impact the Go-Live time table or schedule.

A.15 Operational Readiness

A.15.1 Cut-Over

The contractor shall create a Cut-Over Plan that describes the Contractor’s
approach to the following Cut-Over activities:

a) Coordination of all cutover activity to include verification of final data

transfers, initiation of all batch jobs, cutover of network and
telecommunication services, and any and all other activity defined in the
Contractors approach

43
 b) License and warranties for any and all hardware and software

Cutover of the Service Desk service

Validation of cutover success or execution of any required contingency activity in

response to cutover failures

A.15.2 The Contractor shall develop a State-approved Operational Readiness Checklist to

determine whether the system is ready for go live. This checklist shall include, but not be
limited to:

In conjunction with the State, the Contractor shall complete any remedial actions,
all operator and user training for the support staff, and all privacy, security and
accreditation activities.

The Contractor shall ensure that all components of the system function correctly
and interface properly with other components.

The Contractor shall ensure that data conversion efforts have been assessed
through System Integration Testing and User Acceptance Testing for
completeness and accuracy.

The Contractor shall ensure that all interfaces including FDSH, state data sources
and MMIS are connected to production sites, tested and verified against
production, refreshed, and working per approved Functional Design
Documentation and Technical Design Documentation.

A.15.2.4.1 The Contractor shall leverage existing MMIS interface definitions and
transaction file specifications as documented in the MMIS Interface
Specifications.

The Contractor shall ensure that the Solution can accept, store, associate and
process data received through applications and interfaces.

The Contractor shall ensure that the Solution can log Solution errors and alerts,
stakeholders are notified and appropriate resolution steps are taken within a
timeframe approved by the State.

The Contractor shall ensure that the Solution can make correct eligibility
determinations according to approved Functional Design Documentation and
Technical Design Documentation.

The Contractor shall ensure that the Solution can generate correct and complete
notices according to approved Functional Design Documentation and Technical
Design Documentation.

The Contractor shall validate Backup and Recovery operations, and provide
Backup and Recovery results to the State for review and approval.

The Contractor shall resolve all critical and high-priority defects prior to Go Live or,
if necessary, provide the State with a written work around, downstream impacts,
and plan for resolution for State review and approval.

44
 The Contractor shall develop and update the Operations & Maintenance Manual
and job aids that describe how to use and maintain the Solution from a business
function perspective.

The Contractor shall identify key production cut-over risks and develop mitigation
plans.

The Contractor shall ensure that role-based access, security and privacy
standards are in place as part of the Solution testing and implementation.

The Contractor shall demonstrate the Solution’s ability to accurately perform

hourly, daily, weekly, monthly, quarterly, and annual operational cycles.

The Contractor shall validate that the deployed Solution is in alignment with the
approved configuration baseline, included within the System Operations
Documentation defined in Section A.27, and in conformance with the State’s
Enterprise Architecture standards.

The Contractor shall identify variances between the deployed Solution and
approved configuration baseline and take corrective actions, as approved by the
State.

The Contractor shall identify resources for Help Desk Support, Service Desk
Support and Implementation Support. The Contractor shall operate all tiers of the
Help Desk and Service Desk during the Operations and Maintenance phase.

In conjunction with the State, the Contractor shall ensure that the Support
resources are staffed (in terms of both numbers and skill sets) to implement and
execute operational readiness activities.

The Contractor shall define the Help Desk structure and ensure Operational
procedures are documented, approved by the State, and in place.

The Contractor shall provide an emergency on-call list for critical level defects and
procedures for notifying the State in the event of a critical production defect.

The Contractor shall designate project technology resources to perform technical

support tasks.

The Contractor shall ensure that the User Satisfaction Measurement processes
are in place.

A.15.2.22.1 The Contractor shall ensure that metrics to assess system impact of
program and performance goals are in place.

a) The Contractor shall provide a Metrics Report to the State for review and approval.

A.15.3 The Contractor shall be responsible for managing a process to identify, analyze, and
resolve issues generated from operational readiness activities.

A.15.4 The Contractor shall conduct, at a minimum, two (2) walkthroughs of the Operational
Readiness Plan.

The first walkthrough shall occur prior to the Beta Test.

45
 The second walkthrough shall occur after the completion of the Beta Test.

A.15.5 The Contractor shall start operational readiness activities only after the State has formally
communicated completion in writing of User Acceptance Testing (UAT), unless otherwise
directed by the State.

A.16 Beta Test

A.16.1 The Contractor shall conduct a Beta Test during each implementation release.

A.16.2 The Contractor shall provide a dedicated Beta Test environment for the State to complete
Beta Test activities. Beta Test shall run for a minimum of four (4) consecutive weeks,
unless increased by the State, after successful exit of UAT and initial walkthrough of the
Operational Readiness Checklist.

The Beta Test shall run concurrently with standard business operations and shall
involve real-time processing of live application data.

A.16.3 During Beta Test, the Contractor shall confirm via reports that all daily, weekly, monthly,
quarterly, and annual batch jobs and processes are operating as defined in the
Functional Design Documentation and Technical Design Documentation.

A.16.4 During Beta Test, the Contractor shall confirm that all Interfaces are operating as defined
in the Functional Design Documentation, Technical Design Documentation, and Interface
Control Documentations.

A.16.5 During Beta Test, the Contractor shall confirm that Solution functionality, including but not
limited to alert monitoring, incident management, non-functional operational readiness,
and batch scheduling, are operating as defined in the Functional Design Documentation
and Technical Design Documentation

A.16.6 The Contractor shall have the ability to utilize time-travel functionality during Beta Test.

A.16.7 The Contractor shall track and classify all Beta Test defects as critical, high, medium and
low (as defined in the Table in Contract Attachment 2 – Liquidated Damages).

A.16.8 The Contractor shall resolve all critical and high defects prior to Go Live or, if necessary,
provide the State with a written work around, downstream impacts, and plan for
resolution for State review and approval.

A.16.9 The Contractor shall compare Beta Test eligibility results with legacy production eligibility
results to assist in the identification of defects.

A.16.10. At the conclusion of Beta Test, the Contractor shall complete an analysis of the Beta Test
and produce a Beta Test Results Report inclusive of beta test participant input, eligibility
results, business process results, defects identified, defects resolved and lessons
learned.

A.16.11. The Contractor shall implement a code-freeze, preventing additional updates to the
software code related to the current release, upon completion of User Acceptance
Testing and prior to the Beta Test period, or as required by the State.

A.17 Operations and Maintenance

46
A.17.1 The Contractor shall build and maintain a Standard Operating Procedure (SOP) Manual
which shall be made available for State Staff. The manual shall be indexed, with separate
sections for each capability listed with Section A.17 or otherwise identified in this Contract
or specified by the State, in writing, to the Contractor. The State may require an SOP to
be written for specific system support functions. The Contractor shall provide any and all
tools necessary to fulfil the obligations related to executing these capabilities.

The Contractor shall execute all processes described in the SOP Manual.

The Contractor shall, at a minimum, provide the reports listed in Contract

Attachment 6.

A.17.2 Continuous Improvement Process

The Contractor shall be responsible for managing a mature CIP for all TEDS
related services throughout the entire service lifecycle.

The CIP shall identify and address opportunities for improvement within each
service to maximize the service performance, value, and functionality.

The Contractor shall be responsible for developing and implementing a CIP that
aligns with industry standards (e.g., ITIL or Six Sigma) and is approved by State
stakeholders.

The CIP shall be reviewed and managed at the senior level within the Contractor
account team to ensure effectiveness.

Define areas for improvement

A.17.2.5.1 The Contractor shall perform formal maturity assessments and service
reviews against each capability. Assessments shall be conducted at
least once a quarter, in order to highlight areas of improvement or
concern. The findings of the maturity assessments and the service
reviews shall be published to the State. The effectiveness of the CIP
shall be demonstrated through these assessments over time, and shall
be presented to the State in an annual review.

A.17.2.5.2 The Contractor shall be pro-active in its approach, developing quarterly

and annual improvement roadmaps detailing initiatives on a three year
cycle and set target maturity levels to measure success of the CIP.

A.17.2.5.3 The Contractor shall provide specific key performance indicators (KPIs)
to be included in the analysis and require pro-active activities as the data
demonstrates the need, as requested by the State.

Gather and process the data

A.17.2.6.1 The Contractor shall be responsible for gathering and rationalizing the
supporting data for each defined KPI, and making it consistent to identify
any potential gaps in the data.

A.17.2.6.2 The Contractor shall develop reports and dashboards to support the CIP
and make them available to the State on a monthly basis. Reports and
dashboards and the underlying KPIs shall be continuously reviewed and
modified in order to mature the CIP and produce the best results.

47
 Analyze the Data

A.17.2.7.1 The Contractor shall perform data analysis for all relevant services as
defined within the CIP. Data analysis shall be performed at least once
per quarter.

A.17.2.7.2 The Contractor shall produce a data analysis report and shall publish the
report to the various State stakeholders. The data analysis report shall
present an accurate picture of the results of each service performance
against the defined KPIs (referenced at each capability section), allowing
the State’s stakeholders to have in-depth knowledge of and access to
this data analysis to enhance effective managerial decision making.

Implement Corrective Action Plans

A.17.2.8.1 Upon notification from the State that the Solution fails to meet the
requirements defined in this Contract, the Contractor shall correct any
and all system or performance defects in accordance with Attachment 2.

A.17.2.8.2 At the State’s discretion, upon determination that the Contractor is not
resolving such defects in accordance with Attachment 2, the State may,
through a CM and Control Directive, issue a notice to the Contractor of
its intention to impose a CAP, accompanied by a request that the
Contractor develop and propose an appropriate CAP for review and
approval by the State within the time period designated below. The State
shall determine the severity of the error using the critical, high, and
medium incident definitions as set forth in the Severity Table shown
Contract Attachment 2 – Liquidated Damages.

A.17.2.8.3 The State may, in its sole discretion, assess Liquidated Damages as set
forth in the Liquidated Damages table located in Contract Attachment 2 –
Liquidated Damages, including the enhanced CAP Liquidated Damages
for more than three (3) subsequent occurrences of substantially the
same issue. Each CAP shall, at a minimum, contain the following
information:

a) written documentation that includes acknowledgement of receipt of

the State notice,

b) number of impacted members and cases and such other information

as the State may request

c) a description of how the Contractor has addressed or will address

the immediate problem,

d) an analysis of the root cause of the problem, and

e) a description of how the Contractor shall resolve the problem (or has
resolved the problem) and shall prevent the problem from recurring.

48
 A.17.2.8.4 Upon acceptance of the CAP by the State, the Contractor shall be
responsible for executing the CAP, and the CAP shall be incorporated by
reference as part of this Contract. The State may request changes
and/or additions to an approved CAP as deemed necessary to correct or
resolve the problems that led to requesting a CAP. The Contractor shall
continue to comply with an approved CAP until the State notifies the
Contractor, in writing, that all problems outlined in the CAP have been
satisfactorily resolved.

A.17.2.8.5 Continued or repeated failure to prevent or forestall the same root cause
error may result, in the State’s sole discretion, in enhanced Liquidated
Damages for Incident Resolution as set forth in Contract Attachment 2 –
Liquidated Damages. In addition, such failure by the Contractor may be
considered by the State to be a breach of the Contract.

A.17.2.8.6 The Contractor shall be responsible for ensuring that all of its
subcontractors or service providers comply with all approved CAPs.

A.17.2.8.7 Notwithstanding the existence of a CAP or the CAP process, nothing in

this Section relieves the Contractor of any obligations for incident
resolution and/or emergency escalation processes.

A.17.3 Service Level Management

The Contractor is responsible and accountable for ongoing monitoring and

reporting on performance against any service levels requested by and agreed
upon with State leadership. At a frequency established by the State, the
Contractor shall perform service level reviews. Following the Contractor’s service
level review, the Contractor may recommend modifications to the State. Service
level agreements may be modified solely at the State’s discretion.

Monitor and Report on Service Levels

A.17.3.2.1 The Contractor shall produce and manage a formal process for ongoing
review and revision of the service levels between the State, Contractor
and other State Contractors. The process shall be submitted to the State
for approval within thirty (30) calendar days of contract start.

A.17.3.2.2 The Contractor shall monitor performance against SLAs approved by the
State. Reporting and monitoring of SLAs must be accurate and provide
data that provides the State a complete view of the performance for each
service. Reports must be provided to the State on an agreed upon
regular schedule.

Perform Service Level Reviews:

A.17.3.3.1 The Contractor shall perform periodic reviews, on a schedule defined by

the State, of SLAs and performance against them to ensure the State is
satisfied with the level of performance. The Contractor shall produce and
provide the State with formal reports of findings.

A.17.4 Service Portfolio and Service Catalog Management

The Contractor shall work with State stakeholders to provide the necessary inputs
for TEDS related services into the State’s Service Portfolio and Service Catalog.

49
 The Contractor shall provide the relevant input to the State and other State
Contractor service providers on an as-needed basis.

A.17.5 Technology Capacity and Performance Management

The Contractor shall be responsible and accountable for all activities required for
identifying and managing appropriate system capacity for all TEDS related
systems which include production and non-production environments (e.g.,
Development, Test, Training, etc.). This includes requirements identification,
planning, management, reporting, and augmentation of system capacity and
performance.

The Contractor shall be responsible for identifying performance and capacity

drivers, understanding the impact to the program, and developing solutions to
accommodate potential capacity and performance demands.

The Contractor shall follow the agreed upon schedule for developing models,
utilizing tools, and developing solutions that avoid any disruption or degradation of
service. These actions shall include development of a complete set of metrics (in
alignment with the program’s CIP) to measure and manage system drivers
including business drivers (e.g., Population, Number of Applicants, regulatory
changes, etc.), the infrastructure (e.g., central processing unit, memory,
bandwidth, transfer rates, storage, etc.), and other system/code related
challenges (e.g., SQL code, database configurations, optimal system tuning
opportunities, etc.) The Contractor shall work with the State and Service Provider
(STS) to ensure the appropriate system capacity and performance is delivered.

Monitor, Analyze, Tune and Implement

A.17.5.4.1 The Contractor shall draft requirements for planning, managing, and
reporting system capacity in coordination with State business and IS
leadership.

A.17.5.4.2 The Contractor shall develop a system Capacity Plan which details the
requirements for planning, managing, and reporting system capacity.

A.17.5.4.3 The Contractor shall determine the performance drivers for performance
management and their impacts on systems developed.

A.17.5.4.4 The Contractor shall obtain State approval relative to minimum levels of
capacity the system must provide, based on consumer demand.

A.17.5.4.5 The Contractor shall meet the Contract requirements for a maximum
response time, maximum processing time for each request, and
minimum number of requests that can be processed in a given period of
time.

A.17.5.4.6 The Contractor shall draft capacity expectations for each system
component.

A.17.5.4.7 The Contractor shall monitor application and infrastructure performance

24/7/365 and perform ongoing load balancing and proactive
management of systems to ensure sufficient capacity and application
availability.

50
A.17.5.4.8 The Contractor shall leverage industry standard tools for the monitoring,
analysis and tuning of capacity and performance, which may include new
or emerging technologies. Tools and technologies shall be properly
vetted and approved by the State. The Contractor shall provide direct
State employee access to this tool.

Manage Capacity and Demand

A.17.5.5.1 The Contractor shall forecast future capacity needs based on industry
standard practices to project future demand while enhancing
technologies to meet demand.

A.17.5.5.2 The Contractor shall ensure technologies are configured per State-
approval to meet the forecasted peak demands and establish thresholds
which shall trigger appropriate corrective action.

A.17.5.5.3 The Contractor shall map applications and infrastructure to business

processes and related demand, to measure capacity requests and
consumption.

A.17.5.5.4 The Contractor shall include cost benefit analysis as a component of the
solution recommendation to the State.

A.17.5.5.5 The Contractor shall record and track utilization of system resources to
determine where capacity adjustments need to be made to support
business processes as defined by the State. This shall be continually
evaluated to ensure any system or environmental changes have not
impacted capacity and performance.

A.17.5.5.6 The Contractor shall estimate the required number of resources needed
to support change in existing service levels and newly identified services
in coordination with State business and IS leadership.

A.17.5.5.7 The Contractor shall develop a System Capacity Plan that documents
the current levels of resource utilization and service performance, and
forecasts the future requirements for new TEDS infrastructure.

Model and Trend

A.17.5.6.1 The Contractor shall develop demand estimates for the TEDS in
coordination with State Business and IS leadership and adjust/report on
estimates in accordance with the CIP reporting schedule.

A.17.5.6.2 The Contractor shall develop a model for capacity demand based on
available State data in coordination with State business and IS
leadership.

A.17.5.6.3 The Contractor shall test capacity demand prototype models to ensure
they surpass demand estimates.

A.17.5.6.4 The Contractor shall continuously update reusable sizing and estimating
models to aid in capacity forecasting that utilize performance
characteristics of applications based on historical data, projected load,
locations, and other factors the Contractor deems appropriate.

51
 Plan and Optimize

A.17.5.7.1 The Contractor shall consult with the State on the service strategy plans
for the TEDS.

A.17.5.7.2 The Contractor shall forecast future requirements for new resources in
coordination with State IS leadership to support IT services that underpin
the business activities.

A.17.5.7.3 The Contractor shall provide recommendations on resources required,

costs, benefits, impacts, and other areas the Contractor or the State
deem appropriate.

A.17.6 Availability Management

The Contractor shall be responsible and accountable for ensuring TEDS

availability and reliability is compliant with an agreed upon set of requirements for
vital business functions. Responsibilities include availability planning and design in
accordance with STS, risk assessment and remediation, testing, monitoring, and
reporting on availability performance.

All TEDS production systems and interfaces shall be designed for high availability
(e.g. complete component redundancy, clustered solutions, data replication, and
failover capabilities).

Plan and Design for Availability

A.17.6.3.1 The Contractor shall draft detailed requirements for system availability in
coordination with State business and IS leadership.

A.17.6.3.2 The Contractor shall develop a Performance and Availability

Management Plan that outlines performance and availability creation and
management processes and, at a minimum, meets the requirements
outlined in Contract Attachment 2.

A.17.6.3.3 The Contractor shall meet the State’s minimum target levels for
availability, reliability, and maintainability of IT infrastructure components.

Perform Risk Assessment

A.17.6.4.1 The Contractor shall perform regular availability risk assessments to

identify and quantify risks and countermeasures to protect the availability
of IT systems.

Implement Countermeasures

A.17.6.5.1 The Contractor shall develop appropriate controls and countermeasures

to improve the availability and resilience of TEDS services and
underlying IT components.

Test Availability & Resilience Mechanisms

A.17.6.6.1 The Contractor shall perform periodic, as defined by the State,

availability mechanism tests to ensure that availability and resiliency
mechanisms designed to provision services are operating effectively.

52
 A.17.6.6.2 The Contractor shall publish an Availability and Resilience test results
report and ensure they are available to State Business and IS
leadership.

Monitor, Measure, Analyze, & Report Availability

A.17.6.7.1 The Contractor shall leverage existing State and STS monitoring tools
where available.

A.17.6.7.2 The Contractor shall develop availability reports to document and

maintain all availability and performance analysis results conducted on
the system.

A.17.6.7.3 The Contractor shall provide availability reports, and access to the
underlying data utilized to create the reports, to the State for review
during periodic service level review meetings.

A.17.6.7.4 The Contractor shall conduct ongoing availability and performance

analysis on the system which includes monitoring the availability
24/7/365.

A.17.7 Business Continuity/Disaster Recovery

The Contractor shall be responsible and accountable for ensuring the continuity of
services related to the TEDS in order to ensure the business can operate
effectively in the event of a disaster. The Contractor is expected to follow a
rigorous, process-oriented approach which includes: business impact analysis,
development of service continuity plans, risk assessments, testing, reporting, and
execution of service continuity plans in the event of a disaster.

A.17.7.1.1 The Contractor shall participate in any enterprise BC/DR testing initiated
by the State or STS.

A.17.7.1.2 The Contractor shall develop a Cost Benefit Analysis Plan that includes
total cost of ownership, cost-benefit analysis, and weigh those costs
against the desired recovery point objective/recovery time objective,
providing the Cost Benefit Analysis Plan to the State for approval.

A.17.7.1.3 The Contractor shall incorporate training and awareness for State
personnel to support BC/DR efforts as part of its BC/DR Plan.

A.17.7.1.4 The Contractor shall support the relationship with STS in BC/DR
endeavors ensuring efforts are in line with STS. STS provides recovery
support for the infrastructure. The Contractor is responsible for
application recovery.

Initiate BC/DR

A.17.7.2.1 The Contractor shall draft requirements for IT Service Continuity in

coordination with State Business and IS leadership.

A.17.7.2.2 The Contractor shall develop a BC/DR Plan consistent with HCFA
BC/DR Management Plan and CMS Contingency Planning Guidance.

53
A.17.7.2.3 The Contractor shall develop BC/DR policies and procedures in
coordination with State leadership.

A.17.7.2.4 The Contractor shall draft BC/DR guidelines in compliances with State
policies and expectations.

A.17.7.2.5 The Contractor shall draft a Backup Implementation Plan that involves
virtual machines and volume snapshots.

A.17.7.2.6 The Contractor shall develop a multiple backup approach strategy;

backups being performed using backup software and backups from
storage systems using snapshot technologies.

A.17.7.2.7 The Contractor shall develop, maintain, and implement complete

Versioning control processes and procedures. The Contractor shall
provide any/all tools necessary to fulfil the obligations of this contract.

Define BC/DR Requirements & Strategy

A.17.7.3.1 The Contractor shall perform a Business Impact Analysis (BIA) to

quantify the impact of a loss of service to the State.

A.17.7.3.2 The Contractor shall perform Risk Assessments, aligned with CMS
standards, to determine areas that can be mitigated by IT and to define
levels of acceptable risks to the State.

A.17.7.3.3 The Contractor shall develop BC/DR strategies in coordination with the
State leadership to achieve optimum balance of risk reduction and
BC/DR options based on the results of BIAs and Risk Assessments.

A.17.7.3.4 The Contractor shall maintain an inventory of critical system applications

and processes.

A.17.7.3.5 The Contractor shall provide a plan to comply with CMS MARS-E
Contingency Plan that includes but is not limited to hoteling of Key
Personnel.

Implement BC/DR

A.17.7.4.1 The Contractor shall ensure that all required services, facilities, and
resources are delivered in an acceptable operational state and are ‘fit for
purpose’ when accepted by the business.

A.17.7.4.2 The Contractor shall perform service continuity procedures as defined in

the BC/DR Plan in the event of a disaster.

A.17.7.4.3 The Contractor shall participate in enterprise BC/DR testing initiated by

the State and/ or STS.

Perform BC/DR Ongoing Operations

A.17.7.5.1 The Contractor shall ensure that all Contractor staff are aware of the
implication of business continuity and of service continuity and consider
these as part of their normal working activities.

54
 A.17.7.5.2 The Contractor shall train all State and other State Contractor personnel
involved in BC/DR procedures.

A.17.7.5.3 The Contractor shall develop and establish a program of regular DR

testing, at a minimum twice a year, to ensure critical components of the
BC/DR strategy can be recovered within the desired Recovery Time
Objective

A.17.7.5.4 The Contractor shall ensure that all changes are assessed for potential
impact on BC/DR plans.

A.17.7.5.5 The Contractor shall develop Contractor Service Continuity and Disaster
reports to document and maintain BC/DR test results on a quarterly
basis.

A.17.7.5.6 The Contractor shall provide Contractor Service Continuity and Disaster
reports to the State for review during periodic service level review
meetings.

A.17.7.5.7 The Contractor shall develop a backup job and server audit.

A.17.7.5.8 The Contractor shall develop and implement a testing program to include
twice-yearly table-top tests, quarterly selected critical component testing,
and yearly technical cut over tests.

A.17.7.5.9 The Contractor’s BC/DR Plan shall include provisions for letter and
notice processing.

Invoke BC/DR

A.17.7.6.1 The Contractor shall perform all BC/DR activities when required by the
State.

A.17.8 Service Transition Planning and Support

The Contractor shall be responsible and accountable to develop the System

Maintenance, Support and System Transition Plan and oversee the ongoing
execution of the following service transition processes: Change management,
configuration management, release management, and patch management. The
Contractor’s System Maintenance, Support and System Transition Plan and
execution strategy shall follow the standards set by the State and leverage
existing processes and tools as appropriate. All changes shall be approved by the
State through the transition process.

The Contractor shall create a formalized service description and associated

details when responding to business needs or proactively proposing new services.

The Contractor shall, during the service transition lifecycle, maintain consistent
and effective communications with all impacted stakeholders.

The Contractor shall provide a clearly defined promote-to-production process that

enforces a strictly defined methodology for movement from development to quality
assurance (QA) and production.

55
 The Contractor shall provide full support and execute and service transitions into
production or other environments.

A.17.9 Technology Change Management

The Contractor shall be responsible and accountable for coordinating all

Technology Change Management activities to ensure that IT changes are
recorded and then evaluated, authorized, prioritized, planned, tested,
implemented, documented, and reviewed in a controlled manner.

The Contractor shall define their Technology Change Management processes and
procedures to ensure that all changes, including emergency, are escalated
appropriately and addressed in a timely manner.

The Contractor shall provide industry standard automated tool for workflow
tracking and approval.

The Contractor’s Technology Change Management process shall integrate with

the State Change Management process.

The Contractor shall work with the State change management staff to support
change events identified as projects, as well as those identified as tasks (e.g. non
projects).

The Contractor shall leverage a tool to enable the change management process,
and utilize State tools where available and possible.

The Contractor shall provide select EMP personnel read access to change
management tools and shall permit the ability to link changes to
incidents/problems and vice versa. Ultimately, the State shall be responsible for
approving all changes prior to promotion into the UAT and production
environments.

Initiate Technology Change Request

A.17.9.8.1 The Contractor shall produce and enforce formal procedures to initiate
and log requests for change (RFCs). RFCs shall provide data to allow
the state to assess the change, including reason/cause, impacts, cost,
schedule, and priority.

A.17.9.8.2 The Contractor shall provide and manage an automated Change Control
Tool where changes shall be logged and managed.

A.17.9.8.3 The Contractor shall complete a Security Impact Analysis form and a
narrative of all risks identified by the Change Request submitter with
each change request.

Review, Assess and Authorize

A.17.9.9.1 The Contractor shall clearly categorize changes and publish the
categorization to the State for approval. Change types include normal
changes, standard changes, expedited changes, and emergency
changes.

56
A.17.9.9.2 The Contractor shall submit a documented RFC for emergency changes
within twenty four (24) hours of the change being requested.

A.17.9.9.3 The Contractor shall publish defined RFC naming and prioritization
procedures, based on business priorities and impact determinations, to
ensure the State clearly understands what the change is, its priority, and
potential impacts.

A.17.9.9.4 The Contractor shall produce and receive approval from the State,
policies that categorize an emergency change. These changes require
the appropriate executive level approvals prior to the change being
implemented.

A.17.9.9.5 The Contractor shall produce and abide by the results of an automated
risk calculation that shall recommend if the change shall be approved or
denied. This calculation shall be based on system risk multiplied by the
magnitude of the impact.

A.17.9.9.6 The Contractor shall provide appropriate prioritization that is aligned with
the business needs/requirements.

Plan and Schedule

A.17.9.10.1 The Contractor shall produce a forward looking change schedule that
accounts for all dependencies that can affect the timing of a change (e.g.
year-end close activities, State regulatory requirements, open
enrollments, etc.). This schedule shall also articulate downstream
impacts to the overall project schedule and identify any risks and
potential CPs and workarounds as appropriate.

A.17.9.10.2 The Contractor shall manage the RFC schedule with defined and
published lead times, based on risk and impact. All change windows
shall be agreed upon by the State. RFC schedules shall follow the same
SDLC process in use for the project.

A.17.9.10.3 The Contractor shall comply with all MARS-E requirements and CMS
guidance documents related to Change Control.

Build and Test

A.17.9.11.1 The Contractor shall provide test certification and other

development/testing documents required by the SDLC process and
requested by the HCFA Technical Change Control Board.

A.17.9.11.2 The testing procedures for each change shall follow the process and
standards established within the Test Management Plan.

Approve for Implementation

A.17.9.12.1 The Contractor shall perform changes according to the agreed-upon and
validated State change schedule.

A.17.9.12.2 The Contractor shall participate in the State TCCB meetings and provide
subject matter experts as needed to answer questions prior to formal
approval process.

57
 A.17.9.12.3 The Contractor shall update change records within the Change Control
Tool with the appropriate status changes and details about the change
and communicate updates to State stakeholders and partners.

A.17.9.12.4 The Contractor shall receive State TCCB approval for all changes prior
to promotion into the Production environment.

Coordinate and Implement

A.17.9.13.1 The Contractor shall produce and publish to the State ongoing formal
documentation of the activities and checkpoints required to coordinate
and implement authorized change(s).

A.17.9.13.2 The Contractor shall provide implementation team members to be on call

and available following any implemented changes to production systems.

A.17.9.13.3 The Contractor shall be able to back out any implemented changes that
have a negative impact on the system and return the system and data to
its natural state before the change was made.

A.17.9.13.4 The Contractor shall send notifications to the State’s stakeholders pre-
and post- change implementation.

A.17.9.13.5 The Contractor shall communicate and coordinate with the State’s
Configuration Manager to ensure that all CI changes resulting from a
new change is appropriately documented in the Configuration
Management Database (CMDB).

Review and Close

A.17.9.14.1 The Contractor shall perform a formal post-implementation change

review to confirm that the change has met objectives, and that the
State’s relevant change stakeholders are satisfied with the results. This
review shall be based on formal post-implementation change review
process, which shall be included in the Contractor’s Technology Change
Management Plan, and approved by the State.

A.17.9.14.2 The Contractor shall document and publish to the State, lessons learned
to provide an opportunity to improve the Technology Change
Management process for future changes.

A.17.10 Configuration Management

The Contractor shall be responsible and accountable for the development and
management of configuration activities in compliance with existing standards and
non-functional architecture requirements.

Configuration Management Plan

A.17.10.2.1 The Contractor shall create and execute an approved Configuration

Management Plan as part of the PMP. Activities include: configuration
planning, management of CMDB, CI identification, performing
configuration audits, and reporting on configuration performance.

58
 A.17.10.2.2 The Contractor’s Configuration Management Plan shall integrate with the
State’s Configuration Management Plan

A.17.10.2.3 The State shall purchase and the Contractor shall maintain a CMDB that
is maintained per the standards defined in the State’s Configuration
Management Plan. The CMDB shall be maintained within a service
management tool that integrates the CMDB with other service
management capabilities such as Incident Management and Change
Management.

Configuration Items

A.17.10.3.1 CIs shall be integrated to an enterprise CMDB.

A.17.10.3.2 CIs shall be defined by the Contractor in coordination with State

business and IS leadership to ensure appropriate level of granularity.

A.17.10.3.3 Older versions of approved baseline configurations shall be maintained

and made available for review and rollback if needed.

A.17.10.3.4 Records of configuration controlled changes to the information system

shall be retained for at least three (3) years unless a longer period is
mandated by the State.

Control Configuration

A.17.10.4.1 The Contractor configuration data model shall be consistent with the
State’s enterprise CMDB configuration data model.

A.17.10.4.2 The Contractor shall manage the lifecycle of each CI from identification
through retirement.

Monitor Configuration

A.17.10.5.1 The Contractor shall develop standard reports in coordination with the
State which provide views, at a minimum, to the definition of CIs, CI
relationships, and status.

A.17.10.5.2 Updates to CIs shall be published monthly, unless otherwise stated in

the State Configuration Management Plan.

Validate and Verify Configuration

A.17.10.6.1 The Contractor shall perform periodic audits of the CMDB to ensure
accuracy and reliability of data as defined by the State.

A.17.10.6.2 The Contractor shall publish findings from CMDB audits in a report and
share with the State.

A.17.10.6.3 The Contractor shall resolve findings from the CMDB audits within thirty
(30) days.

A.17.11 Release and Deployment Management

59
 The Contractor shall be responsible and accountable for moving releases through
the development and initial test environments, as well as the production
environment, and coordinating with the State to plan and schedule releases based
on the business priorities.

The Contractor shall develop formal release and deployment management

processes and procedures to effectively govern the release and deployment
management process and ensure all parties are ready for the release.

Review and Validate Release

A.17.11.3.1 The Contractor shall provide specifications for industry standard software
to automate and manage the versioning/release control for each
individual deployment. The Contractor shall provide any/all tools
necessary to fulfil the obligations of this contract.

A.17.11.3.2 The Contractor shall develop and execute a Release and Deployment
Management Plan that integrates with the State’s Release and
Deployment Management Plan.

A.17.11.3.3 The Contractor shall own and manage the entire Release and
Deployment lifecycle in coordination with State stakeholders and other
third party providers.

Release Planning:

A.17.11.4.1 The Contractor shall develop and perform a formal review process to
clearly define and approve the release plans with the State’s relevant
stakeholders.

A.17.11.4.2 The Contractor shall assign distinct resources to the deployment

process, which are subject to State approval. Access to production and
non-production environments shall be restricted based on the Access
Control List.

A.17.11.4.3 The review process shall include project management planning, and
configuration management reports on the status of the to-be-deployed-to
environment.

Build and Configure Release:

A.17.11.5.1 The Contractor shall perform unit tests on each independent component
that was built and/or configured.

A.17.11.5.2 The Contractor shall produce formal documentation of all build notes for
all releases including emergency releases. These notes shall be
submitted to the State for approval prior to build.

Test and Accept Release

A.17.11.6.1 The Contractor shall produce a formal test certificate as part of the
release approval process. The Test certificate must follow the process
and standards defined within the Test Management Plan.

60
A.17.11.6.2 The Contractor shall submit release documentation, including build
notes, test results/certificate to the State for acceptance of the release.

Deployment Planning:

A.17.11.7.1 The Contractor shall develop and execute an Implementation and

Deployment Plan for all new releases and publish to all relevant IT and
Business stakeholders across the State for approval.

A.17.11.7.2 The Implementation and Deployment Plan shall take into consideration
all dependencies and be closely aligned with the State’s Change
Management Plan.

A.17.11.7.3 The Contractor shall manage release to the Production environment,

which do not conflict with primary business operating and service
delivery hours.

A.17.11.7.4 The Contractor shall communicate to the State’s team pre and post-
notifications if the deployment involves downtime in the production
environment.

A.17.11.7.5 The Contractor shall include risk and risk mitigation plans, including a
back-out approach, for each Release deployment.

A.17.11.7.6 The Contractor shall develop and manage a formal and documented
procedure to ensure the integrity of the release package and its
constituent components throughout the transition activities. The
procedure shall be published to the State.

A.17.11.7.7 The Contractor shall communicate each release to the applicable State
IS and Business stakeholders following an approved communication plan
which shall be detailed within the Release and Deployment Plan.

A.17.11.7.8 The Contractor shall maintain segregation of duties between

development and release management teams.

Perform Operational Readiness:

A.17.11.8.1 The Contractor shall perform formal and documented Operational

Readiness validation to ensure there is appropriate knowledge transfer
to the users impacted by the new release and the Service Desk that shall
be supporting the release. The Operational Readiness validation outputs
shall be published to the State for review and approval.

Go-Live for Release

A.17.11.9.1 The Contractor shall manage deployment automation tools to increase

efficiency, speed, and accuracy of the release.

A.17.11.9.2 The Contractor shall dedicate support resources, available at a capacity

mutually agreed upon, to determine success of the deployment and
resolve any resulting issues.

61
 A.17.11.9.3 The Contractor shall ensure delivery of pre and post-implementation
communication to the designated State personnel resources on all
changes implemented into the production environment or any other
environment identified by the State.

A.17.11.9.4 The Contractor shall own maintenance and repair responsibilities for any
production issues related to a change implemented into the production
environment.

Manage Warranty Support

A.17.11.10.1 The Contractor shall develop and manage a formal process to ensure
that the new or changed service is capable of delivering the utility and
warranty as agreed upon by the State. The process shall be published to
the State and signed-off by the State’s relevant stakeholders. Additional
information can be found in Section A.26.

A.17.12 Asset Management

The Contractor shall be responsible and accountable for the identification,

installation, maintenance, retirement, and financial tracking activities for the
software and hardware assets supporting TEDS.

Request IT software/hardware asset

A.17.12.2.1 The Contractor shall be responsible for identifying required software and
hardware for TEDS activities. The Contractor shall identify
interdependencies between existing assets and associated costs

Procure IT software/hardware

A.17.12.3.1 The Contractor shall provide software/hardware specifications, based on

approved Capacity Plan and System Configuration documentation, to
support the State’s procurement of IT assets.

A.17.12.3.2 The Contractor shall be responsible for development and maintenance of

an Asset Library to enable accurate and up-to-date tracking and
monitoring of procured IT software/hardware assets and related
versions.

Deploy IT software/hardware assets

A.17.12.4.1 The Contractor shall develop and manage a formal software/hardware

asset deployment process. The deployment process shall be published
to the State for approval.

A.17.12.4.2 The Contractor shall be responsible for performing the test suite against
the new assets, following the process and standards defined within the
Test Management Plan.

Manage IT software/hardware assets

A.17.12.5.1 The Contractor shall be responsible for implementation and maintenance

of all TEDS related software/hardware assets.

62
 A.17.12.5.2 The Contractor shall be responsible for development and maintenance of
an asset management tool(s) to provide the state a complete view of
assets lifecycle, usage, regulatory compliance, costs, changes and
viability.

A.17.12.5.3 The Contractor shall log and track assets in parallel with the CMDB.

A.17.12.5.4 The Contractor shall be prepared for, and participate in, periodic asset
audits performed by the State or other State Contractors.

Decommission/Retire IT Software/Hardware Assets

A.17.12.6.1 The Contractor shall produce and publish to the State, a formal
software/hardware assets replacement, decommission, and retirement
process.

A.17.13 Event Management

The Contractor shall be responsible for coordinating with the State and STS on
the detection, documentation, investigation and determination of corrective actions
for events, including but not limited to bottlenecks, degradations delays, response
times, anomalies, and any potential event, that can impact the system in a
negative or unpredictable manner.

The Contractor shall monitor production 24/7/365.

The Contractor shall maintain 24/7/365 on-site production support team (Service
Desk) to identify, monitor, and coordinate TEDS alerts, in cooperation with the
State and other service providers.

The Contractor shall develop, or leverage existing tools where available and
possible, event management capabilities and tools.

The Contractor shall develop, maintain, and manage a plan to monitor every
operation that affects the TEDS (e.g. network, hardware, software, interfaces,
services, data manipulation).

Engineer and Configure Event Management System

A.17.13.6.1 The Contractor shall produce and maintain formal definitions for
commonly occurring events based on industry standards.

A.17.13.6.2 The Contractor shall produce, maintain, and enforce formal event
handling procedures.

Detect and Log Event

A.17.13.7.1 The Contractor shall produce and enforce formal procedures for
detection and logging of events.

A.17.13.7.2 The Contractor shall produce and maintain event logs in compliance with
the State’s policies and procedures.

Correlate and Filter Event

63
 A.17.13.8.1 The Contractor shall produce formal process and documentation
determining filtering definitions, policies, and procedures. The
documentation shall be published to the State for approval.

A.17.13.8.2 The Contractor shall implement fully automated correlation engines for
grouping of events. The correlation rules that drive the correlation
engines shall be published to the State and continuously reviewed for
improvement opportunities.

A.17.13.8.3 The Contractor shall configure each triage tool to integrate with external
service management tools.

Select Event Response

A.17.13.9.1 The Contractor shall communicate all events to the approved State
stakeholders and partners, within an approved timeframe based on
severity of the event.

Review and Close Event

A.17.13.10.1 The Contractor shall develop and manage a formal event review
process. The process and the findings must be published to the State.

A.17.13.10.2 The Contractor shall log corrective actions and close out event with State
approval.

A.17.14 Incident/Problem Management

The Contractor shall be responsible for maintaining a 24/7/365 on-site production

support team (Service Desk) to coordinate incident identification, investigation,
and diagnosis in cooperation with the State and other service providers.

A.17.14.1.1 The Contractor shall supply dedicated resources to perform Incident

Management activities.

A.17.14.1.2 The Contractor shall manage and maintain a tool that enables State
have complete access into the incident management process.

A.17.14.1.3 The Contractor shall develop, or leverage existing tools where available
and possible, incident management capabilities and tools.

Interaction Handling

A.17.14.2.1 The Contractor shall develop, execute, and manage an Incident

Management Plan, which shall be approved by the State.

A.17.14.2.2 The Contractor’s Incident Management Plan shall integrate with existing
State and other third party processes.

A.17.14.2.3 The Contractor shall outline their monitoring/alerting procedures within

the Incident Management Plan that addresses but is not limited to the
following:

a) Alerting capability on any and all hardware, systems, applications,

and access points

64
 b) Identifying errors in processing input files and/or output files. This
alerting system shall capture errors in the interface application(s)

c) Communication guidelines that include escalation procedures

d) Root cause analysis with development of action plans and

implementation of solution/workaround

e) Process for resolving production issues

Record, Classify, Prioritize

A.17.14.3.1 The Contractor shall be responsible for detecting, recording, classifying,

and prioritizing incidents. Incident prioritization shall be approved by the
State.

A.17.14.3.2 The Contractor shall address the procedures and standards for handling
problems within Incident Management Plan.

Investigation and Diagnosis

A.17.14.4.1 The Contractor shall be responsible for investigating and diagnosing

incidents. All procedures and findings shall be documented in an incident
management tool and visible to the State.

A.17.14.4.2 The Contractor shall perform root cause analysis for all incidents and
communicate the findings to the State, the CIP Manager, and other State
Contractors. Root cause analysis identifies those incidents that:

a) Could have been caught

b) Should have been caught

c) Would not have been caught, and

d) Provides a Mitigation Plan for incident.

A.17.14.4.3 Security and privacy incidents shall be reported to State Privacy and
Security Offices as soon as possible, but no more than twenty four (24)
hours from awareness of the incident or sooner if overriding regulations
apply.

Resolution & Recovery

A.17.14.5.1 The Contractor shall be responsible for identifying and enacting

resolutions to incidents. In cases where a permanent resolution is not
currently available, a temporary work around must be provided by the
Contractor.

A.17.14.5.2 The Contractor shall be responsible for validating that the incident has
been resolved.

Closure

65
 A.17.14.6.1 The Contractor shall develop, manage, and adhere to incident closure
procedures.

A.17.15 Request Management

Initiate Request

A.17.15.1.1 The Contractor shall be responsible for identifying needs to support

TEDS and initiating, classifying, and fulfilling requests. The Contractor
shall be required to create a justification case for each request and
submit to the State for approval.

Validate & Classify Request

A.17.15.2.1 The Contractor shall provide and manage a tool for logging, recording,
and categorizing requests.

A.17.15.2.2 The Contractor shall develop procedures and criteria for validating and
classifying requests.

A.17.15.2.3 The Contractor shall use categorization and trending to identify possible
training issues or areas for improving the end user experience in the
TEDS.

Evaluate Request

A.17.15.3.1 The Contractor shall communicate requests to the State for evaluation
and approval.

Fulfill Request

A.17.15.4.1 Once request is approved by State leadership, the Contractor shall fulfill
requests in accordance with State standards.

Review & Close Request

A.17.15.5.1 The Contractor shall validate the request has been fulfilled and meets
the needs of the end-user.

A.17.15.5.2 Once the end-user validates the request has been fulfilled, the
Contractor shall be responsible for closing out request.

Cancel Request

A.17.15.6.1 The Contractor shall produce and publish to the State a formal request
cancelation document.

A.17.16 Technology Operations

The Contractor shall maintain a 24/7/365 on-site production control/operations

control/console management (Service Desk) providing support to STS and the
State for all technology operations activities. All data management activities are to
be in compliance with the Contract requirements.

66
 The Contractor shall manage all operation production and output management
activities and staff.

The Contractor shall work with HCFA IS managers, STS, Technical Change
Control Board, Problem/Incident management and other State Agencies and
business partners (i.e. Department of Labor, DHS, Department of Health, Finance
and Administration, Axis Direct, Federal Hub, CMS, Hewlett Packard, etc.)

The Contractor shall manage any/all real time transactions, batch scheduling,
output/print (i.e. notices, letters), interfaces, changes, and other
production/operational related issues and activities.

The Contractor shall develop and provide a daily Operations Report, including, but
not limited to:

A.17.16.5.1 Interface events and issues

A.17.16.5.2 System events and issues

A.17.16.5.3 Software events and issues

A.17.16.5.4 Errors and Anomalies

A.17.16.5.5 Transactions Sent and Received (Daily and Total Amount)

A.17.16.5.6 Transaction Types

A.17.16.5.7 Staffing and Operational Activities and Issues

A.17.16.5.8 Number of notices and letters received and sent (including any and all
reconciliation efforts)

A.17.16.5.9 Audit tracking of letter/notices by page

A.17.16.5.10 Cumulative statistics and complete breakdown of all letters and notices
by type.

A.17.16.5.11 Performance against Service Levels Agreements

A.17.16.5.12 Such other information as the State may request in writing from the
Contractor.

Service Desk

A.17.16.6.1 The Contractor shall maintain a 24/7/365 Service Desk partnering with
STS and the State to resolve issues.

A.17.16.6.2 The Contractor shall leverage existing Server and Hardware

Management tools and processes when possible within the STS NOC.

A.17.16.6.3 The Contractor shall maintain a 24/7/365 Service Center within the
Service Desk in close coordination with the infrastructure service
provider (STS).

67
A.17.16.6.4 The Contractor shall leverage existing tools and processes used in the
STS NOC where available and possible.

A.17.16.6.5 The Contractor shall maintain 24/7/365 console management strategies

within the Service Desk providing support to the State.

A.17.16.6.6 The Contractor shall review TEDS batch job requests, validate
schedules, and coordinate computer processing time based on system
priorities, program run-time, processing, and restart requirements;
considering batch and production windows/schedules.

A.17.16.6.7 The Contractor shall maintain 24/7/365 Online and Batch Job
management procedures within the Service Desk.

A.17.16.6.8 The Contractor shall provide any/all scheduling information and

monitoring tools to meet the requirements of this contract.

Backup and Restore

A.17.16.7.1 The Contractor shall develop and maintain State-approved backup and
restore process and documented procedures to support State technical
teams through the SDLC process.

A.17.16.7.2 The Contractor shall provide backup and restore completion reports to
the State for review during periodic service level review meetings.

A.17.16.7.3 The Contractor shall perform a State-selected data restore test on a

monthly basis that demonstrates successful backup/recovery strategies.

A.17.16.7.4 The Contractor shall maintain the Solution’s Recovery Time Objective
(RTO) of two (2) hours. In case of a disaster that affects system
operations, the Solution shall be restored in its entirety within two (2)
hours.

A.17.16.7.5 The Contractor shall maintain the Solution’s Recovery Point Objective
(RPO) of no more than one (1) hour of data loss. In case of a disaster
that affects the system operations, a maximum of one (1) hour of data
inputs to the Solution may be lost and require re-entry.

Storage and Archive

A.17.16.8.1 The Contractor shall comply with the storage archiving and purging
policies and procedures established by the State.

Network Management

A.17.16.9.1 The Contractor shall partner and leverage existing Network Management
tools and processes within the STS NOC.

Database Administration

A.17.16.10.1 The Contractor shall monitor the Database performance and operations
on 24/7/365 basis.

68
 A.17.16.10.2 The Contractor shall be responsible for any/all application and database
functions, including but not limited to: maintaining product currency
(version/release/patching), security, licenses, file maintenance, tuning,
optimization, and all related Database Administration functions.

Directory Services Management

A.17.16.11.1 The Contractor shall develop a Solution that is compatible with the
State’s Directory Services and Identity Management solution.

A.17.16.11.2 The Contractor, in coordination with STS and the State, shall monitor
events 24/7/365 on the Directory Services, such as unsuccessful
attempts to access a resource, and take the appropriate action where
required.

Middleware (Application/Internet/Web) Management

A.17.16.12.1 The Contractor, in coordination with the State and other State
Contractors function, shall ensure that appropriate middleware solutions
for the TEDS are chosen and that they can perform optimally when they
are deployed.

A.17.16.12.2 The Contractor, in coordination with STS, shall detect and resolve issues
related to TEDS middleware.

A.17.16.12.3 The Contractor, in coordination with STS, shall update TEDS-related

middleware, including licensing, patching, and installing new versions.

Facilities and Data Center Management

A.17.16.13.1 The Contractor shall comply with the existing processes and standards
for Data Center Management provided by STS, and leverage STS
services for maintaining the TEDS infrastructure.

A.17.17 Print Output Management

Print/Letter/Notices/Electronic Output

A.17.17.1.1 The Contractor shall be responsible for the TEDS print output
(letters/notices) that shall be stored as individual electronic documents in
an electronic content management system, indexed and associated to
existing application/case/member, archived, and available for viewing
and/or printing through the TEDS.

A.17.17.1.2 The Contractor shall define, develop, implement, and maintain a

document management system (e.g. HP Exstream) for managing all
aspects of document creation, modification, and output.

A.17.17.1.3 The Contractor shall define, develop, implement, and maintain an

electronic content management system. The State shall like to re-use,
where possible, the currently utilized ECM tool, FileNET.

69
A.17.17.1.4 The Contractor shall be responsible for creating, processing, printing,
mailing and tracking each mail piece through the output process. Output
management includes, but is not limited to, forms design, printing,
folding/insertion into envelopes, co-mingling, and delivery to the USPS.

A.17.17.1.5 The Contractor shall manage and re-mail returned mail received from the
USPS, and associating to an existing application/case/member.

A.17.17.1.6 The Contractor shall systematically update addresses received from the
USPS as directed by the State.

A.17.17.1.7 The Contractor shall provide and maintain approved inventory levels,
including mailing envelops and attachments as necessary.

A.17.17.1.8 The Contractor shall support USPS tracking processes and industry
standard print tracking processes, including but not limited to intelligent
mail barcode and USPS address verification and validation. Examples of
USPS address verification and validation systems include:

a) Coding Accuracy Support System

b) Multi-line Accuracy Support System

A.17.17.1.9 The Contractor shall provide complete tracking of each individual

letter/notice by page and provide a complete audit of such in the Daily
Operations Report.

A.17.17.1.10 The Contractor shall produce, print, and mail all printed output.

a) Routine TEDS letters and notices that are to be printed, shall be

inserted and mailed within two (2) business days of production, as
defined by the State’s daily operation processes.

b) The Contractor shall have the ability to future date TEDS letters and
notices.

c) High-volume or mass mailing of TEDS letters and notices that are to

be printed, shall be inserted and mailed based on a schedule defined
by the State’s operation processes.

A.17.17.1.11 The Contractor shall deliver the letter/notice to the USPS within two (2)
business days of letter creation.

A.17.17.1.12 The Contractor shall provide postage mechanisms and be responsible

for all postage costs to be utilized during the output process.

A.17.17.1.13 The Contractor shall archive and store the combined bulk print-stream
for audit and review purposes.

A.17.17.1.14 The Contractor shall be directly responsible for ensuring all notices,
letters and other electronically generated output is produced, printed,
mailed and thoroughly monitored for completeness and quality.

70
A.17.17.1.15 The Contractor shall manage, on a daily basis, the relationship with
any/all third-party service providers to manage and resolve any issues
associated with print output.

A.17.17.1.16 The Contractor shall provide a test environment to ensure all

development, including forms (template) design, content, data accuracy
and through-put is thoroughly tested and approved by the State before
moving into production.

A.17.17.1.17 The Contractor shall have the ability to print all documentation in a
double-sided format and in Spanish if required by the State.

A.17.17.1.18 The Contractor shall process, print, and mail documents in the
appropriate envelope as defined by number of pages and envelope size
limitations.

A.17.17.1.19 The Contractor shall ensure that all notices are formatted to align the
letter or notice address with USPS envelope address windows, and
prevent all other information from being visible.

A.17.17.1.20 The Contractor shall have the ability to include attachments or inserts,
which vary by notice type, within the printing process.

A.17.17.1.21 The Contractor shall have the ability to print letters, notices, and
attachments on color pages, as defined by the State.

A.17.17.1.22 The Contractor shall ensure that notice-related errors triggered during
the batch-print process do not prevent the completion of the batch-print
process.

A.17.17.1.23 The Contractor shall have the ability to perform high-volume batch
printing in one session or separated across multiple sessions. The
Contractor shall provide the printers needed for this functionality at no
additional cost to the State and to be located at the Contractor’s facility.

A.17.17.1.24 The Contractor shall provide manual work-around processes, at no

additional cost to the State, upon failure of automated output processes.

Document Print/Letter/Notices/Electronic Output Management

A.17.17.2.1 The Contractor shall provide on-going support, testing, and maintenance
of the Output Management Software for print, notices, letters, and
templates.

A.17.17.2.2 The Contractor shall create and/or modify specified print, notice, letter
templates, and other elements within time frames specified by the State.
The list of notices can be found in Contract Attachment 3.

A.17.17.2.3 The Contractor shall provide test environment and drafts for approval by
State business unit and business partners. The Contractor shall include
the State throughout the lifecycle of notice development and testing.

A.17.17.2.4 The Contractor shall, upon State approval, deploy new or modified
templates and print/letters to production environment.

71
 A.17.17.2.5 The Contractor shall set-up, execute, monitor, and take corrective action
on any/all issues related to print, notices, letters, and production/test
processes.

A.17.17.2.6 The Contractor shall work with State agencies and/or third party mail
vendors, mail co-mingle vendors, and other State partners to track the
quantity and quality of each type of print, notice, or letter created as part
of the daily processing cycle by the TEDS.

A.17.17.2.7 The Contractor shall take corrective action to resolve all production
discrepancies, issues, and incidents before errors reach the USPS.

A.17.17.2.8 The Contractor shall regenerate print data files as requested.

A.17.17.2.9 The Contractor shall monitor and review all print, notice, or letter file
outputs for completeness and ensure the correct print, notice, or letter is
generated for the intended purpose and the intended recipient.

A.17.17.2.10 The Contractor shall reconcile any discrepancies/differences and take

corrective action before progressing to the next step.

A.17.17.2.11 The Contractor shall compare counts of each printed notice/letter type
generated in TEDS with folder/inserter and USPS counts in real-time to
prevent any lost, incomplete or overage in production.

A.17.17.2.12 The Contractor shall produce and reconcile final counts of each print,
notice and letter type to validate postage charges and send final report to
the State daily.

A.17.17.2.13 The Contractor shall test new or modified print, letters and notices to
ensure quality and accuracy of templates.

A.17.17.2.14 The Contractor shall monitor daily print, validate quality, process letters
and notices and accommodate necessary changes to the daily print,
letter, and notices schedule based on outages, ad-hoc requests, or
needed system recoveries.

A.17.17.2.15 The Contractor shall design, develop, manage and practice letter and
notice processing portion of the BC/DR Plan for letter and notice
processing.

A.17.17.2.16 The Contractor shall provide proof of services and evidence of a contract
for a disaster recovery site for Print Output Management.

A.17.17.2.17 The Contractor shall develop and establish a program of regular DR

testing, at a minimum twice a year, to ensure critical components of the
BC/DR strategy can be recovered within the desired Recovery Time
Objective for Print Output Management.

A.18 Turnover

A.18.1 The Contractor shall be responsible for planning and supporting turnover of the Solution
at the completion of the required term, or in the event of contract termination. The
Contractor shall provide a complete transition to a successor, which could include the
State or other State contractors. The State may exercise an option to extend the

72
 Operations and Maintenance period of this Contract and delay all Turnover activities for a
commensurate period of time. The State shall work closely with the Contractor during this
process and must approve all updates to the Contractors Turnover approach and plans.

A.18.2 The Contractor shall maintain staff throughout the Turnover period to satisfy and maintain
compliance with all performance standards and requirements identified in the Contract.
The Contractor shall supply additional staff on-call for three (3) months after the
successful Cut-Over. Turnover activities include:

Planning for the Turnover

Managing and Executing the Turnover

Turnover Training and Knowledge Transfer

Cut-Over

Contract Closeout

A.18.3 Planning For The Turnover

The Contractor shall develop, deliver, and execute a Turnover Plan. The Turnover
Plan shall include a comprehensive approach to turnover, including but not limited
to resources, staffing, training, milestones, and tasks to successfully transfer
responsibility for Operations and Maintenance of the Solution at a level of
performance and customer support equal to the level achieved by the Contractor.
The Turnover Plan shall include:

A.18.3.1.1 Procedures to identify all software, data, documentation, and

miscellaneous supplies that shall be transferred to the State

A.18.3.1.2 Approach to how the Contractor shall support training and knowledge
transfer from the Contractor to the State

A.18.3.1.3 Approach to testing and verification, consistent with agreed upon testing
procedures with the State

A.18.3.1.4 Approach to cut-over of the Service Desk, which can occur either
concurrent with or after the system cut-over at the discretion of the State

A.18.3.1.5 Success criteria for the completion of cut-over and final acceptance of all
Operations and Maintenance service activity, including defect resolution,
by the State

A.18.3.1.6 Mitigation and CPs to address turnover failures

A.18.3.1.7 State and Contractor tasks for Turnover

A.18.3.1.8 Schedule for Turnover

A.18.3.1.9 Approach to verification of the States readiness, including assessments

of staff, technology, and processes

A.18.3.1.10 Approach to managing change to the Solution throughout the transition

73
A.18.4 Managing And Executing The Turnover

The Contractor shall provide consistent staffing, including Key Personnel and
management, during the execution of the Turnover to transition all aspects of
operation of the Solution from the Contractor to the State or other State
Contractors. The Contractor and State shall confirm transition to the successor.

A.18.5 Management of the Turnover

The management of the Turnover shall be integrated with the project

management structure and successor’s schedule. The primary activities in this
stage are focused on transition planning to support the continuation of operational
readiness of the TEDS. The Contractor shall manage all aspects of the Turnover
that affect cost, schedule, performance (scope and quality),
risk/issues/opportunities, and resources that are under Contractor control.
Additionally, the Contractor shall work with the State and/or successor to
implement the Turnover Plan.

The Contractor shall prepare, in cooperation with the Successor, and submit a
Turnover schedule within six (6) months or one hundred twenty (120) business
days (whichever is longer), of the State’s informing the Contractor of the start of
the turnover stage. The schedule shall address all Turnover activities until the
successful transition of operations.

A.18.6 Staffing the Turnover

The Contractor shall have an organizational staffing model in place to retain

appropriate staffing levels for the successful continuation of operations, and to
support the transition during the Turnover stage. The Contractor shall have staff to
successfully support all requirements of the Contract until Contract closeout is
finalized.

The staffing model shall include an estimate of the types of skills, responsibilities,
and salary of personnel required to assume full Operations and Maintenance
support as delivered by the Contractor under this Contract.

The staffing model shall include both the type of activity of the personnel and the
location of the personnel, including but not limited to the following activities:

A.18.6.3.1 Application Management Operations and Maintenance functions

A.18.6.3.2 Technical Management Operations and Maintenance functions

A.18.6.3.3 Systems, Network, Database, and Storage Management functions

A.18.6.3.4 Service Desk Operations and Maintenance functions

A.18.6.3.5 Administrative Staff

A.18.6.3.6 Management

A.18.6.3.7 Other Key Contacts

A.18.7 Executing the Turnover

74
 The Contractor shall execute the Turnover to transition all aspects of operation of
the Solution to the State or identified party. This includes the transfer of software,
including source program code, COTS systems, and executable copy of the
enhanced Solution, and all related system and process documentation. The
Contractor shall ensure that all transferred information is current as of the last
successfully implemented change.

Throughout the Turnover the Contractor shall work with the State to coordinate
system change activities, define a freeze period, and develop a process for
implementation and coordination of any emergency change required during the
execution. All transfers must be made on electronic media or network transfer and
approved by the State.

At a minimum, the Turnover shall include the Contractor providing the following
items and support:

A.18.7.3.1 Inventory and configuration of all hardware/system components required

to support Operations and Maintenance for all environments of the
Solution at the required level of performance, availability, and capacity,
including:

A.18.7.3.2 As-Is hardware configuration diagrams showing the relationship between

all system, network, security, and service management components

A.18.7.3.3 All System hardware/firmware descriptions, licenses, versions/releases

A.18.7.3.4 All security management, service management, storage management,

code management, and test management software

A.18.7.3.5 Inventory of all software, data and associated documentation to be

transferred

A.18.7.3.6 All source code, complied code, scripts

A.18.7.3.7 All System software/firmware descriptions, licenses, versions/release

A.18.7.3.8 Inventory of all development, Operations and Maintenance tools,

processes and procedures in use by the Contractor in support of the
Solution.

A.18.7.3.9 Inventory of all tools and documentation used by the Service Desk

A.18.7.3.10 Proof of licensing and maintenance contracts for all purchased software
components

A.18.7.3.11 BC/DR site requirements

A.18.7.3.12 Periodic transfers of all software, file systems and documentation

A.18.7.3.13 Transfer and verification of all user ID and access information to include
all configuration data and documentation in use to be establish and
maintain accurate user access

75
 A.18.7.3.14 Verification that documentation, including user, functional, maintenance,
development and operational manuals needed to operate and maintain
the system is available in electronic format

A.18.7.3.15 Transfer of all current and historical support records including but not
limited to:

a) Incident Management Records

b) Problem Management records including work-around(s) and known

errors or defects

c) Change Management records, including Post Implementation reports

d) Release Management records

e) Security Incident records

f) System and Network performance reports

g) System and Network performance data records

h) Root Cause Analysis reports

A.18.7.3.16 Assist the State in validating and verifying all systems are appropriately
configured, and support incident response, system restoration, problem
identification and problem resolution throughout all stand-up and testing
activity

A.18.7.3.17 Participate with the State in execution of all testing

A.18.7.3.18 Completion of the State readiness assessment to include assessment of

ability of technology, personnel and processes to support full Solution
Operations and Maintenance at the level of performance established by
the State

A.18.8 Turnover Training and Knowledge Transfer

The Contractor shall provide training to the State staff and/or the successor
Contractor for no less than 6 months prior to cut-over in order for the State to
assume responsibility of the O&M of the Solution. The contractor shall augment
training with mentoring and shadowing of personnel either in the Contractor’s
production environment or during set-up and testing of the States environments.

At a minimum, the Turnover training shall include the following:

A.18.8.2.1 Introduction to the Solution functions and capabilities

A.18.8.2.2 All application development tools, processes, and procedures

A.18.8.2.3 All application (custom or COTS)/system/infrastructure Operations and

Maintenance responsibilities

A.18.8.2.4 All application/system/infrastructure support processes and procedures

76
 A.18.8.2.5 All management tools (e.g., security management, systems
management, storage management, IT service management, etc.)

A.18.8.2.6 All Service Desk systems, processes, and procedures

A.18.8.2.7 Any and all other responsibilities necessary to sustain Operations and
Maintenance of the Solution at the required level of performance

A.18.8.2.8 Standard Operating Procedure manual

A.18.9 Contract Closeout

Contract closeout occurs at the end of the Turnover stage. The State expects the
Contractor to have completed all contracted work during the Operations stage
prior to contract closeout. Any incomplete or remaining work in which the
Contractor expects to transition to the State or successor Contractor must receive
prior approval from the State. Contract closeout responsibilities, deliverables and
penalties shall survive the termination date of this Contract and continue until the
Contractor has fulfilled all Turnover activities and met all closeout requirements to
the State’s satisfaction and approval. The Contractor shall provide verification in
writing to the State that all items required to be transferred to the State have been
transferred and removed from the Contractors systems. The verification in writing
shall be delivered to the State at a date before the end of the Turnover period as
determined by the State.

A.19 Security and Privacy

A.19.1 The Contractor shall, for any and all systems involved in the processing of the Patient
Protection and Affordable Care Act (PPACA) and HIPAA related information, comply with
the all applicable Federal and State laws and regulations as required for each data type
and classification.

Any reference to MARS-E, even under CMS context references, should also infer
compliance with current IRS Safeguards Program and IRS Publication 1075,
including future updates, where applicable by usage of data type and/or
classification.

A.19.2 The Contractor shall ensure capabilities are provided in their system design to support
CMS guidance issued in the “NIST Special Publication 800-63-2”, including future CMS
updates.

A.19.3 The Contractor shall develop a FTI labeling methodology, included within the System
Architecture Design Document, for any location in which IRS data will be stored. This
shall be approved by the HCFA Privacy Office. IRS data shall be grouped together as
much as possible by design to prevent comingling.

A.19.4 The Contractor shall be responsible for the following phases with regards to Contractor’s
security and privacy related activities throughout the lifecycle of the contract under the
oversight of the State:

DDI

Operations and Maintenance

Testing

77
 Monitoring

Turnover

A.19.5 The Contractor shall ensure that all file uploads from remote users in the Solution shall
have a virus scan prior to being processed further with appropriate feedback to the
uploader of success or failure.

A.19.6 Data Classification

The Contractor shall classify all data collected by the Solution, regardless of the
source (such as data entered through the web portal, data received through
interfaces from sources such as the FDSH, image scans, Department of
Homeland Security, IRS, or file uploads). The State shall approve the security and
privacy standards that shall be applied to each classification.

The Contractor shall identify why and how each data element is captured, how it is
to be retained, and the archive and purge processes that apply to the data.

Contractor shall retain records as required by applicable laws and regulations.

The Contractor shall classify data elements in a way that identifies applicable
security controls based on the Federal and State regulations and policies to the
class of the data elements.

The Contractor shall identify the security controls that apply to each data class
and/or type and ensure appropriate controls are established for the Solution
based on data flows through the system.

The Contractor shall maintain and track data types/classifications in the data
dictionary or equivalent process.

The Contractor shall have the ability to provide data classifications for all data
extracted from the Solution.

A.19.7 Regulatory compliance

The Contractor shall demonstrate that the Solution meets or exceeds industry
standards and applicable federal and state security requirements.

The Contractor shall ensure the security of the Solution is compliant with state and
federal standards, regulations and publications, including but not limited to:

A.19.7.2.1 45 Code of Federal Regulations (CFR) Part 95.621(f) Automatic Data

Processing System Security Requirements and Review Process

A.19.7.2.2 NIST Special Publication 800 series

A.19.7.2.3 NIST Cryptographic Module Validation List

(http://csrc.nist.gov/groups/STM/cmvp/validation.html)

A.19.7.2.4 IRS Safeguards Program and IRS Publication 1075

A.19.7.2.5 Federal Records Retention Schedule 44 USC 3303a

78
 A.19.7.2.6 Privacy Act of 1974 at 5 USC 552a

A.19.7.2.7 Computer Matching and Privacy Protection Act of 1988 (CMPPA)

A.19.7.2.8 SSA Information System Security Guidelines for Federal, State, and
Local Agencies

A.19.7.2.9 Child Online Privacy Protection Act

A.19.7.2.10 Medicaid Confidentiality Rules at 42 CFR

A.19.7.2.11 HIPAA

A.19.7.2.12 Federal security and privacy standards adopted by the U.S. Department
of Health and Human Services for Exchanges (MARS-E)

A.19.7.2.13 18 USC 1905 Criminal Code: Disclosure of Confidential Information

A.19.7.2.14 HITECH

A.19.7.2.15 Patient Protection and Affordable Care Act and U.S. Department of
Health and Human Services (HHS) Final Rule

A.19.7.2.16 Governing State Agency Policies and regulations including State and
STS

Once established, no security provisions for firewalls, client and server computers,
and user profiles and controls shall be modified without written State approval.

A.19.8 Security controls

The Contractor shall be responsible for design, development, implementation,

documentation and operation of security controls over access to sensitive
functions and data of the Solution until termination of the contract. Security
controls include, but are not limited to:

A.19.8.1.1 Processes and procedures

A.19.8.1.2 Tools

A.19.8.1.3 Incident monitoring and response that is compliant with MARS-E

A.19.8.1.4 CMS, IRS and SSA continuous monitoring and incident reporting
directives.

The Contractor shall map security controls and standards established in MARS-E
and relevant CMS MEESRP checklists and IRS guidance to requirements for
development and operational processes and procedures.

A.19.9 SDLC-related Security Requirements

The Contractor shall prepare and submit artifacts related to security that shall be
reviewed in Gate Reviews, as defined in the SDLC, and approved by stakeholders
before development may continue.

79
 The Contractor shall prepare architecture artifacts, deliverables and Gate Review
documents as specified in the Table of Deliverables in Section A.27.

The Contractor shall resolve any findings identified from a vulnerability

assessment.

A.19.10 Operations and Maintenance-related Security Requirements

The Contractor shall report data breaches to HCFA Privacy, IS Director, and
Security offices as soon as possible, but no more than twenty four (24) hours from
awareness of the incident or sooner if overriding regulations apply.

A.19.11 Facilities-related Security Requirements

The Contractor’s facilities designated to the project shall meet or exceed all
applicable information security and privacy regulations and policies pursuant to
the data classifications contained, stored, or in transit within the facilities.

The Contractor shall be responsible for notifying The State of any data in the
facilities (electronic, paper, or other) that is not classified as public and related to
State concerns for security and privacy.

The Contractor shall make its facilities reasonably available for inspection by the
State or security staff when requested.

A.19.12 Continuous Monitoring for Changes to Security and Policy

The Contractor shall monitor Federal (CMS, IRS and SSA at a minimum) and
State security policies and regulations as well as those of the States departments
and offices including, but not limited to, STS, HCFA, Defense Information Systems
Agency, and Security Technical Implementation Guides for system hardening.

The Contractor shall define in the System Security Plan the approach to monitor,
analyze and implement any such changes to the State.

A.19.13 Coordination with Third-Party Vendors

The Contractor shall be responsible for ensuring that security and privacy policies,
processes, procedures and appropriate documentation related to the project
environment is satisfactory or identified as a gap for remediation and
escalated/tracked, as appropriate.

The Contractor shall, with regards to the TEDS, perform regular monitoring and
assessment of compliance with security and privacy policies, processes,
procedures and documentation for all those who access the system, as defined by
the State.

A.19.14 Risk Management Framework

The Contractor shall employ a Risk Management Framework consistent and

aligned with the most recent version of the NIST SP 800-37, Guide for Applying
the Risk Management Framework to Federal Information Systems, to ensure that
throughout all Gates Reviews and O&M:

80
 A.19.14.1.1 Information system security related risks are managed in a way that is
consistent with the organization’s mission/business objectives and
overall risk management strategy established by the senior leadership
through the risk executive (function);

A.19.14.1.2 Information security requirements, including necessary security controls,

are integrated into the organization’s enterprise architecture and System
Development Lifecycle (SDLC) processes;

A.19.14.1.3 The framework supports consistent, well-informed, and ongoing security

authorization decisions (through continuous monitoring), transparency of
security and risk management-related information, and reciprocity;

A.19.14.1.4 Information and information systems are effectively secured by

implementation of appropriate risk mitigation strategies.

A.19.15 Security and Privacy Controls and Tools

The Contractor shall provide Security and Privacy Controls

The Contractor shall provide Security and Privacy Tools and appropriate staff
experienced with proposed Tools.

The Contractor shall configure and facilitate all feeds from the Solution to
communicate with established QRadar collectors.

A.20 Organizational Change Management and Training

A.20.1 The Contractor shall adhere to and support the implementation of the State’s OCMT
Approach, and work directly with the OCMT Team for all identified communication and
stakeholder engagement needs. The Contractor shall be identified as a Subject Matter
Authority in the OCMT Approach and shall assist in the execution of any and all sections,
activities, and/or policies per the State-approved OCMT Approach.

A.20.2 The Contractor shall follow timeline milestones that are representative of the required
sequence and timing of activities. Timelines are dependent upon several factors, and the
State reserves the right to adjust timelines and sequences of training events based on
number of users, availability of training facilities, and the determined combination of
instructor-led training and/or self-paced, web-based training learning. Timeline
requirements include but are not limited to:

Training delivery shall begin no fewer than two (2) months prior to each release
and remain open for no fewer than one (1) month after each release, as required
by the State

Training environment shall be established and access granted to the OCMT team
no fewer than seven (7) months prior to each phase release such that the
development of all requisite training materials may begin.

In accordance with the establishment of the training environment, the Contractor

shall provide system training to the OCMT personnel for the purpose of training
materials development.

A.20.2.3.1 System training shall occur six (6) months prior to Go-Live of the TEDS.

81
 Training environment refreshes shall be completed at least daily during single-day
training delivery and as needed during multi-day training delivery.

A.20.3 In accordance with objectives of the OCMT Approach and the requirements defined
below, the Contractor shall fully comply with all responsibilities and/or perform all
activities as a contributing group that supports the successful execution of OCMT.

The Contractor shall provide subject matter experts for training activities.

The Contractor shall develop materials and facilitate train-the-trainer sessions.

The Contractor shall develop and maintain the TEDS training environment.

The Contractor shall perform data setup activities for the TEDS training
environment.

A.20.4 The Contractor shall include, consult, and work directly with assigned project OCMT
personnel for any and all process, systems, and/or operating model planning, analysis,
and/or design efforts, workshops, and/or other meetings

A.20.5 The Contractor shall provide the project plan and validate major milestones and timing to
ensure alignment with Stakeholder and/or OCMT activities across the project lifecycle

A.20.6 The Contractor shall provide process flows (end-to-end processes), including application
process steps and systems documentation (including screen shots) to the OCMT team
that can be utilized as the foundation to build MMP related trainings

A.20.7 The Contractor shall provide resources sufficient to support the following training
activities, including but not limited to:

All those activities defined to support the various phases of the Training Approach
(Analysis, Design, Development, Implementation, and Evaluate) that are included
in subsequent sections of this document

Defining user roles

Supporting the identification of appropriate curriculum and delivery models

Participating and providing information during Training Development Knowledge

Share Sessions

Validating and approving training materials related to the technical Solution

Building and maintaining the training environments

Creation of user profiles and log-in credentials in any quantity as requested by the
State to allow trainers and end users appropriate access to the training
environments

Providing subject matter experts in specific work areas, processes, applications,

etc. to support classroom learning and train-the-trainer programs supplying at
least one (1) SME in each discreet classroom training event

82
 Providing support of post Go-Live training events that encompass prior training
support activities delivered or supported by the Contractor for a period of time as
deemed reasonable by the State

The Contractor shall support the training analysis phase or process by providing
and collaborating with the OCMT Team on an ongoing basis in the following ways,
including but not limited to:

A.20.7.10.1 Providing insight into role definitions and assignments required to

operate and/or support future-state applications and processes

A.20.7.10.2 Providing insight into standard training curriculum requirements required

to support future-state applications and processes

A.20.7.10.3 Providing insights into the training delivery framework required to support
future-state applications and processes

A.20.7.10.4 Actively collaborating with training team to select industry standard

training approaches for the State end user population

A.20.8 The Contractor shall build and maintain two (2) fully functional training environments per
concurrent release representative of the final-state operational system (e.g., final user
interface/GUI) that are dedicated to supporting training activities (training development
and training delivery). The two (2) separate environments must clearly and accurately
reflect upcoming software versions and closely align with the software release schedule.

A.20.9 Training development and training delivery environments shall include a minimum of the
following:

Transactional data (masked according to the security and/or confidentiality

guidelines provided by the State)

Training development environment to stage scenarios, get screen shots, etc., to

support the defined training schedule

Identification and provision of training environment data in order to provide for

scenario based training

Specific trainer profiles & credentials that provide fully functional capabilities within
both the development and delivery environments

Sufficient user profiles respective of future state roles within the State to perform
and execute any and all potential concurrent classes as defined by the training
schedule and/or the State

Associated log in credentials to support user profiles

Training environment shall be established and access granted to the OCMT Team
no fewer than seven (7) months prior to Go-Live of each release to allow the
development of all requisite training materials.

Training environment shall be established and access granted to end-users no

fewer than three (3) months prior to Go-Live of each release.

83
A.20.10 The Contractor shall support the training design and development phases (or process) by
providing and collaborating with the OCMT team on an ongoing basis in the following
ways, including but not limited to:

A.20.10.1.1 Aligning project plan(s) and validating major milestones to support

training timelines

A.20.10.1.2 Providing existing and historical baseline training materials (in digital or
print format as required by the State) such as but not limited to train-the-
trainer training manuals, quick reference guides, PowerPoints,
simulations, etc.

A.20.10.1.3 Actively participating and providing information during training

development knowledge share sessions

A.20.10.1.4 Training and supporting the State-appointed OCMT personnel on any

and all system specific work areas, processes, applications, etc. as
deemed appropriate by the State for the purposes of executing a system-
based scenario training program to all impacted State personnel

A.20.10.1.5 Providing, as requested, validation of future-state process information

and documentation

A.20.10.1.6 Providing or cooperating in the identification of realistic, representative

business scenarios to be used for training development and delivery
purposes as defined by the State

A.20.10.1.7 Providing access to the training development environment at the outset

of the training development phase

A.20.10.1.8 Coordinating and supporting the development and maintenance of

hardware requirements (for example, but not limited to, classroom
computers or laptops, independent servers that might be required to
house training development tools and associated content, etc.) with the
State for training delivery purposes

A.20.10.1.9 Providing a minimum of one hundred (100) training laptops and other
required physical hardware, for State use during training, to support the
training design and implementation of all TEDS-related trainings. All
hardware used (procured or leased by the Contractor) will be adequately
fitted with current training environments and/or software. Facilities and
hardware must be maintained for a minimum of 100 participants.

A.20.10.1.10 Maintaining training and laptop software, hardware, and system services
required by each release’s training needs.

a) The Contractor shall ensure that each provided laptop has, at a

minimum, been configured with, and can successfully run, the then
most current version of Microsoft Suite products, Internet Explorer
and Adobe Reader.

b) The Contractor shall ensure that each laptop system has sufficient
access to the then current TEDS training environment(s) and other
associated software that will be required for training purposes.

84
 c) The Contractor shall determine, with the assistance of the State, the
most efficient manner to access these environments through a
combination of downloaded and internet accessible applications.

d) The Contractor shall ensure that each laptop is installed and

maintained with virus protection software that meets the Contract
requirements at time of usage.

e) The Contractor shall provide the State any necessary advice and
support to ensure that the laptops software is functioning in a
consistent and secure manner throughout training preparation and
course delivery.

f) The Contractor shall maintain the required installed software with the
most current software versions and/or patches throughout the
timeframe of the engagement.

A.20.10.1.11 Adhering to the State’s approved OCMT QM process

A.20.11 The Contractor shall support the Training Implementation phase (or process) by providing
and collaborating with the OCMT Team on an ongoing basis in the following ways,
including but not limited to:

Delivering (or supporting the delivery of) and actively participating in training
and/or classroom sessions and activities as needed and defined by the State in
order to provide subject matter expertise in specific work areas, processes,
applications, etc. (supplying at least one (1) Subject Matter Advisor in each
discreet classroom training event)

Providing feedback on training program for continuous improvement efforts

Providing necessary support for the appropriate maintenance of the training

environment (e.g., making updates to scenarios or transactional data to support
continuous improvement)

Providing necessary resources to execute and maintain an active training

environment refresh schedule based on scheduled training events to support any
and all potential concurrent classes defined by the training schedule

Actively participate in any and all necessary hardware and other training
infrastructure support activities to ensure smooth and consistent training delivery

Training Delivery shall begin no fewer than two (2) months prior to each release
and remain open for no fewer than one (1) month after each release as required
by the State

A.20.12 The Contractor shall support the Training Evaluation phase or process by providing and
collaborating with the OCMT Training team in the following ways, including but not limited
to:

Developing a Knowledge Transition Plan that encompasses prior training support

activities delivered or supported by the Contractor

85
 Providing support of Post Go-Live training events that encompasses prior training
support activities delivered or supported by the Contractor for a period of time as
deemed reasonable by the State

A.20.13 The Contractor shall support any and all CMS related awareness and training. The
Contractor shall work with the OCMT team to ensure that the course is incorporated into
the overall curriculum, and the Contractor shall provide all relevant content/SME input,
and ensure that the presentation and delivery is consistent with State curriculum
standards

A.20.14 The Contractor shall support any and all other training activities to ensure an effective,
positive learning experience as required by the State

A.20.15 The Contractor shall provide a full-time, dedicated OCMT counterpart with appropriate
OCMT background, to be approved by the State, whose responsibilities shall include, at a
minimum, the effective and timely execution of any and all OCMT activities throughout
the duration of all relevant Program project lifecycles

A.21 Quality Assurance and Monitoring

A.21.1 The Contractor shall comply with the State’s Quality Assurance Plan. The Contractor
shall maintain compliance with all Plan components including project management and
staff, contractors, and other participants in the project and all project activities.

A.21.2 The Contractor shall collaborate with the State to align the Contractor’s Quality
Assurance Plan to the State’s Plan to support the monitoring methodology for the DDI
stage of the project.

A.21.3 The Contractor shall provide an overall Quality Assurance Plan, customized for the EMP.

A.21.4 The Contractor shall establish QA roles & responsibilities internally and with the State
Project Manager and sponsor.

A.21.5 In conjunction with the State and Other State Contractors, the Contractor shall support
the internal QA process, including adhering to quality standards and supporting the effort
to validate and verify that standards are met.

A.21.6 The Contractor shall provide access and training for usage of any tools that will be used
in implementing and monitoring the process

A.21.7 The Contractor shall incorporate a QA review which results in remediation plans for both
current and future project deliverables.

A.21.8 The Contractor shall conduct internal quality reviews for all deliverables before the
deliverables are submitted to the State.

A.21.9 The Contractor shall support QA reviews performed by the State or State Contractors.
The activities for which they will support include, but are not limited to: deliverable
walkthroughs, incorporating revisions into deliverables, and supporting Gate Reviews.

A.21.10 The Contractor shall monitor the performance of each service against the service specific
KPIs defined in Deliverable 28. The Contractor shall be responsible for reporting the KPIs
and the associated supporting metrics at an agreed upon frequency with the State. The
Contractor shall also be responsible for maintaining the agreed upon SLAs associated
with these KPIs and supporting metrics as designated by the State. The State reserves

86
 the right to require the Contractor to monitor and report on additional KPIs for
performance areas based on deficiency. The KPI SLA reporting shall be input into the
Contractor’s CIP, described in detail in Section A.17.2.

A.22 Staffing

A.22.1 General Staffing Requirements. All personnel shall be employees or contracted staff of
the Contractor and shall be fully qualified to perform the work required in this Contract.
The Contractor shall provide experienced, qualified professionals to ensure the success
of this project. Contractor personnel shall be qualified, allocated, present, focused and
engaged with State, other State entities and other State Contractors. The Contractor shall
provide these personnel in sufficient quantity to enable the Contractor to provide
consistent and high quality deliverables and supporting work product, even during
periods in which work on multiple projects are underway.

Contractor work will normally occur during the State‘s core business hours (8:00
AM to 5:00 PM Central time, Monday through Friday), during which the Contractor
must provide coverage of key business areas. As directed by the State,
exceptions may occur to accommodate scheduled project events that must occur
during evenings or on weekends. The parties agree that the Contractor will furnish
Contractor personnel as needed for these after-hours projects. Contractor work
and travel schedules shall be approved in advance by the Program Director. The
Contractor shall have production support staff available twenty four (24) hours per
day seven (7) days per week during Operations and Maintenance.

Other than required approval of Key Personnel and subcontracted staff by the
State, the Contractor shall have total responsibility for hiring and management of
any and all Contractor staff and subcontractors determined necessary to perform
the services in accordance with the terms of the Contract. The Contractor is
responsible for maintaining a level of staffing necessary to perform and carry out
all of the functions, requirements, roles, and duties as contained herein,
regardless of the level of staffing included in its proposal, and upon a failure to do
so, as reasonably determined by the State after consultations with the Contractor,
the State may use the CM process to indicate dates by which staffing increases or
replacements must be made. Failure to meet the staffing deadlines in the CM may
lead to the imposition of Liquidated Damages as specified in Section A.22.10.4.

On-site Staffing Requirements. For purposes of this Contract, whenever the term
“on-site” appears, it shall mean that the indicated Contractor staff and/or
subcontractors shall be physically present during the percentages identified in
Section A.22.15 and A.22.16, from their start date throughout the term of the
Contract or until they are no longer performing services under the Contract.
Personnel are considered on-site when working at either the Contractor’s offices
described in Section A.23 or at the HCFA offices located in Nashville, Tennessee
as required by the State. “On-site” positions also require the Contractor staff
and/or subcontractors to meet the dedication requirements for each role.
Percentage dedicated means that the personnel shall be assigned to work the
required portion of their time on the services to be provided under this Contract
and the personnel may not work full or part time on other work unless approved in
advance in writing by the State.

A.22.1.3.1 Roles that are established to support Operations and Maintenance

through the remainder of the Contract and that are staffed shall be
included in the measurement of Operations and Maintenance headcount
for a given period, even though they may also be supporting
enhancement activity for the same period.

87
 State approval of Contractor’s Staff. The State shall have the discretion to
approve or disapprove of the Contractor’s and any of its subcontractor’s Key
Personnel, or to require the removal or reassignment of any Contractor’s
employee or subcontractor personnel found unacceptable to the State for work
under this Contract only.

Contractor Staff and CMS Reporting Requirements. The Contractor shall keep
track of resource costs, both personnel and technical, on a per project basis in
order to satisfy both the State and CMS reporting requirements for enhanced
federal funding assistance. These resource costs shall be maintained by the
Contractor and provided to the State upon request to support all time and
materials projects. After consultation with the Contractor, the State will approve an
invoice format that will meet the needs of the State and CMS. The Contractor shall
submit an invoice in the required format for approval once the State has issued its
acceptance of the deliverable.

A.22.2 Subcontracted Staff. The Contractor may not subcontract, transfer, or assign any portion
of the Contract without prior written approval of the State given after review and approval
of the Contractor’s proposed subcontract, transfer agreement, or assignment agreement.
The State reserves the right to refuse approval, at its sole discretion, of any subcontract,
transfer, or assignment and to revoke, at any time, its prior written approval of any
subcontractor, transferee or assignee.

With regard to those subcontractors approved by the State during procurement of this
Contract, the Contractor shall provide the State with a fully executed, complete copy of
each subcontract on or before the earlier to occur of: (a) such subcontractors beginning
work on this Contract, or, (b) within thirty (30) days of execution of the Contract. With
regard to subcontractors approved by the State and engaged by Contractor after the
Project Start Date, the Contractor shall provide the State with a fully executed, complete
copy of each subcontract on or before the earlier to occur of: (a) such subcontractors
beginning work on this Contract, or, (b) within thirty (30) days of the State’s approval of
the subcontract.

The Contractor may only substitute another subcontractor for a subcontractor previously
approved by the State at the discretion of the State and with the State’s prior, written
approval.

Notwithstanding any State approval relating to subcontracts, the Contractor shall be the
prime contractor and shall be responsible for all work under the Contract.

A.22.3 Key Personnel Requirements. For purposes of this Contract, the term “Key Personnel”
refers to Contractor personnel deemed by the State to be essential to the Contractor’s
satisfactory performance of the requirements contained in this Contract. Contract Section
A.22.15 contains the required Key Project Personnel positions, corresponding roles and
responsibilities and minimum qualifications for each.

All Key Personnel shall be employed by the Contractor and be present full-time at
either the Contractor’s offices described in Section A.23 below or at HCFA’s
offices in Nashville, Tennessee from their start date throughout the project.
Changes to this arrangement must receive prior approval from the State.

The Contractor shall obtain written prior State approval of all Key Personnel.
Resumes for Key Personnel must be provided for State review at least thirty (30)
days prior to the expected employee’s start date. The State may require in-person
interviews with these individuals prior to the employee’s start date. The same
person may be able to fill a different position in different Gate Reviews. The State

88
 will consider suggestions for alternative alignment of duties. Changes to the
proposed positions, staff and responsibilities will only be allowed with prior written
permission from the State.

If the Contractor’s methodology deems an additional Key Personnel position(s)

necessary, beyond the positions listed in the table below, the Contractor must
identify these positions and provide a complete description of how these positions
support the fulfillment of the Contract scope of work. All Contractor Key Personnel
must be formally committed to join the project by the beginning of the Project Start
Date.

If any Contractor staff members are not employees of the Contractor, the
Contractor is required to identify those personnel, provide the State with
agreements establishing their subcontract and the Contractor must receive
approval of that subcontract with the State.

References for Key Personnel shall meet the following requirements:

A.22.3.5.1 Must include a minimum of three (3) professional references outside the
employee’s current employer who can provide information about the key
person’s work on relevant past assignments;

A.22.3.5.2 Must include the reference’s full name, mailing address, telephone
number and e-mail address;

A.22.3.5.3 For any client contact listed as a reference, must also include the
agency’s or company’s full name with the current telephone number and
e-mail address of the client’s responsible project administrator or service
official who is directly familiar with the key person’s performance;

A.22.3.5.4 Must reflect the key person’s professional experience within the past five
(5) years; and

A.22.3.5.5 Must include all professional certifications and affiliations.

Key Personnel resumes shall include the following information:

A.22.3.6.1 Employment history for all relevant and related experience

A.22.3.6.2 Names of employers for the past five (5) years, including specific dates

A.22.3.6.3 All educations institutions attended and degrees obtained

A.22.4 Key Personnel Replacements. The State retains the right to approve or disapprove
proposed Key Personnel staffing and reserves the right to require the Contractor to
replace specified staff. The Contractor agrees to substitute, with the State’s prior
approval, any such employee so replaced with an employee of equal or better
qualifications. The Contractor shall provide an interim resource within five (5) business
days for any Key Personnel vacancies regardless of the reason for the vacancy. The
Contractor agrees to propose within thirty (30) days, and appropriately staff within forty-
five (45) days, any changes made to Key Project Personnel, regardless of the reason for
the change. In the event it becomes necessary to replace Key Personnel during the term
of this Contract, the Contractor shall:

89
 Provide the State Program Director with written notification of such replacement,
providing, when possible, for a two (2) week period for knowledge transfer from
the Key Personnel to the replacement personnel. This knowledge transfer shall be
provided at no charge to the State;

Provide the State Program Director with documentation describing the

circumstances of the need for the replacement;

Provide documentation of experience for the proposed replacement personnel;

and

Obtain prior written approval from the State Program Director.

During the first eighteen (18) months of the Contract performance period, no
substitutions of Key Personnel shall be permitted unless such substitutions are
necessitated by an individual’s sudden illness, death, or resignation, or otherwise
approved by the State Program Director or requested by the State. In any of these
events, the Contractor shall follow the steps outlined above. Failure to meet the
prior notice and approval requirements herein may result in the imposition of
Liquidated Damages as contained in Section A.22.10.4.

A.22.5 Non Key Personnel Requirements. The Contractor shall ensure that a sufficient number
of appropriately qualified and trained personnel are employed and available at all times
necessary to perform and carry out the services required under the Contract. Staff
proposed for assignments shall be persons that have relevant domain knowledge as
appropriate for such job title classifications.

Unless otherwise agreed by the State, the job title classification of individuals assigned
to a project shall not change during the project.

In providing the services required under this Contract the Contractor shall provide, at a
minimum the Non-Key Personnel identified in Section A.22.16. The quantity of the
personnel for each of the positions shall provide an appropriate level of service
necessary for the TEDS.

A.22.6 Staffing Management Plan

A.22.7 The Contractor shall develop and adhere to a Staffing Management Plan for conducting
the day-to-day management of all resources in support of EMP activities. The Plan shall
define the organizational structure, roles, and responsibilities of the personnel, staffing
levels, and other resources information. It shall define the criteria and process used to
develop staffing estimates and determine staffing qualifications. It shall contain detailed
organizational charts. The organization structure must identify Key Personnel by name,
title and job function, the percentage of time allocated to the EMP, and whether each
position will be filled by a State person, Contractor employee, or other Contractor
employees (i.e. TAS or SPMO).

A.22.8 Staffing Needs Planning and Monitoring Processes

The Contractor shall provide an overview of the preliminary and ongoing Staff
Planning and Monitoring Processes, specifically highlighting processes around
planning for future needs and monitoring of project assignments, contract
timelines, and associated decisions for release or renewal of personnel.

A.22.9 Staffing Tracker

90
 The Contractor shall develop a Staffing Tracker that summarizes initial and
ongoing Solution resource needs and documents resource levels and
assignments.

The Contractor shall maintain and update the Staffing Tracker on a regular basis
for review, at least once per quarter and more frequently as requested by the
State.

A.22.10 Key Personnel Transitions

The Contractor shall develop a Key Personnel Transition Plan, for completion by
Key Personnel in the event that they change roles or leave the project. Completed
Plans shall identify a replacement for the Key Personnel in question.

The Contractor shall seek prior approval from the State for any replacements to
be made in key roles. The Contractor may replace Key Personnel with individuals
with comparable experience and qualifications as those submitted by the
Contractor in their Response to RFQ 32101-15557 within fifteen (15) business
days, pending State approval. The Contractor shall submit resumes and allow the
State to interview applicants as part of the approval process, at least five (5)
business days before the intended start date.

The Contractor shall provide an interim resource within five (5) business days for
any Key Personnel vacancies regardless of the reason for the vacancy.

Staffing Liquidated Damages. Failure by the Contractor to meet the timeframes for
staffing vacancies and replacements as set forth in Sections A.22.4 and A.22.3, or
any staffing timeframe contained in a CM as specified in A.22.1.2, may, at the
State’s sole discretion, result in Liquidated Damages in the amount of five
hundred dollars ($500) per business day until Contractor complies with the stated
timeframe.

The Contractor shall maintain a sufficient quantity of staff composed of Project

Managers, Business Analyst, Programmer Analyst, and Testers necessary to
accommodate enhancements during Operations and Maintenance (O&M).

A.22.11 Managing Staffing Changes

The Contractor shall provide an overview of the key steps required in order to
acquire, onboard, and off-board staff.

The Contractor shall provide guidance on the necessary steps to make staffing
assignment changes. The Contractor shall also define procedures for Key
Personnel transitions.

The Contractor shall develop the following documents for managing staffing
changes and use the documents in the processes as detailed in the table below:

Table 2: Documents
Form Onboarding Role Transitions Off-Boarding
Onboarding Checklist X
Onboarding Arrival Packet X
Acceptable Use Policy and X
Information Protection Plan

91
Form Onboarding Role Transitions Off-Boarding
Roll-On Form X X
Team Member Transition Plan X
Roll-Off Form X
Off-Boarding Checklist X

The Contractor shall develop an Onboarding Checklist to assist in onboarding

new resources. The Onboarding Checklist shall provide the new employee with an
orientation to the EMP and relevant State and Federal regulations and policies.
Additionally, the Checklist shall ensure that administrative items such as building
access and equipment distribution are appropriately handled.

The Contractor shall develop a Team Member Transition Plan to be completed by

Contractor resources when assignments change within the project organization.

The Contractor shall submit all completed plans to the SPMO for review and
validation.

The Contractor shall provide at least two (2) weeks’ notice before resource roll-off.

A.22.12 Turnover Stage Staffing

The Contractor shall provide a full-time turnover manager as a designated point

person to interact with the State and successor contractor until Contract closeout
is completed.

The Contractor shall provide and retain sufficient turnover staff in the required
mix, inclusive of technical (e.g. systems analysts, technicians) and non-technical
(e.g. clerical staff, business analysts) resources to complete the services and
meet the requirements specified in the Contract.

The Contractor shall include in the Staffing Management Plan staffing for
operations during the Turnover Stage.

The Contractor shall acquire State approval for Key Personnel appointments and
replacements.

The Contractor shall provide unrestricted access to appropriate Contractor

personnel for discussion of problems or concerns.

The Contractor shall provide, at minimum, a two (2) week overlap transition period
for all Key Personnel transitions. During this time the successor shall be trained
on all transferred activities to ensure continuity.

A.22.13 Off-Boarding

The Contractor shall complete the Off-Boarding Checklist, one (1) week prior to
resource departure, with assistance from the work stream lead and the team
member rolling off.

The Contractor shall provide prior notification, in the event of resource departure,
with appropriate forms to the State’s Access Management team and appropriate
State management staff, in advance of termination if known or immediately after
the employee submits their resignation.

92
A.22.14 CMS Certification

The Contractor shall provide a sufficient quantity of staff necessary to support the
enhanced efforts to monitor, identify, and address initial production issues and
plan, prepare, execute, and achieve CMS certification.

The Contractor shall provide a Certification Manager to interact in tandem with the
State and the IV&V Contractor.

The Contractor shall provide a State-approved team of resources to monitor,

track, and correct identified issues.

The Contractor shall provide a State-approved team of dedicated resources for

preparation and support of CMS certification.

93
 A.22.15 Key Personnel Table

Table 3: Key Personnel Table

Key Position Description Qualifications Requirements
Account a) Shall serve as the onsite a) A minimum of eight (8) years of experience a) Shall not serve in any other
Executive or program executive for the in managing and leading a large-scale or position.
Program Contractor enterprise-wide health care IT systems b) Shall be one hundred
Executive contract or project that encompasses a full percent (100%) allocated to
SDLC from initiation through post the project through
implementation and includes Operations Implementation.
and Maintenance. c) Shall be onsite ninety
b) A minimum of five (5) years of experience percent (90%) percent of the
serving in an account management or client time.
representative position. d) Shall be available as needed
c) Subject matter expertise on State and post Go-Live.
Federal Medicaid regulations and policies.
d) Previous experience with cost reporting,
profit and loss statements, and budget
compliance.
e) Previous responsibility for managing
subcontractor resources, if subcontractors
are included as part of the Contractor’s
Response to RFQ 32101-15557.
f) Previous experience following a standard
project management methodology and in
using various project management tools in
developing project plans, delivering tasks,
and tracking timelines and resources.
g) Broad IT-related experience
h) PMI or generally equivalent certification.
DDI Manager a) Responsible for the Design, a) A minimum of ten (10) years of experience a) Shall not serve in any other
Development, and implementing and integrating large-scale position.
Implementation of eligibility health care IT solutions within environments b) Shall be one hundred
Solution similar to that of the TEDS. percent (100%) allocated to
b) Subject matter expertise on State and the project through
Federal Medicaid regulations and policies. Implementation.
c) Previous experience following the c) Shall be onsite ninety
Contractor’s development methodology and percent (90%) of the time.
in using various project management tools d) Shall be available as needed
in developing project plans, delivering tasks, post Go-Live.
and tracking timelines and resources.

94
Key Position Description Qualifications Requirements
d) Heavy background in IT development,
infrastructure, security, and Operations and
Maintenance projects.
e) Relevant experience and advanced skills
with development tools, multiple software
languages, and programming best practices.
f) PMI certification is preferred.
Technical a) Shall serve as the project Chief a) A minimum of seven (7) years of experience a) Shall not serve in any other
Solution Lead Information Officer (CIO) for the implementing large-scale health care IT position.
eligibility Solution. solutions within environments similar to that b) Shall be one hundred
of the TEDS. percent (100%) allocated to
b) Possess expert knowledge of the the project through
Contractor’s Solution, having implemented Implementation.
the Solution in no less than one (1) c) Shall be onsite ninety
environment at least as complex as the percent (90%) of the time
TEDS. d) Shall be available as needed
c) Possess extensive experience developing post Go-Live.
solutions utilizing an integrated development
environment, multi-tier platforms and
employing SOA architecture with high
availability/reliability requirements.
d) Must be proficient in multiple languages,
SOA technologies, operating systems and
security best practices.
Business a) Shall serve as the project Chief a) A minimum of seven (7) years of experience a) Shall not serve in any other
Solution Lead Operations Officer for the implementing large-scale health care IT position.
eligibility Solution. solutions within environments similar to that b) Shall be one hundred
of the TEDS percent (100%) allocated to
b) Possess five (5) years of experience the project through
extracting and documenting business rules Implementation.
c) Possess a working knowledge of business c) Shall be onsite ninety
process modeling percent (90%) of the time.
d) Possess expert knowledge of the d) Shall be available as needed
Contractor’s Solution, having implemented post Go-Live.
the Solution in no less than one (1)
environment at least as complex as the
TEDS
e) Possess expert knowledge of national policy
and standards that impact the Medicaid
environment.

95
Key Position Description Qualifications Requirements
Quality a) Shall serve as the project QA a) Possess a minimum of five (5) years of a) Shall not serve in any other
Assurance/Cont Manager for the eligibility experience developing and executing quality position.
rol Lead Solution assurance/control programs for solutions b) Shall be one hundred
b) Responsible for EMP quality similar to the Contractor’s Solution for the percent (100%) allocated to
control TEDS the project through
b) Previous experience serving in a Quality Implementation.
Control Manager or Lead position. c) Shall be onsite ninety
c) Possess a working knowledge of the percent (90%) of the time.
Contractor’s Solution for the TEDS. d) Shall be available as needed
d) Previous experience leading large scale or post Go-Live.
enterprise-wide testing rollouts and
deployments.
e) Possess a working knowledge of business
processes associated with the TEDS.
f) Must have general knowledge with multiple
programming languages, SOA technologies,
operating systems and security best
practices.
OCMT Liaison a) Working closely with State a) Possess a minimum of five (5) years of a) Shall not serve in any other
designated team to make sure experience developing and executing position.
deliverables are met on time and training programs for solutions similar to b) Shall be on-site for all
on budget Contractor’s Solution for the TEDS. training activities.
b) Coordinate and Manage b) Possess a working knowledge of document
instructional design staff management practices and principles.
c) Liaison between parties to c) Possess a working knowledge of the
address obstacles and ensure Contractor’s Solution for the TEDS.
time access to all required d) Possess a working knowledge of business
systems processes associated with the TEDS.
d) Adherence to project plan e) Previous experience working with document
e) Working with State Project management platforms to include document
OCMT Team to support the version control and management workflow
development of relevant
materials and timely deliverable
of all training requests
f) Facilitate working relationship
with State OCMT Team and
SME’s
g) Facilitate working sessions
between State OCMT Team and
SME’s to conduct knowledge
sharing sessions

96
Key Position Description Qualifications Requirements
h) Facilitate working sessions
between State OCMT Team and
SI’s technical groups for
collaboration and knowledge
sharing
Project a) Shall serve as the Contractor a) A minimum of five (5) years of experience a) Shall be allocated one
Management liaison to the SPMO and TAS developing and managing a PMO for a large hundred percent (100%) to
Office (PMO) Contractors. scale or enterprise-wide health care IT the project through
Manager b) Responsible for project’s PMO. systems contract or implementation. implementation.
b) A minimum of ten (10) years of experience
managing IT systems programs and/or
projects.
c) Must be PMI certified.
Infrastructure a) Responsible for defining and a) Possess a minimum of five (5) years of IT a) Shall not service in any
Architect documenting network, security, infrastructure management experience with other position.
server, SOA and the OS a strong preference towards healthcare b) Shall be one hundred
specifications for the Solution. environments. percent (100%) allocated to
b) Shall ensure that policies, b) Possess a minimum of three (3) years of the project through
standards, and procedures experience managing projects of similar size Implementation.
related to infrastructure are and complexity. c) Shall be onsite ninety
established, communicated, and c) Must have advanced knowledge working percent (90%) of the time.
enforced with multiple programming languages, SOA d) Shall be allocated 75%
c) Shall work closely with the HCFA technologies, operating systems and through subsequent
IS Architect and STS to translate security best practices. deployments of DDI.
the infrastructure architecture for d) Expert understanding of OS(s) that Solution e) Shall be available as needed
the Solution into build standard is running on post Go-Live.
STS build specifications. e) Strong understanding of VMWare
f) Solid understanding of Load Balancing (F5
LTM & GTM preferred)
g) Solid understanding of Internet access using
a DMZ for things such as, but not limited to:
proxies, web servers, firewalls, DNS and
Certificates
h) Knowledge of complex network routing
i) Familiarity of DBMS used for Solution
j) Solid knowledge regarding Storage Area
Networks (Preferably Hitachi).
Configuration & a) Service Assets Management a) Minimum of five (5) years’ experience in a a) Shall be one hundred
Assets Manager b) Configuration Items Management configuration and assets manager role for a percent (100%) allocated to
c) Product Currency Management large scale, mission critical environment the project through O&M.

97
Key Position Description Qualifications Requirements
d) License Management b) Possess knowledge of working with multiple b) Shall be onsite ninety
e) CMDB Implementation & programming languages, SOA technologies, percent (90%) percent of the
Management operating systems and security best time
practices
c) Possess ITIL certification
Service Desk, a) Shall serve as the project a) Possess a minimum of five (5) years’ a) Shall be allocated one
Production Operations Manager for the experience managing Production hundred percent (100%) to
Control & eligibility Solution Control/Operations management of a the project beginning from
Operations b) Shall have the responsibility for 24/7/365 environment on large-scale health UAT through ongoing
Center Manager monitoring and support of the care programs and solutions similar to the operations
Solution. environments and scale of the TEDS. b) Shall be on site one hundred
c) Shall prepare the daily/monthly b) Possess (5) years’ experience in managing percent (100%) of the time
Operations Report. networks, servers, batch scheduling,
d) Manage staff 7/24/365 and console activities, service desk
ensure reliability and availability management, and security similar to the
for multiple system platforms technical architecture for the TEDS.
including infrastructure, c) Must have advanced knowledge working
databases, backups, trouble with output management, print, console
shooting, problem resolution, operations, system administration, operating
escalation, and notification. systems, production control scheduling,
e) Schedule and coordinate batch technical writing, and security best practices
jobs, system installs, upgrades
and outages.
f) Establish priority problem
resolution, notification and
escalation to appropriate support
personnel to meet schedules and
Service Level Agreements
g) Monitor and administer support
and services for all Production
Control, Service desk, and
operations activities including
perform all batch scheduling,
production activities, printing,
and print distribution.
h) Provide application, hardware,
network, schedule support and
system monitoring for the
Solution.

98
Key Position Description Qualifications Requirements
i) Shall be responsible for the
development and maintenance of
the SOP manual.
Security a) Responsible for managing the a) Possess a minimum of five (5) years IT a) Shall not serve in any other
Manager implementation and development security industry experience with at least position.
of IT security over the course of three (3) years in a healthcare related b) Shall be one hundred
the project. environment. percent (100%) allocated to
b) Shall ensure that security b) Possess a minimum of three (3) years of the project through O&M.
policies, standards, and experience managing projects of similar size c) Shall be onsite ninety
procedures are established and and complexity to the EMP. percent (90%) percent of the
enforced. c) Possess a Certified Information Systems time.
c) Shall coordinate information Security Professional (CISSP), Certified
security inspections, tests, and Information Security Manager (CISM), or
reviews and oversee the security equivalent security certification (e.g., GIAC
team. (Global Information Assurance Certification)
d) Responsible for coordination and Security Expert, Certified Ethical Hacker,
compliance activities relative to GIAC Certified Incident Hacker, GIAC Web
the project including, but not Application Penetration Tester, GIAC
limited to, MARS-E, Fortify Penetration Tester)
reporting, audit, SSR, etc. d) Possess a Bachelor’s Degree in an IT-
related field OR four (4) years of industry
experience in addition to the general
requirement for five (5) years of security
experience.
e) Must be familiar with at least one major
security compliance framework and be able
to demonstrate a firm understanding of
relevant State and Federal security/privacy
regulations and policies, specifically under
NIST, HIPAA, and IRS Pub. 1075
f) Must have excellent communications skills,
technical writing skills, small group
facilitation skills, and formal presentation
skills.
CIP Manager a) Shall collect data, compile, and a) A minimum of eight (8) years of experience a) Shall not serve in any other
report on KPIs and SLAs. in managing large scale or enterprise-wide position.
b) Responsible for managing the technology projects. Must have broad b) Shall be one hundred
customer expectations and all experience managing IT systems contracts, percent (100%) allocated to
CIP functions. SLAs, KPIs, and process improvement the project through O&M.
c) Gather and analyze metrics to programs.
accurately reflect schedule b) Must have working experience with system
design and capacity planning.

99
Key Position Description Qualifications Requirements
performance relative to c) A minimum of five (5) years of experience c) Shall be onsite ninety
established SLAs. serving in an IT management position in a percent (90%) percent of the
technical area. time.
d) Subject matter expertise on system design, d) Shall be available as needed
system build, and O&M. post Go-Live.
e) Previous experience with ITIL and other
operating frameworks.
f) Must have relevant IT experience with all
technical aspects of the Solution.
Database a) Responsible for designing, a) A minimum of five (5) years’ experience a) Shall not serve in any other
Architect developing, and implementing developing and implementing one or more position.
infrastructure to provide highly- industry standard database systems. b) Shall be one hundred
complex, reliable, and scalable b) Capable of hands-on work in all phases of percent (100%) allocated to
databases to meet the database design and management the project through
organization’s objectives and c) Significant experience managing operational Implementation.
requirements. databases including handling complex c) Shall be onsite ninety
b) Shall assist in defining system migrations with mission critical applications percent (90%) percent of the
and application architecture and d) Extensive experience dealing with sensitive time.
provide vision, problem data, and health care industry standards d) Shall be available as needed
anticipation, and problem solving and regulations post Go-Live.
ability.
e) Experience with technical requirements for
data classification and implementing data
protection technologies.
f) Must be knowledgeable of secure coding
practices for databases.
Conversion e) Oversees the conversion of a) Minimum of five (5) years’ experience a) Shall not serve in any other
Manager legacy data into the EMS managing complex conversion projects from position.
database. disparate legacy databases into different b) Shall be one hundred
f) Coordinates and manages data models. percent (100%) allocated to
Conversion staff and tasks. b) Must have experience with the Contractor’s the project through
g) Works with all appropriate staff to chosen ETL/Conversion toolset (at least two Implementation.
coordinate conversion efforts. (2) prior conversions). c) Shall be onsite ninety
c) Experience with managing and documenting percent (90%) percent of the
conversion efforts and staff. time.
d) Shall be available as needed
post Go-Live
Application a) Shall provide application a) A minimum of five (5) years of experience a) Shall not serve in any other
Architect architecture and design building and supporting mission critical, position.
recommendations based on multi-tier large scale health care b) Shall be one hundred
existing State standards. applications. percent (100%) allocated to

100
Key Position Description Qualifications Requirements
b) Shall be knowledgeable of secure coding the project through
practices. Implementation.
c) Experience with technical requirements for c) Shall be onsite ninety
data classifications and implementing data percent (90%) percent of the
protection technologies. time.
d) Must possess extensive experience d) Shall be available as needed
developing solutions utilizing an integrated post Go-Live.
development environment, multi-tier
platforms and employing SOA architecture
with high availability/reliability requirements.
e) Must be proficient in multiple languages,
SOA technologies, operating systems and
security best practices.
SOA Architect a) Shall design and implement the a) Experience with Oracle Service Bus and a) Shall not serve in any other
integration between the TEDS Business Process Execution Language position.
and other State standard COTS service development – Web Services, b) Shall be one hundred
software SOAP, Web Service Description Language, percent (100%) allocated to
b) Shall use the latest SOA XML, Extensible Stylesheet Language the project through
technologies and Web Services Transformations, XML Path Language, Implementation.
frameworks Hyper Text Markup Language, and c) Shall be onsite ninety
Universal Description, Discovery, and percent (90%) percent of the
Integration time.
b) Knowledge includes advanced work on d) Shall be available as needed
standard applications programs including post Go-Live.
coding, testing, and debugging
c) Strong knowledge of the object-oriented
analysis and design patterns/techniques
d) Extensive experience with web applications.
e) Must possess extensive experience
developing solutions utilizing an integrated
development environment, multi-tier
platforms and employing SOA architecture
with high availability/reliability requirements.
f) Must be proficient in multiple languages,
SOA technologies, operating systems and
security best practices.

A.22.16 Non-Key Personnel Table

101
Position Description Qualifications Requirements
Technical a) Enterprise Architecture a) A minimum of five (5) years’ experience a) Shall not serve in any other
Solution b) Build book planning and design implementing large-scale health care IT position.
Architect c) Demand Management solutions within environments similar to that b) Shall be one hundred
of the TEDS percent (100%) allocated to
d) Availability Planning
b) Experience implementing data warehouse the project through
e) Capacity Planning solutions within an integrated environment Implementation.
f) Security & Privacy compliance and employing SOA and intelligent business c) Shall be onsite ninety
reporting. percent (90%) of the time.
c) Must possess extensive experience d) Shall be available as needed
developing solutions utilizing an integrated post Go-Live.
development environment, multi-tier
platforms and employing SOA architecture
with high availability/reliability requirements.
d) Must be proficient in multiple languages,
SOA technologies, operating systems and
security best practices.
Technical a) Platform support including a) Minimum of five (5) years’ experience with a) Shall not serve in any other
Specialist troubleshooting, contributing to Web technologies and tools position.
Application and root cause analysis, and problem b) Strong Systems Administration skills b) Shall be allocated one
Web Platforms resolution c) Web hosting, caching and proxy software hundred percent (100%) to
b) Identifying and assessing risks, and related technologies the project through
determining impact to platform d) Extensive knowledge of Web Application Implementation.
and mitigation plans and Operating System security c) Shall be on site ninety
percent (90%) of the time.
d) Shall be available as needed
post Go-Live.
Database a) Shall recommend solutions by a) Minimum of five (5) years’ experience a) Shall be one hundred
Administrator defining database physical managing a complex RDBMS environment percent (100%) allocated to
structure and functional on a UNIX platform with multiple the project through O&M.
capabilities, database security, environments (development, test, b) Shall be onsite one hundred
data back-up, and recovery production, etc.) percent (100%) of the time.
specifications. b) Broad knowledge of database administration
b) Shall maintain database tool sets.
performance by calculating c) Experience with database software
optimum values for database installation, upgrades, management,
parameters, implementing new troubleshooting, design, support (including
releases, completing backups and recovery), data migration
maintenance requirements, and techniques and database security
evaluating computer operating d) Extensive experience using and tuning SQL
systems and hardware products.
e) Experience with database conversions from
disparate systems(s).

102
Position Description Qualifications Requirements
c) Responsible for maintaining
separation of duties as required
by security industry standards.
Conversion a) Designs, programs, tests, and a) Minimum of five (5) years’ experience a) Shall not serve in any other
Architect/Progr tunes the conversion code to designing, programming, administering and position.
ammer move data from multiple tuning complex conversions that move data b) Shall be one hundred
database environments into the from multiple disparate legacy databases percent (100%) allocated to
Contractor Solution. into separate/different data models the project through
b) Ensures converted data b) Must have hands on experience with the Implementation.
maintains integrity, accuracy and Contractor’s chosen ETL/Conversion toolset c) Shall be onsite ninety
meets performance expectations. (at least two (2) prior conversions) percent (90%) percent of the
c) Experience with writing, testing, configuring time.
and tuning conversion code d) Shall be available as needed
post Go-Live
Interface Lead a) Shall serve as the project a) Possess a minimum of five (5) years of a) Shall not serve in any other
Interface lead for the eligibility experience developing and deploying position.
Solution interfaces for systems similar to Contractor’s b) Shall be one hundred
Solution percent (100%) allocated to
b) Possess a minimum of five (5) years of the project through
experience performing data warehouse, Implementation.
data cleansing, or data conversion activities c) Shall be onsite ninety
for systems similar to the Contractor’s percent (90%) of the time.
Solution. d) Shall be available as needed
c) Possess extensive experience supporting post Go-Live.
multi-tier platforms that employ SOA.
d) Shall be familiar with multiple languages,
SOA technologies, operating systems, and
security industry standards.
e) Possess a minimum of three (3) years of
experience managing a data conversion or
interface design project similar to the needs
of the TEDS.
f) Possess excellent written and oral
communications skills.
g) A Bachelor’s Degree in IT or a related field
is preferred but not required.
Web Portal a) Web portal systems a) Minimum of five (5) years of experience a) Shall not serve in any other
Specialists administrator administrating web portal services in a large- position.
b) Proactively monitor and maintain scale IT environment b) Shall be allocated one
Web Portal environments b) Extensive experience with industry standard hundred percent (100%) to
ensuring high performance, web tools

103
Position Description Qualifications Requirements
security, and quick issue c) Strong analytical and problem solving skills the project through
resolution Implementation.
c) Shall be on site ninety
percent (90%) of the time.
d) Shall be available as needed
post Go-Live.
Senior (Web) a) Assist staff with the analysis of a) Minimum of eight (8) years’ of working a) Shall not serve in any other
Programmer functional business applications, experience as a computer specialist or a position.
Analyst design specifications, and computer systems analyst b) Shall be allocated one
application development. b) At least five (5) years’ of experience as a hundred percent (100%) to
b) Translates detailed designs into Computer Systems Analysts the project through
computer software c) Minimum of five (5) years’ experience Implementation.
c) Tests, debugs, and refines the implementing and maintaining web portals c) Shall be on site ninety
computer software to produce d) Web application development using industry percent (90%) of the time.
the required product standard tools d) Shall be available as needed
post Go-Live.
Performance a) Shall develop performance test a) Minimum of three (3) years’ experience with a) Shall not serve in any other
Analyst/Capacit strategies/methodologies, performance testing and engineering position.
y Planning scripting, and effective execution b) Expert understanding of how application a) Shall be one hundred
Analyst of the performance strategy. usage patterns and behaviors impact and percent (100%) allocated to
b) Shall perform troubleshooting drive needs for capacity resources the project through
and analysis to ensure business Implementation.
requirements are met. b) Shall be onsite ninety
c) Shall manage, control, and percent (90%) of the time.
predict the performance, c) Shall be available as needed
utilization, and capacity of all post Go-Live.
LAN/WAN network resources
and individual network,
application, and system
components to ensure service
level targets are met.
d) Shall be responsible for assisting
with the development and
maintenance of the SOP manual.
Programmer a) Shall develop complex code and a) A minimum of five (5) years’ experience as a a) Shall not serve in any other
Analyst scripts for the eligibility Solutions Programmer Analyst in a healthcare related position.
b) Shall assist with design, testing, industry b) Shall be one hundred
implementation, and b) Possess advanced developmental and percent (100%) allocated to
troubleshooting code and scripts problem solving skills to support complex the project through
throughout the project application systems and interfaces for large Implementation.
scale healthcare projects.

104
Position Description Qualifications Requirements
c) Shall maintain a high level of c) Working technical knowledge of platforms c) Shall be onsite ninety
technical competence in and programming languages, including .Net, percent (90%) of the time.
healthcare Visual Basic, C#, JavaScript, Windows d) Shall be available as needed
d) Shall rely on experience and Presentation Foundation, and Silverlight. post Go-Live.
judgment to plan and accomplish d) Excellent understanding of coding methods
goals while balancing priorities. and best practices.
e) Shall function autonomously for e) Extensive database experience with
most daily work efforts Microsoft SQL Server and Oracle.
f) Knowledge of applicable data privacy
practices and laws
g) Hands-on experience developing test cases
and test plans
Senior a) Shall author and present a) A minimum of five (5) years’ experience with a) Shall not serve in any other
Business business requirements artifacts a proven record of in-depth knowledge of position.
Analyst that inform the SDLC using end-to-end Medicaid eligibility processes b) Shall be one hundred
Enterprise-standard templates b) Able to quickly adjust style and approach to percent (100%) allocated to
and methodologies (RSA) requirements elicitation and communications the project through
b) Shall analyze, review, forecast, based on intended audience. Implementation.
and trend complex data when c) Experience with the development process c) Shall be onsite ninety
necessary for large-scale enterprise applications. percent (90%) percent of the
c) Shall support short and long term d) Experience with general security awareness time
operational/strategic business and processes. d) Shall be available as needed
and IT solutions through e) Possess general IT knowledge. post Go-Live.
research and analysis of data
and business processes
Business a) Shall interface with multiple a) A minimum of three (3) years of experience a) Shall not serve in any other
Analyst departments within the State and implementing large scale health care IT position.
the Contractor to create and/or solutions within environments similar to that b) Shall be one hundred
translate business requirements of the TEDS. percent (100%) allocated to
into technical specifications, b) Possess expert knowledge of the the project through
deliver quality services using Contractor’s Solution, having implemented Implementation.
best practices, resolve issues, the Solution in no less than one (1) c) Shall be onsite ninety
and track, report, and analyze environment at least as complex as the percent (90%) percent of the
delivery and process metrics. TEDS. time
b) Support, develop, and organize c) Possess expert knowledge of State and d) Shall be available as needed
delivery elements, via Federal regulations and policies that impact post Go-Live.
requirements documentation, the Medicaid environment.
process flows, and user stories. d) Experience with general security awareness
and processes.
e) Possess general IT knowledge.

105
Position Description Qualifications Requirements
Process Analyst a) Responsible for end-to-end a) A minimum of three (3) years’ experience in a) Shall not serve in any other
process activities throughout the business process management position.
project methodology and concepts b) Shall be one hundred
b) Shall create, control, and b) Understanding of operations in healthcare percent (100%) allocated to
improve business processes c) Strong technical, analytical, and problem the project through
c) Shall lead process design and solving skills Implementation and O&M.
project implementation teams c) Shall be onsite ninety
d) Shall diagnose process percent (90%) of the time.
improvement opportunities and d) Shall be available as needed
develop solutions using a data post Go-Live.
driven approach
e) Shall design and create
dashboards, reports, and
presentations
Quality a) Shall oversee compliance for all a) A minimum of five (5) years’ experience in a) Shall be one hundred
Assurance Test of the QA testing processes and test strategy development, requirements percent (100%) allocated to
Manager procedures, for both functional traceability and design specifications, test the project through O&M.
and non-functional requirements planning, test case design, integration b) Shall be onsite ninety
b) Shall create and manage the testing, manual and automated testing, percent (90%) of the time
overall strategic direction of the development of defect tracking workflow
QA testing team and its testing methodology
methodologies b) Experience in development of test
c) Responsible for the QA testing estimation and staffing requirements.
team’s adherence to processes c) Possess extensive experience developing
and procedures, as well as any testing solutions in a multi-tier platform SOA
and all Federal (CMS) and State environment with high availability/reliability
regulations and policies requirements.
d) Shall oversee all QA testing d) Must be proficient in functional and non-
phases ( functional and non- functional test management.
functional) and monitor and e) Experience in managing QA testing staff of
confirm accurate execution ten (10) or more employees.
e) Shall create metric reports and f) Experience in software testing within an
status reports agile development methodology
f) Shall represent the QA testing
team in executive leadership
meetings
g) Responsible for the staffing of
the QA team
h) Responsible for writing and
deliver of UAT test scripts to the
State Test Team Manager

106
Position Description Qualifications Requirements
i) Shall be responsible for assisting
with the development and
maintenance of the SOP manual.
QA Analyst 3 – a) Shall receive strategic and a) A minimum of three (3) years’ experience in a) Shall not serve in any other
Leads tactical guidance from the Test Quality Assurance, preferably in Health Care position.
Manager or with Medicaid Eligibility Determination b) Shall be one hundred
b) Shall implement strategic b) Capability to implement strategic planning percent (100%) allocated to
planning while overseeing daily while overseeing daily tactical QA execution the project through
tactical QA execution c) Experience in requirement review and Implementation and O&M.
c) Shall review and approve approval, as well as in testable model c) Shall be onsite ninety
requirements. analysis percent (90%) of the time
d) Shall create formal test plan d) Experience in review and approval of high- d) Shall be available as needed
documentation based upon level test scenarios post Go-Live.
requirements and technical e) Experience in interpretation of requirement
design specifications and technical design specifications to create
e) Shall confirm technical design formal test plans.
specifications’ traceability to f) Capability to interpret technical design
business requirements. specifications in order to clearly
f) Shall serve as liaison to communicate with development staff.
Business Analyst for the QA test
team.
g) Shall perform sample reviews of
test cases and periodically
review results of test case
execution for accuracy and
adherence to policy and
procedures.
h) Monitor and review all
performance test results.
i) Shall be responsible for assisting
with the development and
maintenance of the SOP manual.
QA Analyst 2 a) Shall create test cases based on a) A minimum of three (3) years’ experience a) Shall not serve in any other
requirements and assure creating and executing test cases based on position.
requirements traceability to test requirements. b) Shall be one hundred
cases. b) A minimum of two (2) years’ experience of percent (100%) allocated to
b) Shall peer review test cases. performance and automation testing. the project through
c) Shall perform sample reviews of c) Experience with peer reviewing test cases Implementation and O&M.
test cases and periodically d) Capability to review test case expected c) Shall be onsite ninety
review results of test case results for accuracy in adherence to policy percent (90%) of the time.
execution for accuracy and and procedures

107
Position Description Qualifications Requirements
adherence to policy and e) Capability to confirm expected results d) Shall be available as needed
procedures. adhere to requirements intent post Go-Live.
d) Shall assure the capture and f) Experience in process and procedure for
retention of testing artifacts for auditing purposes
audit purposes.
e) Shall create test cases and
perform performance testing.
f) Shall create and execute
automated tests.
g) Shall be responsible for assisting
with the development and
maintenance of the SOP manual.
QA Analyst 1 a) Shall create test cases based on a) A minimum of 1 year of experience a) Shall not serve in any other
requirements with assistance of b) Capable of creating test cases with minimal position.
the QA Analyst 2 assistance b) Shall be one hundred
b) Shall assure requirements c) Experience in executing test cases and percent (100%) allocated to
traceability to test cases validating and verifying results the project through
c) Shall execute test cases d) Experience in capturing test artifacts for Implementation and O&M.
d) Shall verify capture and retention auditing purposes c) Shall be onsite ninety
of testing artifacts for audit percent (90%) of the time.
purposes. d) Shall be available as needed
e) Shall be responsible for assisting post Go-Live.
with the development and
maintenance of the SOP manual.
Change a) Shall work with the State and a) A minimum of five (5) years’ experience as a a) Shall be one hundred
Manager HCFA Technical Change Control Change Manager percent (100%) allocated to
Board to ensure that IT changes b) Experience leading Technical Change the project through
are recorded and then evaluated, Control meetings Implementation and O&M.
authorized, prioritized, planned, c) Extensive knowledge of ITIL principals b) Shall be onsite ninety
tested, implemented, percent (90%) of the time
documented, and reviewed in a d) High level of IT literacy
controlled manner e) Superior attention to detail and methodical
b) Shall be responsible for assisting approach
with the development and f) Excellent written and verbal communication
maintenance of the SOP manual. at all organizational levels
Service a) Responsible for assessing and a) A minimum of three (3) years’ experience a) Shall be one hundred
Architect designing complex solutions to b) Demonstrated capabilities in leading percent (100%) allocated to
meet the State’s technology and technical projects with large, enterprise the project through
business needs organizations Implementation and O&M.
b) Shall manage project teams that c) Proven ability to provide a high level of b) Shall be onsite ninety
consult with the State to analyze capability with respect to service percent (90%) of the time

108
Position Description Qualifications Requirements
and identify technical management, IT Service Management
requirements toolsets, service architecture, and business
c) Shall manage requirements and services
project scope while meeting
State expectations
d) Shall provide level of effort
estimates for deliverables,
project sizing, and generating
proposals
IT Service a) BC/DR Planning a) A minimum of five (5) years’ experience in a a) Shall not serve in any other
Continuity b) Risk Management service continuity role. position.
Analyst c) Recovery Exercises b) Experience in a large-scale mission critical b) Shall be one hundred
environment. percent (100%) allocated to
c) Must possess general knowledge with the project through
solutions utilizing an integrated development Implementation.
environment, multi-tier platforms and c) Shall be onsite ninety
employing SOA architecture with high percent (90%) of the time.
availability/reliability requirements. d) Shall be available as needed
d) Must be proficient in multiple languages, post Go-Live.
SOA technologies, operating systems and
security best practices.
Senior a) Monitor 7/24/365 and ensure a) A minimum of three (3) years’ experience in a) Shall not serve in any other
Operations reliability and availability for an operational or help desk position position.
Analyst (Service multiple system platforms b) Excellent problem solving skills b) Shall be one hundred
Desk) including infrastructure, c) Excellent job scheduling activities percent (100%) allocated to
databases, backups, trouble the project through O&M.
shooting, problem resolution, d) Quality focus
e) Experience with process improvement c) Shall be onsite ninety
escalation, and notification. percent (90%) of the time.
b) Schedule and coordinate system f) Ability to establish good client relationships
installs, upgrades and outages. g) Reporting skills
c) Establish priority problem h) Shall possess advance skills in batch
resolution, notification and scheduling activities
escalation to appropriate support i) Shall have extensive experience with
personnel. operating systems and system
d) Monitor and administer support administration
and services for all Production j) Understanding of networking concepts and
Control, Service desk, and IT knowledge
operations activities including
perform all batch scheduling,
production activities, printing,
and print distribution.

109
Position Description Qualifications Requirements
e) Setup, coordinate, and execute
production batch schedules
using automated job scheduling
f) Analyze the production cycle and
corresponding output to identify
issues
g) Communicate with internal teams
and external customers to
resolve issues
h) Ensure accurate and timely
transmission of secure data files
to/from business partners via
FTP and Contractor interface
management\
i) Shall be responsible for assisting
with the development and
maintenance of the SOP manual
Operations a) Monitor 7/24/365 and ensure a) A minimum of two (2) years’ experience in a) Shall not serve in any other
Analyst (Service reliability and availability for an operational or help desk position position.
Desk) multiple system platforms b) Excellent problem solving skills b) Shall be one hundred
including infrastructure, c) Quality focus percent (100%) allocated to
databases, backups, trouble the project through O&M.
shooting, problem resolution, d) Experience with process improvement
e) Ability to establish good client relationships c) Shall be onsite ninety
escalation, and notification. percent (90%) of the time.
b) Schedule and coordinate system f) Reporting skills
installs, upgrades and outages. g) Shall possess advance skills in batch
c) Establish priority problem scheduling activities
resolution, notification and h) Understanding of networking concepts and
escalation to appropriate support IT knowledge
personnel.
d) Monitor and administer support
and services for all Production
Control, Service desk, and
operations activities including
perform all batch scheduling,
production activities, printing,
and print distribution.
e) Setup, coordinate, and execute
production batch schedules
using automated job scheduling

110
Position Description Qualifications Requirements
f) Analyze the production cycle and
corresponding output to identify
issues.
g) Communicate with internal teams
and external customers to
resolve issues.
h) Ensure accurate and timely
transmission of secure data files
to/from business partners via
FTP and Contractor interface
management.
Incident/Proble a) Shall drive the efficiency and a) Minimum of five (5) years’ experience in an a) Shall be one hundred
m Manager effectiveness of the Incident/Problem Management role for a percent (100%) allocated to
incident/problem management large scale, mission critical environment the project through O&M.
process. b) Proven leadership and coaching skills b) Shall be onsite one hundred
b) Shall produce management c) Must be ITIL certified. percent (100%) of the time
information, including KPIs and d) Excellent problem solving and analysis skills
reports.
e) Good understanding of network and IT
c) Shall monitor the effectiveness of knowledge
incident/problem management
and making recommendations
for improvement.
d) Shall develop and maintain the
incident/problem management
system.
e) Shall drive, develop, manage,
and maintain the major
incident/problem management
process and associated
procedures.
f) Shall ensure that all IT teams
follow the incident/problem
management process for every
incident.
g) Shall be assist with the
development and maintenance of
the SOP manual.
IT a) Works under the supervision of a) Minimum five (5) years’ of technical support a) Shall not serve in any other
Engineer/Syste the CIP Manager. in a data center/service desk/network position.
ms Monitoring b) Shall be proficient with operations center.
Analyst monitoring tools management.

111
Position Description Qualifications Requirements
c) Shall be proficient with Reports & b) Extensive experience with industry standard b) Shall be allocated one
Dashboards. monitoring tools. hundred percent (100%) to
d) Shall be proficient with alerts c) Must have extensive programming language the project through O&M.
configuration and management skills a) Shall be on site ninety
(metrics, thresholds, KPIs, etc.) a) Must have broad technical background in all percent (90%) of the time.
e) Shall be proficient with trend areas of IT.
Analysis (vulnerability, capacity,
performance, and availability).
f) Shall be proficient with
Qualitative and Quantitative
Analysis.
a) Shall be responsible for assisting
with the development and
maintenance of the SOP manual.
Principal b) The Principal SSO will manage d) Must have a minimum of ten (10) years’ e) Shall not serve in any other
Systems the Medicare system security experience in managing a large scale position.
Security Officer program and ensure the Medicare system security program f) Shall be allocated one
(SSO) implementation of necessary hundred percent (100%) to
safeguards. The SSO should be the project through
organizationally independent of Implementation.
IT operations and cannot have g) Shall be on site ninety
responsibility for operation, percent (90%) of the time
maintenance, or development.
h) Shall be available as needed
c) Shall be assist with the post Go-Live.
development and maintenance of
the SOP manual.
Security a) Shall research and advise the a) Possess a minimum of five (5) years a) Shall be one hundred
Architect State on emerging technologies, industry experience with a strong preference percent (100%) allocated to
trends, and leading practices as towards healthcare environments. the project through
they pertain to enabling b) Possess a minimum of six (6) years on at Implementation and O&M.
technology for eligibility least four (4) or more of the following b) Shall be onsite ninety
modernization. security functional areas: credential percent (90%) of the time.
b) Shall determine security management, access provisioning,
requirements by evaluating authentication and authorization, access
business strategies and governance, application security,
requirements and information penetration testing, infrastructure security,
security standards; conducting data security, and security monitoring
system security and vulnerability c) Possess a Bachelor’s Degree in computer
analyses and risk assessments; science OR four (4) years of industry
studying architecture/platform; experience in addition to the general
identifying integration issues; and
preparing cost estimates.

112
Position Description Qualifications Requirements
c) Responsible for planning the requirement for two (2) years of security
security systems by evaluating experience.
network and security d) Must be familiar with at least one major
technologies; developing recognized architecture framework
requirements for local area e) Must have excellent communications skills,
networks (LANs), wide area writing skills, analytical skills, small group
networks (WANs), virtual private facilitation skills, and formal presentation
networks (VPNs), routers, skills
firewalls, and related security
and network devices; evaluating
the design of public key
infrastructures (PKIs), including
use of certification authorities
(Cas) and digital signatures as
well as hardware and software;
and adhering to industry
standards.
d) Responsible for defining security
boundaries for the project as
required and approved by the
State.
e) Accountable for delivering
security architecture artifacts and
deliverables as defined by the
project SDLC.
Senior Security a) Responsible for penetration a) Practical experience with DISA STIGS. a) Shall be fifty percent (50%)
Engineer testing, cross script testing, b) Minimum of five (5) years’ experience in allocated to the project
perimeter testing, denial of security testing. through Implementation and
service, etc. c) Desired relevant professional information O&M.
b) Responsible for validation and security certification. a) Shall be onsite ninety
verification of firewall settings. percent (90%) of the time
c) Collaborate, review and approve
security infrastructure
effectiveness with the State and
STS.
d) Responsible for vulnerability
management
Senior Security a) Shall work closely with a) Minimum of five (5) years’ related d) Shall not serve in any other
Analyst leadership and staff to identify, experience in a large scale mission critical position.
analyze, manage, and mitigate environment. e) Shall be one hundred
information security risk. b) At least one relevant professional percent (100%) allocated to
information security certification required:

113
Position Description Qualifications Requirements
b) Responsible for security CISSP, CISM, CRISC, SANS, GIAC, or the project through
monitoring activities. similar. Implementation and O&M.
c) Responsible for development of c) Extensive experience dealing with sensitive f) Shall be onsite ninety
compliance responses to data information systems. percent (90%) of the time.
regulatory authorities (e.g. CMS,
SSA, State of TN, etc.)
d) Shall identify, manage and
escalate security incidents.
e) Shall be responsible for assisting
with the development and
maintenance of the SOP manual.
Security a) Shall assist to identify, analyze, a) Minimum of two (2) years’ related a) Shall not serve in any other
Analyst manage, and mitigate experience in a large scale mission critical position.
information security risk. environment b) Shall be one hundred
b) Responsible for security b) Desired relevant professional information percent (100%) allocated to
monitoring activities. security certification: CISSP; CISM; Certified the project through O&M.
c) Responsible for assisting in the in Risk and Information Systems Control; c) Shall be onsite ninety
development of compliance SysAdmin, Audit, Network, and Security percent (90%) of the time
responses to regulatory Institute; GIAC; or similar
authorities (e.g. CMS, SSA, c) Extensive experience dealing with sensitive
State of TN, etc.) data information systems
Privacy/Complia a) Responsible for overseeing a) Possess a minimum of five (5) years of IT a) Shall not serve in any other
nce Specialist activities related to the security industry experience with at least position.
development, implementation, three (3) years in a healthcare related b) Shall be allocated one
and O&M of the eligibility environment. hundred percent (100%) to
Solution in compliance with State b) Must be familiar with at least one major the project through
and Federal regulations and security compliance framework and be able Implementation and O&M.
policies applicable to the privacy to demonstrate a firm understanding of c) Shall be on site ninety
of and access to the sensitive relevant State and Federal security/privacy percent (90%) of the time.
data of the applicants, members regulations and policies, specifically under
insured, and members of the d) Shall be available as needed
NIST, HIPAA, and IRS Pub. 1075 post Go-Live.
State work force. c) Must possess working knowledge of
b) Responsible for Privacy Impact solutions utilizing an integrated development
Analysis. environment, multi-tier platforms, and
c) Responsible for identifying, employing SOA.
facilitating, and coordinating data d) Must be familiar with multiple programming
classification activities. languages, SOA technologies, operating
d) Assisting with privacy incident systems, and security industry standards.
responses. e) Must have successfully guided security
compliance on at least one project with
similar size and scope to the TEDS (e.g.

114
Position Description Qualifications Requirements
Health Insurance Exchange, Integrated
Eligibility or Medicaid Eligibility in other
states) within the last five (5) years.
Output a) Manages end-to-end output a) Minimum of five (5) years’ experience with a) Shall not serve in any other
Document document production. Output Management, printers, Print position.
Manager b) Responsible for day-to-day technologies, mail management systems b) Shall be allocated one
operational control. technologies and tools hundred percent (100%) to
c) Responsible for meeting high b) Shall have extensive experience with print the project through O&M.
paced production and delivery technologies, high-speed printers, and c) Shall be on site one hundred
schedule. spooling technologies percent (100%) of the time
d) Responsible for assisting with c) Must have broad IT experience and
the development and background
maintenance of the SOP manual. d) Experience managing an enterprise level,
high volume, transactional document, output
operation.
e) Knowledge of USPS regulations and
requirements regarding mail piece
introduction into Postal mail stream.
f) Experience with mail-piece tracking
solutions.
Output a) Responsible for designing, a) Minimum of five (5) years’ experience with a) Shall not serve in any other
Document developing, creating, modifying forms design technologies and tools. position.
Programmer and maintaining all output b) Shall have extensive experience with print b) Shall be allocated one
documents. technologies, high-speed printers, and hundred percent (100%) to
b) Responsible for assisting with spooling technologies, mail management the project through O&M.
the development and systems technologies and tools. c) Shall be on site one hundred
maintenance of the SOP manual c) Experience with industry standard document percent (100%) of the time
management applications
d) Experience with transactional document
development and creation to include
template design and variable data insertion.
e) Knowledge of USPS regulations and
requirements regarding mail piece
introduction into Postal mail stream.
f) Experience with mail-piece tracking
solutions.
Management a) Shall support operations by a) A minimum of five (5) years’ experience in a) Shall be one hundred
and supervising staff and planning, handling a wide range of operational and percent (100%) allocated to
Administrative organizing, and implementing administrative related tasks the project through
Support administrative systems b) Ability to work independently as well as work Implementation and O&M.
closely with the management team

115
Position Description Qualifications Requirements
c) Must have exceptional verbal and written b) Shall be onsite ninety
communication skills and a strong attention percent (90%) of the time
to detail
Technical Writer a) Shall drive the creation of a a) A minimum of three (3) years’ experience as a) Shall not serve in any other
documentation methodology and a Technical Writer in a healthcare related position.
framework and maintain proper business b) Shall be one hundred
methodology for purposes of b) Good proofreading and editing skills percent (100%) allocated to
consistency and efficiency. c) Ability to convert technical knowledge into the project through
b) Shall prepare and/or maintain easily understood terms Implementation.
documentation pertaining to c) Shall be onsite ninety
programming, systems percent (90%) of the time.
operation, and user d) Shall be available as needed
documentation. post Go-Live.
c) Shall translate business
specifications into user
documentation.
d) Shall assist with the development
of the SOP manual.
e) Shall be familiar with a variety of
the field’s concepts, practices,
and procedures

116
A.23 Facility

A.23.1 The Contractor shall secure temporary office space within six (6) weeks of the start of the
Contract. At the end of the six (6) week period, the Contractor shall have another six (6)
weeks to secure a permanent facility sufficient to house its staff to fulfill the entire scope
of this Contract. The facility shall be located within twenty-five (25) miles of the State
offices located at 310 Great Circle Rd, Nashville, TN. All costs associated with the facility
are the responsibility of the Contractor for the entire Contract period and such costs shall
be factored into the Contractor’s bid included in the maximum liability of the Contract and
shall not be billed separately. The Contractor shall either directly house all necessary
subcontractors or otherwise ensure the availability of necessary subcontractors to
successfully complete the requirements of this Contract.

A.23.2 The State may require certain Contractor personnel, as determined by the State, to work
on-site at State offices at any point in the Contract, including during the time before the
Contractor’s temporary office space is secured.

A.23.3 The Contractor staff shall be available for in-person meetings at the State office and at
the Contractor’s local office as needed. Meetings will be held at either the State’s offices
or the Contractor’s local offices. Whenever appropriate meeting space is available at the
State office, the meetings shall be held at the State offices. Should appropriate meeting
space in the State’s preferred office(s) be unavailable, the Contractor will provide
appropriate meeting space.

A.23.4 The Contractor shall provide the State with licenses for an industry standard
teleconferencing service to allow for remote meetings. Meetings shall be held remotely at
the sole discretion of the State.

The Contractor shall leverage the State’s video conferencing and collaboration
licenses and tools (WebEx, Cisco TelePresence MX300 G2 and MX200 G2, etc.)
where possible.

A.23.5 The Contractor shall provide dedicated space for a minimum of ten (10) full time State
staff and Contractors to be collocated with the Contractor and provide additional hoteling
spaces as needed.

The Contractor shall provide parking locations for State staff and State contractors
at no additional cost to the State.

A.23.6 The Contractor shall be responsible for providing State approved training facilities as
necessary to meet the training specifications and requirements set forth in this Contract.
The training facilities shall be located within twenty-five (25) miles of the State offices
located at 310 Great Circle Rd., Nashville, TN.

A.23.7 Nothing in this agreement shall permit the Contractor’s employees, agents,
representatives, or sub-contractors to share, store, access, use, transport, or disclose
State data in any form via any medium, including with any third parties, beyond the
boundaries and jurisdiction of the United States of America without express written
authorization from HCFA.

A.23.8 Nothing in this agreement shall permit the Contractor’s employees, agents,
representatives, or sub-contractors to perform DDI or O&M activities on the Solution
beyond the boundaries and jurisdiction of the United States or to leverage systems
infrastructure, components, or resources that are hosted beyond the boundaries and

117
 jurisdiction of the United States in support of these activities without express written
authorization from HCFA.

A.24 Status Performance Reporting

A.24.1 Status and performance of the program shall be reported on by the Contractor to
establish effective program communication to all stakeholders. The Contractor shall
provide the State with Program Status Reports outlining progress against key milestones,
assessing scope, schedule, budget, resources, and quality and identifying project risks
and issues. In addition, the Contractor shall produce performance reports on an ongoing
basis and provide reports that communicate key program metrics including, but not
limited to, cost, schedule, budget, and testing. The Contractor shall produce each report
type in compliance with the frequency, audience and stakeholder needs, and report
delivery methods established by the State for the report type. The primary audience for
the reports includes, but is not limited to the following recipients: The Project Steering
Committee, State Program Director, SPMO Contractor, and TAS Contractor. The table
below provides more information about reporting requirements and includes the medium
in which the Contractor shall deliver the report. The list, and the respective report’s
contents, is subject to change at the State’s discretion.

Table 4: Status and Performance

Report/Meet Frequency Level and Method Reporting Elements
ing Internal or
Name External
Intent
Executive Monthly Program/Ext Written Program status, progress towards roadmap and
Steering ernal materials overall outcomes, Items requiring decisions, Key
Committee delivered in risks & issues, Open Project Procurements
Meeting presentation Status, Project Advance Planning Document
Status, Open Project Recruiting Status, Monthly
State & Federal Agency/Committee
Communications Log Changes, Communication
Plan Status, Document Management
Contractor Biweekly Program/Ext Live Status, progress toward roadmap and overall
Status ernal Meeting/Writt outcomes, items requiring decisions, key
Report en materials issues/risks for management attention
Meeting delivered in
presentation
Contractor Biweekly Program/Ext Live In depth discussion of key project risks, issues
Risk, ernal Meeting/Writt and action items
Issues, and en materials
Action Items
Focus
Meeting
Contractor Biweekly Project/Exter Written Project status, items requiring decisions, key
State nal materials risks/issues and action items relative to the
Business delivered in project
Owners presentation
Status
Report
Meeting
CIO Status Weekly Program/Ext Written Project status, progress, key issues/risks for
Report ernal materials management attention
Meeting(s) delivered in
presentation
Contractor Weekly Project/Intern Written Project status, progress, key issues/risks, key
Testing al Materials successes

118
Report/Meet Frequency Level and Method Reporting Elements
ing Internal or
Name External
Intent
Status
Report
Meeting
Contractor Monthly Program/Ext Written QM project status and risk overview, key
Quality ernal Materials milestones, development of key initiative project
Managemen deliverables, planned versus actual and critical
t Status path analysis, assessment of the EMP work
Report plan, project plan critical path, risk/issue
Meeting assessment
SDLC Biweekly Program/Ext Written, Web Status of architecture artifacts during the SDLC.
Status ernal Pages, and
Meeting Query Tool
Contractor Weekly Program/Ext Written Contractor test planning status, testing
Testing ernal Results of outcomes, potential issues or problems from
Meeting the Test testing for leadership attention
Program Biweekly Program for Written Dashboard-style assessment of program status
Status all including milestone status and accomplishments,
Report Projects/Exte KPI and supporting metrics, new issues and
rnal risks, accomplishments this period, plans for
next period, and key decisions, focusing Steering
Committee on key issues for management
attention.
Risk & Issue Weekly Program Written Risks/Issues across all initiatives, overall
Log (Identifiable assessment, trends, and resolution
by project)
Quality Risk Monthly Project/Exter Written Dashboard-style assessment of project status,
Managemen nal focuses Steering committee on key issues for
t Status management attention
Report
CMS Status Monthly External Written Dashboard-style assessment of project status,
Report focuses Steering committee on key issues for
management attention
Contractor Weekly Project/Intern Written Dashboard-style assessment of the testing
Testing al successes and risks related to the specific
Status projects
Report
Contractor Biweekly Project/Exter Written Dashboard-style assessment of the deliverables
System nal status related to the specific projects
Deliverables
Report
Contractor Biweekly Project/Exter Written Dashboard-style assessment of the retirement
Systems nal and transition status of legacy systems related to
Retirement the specific projects
Report
Contractor Daily Project/Exter Written Interface events and issues, System events and
Daily/Monthl nal issues, Software events and issues, Errors and
y Anomalies, Transactions Sent and Received
Operations (Daily and Total Amount), Transaction Types,
Reports Staffing and Operational Activities and Issues,
Number of notices and letters received and sent
(including any and all reconciliation efforts), audit
tracking of letter/notices by page, Cumulative
statistics, Performance against Service Level
Agreements, and complete breakdown of all
letters and notices by type.

119
Report/Meet Frequency Level and Method Reporting Elements
ing Internal or
Name External
Intent
Contractor Weekly Project/Exter Written Action plans, implementation of
Root Cause nal solution/workaround
Analysis
Report
Contractor Monthly Project/Exter Written Documentation of turnover plans for business
Turnover nal operations and system operations
Status
Reports
Contractor Monthly Project/Exter Written Automated performance report, prior month
SLA Report nal performance of each service against all of its
respective KPIs
CIP Meeting Quarterly Program/Ext Written Solution health status, capacity, metrics, KPIs,
ernal infrastructure issues/concerns,, corrective
actions, gaps, future state, optimization
improvement, etc.
Technical Biweekly Project/Exter Live Existing technical change control items for
Change nal Meeting/Writt review
Control en materials
Board delivered in
Meeting presentation
Technical Weekly Project/Exter Written Project status, progress, key issues/risks, key
Infrastructur nal materials successes
e Touch delivered in
Point presentation
Meeting

A.25 Work Product and Hardware Ownership

A.25.1 Contractor shall assign, transfer and convey to the State all right, title and interest in all
Work Product in accordance with Section E.4 and all hardware developed, procured or
managed by the Contractor as required by this Contract. Contractor shall also provide a
document of the inventory of all Work Product and hardware developed, procured or
managed by the Contractor as required by this Contract and specify that the supplied
components and materials are current, accurate, and complete.

A.26 Warranty

A.26.1 Warranty Period

During each Warranty Period as defined in Section A.26.1.2, the Contractor shall
provide warranty services as described in this Section A.26, whereby any Solution
defects in the production environment that fail to meet the warranty described in
A.26.1.7 and A.26.1.8 and that are identified in writing to Contractor by State or
that Contractor becomes aware of during such Warranty Period (“Warranty
Defects”), must be resolved within the timeframes set forth in Sections A.26.2.2
and A.26.2.3, with no additional cost to the State or need for project change
control processing.

The Contract shall provide a Warranty Period of twelve (12) months for each
Release of the Solution upon deployment in the production environment, as
described in Section A.26.1.5. For the purposes of Section A.26, Release shall
include all DDI releases, as well as all Special Project Change Order releases and
all Enhancement Change Order releases.

120
 Warranty Defects shall be classified as critical, high, medium and low as
described in Contract Attachment 2 – Liquidated Damages.

Reserved.

Each Warranty Period shall begin at Go-Live of the applicable Release and only
after the resolution of all critical and high defects identified prior to the Go-Live of
that Release, or, if necessary, after the Contractor has provided the State a
written workaround, including downstream impacts and plan for resolution, that
has been approved in writing by the State.

In the event that a subsequent Release creates or identifies Warranty Defects in

the deployed Solution, the resolution of such Warranty Defects will be covered by
the warranty of that subsequent Release.

The Contractor shall warrant that each Release of the Solution implementation
conforms to system requirements set forth in the applicable Functional Design
Documentation Deliverable, Technical Design Documentation Deliverable, and
System Security Plan Deliverable as approved by the State.

The Contractor shall warrant that each subsequent Release of the Solution
implementation will build upon and conform to previously released functionality
requirements described in A.26.1.7 above, unless a change is explicitly approved
by the State.

The Contractor shall be responsible for resolving any and all Warranty Defects at
no additional cost to the State. This includes Warranty Defects identified within the
new Release, as well as newly identified Warranty Defects that have caused
previously functioning components of the Solution to work incorrectly.

This Section A.26 survives the termination of the contract. If warranty work will
occur after Turnover of the Solution, the Contractor shall include warranty
deliverables, testing, etc. as part of the Turnover Plan.

A.26.2 Documentation and Resolution of Warranty Defects

The Contractor shall define a process to classify and track Warranty Defects that
trigger the warranty provisions in Section A.26.

The Contractor shall be responsible to resolve all critical and high Warranty
Defects within the periods described in Contract Attachment 2, or, if necessary,
provide the State with a mutually acceptable written work-around, downstream
impacts, and plan for resolution, all without additional cost to the State.

The Contractor shall resolve all medium and low Warranty Defects within sixty
(60) days of identification, unless a longer timeframe is approved by the State in
writing.

The Contractor shall be subject to corresponding Liquidated Damages, listed in

Contract Attachment 2, for all identified warranty defects that are not resolved
within the associated resolution timeframes.

A.26.3 Additional Warranty Terms

121
 Contractor shall have no obligation under this Section A.26 to make warranty
repairs attributable to: (i) the State’s misuse or modification of any deliverable
unless such use or modification is caused by Contractor; (ii) the State’s failure to
use corrections or enhancements made available by Contractor at no additional
cost to the State; (iii) the State’s use of any deliverable in combination with any
product other than those specified by Contractor; (iv) hardware, systems software,
telecommunications equipment or software not a part of a deliverable, excluding
such hardware, systems software, telecommunications equipment or software
recommended or endorsed by Contractor, which is inadequate to allow proper
operation of the deliverable or which is not operating in accordance with the
manufacturer’s specifications; or (v) operation or utilization of any deliverable in a
manner not contemplated by this Contract.

The warranty set forth in Section A.26 shall not apply with respect to hardware or
software that is supplied by a third party to the State. The terms and conditions of
the warranty to the State with respect to such hardware or software will be
provided by the third party vendor of such hardware or software. The State shall
not look to Contractor for any warranty for such products.

A.27 Table of Deliverables

A.27.1 The Contractor shall complete the following deliverables for each of the Scope of Work
sections above, as indicated in the Table below.

A.27.2 The Contractor shall ensure each deliverable’s compliance with the appropriate and
corresponding State plan, where applicable.

A.27.3 Where identified deliverables require ad hoc updates or are updated periodically during
the course of the implementation:

The Contractor shall update content in the original deliverable. Updated content
provided in a Deliverable Amendment (and not integrated into the original
deliverable) requires prior authorization by the State.

The Contractor’s completion of, and the State’s acceptance of, a deliverable
during one Gate Review does not constitute acceptance of that deliverable for any
subsequent Gate Review.

122
 Table 5: Deliverables
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
Deliverable Project Once upon The Project Management a) The Project a) Issues List Type C A.8
1 Management State Plan is the overall plan Management b) Action Items
Plan approval; for project execution, Plan and c) Decision Log
monitoring, and control component
and should include plans have d) Lesson Learned
Update if Log
necessary information describing been reviewed
the project management and e) Staff Planning
approach, the internal appropriately and Monitoring
organizational structure updated. Processes
and organizational chart, b) The Project f) Staffing Tracker
roles and responsibilities, Management g) Resource
a summary of the Plan defines Availability
Project’s purpose, scope, how the project Calendar
and objectives, a will be h) Key Personnel
description of an the executed, Transition Plan
constraints and/or monitored and i) Onboarding
assumptions on which controlled and Checklist
the Project is based, a includes high
list of product j) Onboarding
level estimates
deliverables, a summary Arrival Packet
of the baselines.
of the Project’s schedule k) Acceptable Use
c) The Project
and budget, and the Policy and
Management
methods for updating, Information
Plan is fully
reviewing and Protection Plan
scaled and
disseminating the PMP details all the l) Roll-On Form
as well as specific appropriate m) Team Member
supplemental components Transitions Plan
management plans for that address the n) Roll-Off Form
critical project areas: needs of the o) Off-Boarding
a) Overall Project project. This Checklist
Management includes the
Approach definition of
b) Scope appropriately
Management scaled reviews
Plan and deliverables
c) Schedule
Management
Plan

123
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
d) Communication
Management
Plan
e) Quality
Management
Plan
f) Risk/Issue
Management
Plan
g) Change
Management
Plan (including
Training Plan)
h) Configuration
Management
Plan
i) Performance
Management
Plan
j) Staffing
Management
Plan
k) Financial
Management
Plan
The Project Management
Plan is created during
the PBR Gate of the
SDLC and State
approval of the project
management plan is
required as a criteria item
for completion of the
Project Baseline Review
Deliverable Key Once upon The KPI Management a) The Plan a) Continuous Type A A.17
2 Performance State Plan describes the properly Improvement
Indicator approval; processes and describes the Plan
Management mechanisms by which state-approved
Plan Key Performance KPIs that will be

124
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
Update if Indicators will be defined, tracked during
necessary tracked, and properly the project
reviewed during the b) The Plan
duration of the project. At establishes the
a minimum the KPI process by
Management Plan shall which KPIs will
include: be documented,
a) A description of tracked, and
the KPI, and the updated over
business value time
it will bring to c) The Plan details
the project how each KPI
b) Identification of will be
the tools, calculated
processes, d) The Plan has a
inputs, and properly defined
calculations that KPI
will be used to communication
generate the plan
KPIs current
result
c) The process by
which KPIs will
be reported,
tracked, and
reviewed to
ensure that over
time the KPI is
in compliance
with established
limits
d) Additional
metrics that will
be needed for
each KPI if is
found out of
compliance
e) The
communication
plan for

125
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
reporting KPI
results,
including
escalation plans
for KPIs found
out of
compliance
f) The roles and
responsibilities
for KPI
generation,
tracking, and
reporting
Deliverable Requirement Once upon The Requirements a) The Type A A.10
3 s State Management Plan Requirements
Management approval; provides a clear and Management
Plan concise layout of how Plan prescribes
Update if detailed requirements will the tools and
necessary be gathered (including methodologies
sections for functional, of capturing,
technical, security, standardizing,
performance, classifying,
operational, etc.). monitoring,
The Requirements reporting,
Management Plan must maintaining,
outline a robust method and managing
to store and track requirements.
functional, technical and b) The
other operational and Requirements
performance Management
requirements. Plan shall
outline methods
for maintaining
requirements
traceability
throughout the
development
process;
methodology
and processes
adopted during

126
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
development;
types and
conduct of test
activities, and
the change
control and
configuration
management
processes.
Deliverable Business Once upon The Business Rules a) The Business Type A A.10
4 Rules State Management Plan will Rules
Management approval; detail the tools, Management
Plan processes, and methods Plan outlines
Update if by which business rules the standards,
necessary are managed, changed, tools, and
or retired. methodologies
that will be used
in managing
business rules
across the
solution life
cycle.
b) The Business
Rules
Management
Plan outlines
the industry-
recognized
Business Rules
Engine (BRE) or
Business Rules
Management
System (BRMS)
used to
document
business rules
c) The Business
Rules
Management
Plan outlines
the format that

127
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
will be utilized
when
developing
business rules
d) The Business
Rules
Management
Plan identifies
the
responsibilities
of Business
Rules
Management,
including critical
access and
segregation of
duties
considerations
e) The Business
Rules
Management
Plan includes
explanation
regarding
compliance with
the Minimum
Acceptable Risk
Standards for
Exchanges
(MARS-E), and
proper
alignment with
the project
Security Plan
Deliverable Design Once upon The Design Management a) The Design Type A A.27
5 Management State Plan details the approach Management
Plan approval; to system design. The Plan details the
plan must ensure that the approach to
Update if system conforms to the system design.
necessary defined standards for b) The Design
system design and Management

128
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
systems architecture. Plan must
The plan also ensures ensure that the
that the Enterprise system
Architecture (EA) conforms to the
requirements within the defined
State are taken into standards for
consideration during the system design
System design. The plan and systems
must ensure architecture.
completeness and level c) The Design
of detail in design Management
specifications. The Plan
Design Management demonstrates
Plan will outline conformance to
considerations of the the States
design on the selection Enterprise
of a Software Architecture
Development (EA).
Methodology. d) The Design
Management
Plan
demonstrates
how all
requirements
will be
addressed in
design.
e) The Design
Management
Plan must
ensure
completeness
and level of
detail in design
specifications.
f) The Design
Management
Plan will outline
considerations
of the design on
the selection of

129
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
a Software
Development
Methodology.
Deliverable Test Once upon The Test Management a) The Test a) Unit Testing Type A A.10
6 Management State Plan outlines the Management template A.17
Plan approval; approach that will be Plan details the b) Smoke/Sanity
employed to test the planning, Testing
Update if Solution and to evaluate execution, and template
necessary the results of that testing; management c) Regression
outlines general testing activities to be Testing
roles and responsibilities; executed in template
and serves as the top- order to monitor
level plan that will be and control d) Ad-hoc Testing
used to govern and direct testing, and template
the detailed testing work. ensure e) Exploratory
The Test Management alignment of Testing
Plan should address corresponding template
complexities associated activities with f) Usability
with a multiple release the project Testing
implementation. goals and template
objectives. g) GUI Software
b) The Test Testing
Management template
Plan references h) Accessibility
a defect Testing
resolution template
process that is i) Security
inclusive of Compliance
defect Testing
identification, template
prioritization,
j) Compatibility
creation,
Testing
tracking, and
template
resolution and
retesting k) Functional
activities to be Testing
followed when a template
defect is found. l) Boundary
c) The Test Testing
Management template
Plan defines the

130
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
testing m) Negative
environments Testing
hours of template
operations n) Error Handling
during testing Testing
execution. template
d) The Test o) Alert/Monitoring
Management Testing
Plan outlines template
the expectations
for level of detail p) Capacity
that shall be Testing
required in each template
test case. q) Performance
Test Plan and
Results
template
Deliverable Implementati Monthly, The Implementation and a) The a) Release Plan Type A A.10
7 on and throughout Deployment Plan Implementation b) Implementation A.17
Deployment project explains the and Deployment Plan
Plan lifecycle implementation Plan contains c) Monitoring
methodology to be used, an up-to-date Strategy
explaining how detailed
operations will transfer implementation d) Version
from the legacy system schedule to be Description
to the new System. The followed. Document
Plan will also contain an b) The e) Information
up-to-date detailed Implementation System
implementation and Deployment Description
schedule. Plan describes f) Release and
the major tasks Deployment
required to be Plan
taken, and the g) System Sunset
objective behind Plan
each task. h) Cut-Over Plan
c) The i) Roll Back Plan
Implementation j) Turnover Plan
and Deployment
k) Knowledge
Plan lists the
Transition Plan
support
equipment

131
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
(hardware),
software, data,
facilities and
materials
required for the
implementation,
if applicable.
Deliverable Data Monthly, The Data Conversion a) The Data a) Extract Control Type A A.14
8 Conversion throughout and Synchronization Conversion and Documents
and project Plan describes the Synchronization b) Roll Back Plan
Synchronizati lifecycle strategy, preparation, Plan describes
on Plan and specifications for rationale for the
data conversion conversion and
activities. This plan a general
describes the overall description of
approach, assumptions, the boundaries
and processes that will of the data
be used in the data conversion
conversion. It includes an effort
inventory and cross b) The Data
reference of source and Conversion and
target data elements, Synchronization
schema, metadata and Plan outlines
all self-describing files; the approach
process for data that will be used
extraction, transformation to extract,
and loading for each data transform/clean
source; tools needed to se and load
execute the conversion; data from the
and strategy for data source to target
quality assurance and destinations
control. during the
conversion/migr
ation process
c) The Data
Conversion and
Synchronization
Plan outlines
the schedule of
conversion
activities to be

132
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
accomplished in
accordance with
this Data
Conversion
Plan
Deliverable System The initial The System Security a) The System a) Part A System Type C A.19
9 Security Plan System Plan documents the Security Plan Identification A.26
Security system’s security level works in b) Part B Security
Plan shall and describes synchronization Controls
be managerial, technical with the Workbook
completed and operational security safeguard c) Part C Privacy
in Release I controls. An Initial copy procedures to Controls
then of the System Security detail the Workbook
reviewed Plan includes an initial control
and updated Risk Assessment (RA) requirements for d) Part D SSP
on an as that contains the protection of Attachments
needed mission/business all data e) Appendix A –
basis, process risks and the received, IRS
including monitoring strategy, for stored, Requirements
annually, review and approval by processed and for
and when the Technical Change transmitted in Safeguarding
there are Control Board (TCCB) compliance with Federal Tax
major and Project Steering all Federal Laws Information
system Committee. and (FTI)
modification Regulations. f) Appendix B –
s that could b) The System Security and
potentially Security Plan Privacy
impact the includes the Agreements
security and current level of and Compliance
privacy of existing security Artifacts
the controls within g) Memorandum of
information the System that Understanding
system. protect the h) Interconnection
confidentiality, Security
integrity and Agreements
availability (CIA) (ISA)
of the system i) Computer
and its Matching
information. Agreement
c) The System
Security Plan

133
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
outlines the j) Information
applicable Laws Exchange
or Regulations. Agreement
d) The System k) Privacy Impact
Security Plan Analysis
contains a l) Security Impact
review log that Analysis
is maintained to
record the m) Asset Inventory
reviews that n) Asset
have taken Management
place for this Plan
system. o) Information
e) The System System Risk
Security Plan Assessment
organizes (ISRA)
security controls
into groups of
families.
f) Exit criteria
includes CMS
signoff, if
applicable
Deliverable Business Monthly, The Business Continuity a) The Business a) Business Type A A.10
10 Continuity throughout and Disaster Recovery Continuity and Continuity Plan A.17
and Disaster project Plan describes the Disaster b) Disaster
Recovery lifecycle strategy and organized Recovery Plan Recovery
Plan course of action that is to b) The Business c) Disaster
be taken if things don’t Continuity and Recovery Plan
go as planned or if there Disaster Training
is a loss of use of the Recovery Plan
established business d) Configuration
prescribes Management
product (e.g., system) responsibilities
due to a disaster such as Plan
as they relate to
a flood, fire, computer actions that will e) Configuration
virus, or major failure. be taken in Management
The Business Continuity response to a Database
and Disaster Recovery disruption. f) Asset
Plan describes the c) The Business Management
strategy for ensuring Continuity and Plan
recovery of the business

134
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
product in accordance Disaster g) Business
with stated Recovery Recovery Plan Continuity Plan
Time Objective and clearly outlines Training
Recovery Point milestones, h) Backup
Objectives. notification Management
activities, Plan
emergency
handling of i) Business
routine Impact Analysis
procedures, j) IT Service
required Continuity
contacts, formal Requirements
agreements,
lessons learned
activities, and
procedures to
return normal
operations in
the event of a
disaster.
Deliverable Capacity Monthly, The Capacity Plan will a) The Capacity a) System Type A A.17
11 Plan throughout address business Plan Capacity and
project capacity, service demonstrates a Performance
lifecycle capacity, and IT State-approved Plan
component capacity skill and b) Capacity
management strategies resource level Demand Model
that will be executed to effectively
through the duration of execute the
the project. The Capacity Capacity Plan.
Plan will also outline the b) The Capacity
management process Plan defines
and tools that will be capacity
used to complete performance
capacity management, success at the
as well as estimates of business
future system workloads. process level
The capacity plan will c) The Capacity
include, but not limited Plan outlines
to, infrastructure, the practices,
database, network, and objectives,
any other aspects performance

135
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
required to meet the factors,
performance monitoring and
requirements of the reporting
system. activities, and
communication
strategies of the
Capacity Plan.
d) The Capacity
Plan addresses
steps and
activities
needed to
address
instances of
abnormal levels
of system use
outside of
forecasted
operating
procedures.
Deliverable Data Monthly, A defined plan for the c) The Data a) Record Type A A.12
12 Management throughout management of data that Management Retention
Plan project provides, at a minimum, Plan includes a Schedule
lifecycle a summary of activities summary of b) XML Taxonomy
for data generation, a activities that
summary of the types of generate data
data generated by the d) The Data
relevant activities, the Management
plans for preservation of Plan includes a
the generated data, and summary and
a description of the appropriate
appropriate level of categorization
access for the generated of the data
data. types generated
by the identified
activities.
e) The Data
Management
Plan includes a
plan for storage
and

136
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
maintenance of
the data
generated by
the identified
activities, in
both the short-
term and long-
term (if
relevant).
f) The Data
Management
Plan includes a
plan describing
whether and
how the data
generated by
the identified
activities will be
reviewed and
made available
to the public
and how the
metadata
describing it will
be stored.
Deliverable Performance Monthly, The Performance and a) The a) Performance Type A A.10
13 and throughout Availability Plan will Performance Test Plan and A.17
Availability project identify target and Availability Results
Plan lifecycle performance areas and Plan identifies Template
methods of and prioritizes b) Program
measurement; establish the performance Availability
the baseline metrics for measurement Management
the agreed upon goal goals and Plan
areas; and assist HCFA objectives to c) Availability Risk
in determining the level align with the Assessments
of achievement of the information
performance goals. needs of the
customer,
project,
organization,
and

137
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
stakeholders, as
applicable.
b) The
Performance
and Availability
Plan includes a
Traceability of
Information
Needs to
Measurement
Objectives by
defining the
information
need,
measurement
objective, and
the performance
measure
threshold.
c) The
Performance
and Availability
Plan describes
the methods,
processes, tools
and techniques
that will be used
for performance
measurement.
d) The
Performance
and Availability
Plan outlines
the data that will
be collected,
how it will be
collected, and
where it will be
stored.
e) The
Performance

138
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
and Availability
Plan includes
analysis on the
data collected,
and a review of
the data to
identify trends
and
opportunities for
improvements
and corrective
actions.
f) The
Performance
and Availability
Plan includes
an approach for
identifying and
addressing
deficiencies in
performance
and availability.
Deliverable Work Monthly, The Work Breakdown a) The WBS Type A A.8
14 Breakdown throughout Structure (WBS) is a defines 100% of
Structure project preliminary step in the the project
(WBS) lifecycle preparation of a project scope
work plan and schedule b) The WBS was
that encompasses all created with
activities from Project input provided
Initiation to Project by all relevant
Closure. The WBS must stakeholders
define the project’s c) The WBS is
overall objectives by outlined as such
describing the project that the project
tasks and deliverables. activities and
The WBS must include: tasks are able
a) A consolidated to be executed,
view of the monitored, and
activities, controlled.
activity
descriptions,

139
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
and activity d) The WBS is
durations broken down
b) Resources such that any
assigned to work package
each activity greater than 80
c) A list of hours must be
deliverables tied broken down
to project into component
milestones activities.
d) A way to track e) The WBS
the project includes a WBS
schedule Dictionary, or
against the executable
planned activities being
schedule followed to
e) Deliverable completing the
approval process.
periods
This deliverable is
associated with the PBR
Gate and must be
delivered to the State
prior to the completion of
the project baseline
review.
Deliverable Risk Register Monthly, The Risk Register a) The Risk a) Risk Type A A.24
15 (update throughout contains the findings of Register will Management
weekly) project the Risk Management contain Risk Plan
lifecycle Process and serves as Category,
the source of record for Probability,
risk management Impact, Risk
activities to track the Score, Risk
approaches and action Ranking, Risk
plans for dealing with Response,
identified risks, which Trigger and
typically involve one of Risk Owner.
four options: avoidance, b) The Risk
mitigation, transference, Register should
or acceptance. Once an identify how
approach is selected, risks are

140
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
detailed actions to mitigated
implement are developed (change
and the risk register request, work
serves as a record of around,
those activities that deferment)
information throughout
the SDLC. The initial risk
register is created during
the ORR Gate and must
be approved by the state
prior to the completion of
the project baseline
review.
Deliverable Baselined Monthly, This is a work plan and a) The schedule Type A A.8
16 Work Plan throughout schedule that is has sufficient
and project managed in an detail to support
Schedule lifecycle appropriate project the projected
management tool. durations.
b) The master
work plan must
reflect any
changes from
the plan
submitted within
the Contractor’s
original
proposal that
were discussed
and agreed to
during project
planning.
Deliverable Status Weekly and This deliverable must be a) The reports Type A A.8
17 Reporting Monthly, a recurring deliverable contain all of the A.24
throughout for the entire length of required
project the project. The elements as
lifecycle deliverable must at a agreed upon by
minimum include periodic HCFA and the
reporting of the following Contractor.
activities:
a) Status of work
completed

141
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
against the
Project Work
Plan
b) Objectives for
the next
reporting period
c) Client
responsibilities
for the next
reporting period
d) Recovery plan
for all work
activities not
tracking to the
approved
schedule
e) Projected
completion
dates compared
to approved
baseline key
dates
f) Escalated risks,
issues
(including
schedule and
budget), and
Action items
g) Disposition of
logged issues
and risks
h) Important
decisions
i) Actual/projected
Project Work
Plan dates
versus baseline
Project Work
Plan milestone
dates

142
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
j) One-page
graphical
summary of the
Project Work
Plan status of
all major tasks
and subtasks
for each release
in a Desktop
Project Plan
Adjustments to status
reporting requirements
will be addressed
through the
Memorandum of
Understanding (MOU)
process.
Deliverable Financial Weekly and The Financial Status a) Includes Type A A.24
18 Status Monthly, Report tracks the project estimates to
Report throughout costs to the project completion, or
project budget baseline and cost
lifecycle outlines any budgetary performance
risks. index
information.
b) It will reflect
approved
changes to
project budget.
c) Includes
reporting on any
project work
stream that has
had activity
against it.
Deliverable Detailed Updated The Detailed a) The a) Requirements Type C A.12
19 Requirement monthly Requirements Requirements Specification
s Traceability throughout Traceability Matrix Traceability Document
Matrix project describes the life of a Matrix outlines including but not
lifecycle requirement, in both a describes each limited to:
forward and backward requirement b) Business Rules

143
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
direction, ideally through independently, c) Business
each step of the entire which Release Process Flow
product’s life cycle, each Diagrams
ensuring scope is met. requirement d) Requirements
was met or Traceability
updated, and Matrix
provides Functional/Non-
traceability to Functional
applicable test Requirements
cases to
demonstrate
how each
requirement
was
implemented.
b) The
Requirements
Traceability
Matrix shows
the difference
between
functional and
non-functional
requirements.
c) The
Requirements
Traceability
Matrix allows
rationale to be
included when
requirements
are not fully
traceable
throughout the
lifecycle.
Deliverable Requirement Once per The Requirements a) The a) Requirements Type A A.12
20 s release Specification Document Requirements Specification
Specification upon State provides all requirements Specification Document
Document approval expected to be Document including but not
implemented. This outlines limited to:
document lists the business, b) Business Rules

144
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
business requirements, technical, c) Business
business rules, governance and Process Flow
stakeholder project Diagrams
requirements, and management d) Requirements
functional/nonfunctional stakeholders Traceability
requirements for the inclusive of Matrix
project. It also contains requirements Functional/Non-
use case scenarios that gathering, Functional
describe how the review, and Requirements
requirements will be approval.
implemented. b) The
Requirements
Specification
Document
incudes
references to all
interdependent
deliverables and
artifacts
throughout the
lifecycle,
specifically
documents that
ensure
traceability to
the
implemented
Solution.
c) The
Requirements
Specification
Document
includes
business and
functional
rationale of the
included
requirements.
d) The
Requirements
Specification

145
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
Document
details the
Solution, written
in a level of
detail easily
understood by
non-technical
personnel.
e) The
Requirements
Specification
Document
includes
Business
Process Flow
Diagrams
detailing the
Business
Process that is
being
introduced or
enhanced.
Deliverable System Once per The System Architecture a) Functional and a) Technical Type C A.19
21 Architecture release Design Document non-functional Architecture
Design upon State (SADD) describes: requirements Diagrams
Document approval a) How the are mapped to b) Systems Design
functional and supporting Document
nonfunctional technical c) High Level
requirements design. Technical
recorded in the b) Functional Design
Requirements design Concept/Alterna
Document will requirements tives
be met in the are mapped to d) FTI Labeling
Solution design. technical design Methodology
b) How the specifications.
preliminary c) A high level
user-oriented system design
functional is provided.
design recorded
in the High
Level Technical

146
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
Design
Concept/Alterna
tives document
will be met in
the Solution
design.
The SADD describes
design goals and
considerations, provides
a high-level overview of
the system architecture,
and describes the data
design associated with
the system, as well as
the human-machine
interface and operational
scenarios. The high-level
system design is further
decomposed into low-
level detailed design
specifications for each of
the system’s
components, including
hardware, internal
communications,
software, system integrity
controls, and external
interfaces. The high-level
system design serves as
primary input to the
Preliminary Design
Review. The low-level
detailed design serves as
input to the Detailed
Design Review.
Deliverable Interface Once per The Interface Control a) All ICDs defined a) TEDS Type C A.10
22 Control release Document (ICD) as required Interface/Integra A.16
Document(s) upon State describes the have been tion
approval relationship between the created. Management
two interconnected b) The ICD Plan
systems. This ICD describes the

147
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
specifies the interface interface, b) Memorandum of
requirements to be met including Understanding
by the participating purpose, format, c) Interconnection
systems and at message Security
minimum, describe the structure, and Agreement
interface definitions and protocols.
design (including d) Interface
c) The ICDs Control Test
XML/SOAP/flat file/other indicate the size
specifications for file Plan
and frequency
formats),. It describes the of the data
design specifications for exchange.
the interface, defines the d) Memorandum of
message structure and Understanding
protocols that govern the or System
interchange of data, and Interface
identifies the Agreements
communication paths have been
along which the data are established to
expected to flow. For document the
each interface, the interface
following information will expectations.
be provided:
e) The ICD has
a) A general been tested via
description of simulation.
the interface;
b) Assumptions
where
appropriate;
c) A description of
the data
exchange
format and
protocol for
exchange; and
d) Estimated size
and frequency
of data
exchange

148
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
Deliverable Database Once per The Database Design a) The Database a) Logical Data Type C A.14
23 Design release Document describes the Design Model
Document upon State design of a database and Document b) Physical Data
approval the software units used outlines the Model
to access or manipulate DBMS to be c) Entity
the data. used for the Relationship
Solution Diagram (ERD)
b) The Database for the logical
Design data model
Document d) Data Flow
outlines tasks Diagrams
and
responsibilities
for database
administration
and reporting,
including
performance
monitoring,
efficiency,
backup and
recovery.
c) The document
indicates key
design
decisions.
d) The document
includes a
detailed
database
design,
including data
formats, data
software
objects, data
structures, and
database
management
system files.

149
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
e) The document
describes how
the preliminary
data design
documented in
the Logical Data
Model are
transformed into
more technical
system design
specifications
from which the
system will be
built.
Deliverable Data Once per The Data Dictionary a) The Data Type C A.14
24 Dictionary release comprehensively outlines Dictionary A.19
upon State the data element name, characterizes
approval type, length, source, data formatting
validation rules, requirements
maintenance (create, and validation
read, update, delete rules
(CRUD) capability), data b) The Data
stores, outputs, aliases, Dictionary
and description. describes the
The Data Dictionary shall data
provide a data classification of
classification of all data database
collected and transferred elements
by the Solution. (entity,
attributes etc.)
Deliverable SOA Models Once per SOA Models will outline a) The SOA a) Service Type C A.17
25 release a services portfolio by Models identify Oriented
upon State identifying services, the Services Architecture
approval defining a service Portfolio (SOA) Model
hierarchy, and classifying Management including but not
the services based on requirements, limited to:
this hierarchy. This will which must b) Definition of
involve defining the include the service
coarse-granularity and requirements for hierarchy
fine-granularity of how often
services. This document services should

150
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
must identify and be reviewed, c) Prioritization of
prioritize the key services how often they key services
and the mechanisms to should be d) Mechanisms to
create the service layers updated, and create service
using industry standards. how they should layers
be published
e) Technical
b) The SOA Architecture
Models identify Diagrams
the Quality of
Service f) Quality of
requirements for Service
each service, Requirements
which will g) Interface
involve defining Requirements
scalability, h) Security
availability, and Requirements
response time i) Performance
(latency) of Requirements
services in j) Operational
order to ensure Requirements
that they are
k) SOA
within the
Governance
promised range
Processes
c) The SOA
Models identify
interface
requirements,
which will
involve both
internal and
external
Partners and
ensuring that
the new System
is sufficiently
scalable and
flexible to
support the
number of
interfaces that
will be required.

151
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
Interface
requirements
must also
include defining
what
communications
should be
asynchronous,
and what
communications
should be
synchronous
d) The SOA
Models identify
security
requirements,
which may
include
encryption,
authentication,
data protection,
and constraints
on performing
certain
operations
e) The SOA
Models identify
performance
requirements,
which may
include the
expected
response time
for application
tasks, failover
support for
applications,
and hours of
availability
f) The SOA
Models identify

152
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
operational
requirements,
which may
include server
needs,
scalability
requirements,
hosting
requirements,
monitoring, load
balancing,
failover, fault
recovery,
accounting and
metering
Deliverable Functional Once per The Functional Design a) Accounts for all a) Systems Design Type C A.15
26 Design release Document expands upon functional Document A.16
Document upon State the requirements requirements A.26
(Including approval document to describe b) Demonstrates
Use Cases) how the functional how functional
requirements will be requirements
implemented. This will be
document goes to a addressed
granular level and within the
describes such things as design
the tables to be updated, c) Use cases that
fields to be added, describe how
screens to be created or the
changed, business rules requirements
to be changed, and will impact the
additional interfaces. system,
included both
positive and
negative use
cases.
d) Business
Process Flow
Diagrams
detailing the
Business
Process that is

153
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
being
introduced or
enhanced.
Deliverable Technical Once per A Technical Design a) Contains a) Technical Type C A.15
27 Design release Document reflects the detailed Architecture A.16
Document upon State details required for description of Diagrams A.26
approval System system b) Systems Design
development/configuratio architecture. Document
n and operation. This b) Includes entity c) Business Rules
document must be relationship
developed based on d) Document
diagrams and Print/Letter/Noti
outputs from the data flow
technical design ces/Electronic
diagrams Output
sessions conducted with c) References the
all Stakeholders and/or Management
data dictionary Plan
functional design, (i.e., all data
interface control e) Configuration
elements are Management
documents. The represented in
Technical Design Plan
the data
Document must include dictionary) f) Backup
the following Management
components: d) Specifies Plan
processing
b) Detailed controls g) Availability and
description of Performance
System e) Specifies Plan
architecture installation,
configuration, h) Interface
c) Entity and backup Control
Relationship procedures Documents
Diagrams, i) “White Hat”
Create, f) Includes
security controls Search Engine
Retrieve, Optimization
Update, Delete g) Addresses Plan
details for availability and
database resilience
elements for the controls such as
component load balancing,
being failover, and
elaborated in fault tolerance
the design h) References
d) Data Flow ICDs
Diagrams

154
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
e) Processing i) Requirements
controls and Design
f) Processes to components
manage System mapped
installation and appropriately in
configuration configuration
g) Data backup management
procedures database
h) Availability and
resilience
controls such as
load balancing,
failover
capabilities, and
fault tolerance.
The Technical Design
Document must include,
at a minimum, the
interface definitions and
design (including
XML/SOAP
specifications for file
formats), the new
System design based on
reviewing existing class
diagrams, sequence
diagrams, updated object
models that represent
the internal workings and
designs of the containing
subsystems that will
expose the services, and
the component
specification (details of
the component that will
implement the service)
and service assignment
to each layer defined in
the System architecture.

155
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
Deliverable Service Level Once per A Service Level a) The SLA/MOU a) Service Level Type B A.10
28 Agreements release Agreement(s) (SLA) is a outlines the Management A.17
(SLAs)/Mem upon State contractual agreement agreed upon Plan
orandum of approval between an internal or period of b) Service Level
Understandin external service provider performance Agreements
gs (MOUs) and their customer and any c) Memorandum of
specifying performance performance Understanding
guarantees with guarantees with
associated, reasonable, associated
and agreed upon, non- complications
punitive liquidated falling within the
damages should the period as well
service not be performed as reporting
as contracted. A mechanisms/fre
Memorandum(s) of quency and
Understanding (MOU) is review process.
a legal document that b) The SLA/MOU
outlines the terms and includes a
details of an agreement process to be
between parties, followed in the
including of each party’s event that an
requirements and agreement
responsibilities. change is to be
made
c) The SLA/MOU
escalation
process is
included and
detailed in
nature
Deliverable Automated Once per This deliverable will a) Results are a) Coding Type A A.10
29 Code Review release display the results from comprehensive Standards and
Results upon State an automated tool’s code of code. Quality Review
approval review. These results will b) Results provide Plan
be used by developers to evidence to
address issues in the indicate product
coding. This will also be quality.
helpful in determining the c) Results indicate
overall quality of the level of
code being produced. compliance with

156
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
coding
standards.
Deliverable System Once per A System Configuration a) Documents all a) Configuration Type C A.17
30 Configuration release Document captures all system Management
Document upon State the configuration configuration Plan
approval information of the elements b) Asset
systems. This document (software, Management
often contains: Network hardware, OS, Plan
configuration by network
interface, disk partition configuration,
layout, installed software, authentication)
with any significant b) Information can
configuration information, be validated to
hardware and be accurate and
peripherals inventory, current (e.g.,
physical location of release and
system, authentication patch levels
information, network reflect current
integration information installation)
(e.g., Network Time c) Reflects all
Protocol (NTP) approved
configuration, Domain configuration
Name System (DNS) changes
resolver configuration), (managed
list of authorized super through
users, list of authorized Technical
pseudo users, list of Change Control
individual(s) responsible Board)
for system, with contact
information (preferably
via multiple
communication
channels), OS version
information, installation
idiosyncrasies and
patches installed. With
good system
configuration
documentation, a system
can be rebuilt from
scratch, as well as it can

157
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
handle other disaster
recovery tasks.
Deliverable Unit, System, Once per This deliverable a) Tests are Type C A.10
31 Regression, release documents the traceable to
and upon State configuration decisions requirements.
Integration approval made in developing the b) Tests have
Test Scripts Solution, and includes been reviewed
traceability of for relevance to
configuration decisions to the respective
requirements and design. requirement.
It includes information c) Tests have
such as network been defined for
configuration by unit, system,
interface; disk partition regression and
layout; installed software, integration
with any significant testing that
configuration information provide
– hardware and complete
peripherals inventory; coverage to all
physical location testable
information; requirements
authentication
information (method d) Section 508
used, configurations for testing package
method, etc.); network
integration information
(e.g., NTP configuration,
DNS resolver
configuration); list of
authorized superusers;
list of individual(s)
responsible for system,
with contact information
(preferably via multiple
communication
channels); OS version
information and
installation
idiosyncrasies; patches
installed. This
documentation is critical

158
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
to support staff in
operations and
maintenance, and also
supports disaster
recovery tasks as well as
OS patch maintenance.
Deliverable Unit, System, Once per Test scripts provide a) Test activities a) Test Reports Type A A.10
32 Regression, release instructions (written using and results are and summary
and upon State a scripting/programming documented by reports for unit,
Integration approval language) to be module. system,
Testing Test performed on a system b) Defects and Regression,
Results under test to verify that retest results integration
the system performs as are testing for all
expected. Unit tests documented. areas being
occur on individual c) Test results tested
functions; system demonstrate b) Section 508
integration tests validate completion of all Assessment
performance of multiple required tests Package results
sub-systems within the and testing c) Test Summary
Solution. against all Report
requirements.
Deliverable System Once per This deliverable a) Open defects a) Test Reports Type A A.10
33 Readiness release documents completion of have been b) Section 508
Certification upon State testing and associated determined by Assessment
for UAT approval results for testing State to be low Package results
completed by the system impact and low c) Test Summary
integrator. Results risk. Report
should indicate success b) All functional
rate, defects, retest and non-
results, and completion functional
percentage of tests vs. requirements
requirements. have been
delivered unless
change
requests have
provided for de-
scoping or
deferral.
c) Modules and
components

159
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
demonstrated
stable
performance
during SIT and
performance
and capacity
testing.
d) Release notes
have been
developed to
document
functionality
included in
release.
Deliverable Formal Once per The Formal Acceptance a) UAT results are Type A A.10
34 Acceptance release Testing report documented,
Testing upon State documents completion of and
Report approval UAT and final steps prior demonstrate no
(successful to implementation into defects beyond
completion of production. This report low impact or
UAT) includes documentation low risk.
- to support use and b) Troubleshooting
Performance maintenance of the guide has been
Test Results Solution, as well as validated by
-System evidence that readiness user and
Runbook and activities – including support staff for
Troubleshoot transition requirements – accuracy and
ing Guide have been completed. relevance of
-System and topics.
Operational c) Data conversion
Readiness has been
Checklist completed
-Data successfully;
Conversion any exceptions
Report have been
determined by
HCFA to be low
impact or low
risk.

160
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
d) All checklist
activities for
operational
readiness have
been
completed.
e) Release notes
have been
developed to
document
functionality
included in
release.
Deliverable Contingency/ All CPs will The a) The a) Disaster Type A A.14
35 Recovery be reviewed Contingency/Recovery Contingency/Re Recovery Plan
Plan and Plan establishes covery Plan b) Disaster
exercised procedures to recover a defines the Recovery Plan
annually. system following a triggers that Test
disruption. The would initiate c) Business
Contingency/Recovery the contingency Continuity Plan
Plan. The Plan identifies and recovery
the activities, resources, operations d) Asset
and procedures needed Management
b) The Plan
to carry out operations Contingency/Re
during prolonged covery Plan e) Configuration
interruptions to normal outlines the Management
operations. The Plan individuals with Plan
also assigns the f) Business
responsibilities to responsibility/au Continuity Test
designated personnel thority to make Plan
and provides guidance the decision to g) Configuration
for recovering the initiate the Management
system. Contingency/Re Database
CP Test Plan should be covery Plan h) Build Books for
tested to identify and c) The STS
rectify deficiencies and Contingency/Re
planning shortfalls, NOT covery Plan
to ascertain the technical clearly outlines
competence of personnel the steps and
with recovery activities to be
responsibilities.

161
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
The Business Owner, taken in the
System event of a
Developer/Maintainer, trigger.
Contingency Plan d) The
Coordinator, and SSO Contingency/Re
shall establish criteria covery Plan
and pre-developed test outlines a dry
plan for validating/test run simulation
CPs on an annual of the
schedule, once every contingency
365 days. activities.
CP Test After Action e) The
Report will be used for Contingency/Re
plan updates addressing covery Plan
any identified outlines the
shortcomings. communication
protocols and
flows in the
event the
Contingency/Re
covery Plan is
evoked.
f) The
Contingency/Re
covery Plan
should include
an approach to
test the
contingency
plans.
g) Contingency/Re
covery Test
After Action
Report must be
clearly defined.
Deliverable Beta Test Once per A Beta Test Plan is a test a) The plan Type A A.16
36 Plan release plan that is used to outlines
upon State describe the methodologies
approval methodologies, and processes
processes, and testing to be used.

162
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
that is expected to take b) The plan
place on a beta release outlines specific
(non-production release testing activities
of full functionality). to be
performed,
including
expected
outcomes.
c) The plan
outlines the
individuals who
will be involved
in beta testing
and the process
for documenting
identified
issues.
Deliverable Network Once per The Network a) The Network a) Software Type B A.10
37 Vulnerability release Vulnerability Assessment Vulnerability Assurance A.19
Assessment upon State Resolution Report Assessment Misuse Cases
Resolution approval outlines results of a Resolution
Report network vulnerability Report includes
assessment, the a status on all
significance of findings, open items
and the completed and identified in the
planned actions to assessment.
resolve identified b) The Network
vulnerabilities. Vulnerability
Assessment
Resolution
Report defines
the anticipated
approach and
timeline for
resolving open
issues based on
criticality and
severity.
c) The Network
Vulnerability

163
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
Assessment
Resolution
Report indicates
progress in
resolving issues
that were
identified in
previous
assessments.
Deliverable Beta Test Once per A Beta Test Evaluation a) The beta test Type A A.16
38 Evaluation release Report is a report that report details
Report upon State details the results of a the test
approval Beta test release. The environment
report will: (number of
a) Compare actual testers, types of
results to machines used)
expected results that was used to
b) Identify major execute the
defects found beta test
with mitigation b) The beta test
plans details the key
c) Capture functionality that
feedback and was tested
pain points c) The beta test
reported by the compares
users testing actual test
the system results with
expected testing
results
d) Any new risks,
issues, and
defects found
during testing
have been
properly
identified,
documented,
and prioritized

164
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
Deliverable Privacy Reviewed Required of federally a) The PIA Type B A.10
39 Impact annually or owned systems. The approved by the A.19
Assessment upon Privacy Impact HCFA Chief
significant Assessment (PIA) is Privacy Officer
system designed to help states b) The PIA is
change quickly identify and sufficient
subsequently document enough to be
the specific types of used to obtain
sensitive information that an Authority to
it will collect, process, Operate (ATO)
and store. The Privacy subject to
Impact Assessment review/approval
(PIAs) identifies systems by CMS
that contain personally
identifiable information
(PII) and satisfies system
compliance with all
relevant privacy laws,
regulations, and
guidance. The PIA
document ensures that
privacy protections are
incorporated into every
stage of an IT system’s
life cycle, and measures
the effectiveness of
these protections.
Deliverable Information As defined Required of federally a) The IS RA a) Information Type B A.19
40 Security Risk by CMS owned systems. The IS contains a list of System Risk
Assessment RA contains a list of threats and Assessment
threats and vulnerabilities to b) Information
vulnerabilities, an the system Security Risk
evaluation of current b) The IS RA Assessment
security controls, their provides the
resulting risk levels, and results of an
any recommended evaluation of
safeguards to reduce risk current security
exposure. The IS RA controls and
also supports risk their resulting
management through the risk levels
evaluation of risk impact

165
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
upon the enterprise c) The IS RA
security model. It will be includes any
used for system recommended
certification and safeguards in
accreditation (C&A). an attempt to
CMS requires each reduce risk
Business Owner to exposure.
develop or update an IS d) The IS RA
RA in response to each approved by the
of the following events: HCFA Chief
a) New system; Privacy Officer
b) Major business e) The IS RA is
process or sufficient
technology/syst enough to be
em used to obtain
modification(s); an ATO subject
c) Every third year to
of an review/approval
operational by CMS and
system; required for
d) Increase in Authority to
security Connect (ATC)
risks/exposure;
e) Increase of
overall system
security level;
and/or,
f) Serious security
violation(s) as
described in the
CMS
g) Information
Security
Incident
h) Handling and
Breach
Analysis/Notific
ation Procedure

166
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
Deliverable Data Once per Information that is a) The document Type B A.19
41 Use/Data release required to develop clearly
Exchange/Int upon State agreements between delineates the
erconnection approval parties for the use of roles and
Security personal identifiable responsibilities
Agreements data, and to ensure between parties
secure data exchange. that are
This includes information exchanging
that the IRS Office of data
Safeguards expects from b) The document
an agency regarding sufficiently
their procedures for addresses the
safeguarding Federal mechanisms for
Tax Information (FTI), in data exchange
any instance where that c) The document
agency intends to sufficiently
receive, store, process, addresses
or transmit FTI. security controls
in place by each
party of the
agreement, and
how those
controls will be
used together to
ensure a secure
exchange of
data
d) The document
has been
signed by
resources who
have the proper
authority to
enter the
organization
into such
agreement
Deliverable MARS-E System The MARS-E Security a) The MARS-E a) SSP Workbook Type A A.17
42 Security Security Controls Document Security (Security A.19
Controls Plan should provides guidance to Controls

167
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
be reviewed CMS and its contractors Document is Control
and updated as to the minimum level compliant with Description)
on an as of required security the Minimum b) Business Risk
needed controls that must be Acceptable Assessment
basis, implemented to protect Risks for (Security
including CMS’ information and Exchanges Awareness)
annually, information systems. document Training Plan
and when b) Assessment of c) (Security
there are MARS-E Awareness)
major compliance Training Result
system shall be done
modification d) Computer
using NIST Matching
s that could Publication SP
potentially Agreement
800-53A “Guide (CMA)
impact the for Assessing
security and the Security
privacy of Controls in
the Federal
information Information
system. Systems and
Organizations”
standards
c) The document
can be used to
secure an ATO
d) The document
is signed by the
HCFA Chief
Security Officer
Deliverable IRS The Supports HCFA in a) The document Type B A.19
43 Safeguards authorizatio attaining IRS certification is completed in
Procedures n shall occur for the Solution. time enough to
Report every three Agencies executing data provide the IRS
(3) years or exchange agreements the 90-day
whenever involving access to FTI period needed
there is a and subject to before
significant safeguarding accessing FTI
change to requirements must have b) The document
the control an approved SSR prior to is completed
structure. A having access to FTI. using the IRS
senior Section 7 of Publication

168
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
agency 1075 outlines SSR SSR prescribed
official shall Reporting Requirements template
sign and — 6103(p) (4) (E): c) The document
approve the a) The agency is approved by
security should submit the HCFA CFO
authorizatio the report for prior to
n. All approval at submission to
information least 90 days the IRS subject
regarding prior to the to
the agency review/approval
authorizatio receiving FTI. by CMS/IRS
n shall be b) The agency and required for
provided to must update ATC
the Office of and submit the
Safeguards SSR annually to
as part of encompass any
the changes that
Safeguard impact the
Activity protection of
Report. FTI.
c) The SSR
submission and
all associated
attachments
must be sent
annually to
identify changes
to safeguarding
procedures.
Deliverable Site Once per The Site Readiness a) The Site Type A A.23
44 Readiness release Reports are based on the Readiness
Reports upon State results of the site Report
approval assessments and will addresses all of
address all remote sites the readiness
in the State. Each Site criteria
Readiness Report will b) The Site
detail issues at each Readiness
particular site and make Report identifies
recommendations on deficiencies,
how each issue will be remediation,
remedied before the

169
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
rollout of the new and a
System. recommendatio
n on whether or
when to
proceed with
implementation.
Deliverable System Once per The System Operations a) The document a) User Manuals Type A A.15
45 Operations release Documentation describes addresses all b) Release Notes
Documentati upon State all required Systems areas of system
on approval operational activities and operation, as
must encompass System prescribed in
functionality from a the description
remote user’s b) The document
perspective, a State has been
business user’s approved by the
perspective, and from an appropriate
information technology HCFA
and System operations resources
perspective. These
manuals must include:
a) A description of
how to use the
System based
on user roles
and
responsibilities
b) A list of prebuilt
reports and their
descriptions
c) A description of
all screens and
how they are
interrelated, and
all help and
navigation
functions and
how to use
them
d) A complete list
of error

170
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
messages, their
descriptions,
and how to
resolve the
errors
e) A list of all
included
System
documentation
and its use
f) How to
troubleshoot
common
System
problems
g) A description of
the key data
tables,
elements, and
their contents
h) How to perform
System
maintenance
functions like
data backup
and recovery,
run batch
processes (if
applicable),
perform data
cleanup, and
administer user
accounts and
permissions
i) How to
troubleshoot
common
System
problems

171
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
j) A listing of all
logs and how to
interpret them
k) Key System
capacity and
security
management
considerations
l) Contact
information for
receiving
support
m) Where to find
disaster
recovery and
business
continuity
information
related to the
System
n) A listing of
System
interfaces and
how to
troubleshoot
communications
problems
o) File descriptions
p) System and
System
environment
configuration
baseline
Deliverable System Once per The System a) The System a) O&M Manual Type A A.17
46 Maintenance, release Maintenance, Support Maintenance, b) Service A.18
Support and upon State and System Transition Support and Transition Plan
System approval Plan must outline the System c) Standard
Transition transition of system Transition Plan Operating
Plan Operations and will indicate the
Maintenance from the amount of

172
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
Vendor to the State’s dedicated Procedure
hosting model. The Plan resources Manual
should note all providing O&M
procedural, staffing, and support, and
resource requirements. how sufficient
resources will
be provided
while in support
of development
activities for
future releases.
b) The System
Maintenance,
Support and
System
Transition Plan
will identify all
procedures and
activities to be
transitioned to
O&M.
Deliverable Infrastructure Once per This is the delivery to the a) The Solution a) Business Type A A.18
47 , System release State of written custom has successfully Product
Source Code upon State code, solutions, and made it through b) Configuration
and approval documentation that a the formalized Management
Documentati Contractor has bought or Gate Review Plan
on developed. Once the process and c) Configuration
state has approved the testing and Management
Solution by way of accepted by the Database
successful testing and state as an
Gate Reviews, the approved d) Data Dictionary
Solution becomes State Solution
property.
Deliverable Updated Once per This is updated code, a) The Solution Type A A.18
48 System release Solution, or has successfully
Source Code upon State documentation that the made it through
and Design approval Contractor has updated the formalized
Documentati from a prior release. Gate Review
on Once the state has process and
approved the changes to testing and
the Solution by way of accepted by the

173
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
successful testing and state as an
Gate Reviews, the approved
Solution becomes State Solution
property.
Deliverable Infrastructure Once per The Infrastructure a) The report a) Infrastructure Type A A.10
49 Services release Services Deployment includes the Services A.17
Deployment upon State report must address the prescribed Deployment
Report approval implementation of the sections as
following infrastructure described in the
services related to the description
System:
a) Remote Access
Infrastructure
b) Patch and
Remote
Security
Management
Infrastructure
c) Service Desk
Enhancements
d) Code Migration
Infrastructure
e) Software
Configuration
Management
Infrastructure
f) Change and
Release
Management
g) Data Retention
and Archiving
Infrastructure
h) Performance
Reporting
Infrastructure
Deliverable Plan of Review ad The Plan of Action and a) The POA&M a) POA&M Type A A.19
50 Action and update Milestones (POA&M) is a contains Management
Milestones Monthly and management process findings from Plan
(POA&M) submit to that outlines weaknesses internal and

174
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
CMS and delineates the tasks, external audits,
quarterly timeline and completion as well as
criteria necessary to issues that
mitigate them. surfaced as part
of the
certification
process
b) All POA&Ms
need to have a
Corrective
Action Plan
which includes
a root cause
analysis,
mitigation
alternatives and
risks associated
with each, and
strategies for
preventing
recurrence
Deliverable Interconnect ISAs need Interconnection Security a) The ISA a) Security Control Type A A.19
51 ed Systems not be Agreement (ISA) is to addresses the Assessment
Agreement reissued establish procedures for development, Report
(ISA) unless a mutual cooperation and management, b) ATO
significant coordination between the operation, and Submission
system Centers for Medicare & security of a c) CMS CTO-
change has Medicaid Services (CMS) connection issued ATO
occurred or and the State. An ISA is between CMS
three years required whenever the and the State.
have security policies of the b) The ISA
elapsed interconnected systems contains a
since are not identical and the description of
issuance. systems are not the information
administered by the and data that
same Authorizing will be made
Official. The ISA available,
documents the security exchanged, or
protections that must passed one-way
operate on only by the
interconnected systems interconnection

175
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
to ensure that of the two
transmission between systems/networ
systems permits only ks.
acceptable transactions. c) The ISA
An ISA includes describes and
descriptive, technical, documents the
procedural, and planning information
information. It also handled by the
formalizes the security system and the
understanding between overall system
the authorities security level as
responsible for the LOW,
electronic connection MODERATE or
between the systems. An HIGH
ISA must be reissued d) The ISA
whenever a significant contains a
change occurs to any of topological
the interconnected drawing that
systems. illustrates the
interconnectivity
between both
systems,
including all
components
(e.g., firewalls,
routers,
switches, hubs,
servers,
encryption
devices, and
computer
workstations).
Subject to
review/approval
by CMS and
required for
ATC
Deliverable SLA, System Weekly and These reports measure a) The report Type A A.17
52 Performance, Monthly, the systems adherence provides metrics
System QA based on to the prescribed SLAs, to show the
Reports type of SLA tracks current system systems

176
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
performance, and system performance in
quality. reference to
prescribed
SLAs
b) The report
provides metrics
to show the
overall
performance of
the system
c) The report
includes metrics
that
demonstrates
open defects,
priority of
defects, and the
rate at which
defects are
being resolved
Deliverable System Monthly The System Incident and a) The System Type A A.17
53 Incident and Corrective Maintenance Incident and
Corrective Report will outline Corrective
Maintenance corrective maintenance Maintenance
Reports requests identified Report will
throughout the duration include
of the Warranty period. anticipated
Each maintenance resolution times
request will have a for all open
description, resolution corrective
status, and course of maintenance
action for remedying all requests as well
open maintenance as root cause
requests. and number of
impacted cases
and/or
members.
b) The System
Incident and
Corrective
Maintenance

177
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
Report will link
defects to the
release for
warranty
tracking
purposes.
c) The System
Incident and
Corrective
Maintenance
Report includes
ageing,
criticality and
severity, and an
analysis
approach to
defect reporting.
Deliverable Operations Daily The Daily and Monthly a) The reports a) Security Type A A.17
54 Report (Calendar Operation Reports shall contain all of the Monitoring
Days) and include: required Reports
Monthly a) Interface elements as
events/issues agreed upon by
b) System HCFA and the
event/issues Contractor.
c) Software
event/issues
d) Errors and
Anomalies
e) Transactions
Sent and
Received (Daily,
Total Amount)
f) Transaction
Types
g) Staffing/Operati
onal Activities
and Issues
h) Number of
notices/letters

178
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
received and
sent (including
any/all
reconciliation
efforts)
i) Cumulative
statistics and
complete
breakdown of all
letters and
notices by type
j) Performance
against SLA
k) Average
response times
(for SLA
validation)
Deliverable AOA Report Annual The AOA Report a) The document Type A A.10
55 evaluates investment provides an
operational results overview of the
against investment current
objectives. operation of the
The AOA Report should system and how
include the following it fits within the
sections: organization’s
a) Overview investment
objectives.
b) Cost Benefit
Analysis b) The document
includes all
c) Schedule sections as
Analysis prescribed in
d) Performance the document
Analysis description
e) Risk Analysis c) The document
f) Improvement has the
g) Recommendatio necessary
ns and signatures
Approvals

179
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
Deliverable Warranty Monthly until Report validates that the a) The report is a) Project Type A A.26
56 Completion completion hardware, customized produced while Completion
Report of warranty IMS, and supporting the Solution is Report
software are performing still within the b) Project
in a stable manner. warranty period Closeout Report
Report summarizes the b) This report is c) Disposition Plan
current state of sufficient
production including enough to
open issues, transition communicate
status and production needed fixes
environment covered under
performance statistics. the warranty
Deliverable Post Once per This Post Implementation a) The Post Type A A.17
57 Implementati release Report results from Implementation
on Report upon State monitoring the Report contains
approval performance of the steps to gather
system/application during and take action
normal operations on lessons
against original user learned on
requirements and any activities
newly implemented executed in all
requirements or Solution
changes. releases.
b) The Post
Implementation
Report contains
a
User/Customer
Assessment
based on
feedback
received
c) The Post
Implementation
Report contains
a Performance
Assessment
d) The Post
Implementation
Report contains

180
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
justification as
to if the existing
system should
continue in
operation as is,
be enhanced, or
terminated. If
the system is to
be enhanced or
terminated,
summarize the
actions to be
taken this fiscal
year.
Deliverable O&M Monthly The O&M Runbook a) The O&M a) Technology Type C A.17
58 Runbook contains information and Runbook Change
strategies designed to incorporates Management
guide operational testing, training, Plan
stakeholders in the and b) Configuration
normal use and reinforcement Management
maintenance of the exercises that Plan and
Solution. The manual are planned and Database
should be designed in a implemented. c) Assets
manner that facilitates b) The clarity and Management
actions and responses to effectiveness of Plan
anything that may arise the O&M
during normal product d) Event
Runbook has Management
operations and been validated
maintenance including Plan
through sample
but not limited to testing by e) Incident
incident, problem, representative Management
request, asset, event, users. Plan
and IT change c) The O&M f) Problem
management activities. Runbook Management
The O&M Runbook defines the Plan
guides those who target audience g) Request
maintain, support and/or for specifies Management
use the system in a day- sections of the Plan
to-day operations Runbook.
environment.
d) The O&M
Runbook

181
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
defines the
necessary skills
required to
perform said
activities.
Deliverable System Go- Once per The System Go-Live a) Describes at a Type B A.17
59 Live Report release Report is a record of how high level the
upon State the implementation went. major problems
approval The focus is on encountered
deviations from what was during data
considered default or conversion
what was planned. This activities and
information is critical for corrective
a successful transition to actions that
maintenance. It is also were applied to
useful for project closure solve them
and for archival for future b) Describes at a
projects. high level the
major problems
encountered
while
establishing the
Production
Environment
and corrective
actions that
were applied to
solve them
c) Describe at a
high level the
major problems
encountered
during the move
of the
application to
the production
environment
and corrective
actions that
were applied to
solve them

182
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
Deliverable Operational Once per The Operational a) The Operational a) Operational Type A A.15
60 Readiness release Readiness Plan and Support Plan Readiness Plan
Plan and upon State Report details and been completed and Report
Report approval reports how the and signed off. b) System of
system/application is put b) The Plan should Record Notice
into Production without ensure that the c) Operational
verification that it meets transition and Readiness
performance knowledge Checklist
requirements and that transfer has
the operation and successfully
maintenance procedures been completed
ensure prompt system and/or a O&M
recovery without loss of Contractor is in
data. place
The Operational c) The technical
readiness plan provides policies and
a checklist and an processes are
approach for carrying out successfully
readiness assessments operated in
activities. production
The Operational d) User IDs for all
readiness activities roles are setup
include a review of the
integrity of system data
(data cleansing) and
readiness for data
conversion.
The Operational
readiness plan provides
a mechanism to identify
areas of deficiencies with
sufficient detail to allow
the business unit to
prepare an action plan in
response to the
deficiency.
The Operational
readiness plan defines a
communication plan
which identifies points of

183
Deliverable Name Frequency Description Exit Criteria Artifacts Review Contract
# Cycle Section
Reference
contact for the relevant
implementation
stakeholders.

184
A.28 Change Order – Special Projects & Enhancement

A.28.1 Special Projects are additional projects that the State may, at its sole discretion, initiate
and assign to the Contractor during the DDI phase of the Contract for the performance of
services, fulfillment of additional requirements, or creation of deliverables (Services)
outside those set forth in the DDI Scope of Services of this Contract.

A.28.2 All Special Projects shall be associated with a Gate Review as determined by the State
and not paid until approved as part of the Gate Review process.

A.28.3 Enhancements are additional projects that the State may, at its sole discretion, initiate
and assign to the Contractor during the O&M phase of the Contract for the performance
of Services outside those set forth in the O&M Scope of Services of this Contract (See
Section A.10.13.5).

A.28.4 Following mutual agreement, Change Orders shall be implemented by a Control

Memorandum as described in Section A.29.

A.28.5 Change Order Creation – After receipt of a written request for the performance of
Services, the Contractor shall respond to the State, within a maximum of ten (10)
business days, with a written proposal for completing the Services. Contractor’s proposal
must specify:

the effect, if any, of implementing the requested change(s) on all other services
required under this Contract;

a description of the units of service needed to complete the Change Order;

the specific effort involved in completing the change(s);

the expected schedule for completing the change(s);

the maximum number of person hours required for the change(s); and

a fixed price for all Services under the Change Order. The fixed price for
Enhancement Change Orders shall be based on the Contractor’s hourly rates as
detailed in Attachment 10 to this Contract, discounted by fifty percent (50%). The
fixed price for all other Change Orders will be based on the undiscounted hourly
rates as detailed in Contract Attachment 10. The maximum cost for the Services
shall in no instance exceed the product of the person hours required multiplied by
the appropriate payment rate proposed for such work.

A.28.6 The Contractor shall not perform any Services under the Change Order until the State
has approved the Change Order proposal. If approved, the State will sign the proposal,
and it shall constitute a binding agreement between the Parties pertaining to the specified
change(s) and shall, under this provision, be incorporated into this Contract by reference.
Unless otherwise agreed in the applicable Change Order, all terms of this Contract,
including but not limited to Warranty and Liquidated Damages shall apply to services
provided under Change Orders.

A.28.7 Change Order Performance— Subsequent to creation of a Change Order, the Contractor
shall complete the required Services in accordance with the requirements of the Change

185
 Order. The State shall be the sole judge of the acceptable completion of work and, upon
such determination, shall provide the Contractor written approval.

A.28.8 Change Order Remuneration— The State will remunerate the Contractor only for
approved work. All approved work performed pursuant to an approved Change Order
shall be remunerated in accordance with Contract Section C.3.c, PROVIDED THAT in no
instance shall the State be liable to the Contractor for any amount exceeding the fixed
price specified by the Change Order authorizing the goods or services. Upon State
approval of the work, the Contractor shall invoice the State in accordance with the
relevant provisions of this Contract.

A.29 Control Memorandum Process

A.29.1 The Control Memorandum (“CM”) process shall be utilized by the State to clarify Contract
requirements, issue instruction to the Contractor, document action required of the
Contractor, or request information from the Contractor. In addition, the CM process shall
be used by the State to impose assessments of damages, either actual or liquidated. This
process will be used to address issues or matters that do not require a contract
amendment. Each CM must be in writing and indicate the date on which it was issued.
CMs may provide relevant history, background, and other pertinent information regarding
the issue(s) being addressed in the CM. Each CM will establish a deadline or timeframe
for the Contractor’s reply or other action. All CMs submitted to the Contractor must be
signed and approved by the State’s Project Director (or his/her designee). When the CM
pertains to damages, either actual or liquidated, the State may issue consecutive CMs,
as may be necessary or appropriate.

A CM may include one (1) or more of the following five (5) components of the CM
process described below:

a) On Request Report – a request directing the Contractor to provide information by

the time and date set out in the CM.

b) Control Directive (CD) – instructions that require the Contractor to complete, within a
designated timeframe, one (1) or more deliverables or to perform any other request
from the State that is within the scope of the Contract. A CD may also provide
clarification of certain Contract terms. Once a CM/CD has been issued, it shall be
considered to be incorporated into this Contract.

c) Notice of Potential Damages (Actual or Liquidated) (NPD) – notification to the

Contractor that the State has determined that a potential Contract performance or
compliance issue exists and that the State is contemplating assessing damages,
actual and/or liquidated. The NPD shall identify the Contract provision(s) on which
the State determination rests. The State must issue a NPD within ninety (90) days of
State's actual knowledge of a potential Contract performance failure or compliance
issue.

d) Notice of Calculation of Potential Damages (Actual or Liquidated) (NCPD) –

notification to the Contractor that provides a calculation of the amount of potential
damages, actual and/or liquidated, that the State is contemplating assessing against
the Contractor. NPDs and NPCDs may be issued consecutively or simultaneously.

e) Notice of Intent to Assess Damages (Actual or Liquidated) (NIAD) – notification to

the Contractor that the State is assessing damages and specifying whether the
damages are actual damages, Liquidated Damages, or both, and setting out the
performance or compliance issue underlying each intended damage assessment.

186
 The NIAD shall identify the NPD and NCPD upon which it is based. The NIAD shall
specify the total amount and type of damages, whether actual or liquidated, the
State intends to assess. Following the issuance of an NIAD, the State may elect to
withhold damages from payments due to Contractor. The State may not issue a
NIAD without first issuing a NPD and a NPCD. The State may not obtain both
Liquidated Damages and Actual Damages for the same occurrence of a Contract
performance failure.

A.29.2 Damages for failure to comply with CM. The Contractor shall fully comply with all CMs.
Failure to do so may result in the State pursuing recovery of damages, as defined in
Section E.10, including Liquidated Damages as listed in Contract Attachment 2, a
corrective action plan, and/or termination of the Contract.

A.29.3 Appeal of Damages by Contractor. Contractor may appeal either the basis for NPD or
calculation of NCPD potential damages, either actual or liquidated. To do so, the
Contractor shall submit to the State’s Project Director (or his/her designee) a written
response to the NPD and/or NCPD within ten (10) business days of receipt of a CM
which includes a NPD or a NCPD. The State’s Project Director (or his/her designee) shall
review the appeal and provide notice of his/her determination to the Contractor through a
CM. If the Contractor disagrees with the State’s Project Director’s (or his/her designee)
initial appeal determination or the State’s Project Director (or his/her designee) is unable
to resolve the appeal, the Contractor may submit a written request to the State’s Project
Director (or his/her designee) that the matter be escalated to senior management of the
Agency. Contractor shall submit such a request for escalation within ten (10) business
days of its receipt of the initial appeal determination from the State’s Project Director (or
his/her designee) or of notification by the State’s Project Director that he/she is unable to
resolve the appeal. The State’s senior management shall provide written notice of its final
determination to the Contractor within (10) days of the receipt of the appeal from the
Contractor. Upon appeal or escalation, the State shall not increase the amount of the
potential damages.

A.29.4 For purposes of clarification, (a) the Control Memorandum process alone may not be used
as a substitute for the Change Order process in Section A.28, and (b) actual damages
assessed pursuant to Section A.29.1.1(e) shall be retained by the State pending resolution
of the dispute or claim giving rise thereto and final disposition of the funds has been
determined.

A.30 Payment

A.30.1 The standard method for payment under this Contract to Contractor is that payment shall
be as outlined in Section C upon State certification of a successful unconditional pass of
the Gate Review based upon the requirements for which Contractor is responsible (as
described in Section C.3 below) and State approval of all deliverables associated with
that Gate Review. Upon completion of both requirements, the State shall pay of 80% of
the funds allocated to that Gate Review. 20% of the total monies due upon Gate Review
approval will be withheld and disbursed as follows:

Fifty percent (50%) of the amount withheld upon the next Successful Release

Fifty percent (50%) of the amount withheld upon completion of the release’s
Warranty Period.

A.30.2 Special Project Change Orders and shall be paid only upon the successful unconditional
pass of the associated Gate Review based upon the requirements for which Contractor is
responsible and State acceptance of all associated deliverables.

187
A.30.3 Enhancement Change Orders shall only be paid upon Successful Release of the
Enhancement functionality.

A.30.4 The State shall not make payments for any deliverables, regardless of their approval
status, until State certification of successful unconditional pass of the related Gate
Review based upon the requirements for which Contractor is responsible.

A.30.5 In the event that a Change Order necessitates changes to a deliverable approved in a
previous Gate Review, the State shall consider these revised deliverables to be required
deliverables associated with the next Gate Review or subject to State approval prior to
enhancement release.

A.30.6 Following Go-Live of the applicable Release, the Contractor shall begin monthly O&M
reporting and the Contractor shall invoice the monthly O&M cost as described in Section
C.3.

A.30.7 In exceptional circumstances and solely on its own initiative and in the exercise of its own
discretion, the State may alter the payment and withhold structure, set forth in Section
A.30.1, under this Contract. Such alterations shall be governed by the Control
Memorandum process and may include:

The State may pay Contractor an amount in excess of the amount due at the time
of a successful Gate Review, if the Contractor has completed a functionality or
functionalities scheduled to be included in a later Gate Review. Any such excess
amount will be deducted from the amount due to the Contractor upon the
successful Gate Review that was originally intended to include that functionality or
functionalities.

The State may alter the amount of the withhold, set out in Section A.30.1 by
reducing the withhold amount or eliminating the withhold amount from any
particular Gate Review Payment.

The State may reallocate certain amounts due under this Contract in order to
compensate Contractor for completion of duties, tasks, or intermediate
deliverables, either those unspecified as described in Section A.3 that are
necessary to achieve success on this Contract or those specified in the Contract.

A.30.8 In no event shall any alteration set out above:

increase the total amount due to the Contractor from the State under this
Contract;

result in a delay or reduction of any payment to the Contractor, except to the

extent that funds have previously been paid to the Contractor as a result of an
alteration; or

be used to compensate the Contractor for any work which has not been
completed at the time that the alteration of the payment or withhold structure is
made.

A.30.9 The alteration to the payment and withhold structure shall be deemed to be made at the
time that the State notifies the Contractor in writing that a decision to make such an
alteration has been made.

188
 A.30.10 The Contractor agrees and understands that the determination by the State that
exceptional circumstance(s) exist (or do not exist) and the determination of the type,
amount and timing of any alteration, if any, is the sole prerogative of the State and is not
subject to any review.

A.31. Nondiscrimination Compliance Requirements. The Contractor shall comply with all applicable
federal and state civil rights laws, regulations, rules, and policies and Contract Section D.9 of this
Contract.

a) On an annual basis, the Contractor’s staff and subcontractors assigned to perform

duties under the terms of this Contract shall receive nondiscrimination training. The
Contractor shall be able to show documented proof that the training was made
available to the Contractor’s staff and to its subcontractors that are considered to be
performing duties under this contract.

b) The Contractor shall keep such records as may be necessary in order to submit
timely, complete and accurate compliance reports that may be requested by HHS,
U.S. Department of Justice (“DOJ”), HCFA, or their designees. If requested, the
information shall be provided in a format and timeframe specified by HHS, DOJ,
HCFA. The requested information may be necessary to enable HHS, HCFA to
ascertain whether the Contractor is complying with the applicable civil rights laws.

c) The Contractor shall permit access as set forth in the applicable civil rights laws to
HHS, DOJ, HCFA, or their designees during normal business hours to such of its
books, records, accounts, and other sources of information, and its facilities as may
be pertinent to ascertain whether the Contractor is complying with the applicable
civil rights laws.

d) Should a discrimination complaint be filed by a HCFA staff member or contractor

alleging an incident claimed to be caused by either the Contractor’s staff or one of
its subcontractors who are considered to be performing duties under this contract,
the Contractor shall work with HCFA to investigate and resolve the allegation. HCFA
reserves the right to determine the complaint resolution and corrective action.

e) Electronic and Information Technology Accessibility Requirements. The Contractor

agrees to comply with the electronic and information technology accessibility
requirements under the federal civil rights laws including Section 504 and Section
508 of the Rehabilitation Act of 1973 (“Section 508”) and the Americans with
Disabilities Act. To comply with these accessibility requirements for Web content
and non-Web electronic documents and software, the Contractor shall use W3C’s
Web Content Accessibility Guidelines (“WCAG”) 2.0 AA (For the W3C’s guidelines
see: http://www.w3.org/TR/WCAG20/) (Two core linked resources are
Understanding WCAG 2.0 http://www.w3.org/TR/UNDERSTANDING-WCAG20/ and
Techniques for WCAG 2.0 http://www.w3.org/TR/WCAG20-TECHS/).

1) Should the Contractor have a designated staff member responsible for Contractor’s
electronic and information technology accessibility compliance, the name and contact
information for this individual shall be provided to HCFA within ten (10) days of the
implementation of this Contract and within ten (10) days of this position being
reassigned to another staff member.

189
2) Prior to the start of this Contract and on an annual basis thereafter, the Contractor’s
staff that is designated to work on HCFA’s electronic and information technology
projects shall receive training on electronic and information technology accessibility
requirements. The Contractor shall be able to show documented proof that this
training was provided. In addition, Contractor shall provide a copy of its electronic
and information technology accessibility training to HCFA upon request.

3) Contractor agrees to perform regularly scheduled (i.e., automatic) scans and manual
testing for WCAG 2.0 AA compliance for all user content and applications in order to
meet the standards for compliance. The Contractor must ensure that any system
additions, updates, changes or modifications comply with WCAG 2.0 AA. COTS
products may be used to verify aspects of WCAG 2.0 AA compliance.

4) Additionally, the Contractor agrees to comply with Title VI of the Civil Rights Act of
1964. In order to achieve Title VI compliance the Contractor should add a system
function that allows users to translate the content into a language other than English.
This requirement may be satisfied by the provision of a link to Google translate or
other machine translate tool.

190
B TERM OF CONTRACT:
B.1 This Contract shall be effective for the period beginning on October 1, 2016 (“Effective Date”)
and ending on September 30, 2020 (“Term”). The State shall have no obligation for goods or
services provided by the Contractor prior to the Effective Date.

B.2 Renewal Options. This Contract may be renewed upon satisfactory completion of the Term. The
State reserves the right to execute up to three (3) renewal options under the same terms and
conditions for a period not to exceed twelve (12) months each by the State, at the State’s sole
option. In no event, however, shall the maximum Term, including all renewals or extensions,
exceed a total of eighty-four (84) months.

C PAYMENT TERMS AND CONDITIONS:

C.1 Maximum Liability In no event shall the maximum liability of the State under this Contract exceed
One Hundred Twenty-Nine Million One Hundred Thirty Thousand Sixty-Five Dollars and Six
Cents ($129,130,065.06) (“Maximum Liability”). This Contract does not grant the Contractor any
exclusive rights. The State does not guarantee that it will buy any minimum quantity of goods or
services under this Contract. Subject to the terms and conditions of this Contract, the Contractor
will only be paid for goods or services provided under this Contract after a purchase order is
issued to Contractor by the State or as otherwise specified by this Contract.

C.2 Compensation Firm The payment methodology in Section C.3. of this Contract shall constitute
the entire compensation due the Contractor for all goods or services provided under this
Contract regardless of the difficulty, materials or equipment required. The payment methodology
includes all applicable taxes, fees, overhead, and all other direct and indirect costs incurred or to
be incurred by the Contractor.

C.3. Payment Methodology The Contractor shall be compensated based on the payment
methodology for goods or services authorized by the State in a total amount as set forth in
Section C.1.

a) The Contractor’s compensation shall be contingent upon the satisfactory provision

of goods or services as set forth in Section A.

b) The Contractor shall be compensated based upon the following payment

methodology:
Amount
Goods or Services Description (per compensable
increment)
Release 1: Project Baseline Review (PBR) $ 709,957.07

Release 1: Preliminary Design Consult $ 345,766.31

(PDC)
Release 1: Detailed Design Consult (DDC) $ 1,973,052.66

Release 1: Final Detailed Design Review $ 5,051,692.15

Release 1: Validation Readiness Review $ 780,581.33

(VRR)

191
 Amount
Goods or Services Description (per compensable
increment)
Release 1: Implementation Readiness $ 2,369,154.99
Review (IRR)
Release 1: Operational Readiness Review $ 14,296,638.75
(ORR)
Release 1: Post Implementation Review $ 1,749,584.89

Release 1: First Go Live $ 3,409,553.52

Release 1: End of the Warranty Period $ 3,409,553.52

Release 2: Project Baseline Review (PBR) $ 841,190.52

Release 2: Preliminary Design Consult $ 412,011.22

(PDC)
Release 2: Detailed Design Consult (DDC) $ 2,954,134.23

Release 2: Final Detailed Design Review $ 6,926,439.54

Release 2: Validation Readiness Review $ 1,028,186.55

(VRR)
Release 2: Implementation Readiness $ 3,216,273.38
Review (IRR)
Release 2: Operational Readiness Review $ 19,571,016.30
(ORR)
Release 2: Post Implementation Review – $ 2,256,176.83
State
Release 2: First Go Live $ 4,650,678.57

Release 2: End of the Warranty Period $ 4,650,678.57

Total DDI $80,602,320.93

Monthly O&M Services— Post Release 1, $ 916,265.11 per

Month 1 though Month 12 (Year 2) month
Monthly O&M Services— Post Release 1, $ 916,265.11 per
Month 1 through 5 (Year 3) month
Monthly O&M Services— Post Release 2, $ 956,751.48 per
Month 1 through 7 (Year 3) month
Monthly O&M Services— Post Release 2, $ 956,751.48 per
Months 1 through 12 (Year 4) month

Total O&M Services $33,754,784.99

c) The Contractor shall be compensated for Special Project Change Orders and
Enhancement Change Orders requested and performed pursuant to Contract
Section A.28 without a formal amendment of this Contract based upon the fixed

192
 price for such Change Orders, calculated as described in Section A.28.5.6,
PROVIDED THAT:

1) compensation to the Contractor for Special Project Change Orders shall not
exceed FIFTEEN PERCENT (15 %) of the sum of milestone payments detailed
in Section C.3.b, above (which is the total cost for the milestones and
associated deliverables set forth in the Table of Deliverables).

2) compensation to the Contractor for Enhancement Change Orders shall not

exceed the total of the amounts contained in the Enhancements Tab of the
Cost Proposal. Any increase above the original Maximum Amount for
Enhancement Change Orders shall require an amendment to the Contract as
described in Section C.3.(c)(3). Once the original Maximum Amount for
Enhancement Change Orders has been exhausted, charges under
Enhancement Change Orders shall be based on the hourly rates as detailed in
Contract Attachment 10 and not subject to the fifty percent (50%) discount
described in Section A.28.5.6.

3) If, at any point during the Term, the charges for necessary Special Projects or
Enhancements work would exceed the applicable Maximum Amount, the State
may amend this Contract to address the need. The State shall not be obligated
to pay for, and the Contractor shall not be obligated to perform, Special Project
or Enhancement work in excess of the applicable maximum amounts then in
effect.

Service Description Amount

Special Project Change Order $ 12,090,348.14

Requests (Section A.28) (15% of the sum of milestone payments reimbursed at
hourly rates submitted in Cost Proposal for multiple
staff levels)
Enhancement Change Order $ 2,682,611.00
Request (Total of the amounts contained in the Enhancements
(Section A.10.13.5 and A.28) Tab of the Cost Proposal)
NOTE: The Contractor shall not be compensated for travel time to the primary location of service
provision.

d) Should the State exercise its term extension options for additional three (3) years, the
Contractor shall be compensated based on the following rates:

Service Description Amount

(per compensable increment)
Monthly O&M Services— $ 1,096,628.73 per month
Expansion Years (Year 5)
Monthly O&M Services— $ 1,096,628.73 per month
Expansion Years (Year 6)
Monthly O&M Services— $ 1,096,628.73 per month
Expansion Years (Year 7)

NOTE: The Contractor shall not be compensated for travel time to the primary location of service
provision.

193
C.3 Travel Compensation. The Contractor shall not be compensated or reimbursed for travel time,
travel expenses, meals, or lodging.

C.4 Invoice Requirements. The Contractor shall invoice the State only for goods delivered and
accepted by the State or services satisfactorily provided at the amounts stipulated in Section
C.3, above. If an invoice is for services rendered by Contractor’s staff and subcontractors on a
time and materials basis, the invoice shall, at a minimum, include the name of each individual,
the individual’s job family, the number of hours worked during the period, the applicable Payment
Rate, the total compensation requested for the individual, and the total amount due the
Contractor for the period invoices. Contractor shall submit invoices and necessary supporting
documentation, no more frequently than once a month, and no later than thirty (30) days after
the invoice-triggering event to the following address:

Division of Health Care Finance and Administration

310 Great Circle Road
Nashville, TN 37243

a) Each invoice, on Contractor’s letterhead, shall clearly and accurately detail all of the
following information (calculations must be extended and totaled correctly):

1) Invoice number (assigned by the Contractor);

2) Invoice date;

3) Contract number (assigned by the State);

4) Customer account name: State Agency & Division Name;

5) Customer account number (assigned by the Contractor to the above-referenced

Customer);

6) Contractor name;

7) Contractor Tennessee Edison registration ID number;

8) Contractor contact for invoice questions (name, phone, or email);

9) Contractor remittance address;

10) Description of delivered goods or services provided and invoiced, including

identifying information as applicable;

11) Number of delivered or completed units, increments, hours, or days as

applicable, of each good or service invoiced;

12) Applicable payment methodology (as stipulated in Section C.3) of each good or
service invoiced;

13) Amount due for each compensable unit of good or service; and

14) Total amount due for the invoice period.

b) Contractor’s invoices shall:

194
 1) Only include charges for goods delivered or services provided as described in
Section A and in accordance with payment terms and conditions set forth in
Section C;

2) Only be submitted for goods delivered or services completed and shall not
include any charge for future goods to be delivered or services to be performed;

3) Not include Contractor’s taxes, which includes without limitation Contractor’s

sales and use tax, excise taxes, franchise taxes, real or personal property taxes,
or income taxes; and

4) Include shipping or delivery charges only as authorized in this Contract.

c) The timeframe for payment (or any discounts) begins only when the State is in
receipt of an invoice that meets the minimum requirements of this Section C.5.

C.5 Payment of Invoice. A payment by the State shall not prejudice the State’s right to object to or
question any payment, invoice, or other matter. A payment by the State shall not be construed
as acceptance of goods delivered, any part of the services provided, or as approval of any
amount invoiced.

C.6 Invoice Reductions. The Contractor’s invoice shall be subject to reduction for amounts included
in any invoice or payment that is determined by the State, on the basis of audits conducted in
accordance with the terms of this Contract, to not constitute proper compensation for goods
delivered or services provided.

C.7 Deductions. The State reserves the right to deduct from amounts, which are or shall become due
and payable to the Contractor under this or any contract between the Contractor and the State of
Tennessee, any amounts that are or shall become due and payable to the State of Tennessee
by the Contractor.

C.8 Prerequisite Documentation. The Contractor shall not invoice the State under this Contract until
the State has received the following, properly completed documentation.

a) The Contractor shall complete, sign, and present to the State the “Authorization
Agreement for Automatic Deposit Form” provided by the State. By doing so, the
Contractor acknowledges and agrees that, once this form is received by the State,
payments to the Contractor, under this or any other contract the Contractor has with
the State of Tennessee, may be made by Automated Clearing House; and

b) The Contractor shall complete, sign, and return to the State the State-provided W-9
form. The taxpayer identification number on the W-9 form must be the same as the
Contractor’s Federal Employer Identification Number or Social Security Number
referenced in the Contractor’s Edison registration information.

D MANDATORY TERMS AND CONDITIONS:

D.1 Required Approvals. The State is not bound by this Contract until it is duly approved by the
Parties and all appropriate State officials in accordance with applicable Tennessee laws and
regulations. Depending upon the specifics of this Contract, this may include approvals by the
Commissioner of Finance and Administration, the Commissioner of Human Resources, the
Comptroller of the Treasury, and the Chief Procurement Officer. Approvals shall be evidenced by
a signature or electronic approval.

195
D.2 Communications and Contacts. All instructions, notices, consents, demands, or other
communications required or contemplated by this Contract shall be in writing and shall be made
by certified, first class mail, return receipt requested and postage prepaid, by overnight courier
service with an asset tracking system, or by email or facsimile transmission with recipient
confirmation. All communications, regardless of method of transmission, shall be addressed to
the respective Party at the appropriate mailing address, facsimile number, or email address as
stated below or any other address provided in writing by a Party.
The State:

Wendy Long, M.D., Deputy Commissioner

Department of Finance and Administration
Division of Health Care Finance and Administration
310 Great Circle Road
Nashville, TN 37243
Wendy.long@tn.gov
Telephone # (615) 507-6444
FAX # (615) 253-6507

The Contractor:
Brad Eskind, Principal
Deloitte Consulting LLP
1033 Demonbreun Street
Suite 400
Nashville, TN 37203
beskind@deloitte.com

All instructions, notices, consents, demands, or other communications shall be considered

effective upon receipt or recipient confirmation as may be required.

All information or data that is necessary for one or more deliverables set forth in this Contract
shall be transmitted between HCFA and Contractor via the data transfer method specified in
advance by HCFA. This may include, but shall not be limited to, transfer through HCFA’s
SFTP system. Failure by the Contractor to transmit information or data that is necessary for a
deliverable in the manner specified by HCFA, may, at the option of HCFA, result in Liquidated
Damages as set forth in Contract Attachment 2.

D.3 Modification and Amendment. This Contract may be modified only by a written amendment
signed by all Parties and approved by all applicable State officials.

D.4 Subject to Funds Availability. The Contract is subject to the appropriation and availability of State
or federal funds. In the event that the funds are not appropriated or are otherwise unavailable,
the State reserves the right to terminate this Contract upon written notice to the Contractor. The
State’s exercise of its right to terminate this Contract shall not constitute a breach of Contract by
the State. Upon receipt of the written notice, the Contractor shall cease all work associated with
the Contract. If the State terminates this Contract due to lack of funds availability, the Contractor
shall be entitled to compensation for all conforming goods requested and accepted by the State
and for all satisfactory and authorized services completed as of the termination date. Should the
State exercise its right to terminate this Contract due to unavailability of funds, the Contractor
shall have no right to recover from the State any actual, general, special, incidental,
consequential, or any other damages of any description or amount.

196
D.5 Termination for Convenience. The State may terminate this Contract for convenience without
cause and for any reason. The State shall give the Contractor at least thirty (30) days written
notice before the termination date. The Contractor shall be entitled to compensation for all
conforming goods delivered and accepted by the State or for satisfactory, authorized services
completed as of the termination date. In no event shall the State be liable to the Contractor for
compensation for any goods neither requested nor accepted by the State or for any services
neither requested by the State nor satisfactorily performed by the Contractor. In no event shall
the State’s exercise of its right to terminate this Contract for convenience relieve the Contractor
of any liability to the State for any damages or claims arising under this Contract.

D.6 Termination for Cause. If the Contractor fails to properly perform its obligations under this
Contract, or if the Contractor materially violates any terms of this Contract (“Breach Condition”),
the State shall provide written notice to Contractor specifying the Breach Condition. If within ten
(10) days of notice, the Contractor has not cured the Breach Condition, the State may terminate
the Contract. Notwithstanding the above, the Contractor shall not be relieved of liability to the
State for damages sustained by virtue of any breach of this Contract by the Contractor and the
State may seek other remedies allowed at law or in equity for breach of this Contract.
Contractor may terminate this Contract if the State materially violates any terms of this Contract
and does not cure within sixty (60) days of receipt of notice thereof.

D.7 Assignment and Subcontracting. The Contractor shall not assign this Contract or enter into a
subcontract for any of the goods or services provided under this Contract without the prior written
approval of the State. Notwithstanding any use of the approved subcontractors, the Contractor
shall be the prime contractor and responsible for compliance with all terms and conditions of this
Contract. The State reserves the right to request additional information or impose additional
terms and conditions before approving an assignment of this Contract in whole or in part or the
use of subcontractors in fulfilling the Contractor’s obligations under this Contract.

D.8 Conflicts of Interest. The Contractor warrants that no part of the Contractor’s compensation shall
be paid directly or indirectly to an employee or official of the State of Tennessee as wages,
compensation, or gifts in exchange for acting as an officer, agent, employee, subcontractor, or
consultant to the Contractor in connection with any work contemplated or performed under this
Contract.

The Contractor acknowledges, understands, and agrees that this Contract shall be null and
void if the Contractor is, or within the past six (6) months has been, an employee of the State
of Tennessee or if the Contractor is an entity in which a controlling interest is held by an
individual who is, or within the past six (6) months has been, an employee of the State of
Tennessee.

D.9 Nondiscrimination. The Contractor hereby agrees, warrants, and assures that no person shall be
excluded from participation in, be denied benefits of, or be otherwise subjected to discrimination
in the performance of this Contract or in the employment practices of the Contractor on the
grounds of handicap or disability, age, race, creed, color, religion, sex, national origin, or any
other classification protected by federal or state law. The Contractor shall, upon request, show
proof of nondiscrimination and shall post in conspicuous places, available to all employees and
applicants, notices of nondiscrimination. In addition, the Contractor shall comply with the
provisions of Contract Section A.31 (Nondiscrimination Compliance Requirements) and this
Section D.9 shall not be deemed to limit or abridge any requirement set forth in Section A.31.

D.10 Prohibition of Illegal Immigrants. The requirements of Tenn. Code Ann. § 12-3-309 addressing
the use of illegal immigrants in the performance of any contract to supply goods or services to
the state of Tennessee, shall be a material provision of this Contract, a breach of which shall be
grounds for monetary and other penalties, up to and including termination of this Contract.

a) The Contractor agrees that the Contractor shall not knowingly utilize the services of

197
 an illegal immigrant in the performance of this Contract and shall not knowingly
utilize the services of any subcontractor who will utilize the services of an illegal
immigrant in the performance of this Contract. The Contractor shall reaffirm this
attestation, in writing, by submitting to the State a completed and signed copy of the
document at Contract Attachment 1, semi-annually during the Term. If the
Contractor is a party to more than one contract with the State, the Contractor may
submit one attestation that applies to all contracts with the State. All Contractor
attestations shall be maintained by the Contractor and made available to State
officials upon request.

b) Prior to the use of any subcontractor in the performance of this Contract, and semi-
annually thereafter, during the Term, the Contractor shall obtain and retain a
current, written attestation that the subcontractor shall not knowingly utilize the
services of an illegal immigrant to perform work under this Contract and shall not
knowingly utilize the services of any subcontractor who will utilize the services of an
illegal immigrant to perform work under this Contract. Attestations obtained from
subcontractors shall be maintained by the Contractor and made available to State
officials upon request.

c) The Contractor shall maintain records for all personnel used in the performance of
this Contract. Contractor’s records shall be subject to review and random inspection
at any reasonable time upon reasonable notice by the State.

d) The Contractor understands and agrees that failure to comply with this section will
be subject to the sanctions of Tenn. Code Ann. § 12-3-309 for acts or omissions
occurring after its effective date.

e) For purposes of this Contract, “illegal immigrant” shall be defined as any person who
is not: (i) a United States citizen; (ii) a Lawful Permanent Resident; (iii) a person
whose physical presence in the United States is authorized; (iv) allowed by the
federal Department of Homeland Security and who, under federal immigration laws
or regulations, is authorized to be employed in the U.S.; or (v) is otherwise
authorized to provide services under the Contract.

D.11 Records. The Contractor shall maintain documentation for all charges under this Contract. The
books, records, and documents of the Contractor, for work performed or money received under
this Contract, shall be maintained for a period of five (5) full years from the date of the final
payment and shall be subject to audit at any reasonable time and upon reasonable notice by the
State, the Comptroller of the Treasury, or their duly appointed representatives. The financial
records shall be prepared in accordance with standard accounting principles.

D.12 Monitoring. The Contractor’s activities conducted and records maintained pursuant to this
Contract shall be subject to monitoring and evaluation by the State, the Comptroller of the
Treasury, or their duly appointed representatives.

D.13 Progress Reports. The Contractor shall submit brief, periodic, progress reports to the State as
requested.

D.14 Strict Performance. Failure by any Party to this Contract to require, in any one or more cases,
the strict performance of any of the terms, covenants, conditions, or provisions of this Contract
shall not be construed as a waiver or relinquishment of any term, covenant, condition, or
provision. No term or condition of this Contract shall be held to be waived, modified, or deleted
except by a written amendment signed by the Parties.

198
D.15 Independent Contractor. The Parties shall not act as employees, partners, joint venturers, or
associates of one another. The Parties are independent contracting entities. Nothing in this
Contract shall be construed to create an employer/employee relationship or to allow either Party
to exercise control or direction over the manner or method by which the other transacts its
business affairs or provides its usual services. The employees or agents of one Party are not
employees or agents of the other Party.

D.16 Patient Protection and Affordable Care Act. The Contractor agrees that it will be responsible for
compliance with the Patient Protection and Affordable Care Act (PPACA) with respect to itself
and its employees, including any obligation to report health insurance coverage, provide health
insurance coverage, or pay any financial assessment, tax, or penalty for not providing health
insurance. The Contractor shall indemnify the State and hold it harmless for any costs to the
State arising from Contractor’s failure to fulfill its PPACA responsibilities for itself or its
employees.

D.17 Limitation of State’s Liability. The State shall have no liability except as specifically provided in
this Contract. In no event will the State be liable to the Contractor or any other party for any lost
revenues, lost profits, loss of business, decrease in the value of any securities or cash position,
time, money, goodwill, or any indirect, special, incidental, punitive, exemplary or consequential
damages of any nature, whether based on warranty, contract, statute, regulation, tort (including
but not limited to negligence), or any other legal theory that may arise under this Contract or
otherwise. The State’s total liability under this Contract (including any exhibits, schedules,
amendments or other attachments to the Contract) or otherwise shall under no circumstances
exceed the Maximum Liability. This limitation of liability is cumulative and not per incident.

D.18 Limitation of Contractor’s Liability. The Contractor will have no liability for any consequential
damages of any nature. In accordance with Tenn. Code Ann. § 12-3-701, the Contractor’s
liability for all claims arising under this Contract shall be limited to an amount equal to one and
one half (1.5) times the Maximum Liability amount detailed in Section C.1. and as may be
amended, PROVIDED THAT in no event shall this Section limit the liability of the Contractor for:
(i) intellectual property or any Contractor indemnity obligations for infringement for third-party
intellectual property rights; (ii) any claims for liquidated damages found in Sections A.17.8,
A.22.1.2, A.22.4.5, A.22.10.4, A.26.2.4, A.29.2, D.2, E.18, and Tables 7 and 8 of Contract
Attachment 2; or (iii) any claims for intentional torts, criminal acts, fraudulent conduct, or acts or
omissions that result in personal injuries or death.

D.19 Hold Harmless. The Contractor agrees to indemnify and hold harmless the State of Tennessee
as well as its officers, agents, and employees from and against any and all liabilities, losses, and
causes of action which may arise, accrue, or result to any third party (person, firm, corporation, or
other entity) which may be injured or damaged as a result of acts, omissions, or negligence on
the part of the Contractor, its employees, or any person acting for or on its or their behalf relating
to this Contract. As clarification, Contractor shall not be obligated to indemnify and hold harmless
for any such liabilities. losses, or causes of action as a result of acts, omissions, or negligence on
the part of any person or entity other than Contractor, its employees, or any person acting for on
Contractor’s behalf relating to this Contract. The Contractor further agrees it shall be liable for the
reasonable cost of attorneys for the State to enforce the terms of this Contract.

In the event of any suit or claim, the Parties shall give each other immediate notice and
provide all necessary assistance to respond. The failure of the State to give notice shall only
relieve the Contractor of its obligations under this Section to the extent that the Contractor
can demonstrate actual prejudice arising from the failure to give notice. This Section shall not
grant the Contractor, through its attorneys, the right to represent the State in any legal matter,
as the right to represent the State is governed by Tenn. Code Ann. § 8-6-106.

199
D.20 HIPAA Compliance. The State and Contractor shall comply with obligations under the Health
Insurance Portability and Accountability Act of 1996 (“HIPAA”), Health Information Technology
for Economic and Clinical Health (“HITECH”) Act and any other relevant laws and regulations
regarding privacy (collectively the “Privacy Rules”). The obligations set forth in this Section shall
survive the termination of this Contract.

a) Contractor warrants to the State that it is familiar with the requirements of the
Privacy Rules, and will comply with all applicable requirements in the course of this
Contract.

b) Contractor warrants that it will cooperate with the State, including cooperation and
coordination with State privacy officials and other compliance officers required by
the Privacy Rules, in the course of performance of the Contract so that both parties
will be in compliance with the Privacy Rules.

c) The State and the Contractor will sign documents, including but not limited to
business associate agreements, as required by the Privacy Rules and that are
reasonably necessary to keep the State and Contractor in compliance with the
Privacy Rules. This provision shall not apply if information received or delivered by
the parties under this Contract is NOT “protected health information” as defined by
the Privacy Rules, or if the Privacy Rules permit the parties to receive or deliver the
information without entering into a business associate agreement or signing another
document.

d) The Contractor will indemnify the State and hold it harmless for any violation by the
Contractor or its subcontractors of the Privacy Rules. This includes the costs of
responding to a breach of protected health information, the costs of responding to a
government enforcement action related to the breach, and any fines, penalties, or
damages paid by the State because of the violation.

D.21 Tennessee Consolidated Retirement System. Subject to statutory exceptions contained in Tenn.
Code Ann. §§ 8-36-801, et seq., the law governing the Tennessee Consolidated Retirement
System (“TCRS”), provides that if a retired member of TCRS, or of any superseded system
administered by TCRS, or of any local retirement fund established under Tenn. Code Ann. §§ 8-
35-101, et seq., accepts State employment, the member’s retirement allowance is suspended
during the period of the employment. Accordingly and notwithstanding any provision of this
Contract to the contrary, the Contractor agrees that if it is later determined that the true nature of
the working relationship between the Contractor and the State under this Contract is that of
“employee/employer” and not that of an independent contractor, the Contractor, if a retired
member of TCRS, may be required to repay to TCRS the amount of retirement benefits the
Contractor received from TCRS during the Term.

D.22 Tennessee Department of Revenue Registration. The Contractor shall comply with all applicable
registration requirements contained in Tenn. Code Ann. §§ 67-6-601 – 608. Compliance with
applicable registration requirements is a material requirement of this Contract.

D.23 Debarment and Suspension. The Contractor certifies, to the best of its knowledge and belief,
that it, its current and future principals, its current and future subcontractors hereunder and their
principals:

a) are not presently debarred, suspended, proposed for debarment, declared ineligible,
or voluntarily excluded from covered transactions by any federal or state department
or agency;

b) have not within a three (3) year period preceding this Contract been convicted of, or

200
 had a civil judgment rendered against them from commission of fraud, or a criminal
offense in connection with obtaining, attempting to obtain, or performing a public
(federal, state, or local) transaction or grant under a public transaction; violation of
federal or state antitrust statutes or commission of embezzlement, theft, forgery,
bribery, falsification, or destruction of records, making false statements, or receiving
stolen property;

c) are not presently indicted or otherwise criminally or civilly charged by a government

entity (federal, state, or local) with commission of any of the offenses detailed in
section b. of this certification; and

d) have not within a three (3) year period preceding this Contract had one or more
public transactions (federal, state, or local) terminated for cause or default.
The Contractor shall provide immediate written notice to the State if at any time it learns
that there was an earlier failure to disclose information or that due to changed
circumstances, its principals or the principals of its subcontractors are excluded or
disqualified.

D.24 Force Majeure. “Force Majeure Event” means fire, flood, earthquake, elements of nature or acts
of God, wars, riots, civil disorders, rebellions or revolutions, acts of terrorism or any other similar
cause beyond the reasonable control of the Party except to the extent that the non-performing
Party is at fault in failing to prevent or causing the default or delay, and provided that the default
or delay cannot reasonably be circumvented by the non-performing Party through the use of
alternate sources, workaround plans or other means. A strike, lockout or labor dispute shall not
excuse either Party from its obligations under this Contract. Except as set forth in this Section,
any failure or delay by a Party in the performance of its obligations under this Contract arising
from a Force Majeure Event is not a default under this Contract or grounds for termination. The
non-performing Party will be excused from performing those obligations directly affected by the
Force Majeure Event, and only for as long as the Force Majeure Event continues, provided that
the Party continues to use diligent, good faith efforts to resume performance without delay. The
occurrence of a Force Majeure Event affecting Contractor’s representatives, suppliers,
subcontractors, customers or business apart from this Contract is not a Force Majeure Event
under this Contract. Contractor will promptly notify the State of any delay caused by a Force
Majeure Event (to be confirmed in a written notice to the State within one (1) day of the inception
of the delay) that a Force Majeure Event has occurred, and will describe in reasonable detail the
nature of the Force Majeure Event. If any Force Majeure Event results in a delay in Contractor’s
performance longer than forty-eight (48) hours, the State may, upon notice to Contractor: (a)
cease payment of the fees for the affected obligations until Contractor resumes performance of
the affected obligations; or (b) immediately terminate this Contract or any purchase order, in
whole or in part, without further payment except for fees then due and payable. Contractor will
not increase its charges under this Contract or charge the State any fees other than those
provided for in this Contract as the result of a Force Majeure Event.

D.25 State and Federal Compliance. The Contractor shall comply with all applicable state and federal
laws and regulations in the performance of this Contract. In addition, the Contractor shall comply
with the provisions of Contract Section E.14, (Applicable Laws, Rules, Policies and Court
Orders), and this Section D.25 shall not be deemed to limit or abridge any requirement set forth
in Section E.14.

D.26 Governing Law. This Contract shall be governed by and construed in accordance with the laws
of the State of Tennessee. The Tennessee Claims Commission or the state or federal courts in
Tennessee shall be the venue for all claims, disputes, or disagreements arising under this
Contract. The Contractor acknowledges and agrees that any rights, claims, or remedies against
the State of Tennessee or its employees arising under this Contract shall be subject to and
limited to those rights and remedies available under Tenn. Code Ann. §§ 9-8-101 – 407.

201
D.27 Entire Agreement. This Contract is complete and contains the entire understanding between the
Parties relating to its subject matter, including all the terms and conditions of the Parties’
agreement. This Contract supersedes any and all prior understandings, representations,
negotiations, and agreements between the Parties, whether written or oral.

D.28 Severability. If any terms and conditions of this Contract are held to be invalid or unenforceable
as a matter of law, the other terms and conditions of this Contract shall not be affected and shall
remain in full force and effect. The terms and conditions of this Contract are severable.

D.29 Headings. Section headings of this Contract are for reference purposes only and shall not be
construed as part of this Contract.

D.30 Incorporation of Additional Documents. Each of the following documents is included as a part of
this Contract by reference. In the event of a discrepancy or ambiguity regarding the Contractor’s
duties, responsibilities, and performance under this Contract, these items shall govern in order of
precedence below:

a) any amendment to this Contract, with the latter in time controlling over any earlier
amendments;

b) this Contract with any attachments or exhibits (excluding the items listed at
subsections c. through f., below), which includes Contract Attachments 1 through 7
below;

c) any clarifications of or addenda to the Contractor’s proposal seeking this Contract;

d) the State solicitation, as may be amended, requesting responses in competition for

this Contract;

e) any technical specifications provided to proposers during the procurement process

to award this Contract; and

f) the Contractor’s response seeking this Contract.

D.31 Insurance. Contractor shall provide the State a certificate of insurance (“COI”) evidencing the
coverages and amounts specified below. The COI shall be provided ten (10) business days prior
to the Effective Date and again upon renewal or replacement of coverages required by this
Contract. If insurance expires during the Term, the State must receive a new COI at least thirty
(30) calendar days prior to the insurance’s expiration date. If the Contractor loses insurance
coverage, does not renew coverage, or for any reason becomes uninsured during the Term, the
Contractor shall notify the State immediately.

The COI shall be on a form approved by the Tennessee Department of Commerce and
Insurance (“TDCI”) and signed by an authorized representative of the insurer. The COI shall list
each insurer’s national association of insurance commissioners (also known as NAIC) number or
federal employer identification number and list the State of Tennessee, Risk Manager, 312 Rosa
Parks Ave., 3rd floor Central Procurement Office, Nashville, TN 37243 in the certificate holder
section. At any time, the State may require the Contractor to provide a valid COI detailing
coverage description; insurance company; policy number; exceptions; exclusions; policy effective
date; policy expiration date; limits of liability; and the name and address of insured. The
Contractor’s failure to maintain or submit evidence of insurance coverage is considered a
material breach of this Contract.

202
If the Contractor desires to self-insure, then a COI will not be required to prove coverage. In
place of the COI, the Contractor must provide a certificate of self-insurance or a letter on the
Contractor’s letterhead detailing its coverage, liability policy amounts, and proof of funds to
reasonably cover such expenses. Compliance with Tenn. Code Ann. § 50-6-405 and the rules of
the TDCI is required for the Contractor to self-insure workers’ compensation.

All insurance companies must be: (a) acceptable to the State as determined by the ratings in (c);
(b) authorized by the TDCI to transact business in the State of Tennessee; and (c) rated A- VII
or better by A. M. Best or the equivalent rating from a nationally recognized rating firm. The
Contractor shall provide the State evidence that all subcontractors maintain the required
insurance or that the subcontractors maintain insurance commensurate with the risks presented by
their performance of services under contract or agreement or are included under the Contractor’s
policy.

The Contractor agrees to name the State as an additional insured on any insurance policies
with the exception of workers’ compensation (employer liability) and professional liability (errors
and omissions) (“Professional Liability”) insurance. Also, all policies shall contain an
endorsement for a waiver of subrogation in favor of the State.

The deductible and any premiums are the Contractor’s sole responsibility. The Contractor
agrees that the insurance requirements specified in this Section do not reduce any liability the
Contractor has assumed under this Contract including any indemnification or hold harmless
requirements.

The State agrees that it shall give written notice to the Contractor as soon as practicable after
the State becomes aware of any claim asserted or made against the State, but in no event
later than thirty (30) calendar days after the State becomes aware of such claim. The failure of
the State to give notice shall only relieve the Contractor of its obligations under this Section to
the extent that the Contractor can demonstrate actual prejudice arising from the failure to give
notice. This Section shall not grant the Contractor or its insurer, through its attorneys, the right
to represent the State in any legal matter, as the right to represent the State is governed by
Tenn. Code Ann. § 8-6-106

All coverage required shall be on a primary basis and noncontributory with any other insurance
coverage or self-insurance carried by the State with respect to the State’s status as an
additional insured. The State reserves the right to amend or require additional endorsements,
types of coverage, and higher or lower limits of coverage depending on the nature of the work.
Purchases or contracts involving any hazardous activity or equipment, tenant, concessionaire
and lease agreements, alcohol sales, cyber-liability risks, environmental risks, special
motorized equipment, or property may require customized insurance requirements (e.g.
umbrella liability insurance) in addition to the general requirements listed below.
a. Commercial General Liability Insurance

1. The Contractor shall maintain commercial general liability insurance, which

shall be written on an Insurance Services Office, Inc. (also known as ISO)
occurrence form (or a substitute form providing equivalent coverage) and
shall cover liability arising from property damage, premises/operations,
independent contractors, contractual liability, completed
operations/products, personal and advertising injury, and liability assumed
under an insured contract (including the tort liability of another assumed in a
business contract).

2. The Contractor shall maintain bodily injury/property damage with a combined

single limit not less than one million dollars ($1,000,000) per occurrence and

203
 two million dollars ($2,000,000) aggregate for bodily injury and property
damage, including products and completed operations coverage with an
aggregate limit of at least two million dollars ($2,000,000).

b. Workers’ Compensation and Employer Liability Insurance

1. For Contractors statutorily required to carry workers’ compensation and

employer liability insurance, the Contractor shall maintain:

i. Workers’ compensation in a statutory amount; one million dollars

($1,000,000) including employer liability of one million dollars
($1,000,000) per accident for bodily injury by accident, one million dollars
($1,000,000) policy limit by disease, and one million dollars ($1,000,000)
per employee for bodily injury by disease.

2. If the Contractor certifies that it is exempt from the requirements of Tenn.

Code Ann. §§ 50-6-101 – 103, then the Contractor shall furnish written proof
of such exemption for one or more of the following reasons:

i. The Contractor employs fewer than five (5) employees;

ii. The Contractor is a sole proprietor;

iii. The Contractor is in the construction business or trades with no

employees;

iv. The Contractor is in the coal mining industry with no employees;

v. The Contractor is a state or local government; or

vi. The Contractor self-insures its workers’ compensation and is in

compliance with the TDCI rules and Tenn. Code Ann. § 50-6-405.

E SPECIAL TERMS AND CONDITIONS:

E.1 Conflicting Terms and Conditions. Should any of these special terms and conditions conflict with
any other terms and conditions of this Contract, the special terms and conditions shall be
subordinate to the Contract’s other terms and conditions.

204
E.2 Confidentiality of Records. Strict standards of confidentiality of records and information shall be
maintained in accordance with applicable state and federal law. All material and information,
regardless of form, medium or method of communication, provided to the Contractor by the State
or acquired by the Contractor on behalf of the State that is regarded as confidential under state
or federal law shall be regarded as “Confidential Information.” Nothing in this Section shall permit
Contractor to disclose any Confidential Information, regardless of whether it has been disclosed
or made available to the Contractor due to intentional or negligent actions or inactions of agents
of the State or third parties. Confidential Information shall not be disclosed except as required or
permitted under state or federal law. The Contractor shall only use Confidential Information for
activities pursuant to and related to the performance of the Contract. Contractor shall take all
necessary steps to safeguard the confidentiality of such material or information in conformance
with applicable state and federal law.

The obligations set forth in this Section shall survive the termination of this Contract.

E.3 State Ownership of Goods. The State shall have ownership, right, title, and interest in all goods
provided by Contractor under this Contract including full rights to use the goods and transfer title
in the goods to any third parties.

E.4 Ownership of Software and Work Products.

a) Definitions.

1) “Contractor-Owned Software,” shall mean commercially available software the rights

to which are owned by Contractor, including but not limited to commercial off-the-
shelf software which is not developed using State’s money or resources.

2) “Custom-Developed Application Software,” shall mean customized application

software developed by Contractor solely for State.

3) “Third-Party Software,” shall mean software not owned by the State or the
Contractor.

4) “Work Product,” shall mean all software, software source code, documentation,
planning, and other intellectual property, including but not limited to intellectual
property for COTS customizations, that are created, designed, developed, or
documented by the Contractor exclusively for the State during the course of the
project using State’s money or resources, including Custom-Developed Application
Software. Work Product shall not include Contractor-Owned Software or Third-Party
Software.

b) Rights and Title to the Software

1) All right, title and interest in and to the Contractor-Owned Software shall at all times
remain with Contractor, subject to any license granted under this Contract. Upon
successful unconditional pass of the associated Gate Review based upon the
requirements for which Contractor is responsible, Contractor shall grant to the State a
worldwide, nonexclusive, royalty-free, perpetual, irrevocable (with right to sublicense
and the right of sublicensees to sublicense further) license to the Contractor-Owned
Software and related source code and intellectual property rights to the extent
necessary for the State’s use of the Solution.

205
 2) All right, title and interest in and to the Work Product, and to modifications thereof
made by State, including without limitation all copyrights, patents, trade secrets and
other intellectual property and other proprietary rights embodied by and arising out of
the Work Product, shall belong to State upon successful unconditional pass of the
associated Gate Review based upon the requirements for which Contractor is
responsible. To the extent such rights do not automatically belong to State, then upon
successful unconditional pass of the associated Gate Review based upon the
requirements for which Contractor is responsible, Contractor hereby assigns,
transfers, and conveys all right, title and interest in and to the Work Product, including
without limitation the copyrights, patents, trade secrets, and other intellectual property
rights arising out of or embodied by the Work Product. Contractor and its employees,
agents, contractors or representatives shall execute any other documents that State
or its counsel deem necessary or desirable to document this transfer or allow State to
register its claims and rights to such intellectual property rights or enforce them
against third parties.

3) All right, title and interest in and to the Third-Party Software shall at all times remain
with the third party, subject to any license granted under this Contract.

c) The Contractor may use for its own purposes the general knowledge, skills,
experience, ideas, concepts, know-how, and techniques obtained and used during
the course of performing under this Contract. The Contractor may develop for itself,
or for others, materials which are similar to or competitive with those that are
produced under this Contract.

d) Notwithstanding anything to the contrary in this Section, (i) the State shall have all
ownership rights in software or modifications thereof and associated
documentation t h a t i s designed, developed, installed, or improved hereunder
with Federal Financial Participation under 45 C.F.R. 95.617 and 45 C.F.R. 92.34,
and the Federal government reserves a royalty-free, nonexclusive, and irrevocable
license to reproduce, publish, or otherwise use and to authorize others to use for
Federal Government purposes, such software, modifications, and documentation.

e) The State hereby grants to Contractor a worldwide, nonexclusive, royalty-free,

perpetual, irrevocable (with right to sublicense and the right of sublicensees to
sublicense further) license to the Work Product and related intellectual property
rights, including the right to create derivative works based on and otherwise modify,
make, reproduce, sell or otherwise distribute, perform or display the Work Product
and other works or subject matter based on or using such intellectual property
rights.

f) Any pre-existing non-software intellectual property owned by Contractor shall

remain property of Contractor. To the extent that the State requires such non-
software intellectual property to use the Solution hereunder, Contractor shall grant a
license to such non-software consulting intellectual property in accordance with
E.4.b.1.

E.5 State Furnished Property. The Contractor shall be responsible for the correct use, maintenance,
and protection of all articles of nonexpendable, tangible personal property furnished by the State
for the Contractor’s use under this Contract. Upon termination of this Contract, all property
furnished by the State shall be returned to the State in the same condition as when received,
less reasonable wear and tear. Should the property be destroyed, lost, or stolen, the Contractor
shall be responsible to the State for the fair market value of the property at the time of loss.

206
E.6 Work Papers Subject to Review. The Contractor shall make all audit, accounting, or financial
analysis work papers, notes, and other documentation available for review by the Comptroller of
the Treasury or his representatives, upon request, during normal working hours either while the
analysis is in progress or subsequent to the completion of this Contract.

E.7 Prohibited Advertising or Marketing. The Contractor shall not suggest or imply in advertising or
marketing materials that Contractor’s goods or services are endorsed by the State. The
restrictions on Contractor advertising or marketing materials under this Section shall survive the
termination of this Contract.

E.8 Lobbying. The Contractor certifies, to the best of its knowledge and belief, that:

a) No federally appropriated funds have been paid or will be paid, by or on behalf of

the Contractor, to any person for influencing or attempting to influence an officer or
employee of an agency, a member of Congress, an officer or employee of
Congress, or an employee of a member of Congress in connection with the
awarding of any federal contract, the making of any federal grant, the making of any
federal loan, the entering into of any cooperative agreement, and the extension,
continuation, renewal, amendment, or modification of any federal contract, grant,
loan, or cooperative agreement.

b) If any funds other than federally appropriated funds have been paid or will be paid to
any person for influencing or attempting to influence an officer or employee of any
agency, a member of Congress, an officer or employee of Congress, or an
employee of a member of Congress in connection with any contract, grant, loan, or
cooperative agreement, the Contractor shall complete and submit Standard Form-
LLL, “Disclosure Form to Report Lobbying,’’ in accordance with its instructions.

c) The Contractor shall require that the language of this certification be included in the
award documents for all sub-awards at all tiers (including subcontracts, sub-grants,
and contracts under grants, loans, and cooperative agreements) and that all
subrecipients shall certify and disclose accordingly.

This certification is a material representation of fact upon which reliance was placed
when this transaction was made or entered into and is a prerequisite for making or
entering into this transaction imposed by 31 USC § 1352.

E.9 Intellectual Property. The Contractor agrees to indemnify and hold harmless the State of
Tennessee as well as its officers, agents, and employees from and against any and all claims or
suits which may be brought against the State concerning or arising out of any claim of an alleged
patent, copyright, trade secret or other intellectual property infringement by Contractor’s
deliverables hereunder. In any such claim or action brought against the State, the Contractor
shall satisfy and indemnify the State for the amount of any settlement or final judgment, and the
Contractor shall be responsible for all reasonable legal or other fees or expenses incurred by the
State arising from any such claim. The State shall give the Contractor notice of any such claim or
suit and full right and opportunity to conduct the Contractor’s own defense thereof, however, the
failure of the State to give such notice shall only relieve Contractor of its obligations under this
Section to the extent Contractor can demonstrate actual prejudice arising from the State’s failure
to give notice. This Section shall not grant the Contractor, through its attorneys, the right to
represent the State of Tennessee in any legal matter, as provided in Tenn. Code Ann. § 8-6-106.

207
 In addition to the above indemnity, if the State’s use of any deliverable, or any portion thereof,
provided under this Contract, is or is likely to be enjoined by order of a court of competent
jurisdiction as such an infringement or unauthorized use, the Contractor, at its expense, shall (x)
procure for the State the continued use of such deliverable, (y) replace such deliverable with a
non-infringing counterpart, or (z) modify such deliverable so it becomes non-infringing; provided
that, if (y) or (z) is the option chosen by the Contractor, the replacement or modified deliverable
must be capable of performing substantially the same function. Notwithstanding the foregoing,
the State retains the right to terminate the Contract in accordance with Section D.6 hereunder in
the event of such infringement or unauthorized use.

The forgoing indemnity does not apply to the extent that the infringement arises from the State’s
(i) use of the deliverable not in accordance with instructions, documentations, or specifications
(“Misuse”), (ii) alteration, modification or revision of the deliverables not expressly authorized by
the Contractor (“Alteration”), (iii) failure to use or implement corrections or enhancements to the
deliverables made available by the Contractor to the State at no additional cost to the State,
except where such failure to use or implement corrections or enhancements is a result of State’s
termination in accordance with the preceding paragraph, or (iv) combination of the deliverables
with materials not provided, specified, or approved by the Contractor.

E.10 Liquidated Damages.

In the event of a Contract performance failure, the State may, but is not obligated to address
such Contract performance failure and/or assess damages (“Liquidated Damages”) in
accordance with Attachment 2 of the Contract. The State shall notify the Contractor of any
amounts to be assessed as Liquidated Damages. The Parties agree that due to the
complicated nature of the Contractor’s obligations under this Contract it would be difficult to
specifically designate a monetary amount for a Contract performance failure, as these
amounts are likely to be uncertain and not easily proven. Contractor has carefully reviewed
the Liquidated Damages contained in Contract Attachment 2 and agrees that these amounts
represent a reasonable relationship between the amount and what might reasonably be
expected in the event of a Liquidated Damages Event, are a reasonable estimate of the
damages that would occur from a Contract performance failure, and are not punitive. The
Parties agree that although the Liquidated Damages represent the reasonable estimate of the
damages and injuries sustained by the State due to the Contract performance failure, they do
not include any injury or damage sustained by a third party. The Contractor agrees that the
Liquidated Damages are in addition to any amounts Contractor may owe the State pursuant
to the indemnity provision or any other sections of this Contract.

The State is not obligated to assess Liquidated Damages as a result of a Contract

performance failure before availing itself of any other remedy. In the event of multiple
Contract performance failures, the Parties recognize that the cumulative effect of these
Contract performance failures may exceed the compensation of Liquidated Damages. In that
event, the State may choose to avail itself of any other remedy available under this Contract
or at law or equity. The Parties further recognize that the State may not obtain both
Liquidated Damages and Actual Damages for the same occurrence of a Contract
performance failure.

Without regard to whether the State has imposed Liquidated Damages or pursued any other
remedy due to any action or inaction by the Contractor, the State may impose a corrective
action plan or similar measure through a Control Memorandum. Such measure is neither
punitive nor related to any damages the State might suffer.

208
E.11 Partial Takeover of Contract. The State may, at its convenience and without cause, exercise a
partial takeover of any service that the Contractor is obligated to perform under this Contract,
including any service which is the subject of a subcontract between Contractor and a third party
(a “Partial Takeover”). A Partial Takeover of this Contract by the State shall not be deemed a
breach of contract. The Contractor shall be given at least thirty (30) days prior written notice of a
Partial Takeover. The notice shall specify the areas of service the State will assume and the date
the State will be assuming. The State’s exercise of a Partial Takeover shall not alter the
Contractor’s other duties and responsibilities under this Contract. The State reserves the right to
withhold from the Contractor any amounts the Contractor would have been paid but for the
State’s exercise of a Partial Takeover. The amounts shall be withheld effective as of the date the
State exercises its right to a Partial Takeover. The State’s exercise of its right to a Partial
Takeover of this Contract shall not entitle the Contractor to any actual, general, special,
incidental, consequential, or any other damages irrespective of any description or amount.

E.12 Personally Identifiable Information. While performing its obligations under this Contract,
Contractor may have access to Personally Identifiable Information held by the State (“PII”). For
the purposes of this Contract, “PII” means “Nonpublic Personal Information” as that term is
defined in Title V of the Gramm-Leach-Bliley Act of 1999 or any successor federal statute, and
the rules and regulations thereunder, all as may be amended or supplemented from time to time
(“GLBA”) and personally identifiable information and other data protected under any other
applicable laws, rule or regulation of any jurisdiction relating to disclosure or use of personal
information (“Privacy Laws”). Contractor agrees it shall not do or omit to do anything which would
cause the State to be in breach of any Privacy Laws. Contractor shall, and shall cause its
employees, agents and representatives to: (i) keep PII confidential and may use and disclose PII
only as necessary to carry out those specific aspects of the purpose for which the PII was
disclosed to Contractor and in accordance with this Contract, GLBA and Privacy Laws; and (ii)
implement and maintain appropriate technical and organizational measures regarding
information security to: (A) ensure the security and confidentiality of PII; (B) protect against any
threats or hazards to the security or integrity of PII; and (C) prevent unauthorized access to or
use of PII. Contractor shall immediately notify State: (1) of any disclosure or use of any PII by
Contractor or any of its employees, agents and representatives in breach of this Contract; and
(2) of any disclosure of any PII to Contractor or its employees, agents and representatives where
the purpose of such disclosure is not known to Contractor or its employees, agents and
representatives. The State reserves the right to review Contractor’s policies and procedures
used to maintain the security and confidentiality of PII and Contractor shall, and cause its
employees, agents and representatives to, comply with all reasonable requests or directions
from the State to enable the State to verify and/or procure that Contractor is in full compliance
with its obligations under this Contract in relation to PII. Upon termination or expiration of the
Contract or at the State’s direction at any time in its sole discretion, whichever is earlier,
Contractor shall immediately return to the State any and all PII which it has received under this
Contract and shall destroy all records of such PII.

The Contractor shall report to the State any instances of unauthorized access to or potential
disclosure of PII in the custody or control of Contractor (“Unauthorized Disclosure”) that come
to the Contractor’s attention. Any such report shall be made by the Contractor within twenty-
four (24) hours after the Unauthorized Disclosure has come to the attention of the Contractor.
Contractor shall take all necessary measures to halt any further Unauthorized Disclosures.
The Contractor, at the sole discretion of the State, shall provide no cost credit monitoring
services for individuals whose PII was affected by the Unauthorized Disclosure. The
Contractor shall bear the cost of notification to all individuals affected by the Unauthorized
Disclosure, including individual letters and public notice. The remedies set forth in this
Section are not exclusive and are in addition to any claims or remedies available to this State
under this Contract or otherwise available at law.

209
E.13 Survival. The terms, provisions, representations, and warranties contained in Sections D.11
(Records), D.18 (Limitation of Contractor’s Liability), D.19 (Hold Harmless), D.20 (HIPAA
Compliance), E.2 (Confidentiality of Records),E.7 (Prohibited Advertising),E.9 (Intellectual
Property) E.12 (Personally Identifiable Information), E.17(Notification of Breach), E.19 (SSA
Data), and E.23 (IRS Data) of this Contract shall survive the completion of performance,
termination or expiration of this Contract.

E.14 Applicable Laws, Rules, Policies and Court Orders. The Contractor agrees to comply with all
applicable federal and State laws, rules, regulations, sub-regulatory guidance including but not
limited to the State Medicaid Manual, executive orders, HCFA waivers, and all current, modified
or future Court decrees, orders or judgments applicable to the State’s TennCare and CHIP
programs. Such compliance shall be performed at no additional cost to the State.

E.15 Business Associate. Contractor hereby acknowledges its designation as a business associate
under HIPAA and agrees to comply with all applicable HIPAA regulations. In accordance with the
HIPAA regulations, the Contractor shall, at a minimum:

a) Comply with requirements of the HIPAA, including, but not limited to, the
transactions and code sets, privacy, security, and identifier regulations. Compliance
includes meeting all required transaction formats and code sets with the specified
data sharing agreements required under the regulations;

b) Transmit/receive from/to its providers, subcontractors, clearinghouses and HCFA all

transactions and code sets required by HIPAA in the appropriate standard formats,
utilizing appropriate and adequate safeguards, as specified under the law and as
directed by HCFA so long as HCFA direction does not conflict with the law;

c) Agree that if it is not in compliance with all applicable standards defined within the
transactions and code sets, privacy, security and all subsequent HIPAA standards,
that it will be in breach of this Contract and will then take all reasonable steps to
cure the breach or end the violation as applicable. Since inability to meet the
transactions and code sets requirements, as well as the privacy and security
requirements can bring basic business practices between HCFA and the Contractor
and between the Contractor and its providers and/or subcontractors to a halt, if for
any reason the Contractor cannot meet the requirements of this Section, HCFA may
terminate this Contract.

d) Ensure that Protected Health Information (PHI) exchanged between the Contractor
and HCFA is used only for the purposes of treatment, payment, or health care
operations and health oversight and its related functions. All PHI not transmitted for
these purposes or for purposes allowed under the federal HIPAA regulations shall
be de-identified to secure and protect the individual enrollee’s PHI;

e) Report to HCFA’s Privacy Office immediately upon becoming aware of any use or
disclosure of PHI in violation of this Contract by the Contractor, its officers, directors,
employees, subcontractors or agents or by a third party to which the Contractor
disclosed PHI;

f) Specify in its agreements with any agent or subcontractor that will have access to
PHI that such agent or subcontractor agrees to be bound by the same restrictions,
terms and conditions that apply to the Contractor pursuant to this Section;

g) Make its internal policies and procedures, records and other documentation related
to the use and disclosure of PHI available upon request to the U.S. Secretary of
Health and Human Services for the purposes of determining compliance with the

210
 HIPAA regulations;

h) Create and adopt policies and procedures to periodically audit adherence to all
HIPAA regulations;

i) Agree to ensure that any agent, including a subcontractor, to whom it provides PHI
that was created, received, maintained, or transmitted by or on behalf of HCFA
agrees to use reasonable and appropriate safeguards to protect the PHI.

j) If feasible, return or destroy all PHI, in whatever form or medium (including any
electronic medium) and all copies of any data or compilations derived from and
allowing identification of any individual who is a subject of that PHI upon termination,
cancellation, expiration or other conclusion of the Agreement, and in accordance
with this Section of this Contract. The Contractor shall complete such return or
destruction as promptly as possible, but not later than thirty (30) days after the
effective date of the termination, cancellation, expiration or other conclusion of the
Agreement. The Contractor shall identify any PHI that cannot feasibly be returned or
destroyed. Within such thirty (30) days after the effective date of the termination,
cancellation, expiration or other conclusion of the Agreement, the Contractor shall:
(1) certify an oath in writing that such return or destruction has been completed; (2)
identify any PHI which cannot feasibly be returned or destroyed; and (3) certify that
it will only use or disclose such PHI for those purposes that make its return or
destruction infeasible;

k) Implement all appropriate administrative, physical and technical safeguards to

prevent the use or disclosure of PHI other than pursuant to the terms and conditions
of this Contract and, including, but not limited to, privacy, security and confidentiality
requirements in 45 CFR Parts 160 and 164;

l) Set up appropriate mechanisms to limit use or disclosure of PHI to the minimum

necessary to accomplish the intended purpose of the use or disclosure;

m) Create and implement policies and procedures to address present and future HIPAA
regulatory requirements as needed, including, but not limited to: use and disclosure
of data; de-identification of data; minimum necessary access; accounting of
disclosures; enrollee’s right to amend, access, request restrictions; notice of privacy
practices and right to file a complaint;

n) Provide an appropriate level of training to its staff and employees regarding HIPAA
related policies, procedures, enrollee rights and penalties prior to the HIPAA
implementation deadlines and at appropriate intervals thereafter;

o) Track training of Contractor staff and employees and maintain signed

acknowledgements by staff and employees of the Contractor’s HIPAA policies;

p) Be allowed to use and receive information from HCFA where necessary for the
management and administration of this Contract and to carry out business
operations where permitted under the regulations;

q) Be permitted to use and disclose PHI for the Contractor’s own legal responsibilities;

r) Adopt the appropriate procedures and access safeguards to restrict and regulate
access to and use by Contractor employees and other persons performing work for
the Contractor to have only minimum necessary access to PHI and personally
identifiable data within their organization;

211
 s) Continue to protect and secure PHI and personally identifiable information relating
to enrollees who are deceased; and

t) Track all security incidents as defined by HIPAA and periodically report such
incidents to HCFA in summary fashion.

E.16 Information Holders. HCFA and the Contractor are “information holders” as defined in TCA 47-
18-2107. In the event of a breach of the security of Contractor’s information system, as defined
by TCA 47-18-2107, the Contractor shall indemnify and hold HCFA harmless for expenses
and/or damages related to the breach. Such obligations shall include, but not be limited to,
mailing notifications to affected enrollees. Substitute notice to written notice, as defined by TCA
47-18-2107(e)(2) and (3), shall only be permitted with HCFA’s express written approval. The
Contractor shall notify HCFA’s Privacy Office immediately upon becoming aware of any security
incident that would constitute a “breach of the security of the system” as defined in TCA 47-18-
2107.

E.17 Notification of Breach and Notification of Suspected Breach–. - The Contractor shall notify
HCFA’s Privacy Office immediately upon becoming aware of any incident, either confirmed or
suspected, that represents or may represent unauthorized access, use or disclosure of
encrypted or unencrypted computerized data that materially compromises the security,
confidentiality, or integrity of enrollee PHI maintained or held by the Contractor, including any
unauthorized acquisition of enrollee PHI by an employee or otherwise authorized user of the
Contractor ’s system. This includes, but is not limited to, loss or suspected loss of remote
computing or telework devices such as laptops, PDAs, Blackberrys or other Smartphones, USB
drives, thumb drives, flash drives, CD-Rs, and/or disks.

E.18 Transmission of Contract Deliverables. All information or data that is necessary for one or more
deliverable set forth in this Contract shall be transmitted between HCFA and Contractor via the
data transfer method specified in advance by HCFA. This may include, but shall not be limited
to, transfer through HCFA’s SFTP system. Failure by the Contractor to transmit information or
data that is necessary for a deliverable in the manner specified by HCFA, may, at the option of
HCFA, result in liquidated damages as set forth in Contract Attachment 2.

E.19 Social Security Administration (SSA) Required Provisions for Data Security. The Contractor shall
comply with limitations on use, treatment, and safeguarding of data under the Privacy Act of
1974 (5 USC 552a), as amended by the Computer Matching and Privacy Protection Act of 1988,
related Office of Management and Budget guidelines, the Federal Information Security
Management Act of 2002 (44 USC §3541, et seq.), and related National Institute of Standards
and Technology guidelines. In addition, the Contractor shall have in place administrative,
physical, and technical safeguards for data.

a) The Contractor shall specify in its agreements with any agent or subcontractor that
will have access to data that such agent or subcontractor agrees to be bound by the
same restrictions, terms and conditions that apply to the Contractor pursuant to this
Section;

b) The Contractor shall not duplicate in a separate file or disseminate, without prior
written permission from HCFA, the data governed by the Contract for any purpose
other than that set forth in this Contract for the administration of the HCFA program.
Should the Contractor propose a redisclosure of said data, the Contractor must
specify in writing to HCFA the data the Contractor proposes to redisclose, to whom,
and the reasons that justify the redisclosure. HCFA will not give permission for such
redisclosure unless the redisclosure is required by law or essential to the
administration of the HCFA program.

c) The Contractor agrees to abide by all relevant federal laws, restrictions on access,

212
 use, and disclosure, and security requirements in this Contract.

d) The Contractor shall provide a current list of the employees of such contractor with
access to SSA data and provide such lists to HCFA.

e) The Contractor shall restrict access to the data obtained from HCFA to only those
authorized employees who need such data to perform their official duties in
connection with purposes identified in this Contract. The Contractor shall not further
duplicate, disseminate, or disclose such data without obtaining HCFA’s prior written
approval.

f) The Contractor shall ensure that its employees:

1) properly safeguard PHI/PII furnished by HCFA under this Contract from loss, theft or
inadvertent disclosure;

2) understand that they are responsible for safeguarding this information at all times,
regardless of whether or not the Contractor employee is at his or her regular duty
station;

3) ensure that Contractor-issued laptops and other electronic devices/media containing

PHI/PII are encrypted and/or password protected;

4) send emails containing PHI/PII only if encrypted or if to and from addresses that are
secure; and,

5) limit disclosure of the information and details relating to a PHI/PII loss only to those
with a need to know.

Contractor employees who access, use, or disclose HCFA or HCFA SSA-supplied

data in a manner or purpose not authorized by this Contract may be subject to civil
and criminal sanctions pursuant to applicable federal statutes.

g) Loss or Suspected Loss of Data–If an employee of the Contractor becomes aware

of suspected or actual loss of PHI/PII, he or she must immediately contact HCFA
immediately upon becoming aware to report the actual or suspected loss. The
Contractor will use the Loss Worksheet located at
http://www.tn.gov/assets/entities/tenncare/attachments/phi_piiworksheet.pdf to
quickly gather and organize information about the incident. The Contractor must
provide HCFA with timely updates as any additional information about the loss of
PHI/PII becomes available.

If the Contractor experiences a loss or breach of said data, HCFA will determine whether
or not notice to individuals whose data has been lost or breached shall be provided and
the Contractor shall bear any costs associated with the notice or any mitigation.

h) HCFA may immediately and unilaterally suspend the data flow under this Contract,
or terminate this Contract, if HCFA, in its sole discretion, determines that the
Contractor has: (1) made an unauthorized use or disclosure of HCFA SSA-supplied
data; or (2) violated or failed to follow the terms and conditions of this Section E.21.

i) This Section further carries out Section 1106(a) of the Act (42 USC 1306), the
regulations promulgated pursuant to that section (20 C.F.R. Part 401), the Privacy of
1974 (5 USC 552a), as amended by the Computer Matching and Privacy Protection
Act of 1988, related Office of Management and Budge“ ("”MB") guidelines, the

213
 Federal Information Security Management Act of 2002 (44 USC 3541 et seq.), and
related National Institute of Standards and Technology (“NIST”) guidelines, which
provide the requirements that the SSA stipulates that the Contractor must follow
with regard to use, treatment, and safeguarding data in the event data is exchanged
with a federal information system.

6) Definitions

i) “SSA-supplied data” or “data” as used in this section – information, such as

an individual’s social security number, supplied by the Social Security
Administration to HCFA to determine entitlement or eligibility for federally-
funded programs (CMPPA between SSA and F&A; IEA between SSA and
HCFA).

ii) “Protected Health Information/Personally Identifiable Information”

(PHI/PII)(45 C.F.R. 160.103; OMB Circular M-06-19) – Protected health
information means individually identifiable health information that is: (i)
Transmitted by electronic media; (ii) Maintained in electronic media; or (iii)
Transmitted or maintained in any other form or medium.

iii) “Individually Identifiable Health Information”– information that is a subset of

health information, including demographic information collected from an
individual, and: (1) Is created or received by a health care provider, health
plan, employer, or health care clearinghouse; and (2) relates to the past,
present, or future physical or mental health or condition of an individual; the
provision of health care to an individual; or the past, present, or future
payment for the provision of health care to an individual; and (i) identifies the
individual; or (ii) with respect to which there is a reasonable basis to believe
the information can be used to identify the individual.

iv) “Personally Identifiable Information” – any information about an individual

maintained by an agency, including, but not limited to, education, financial
transactions, medical history, and criminal or employment history and
information which can be used to distinguish or trace an individual’s identity,
such as their name, Social Security Number, date and place of birth,
mother’s maiden name, biometric records, including any other personal
information which can be linked to an individual.

E.20 Medicaid and CHIP - The Contractor must provide safeguards that restrict the use or disclosure
of information concerning applicants and beneficiaries to purposes directly connected with the
administration of the plan:

a) Purposes directly related to the administration of Medicaid and CHIP include:

1) establishing eligibility;

2) determining the amount of medical assistance;

3) providing services for beneficiaries; and,

4) conducting or assisting an investigation, prosecution, or civil or criminal proceeding

related to Medicaid or CHIP administration.

b) The Contractor must have adequate safeguards to assure that:

214
 1) Information is made available only to the extent necessary to assist in the valid
administrative purposes of those receiving the information, and information

2) received under 26 USC is exchanged only with parties authorized to receive that
information under that section of the Code; and, the information is adequately stored
and processed so that it is protected against unauthorized disclosure for other
purposes.

c) The Contractor must have criteria that govern the types of information about applicants and
beneficiaries that are safeguarded. This information must include at le–t--

1) Names and addresses;

2) Medical services provided;

3) Social and economic conditions or circumstances;

4) Contractor evaluation of personal information;

5) Medical data, including diagnosis and past history of disease or disability

6) Any information received for verifying income eligibility and amount of medical assistance
payments, including income information received from SSA or the Internal Revenue
Service;

7) Income information received from SSA or the Internal Revenue Service must be
safeguarded according to Medicaid and CHIP requirements;

8) Any information received in connection with the identification of legally liable third party
resources; and.

9) Social Security Numbers.

d) The Contractor must have criteria approved by HCFA specifying:

1) the conditions for release and use of information about applicants and beneficiaries:

2) Access to information concerning applicants or beneficiaries must be restricted to

persons or Contractor representatives who are subject to standards of confidentiality that
are comparable to those of HCFA;

3) The Contractor shall not publish names of applicants or beneficiaries;

4) The Contractor shall obtain permission from a family or individual, whenever possible,
before responding to a request for information from an outside source, unless the
information is to be used to verify income, eligibility and the amount of medical assistance
payment to an authorized individual or entity;

5) If, because of an emergency situation, time does not permit obtaining consent before
release, the Contractor shall notify HCFA, the family or individual immediately after
supplying the information.

6) The Contractor’s policies must apply to all requests for information from outside sources,
including governmental bodies, the courts, or law enforcement officials.

215
 i) The Contractor shall notify HCFA of any requests for information on applicants or
beneficiaries by other governmental bodies, the courts or law enforcement officials
ten (10) days prior to releasing the requested information.

7) If a court issues a subpoena for a case record or for any Contractor representative to
testify concerning an applicant or beneficiary, the Contractor must notify HCFA at least
ten (10) days prior to the required production date so HCFA may inform the court of the
applicable statutory provisions, policies, and regulations restricting disclosure of
information.

8) The Contractor shall not request or release information to other parties to verify income,
eligibility and the amount of assistance under Medicaid or CHIP, prior to express
approval from HCFA.

E.21 Employees Excluded from Medicare, Medicaid or CHIP. The Contractor does hereby attest,
certify, warrant, and assure that the Contractor shall not knowingly employ, in the performance of
this Contract, employees who have been excluded from participation in the Medicare, Medicaid,
and/or CHIP programs pursuant to Sections 1128 of the Social Security

E.22 Offer of Gratuities. By signing this contract, the Contractor signifies that no member of or a
delegate of Congress, nor any elected or appointed official or employee of the State of
Tennessee, the federal General Accounting Office, federal Department of Health and Human
Services, the CMS, or any other state or federal agency has or will benefit financially or
materially from this Contract. This Contract may be terminated by HCFA as provided in Section
D.6, if it is determined that gratuities of any kind were offered to or received by any of the
aforementioned officials or employees from the Contractor, its agent, or employees.

E.23 Internal Revenue Service (IRS) Safeguarding Of Return Information:

a) Performance - In performance of this contract, the contractor agrees to comply with

and assume responsibility for compliance by his or her employees with the following
requirements:

1) This provision shall not apply if information received or delivered by the Parties under
this Contract is NOT “federal tax returns or return information” as defined by IRS
Publication 1075 and IRC 6103.

2) All work will be done under the supervision of the contractor or the contractor’s
employees. The contractor and the contractor’s employees with access to or who use
FTI must meet the background check requirements defined in IRS Publication 1075.

3) Any Federal tax returns or return information (hereafter referred to as returns or

return information) made available in any format shall be used only for the purpose of
carrying out the provisions of this contract. Information contained in such material will
be treated as confidential and will not be divulged or made known in any manner to
any person except as may be necessary in the performance of this contract.
Disclosure to anyone other than an officer or employee of the contractor will be
prohibited.

4) All returns and return information will be accounted for upon receipt and properly
stored before, during, and after processing. In addition, all related output will be given
the same level of protection as required for the source material.

216
5) The contractor certifies that the data processed during the performance of this
contract will be completely purged from all data storage components of his or her
computer facility, and no output will be retained by the contractor at the time the work
is completed. If immediate purging of all data storage components is not possible, the
contractor certifies that any IRS data remaining in any storage component will be
safeguarded to prevent unauthorized disclosures.

6) Any spoilage or any intermediate hard copy printout that may result during the
processing of IRS data will be given to the agency or his or her designee. When this
is not possible, the contractor will be responsible for the destruction of the spoilage or
any intermediate hard copy printouts, and will provide the agency or his or her
designee with a statement containing the date of destruction, description of material
destroyed, and the method used.

7) All computer systems receiving, processing, storing, or transmitting Federal tax

information must meet the requirements defined in IRS Publication 1075. To meet
functional and assurance requirements, the security features of the environment must
provide for the managerial, operational, and technical controls. All security features
must be available and activated to protect against unauthorized use of and access to
Federal tax information.

8) No work involving Federal tax information furnished under this contract will be
subcontracted without prior written approval of the IRS.

9) The contractor will maintain a list of employees authorized access. Such list will be
provided to the agency and, upon request, to the IRS reviewing office.

10) The agency will have the right to void the contract if the contractor fails to provide the
safeguards described above.

b) Criminal/Civil Sanctions

1) Each officer or employee of any person to whom returns or return information is or

may be disclosed will be notified in writing by such person that returns or return
information disclosed to such officer or employee can be used only for a purpose and
to the extent authorized herein, and that further disclosure of any such returns or
return information for a purpose or to an extent unauthorized herein constitutes a
felony punishable upon conviction by a fine of as much as $5,000 or imprisonment for
as long as 5 years, or both, together with the costs of prosecution. Such person shall
also notify each such officer and employee that any such unauthorized further
disclosure of returns or return information may also result in an award of civil
damages against the officer or employee in an amount not less than $1,000 with
respect to each instance of unauthorized disclosure. These penalties are prescribed
by IRC sections 7213 and 7431 and set forth at 26 CFR 301.6103(n)-1.

217
 2) Each officer or employee of any person to whom returns or return information is or
may be disclosed shall be notified in writing by such person that any return or return
information made available in any format shall be used only for the purpose of
carrying out the provisions of this contract. Information contained in such material
shall be treated as confidential and shall not be divulged or made known in any
manner to any person except as may be necessary in the performance of the
contract. Inspection by or disclosure to anyone without an official need to know
constitutes a criminal misdemeanor punishable upon conviction by a fine of as much
as $1,000 or imprisonment for as long as 1 year, or both, together with the costs of
prosecution. Such person shall also notify each such officer and employee that any
such unauthorized inspection or disclosure of returns or return information may also
result in an award of civil damages against the officer or employee [United States for
Federal employees] in an amount equal to the sum of the greater of $1,000 for each
act of unauthorized inspection or disclosure with respect to which such defendant is
found liable or the sum of the actual damages sustained by the plaintiff as a result of
such unauthorized inspection or disclosure plus in the case of a willful inspection or
disclosure which is the result of gross negligence, punitive damages, plus the costs
of the action. These penalties are prescribed by IRC section 7213A and 7431.

3) Additionally, it is incumbent upon the contractor to inform its officers and employees
of the penalties for improper disclosure imposed by the Privacy Act of 1974, 5 USC
552a. Specifically, 5 USC 552a(i)(1), which is made applicable to contractors by 5
USC 552a(m)(1), provides that any officer or employee of a contractor, who by virtue
of his/her employment or official position, has possession of or access to agency
records which contain individually identifiable information, the disclosure of which is
prohibited by the Privacy Act or regulations established thereunder, and who knowing
that disclosure of the specific material is prohibited, willfully discloses the material in
any manner to any person or agency not entitled to receive it, shall be guilty of a
misdemeanor and fined not more than $5,000.

4) Granting a contractor access to FTI must be preceded by certifying that each

individual understands the agency’s security policy and procedures for safeguarding
IRS information. Contractors must maintain their authorization to access FTI through
annual recertification. The initial certification and recertification must be documented
and placed in the agency’s files for review. As part of the certification and at least
annually afterwards, contractors should be advised of the provisions of IRC Sections
7431, 7213, and 7213A (see Publication 1075 Exhibit 6, IRC Sec. 7431 Civil
Damages for Unauthorized Disclosure of Returns and Return Information and
Publication 1075 Exhibit 5, IRC Sec. 7213 Unauthorized Disclosure of Information).
The training provided before the initial certification and annually thereafter must also
cover the incident response policy and procedure for reporting unauthorized
disclosures and data breaches. (See Publication 1075 Section 10) For both the initial
certification and the annual certification, the contractor should sign, either with ink or
electronic signature, a confidentiality statement certifying their understanding of the
security requirements.

Inspection - The IRS and the Agency shall have the right to send its officers and
employees into the offices and plants of the contractor for inspection of the facilities
and operations provided for the performance of any work under this contract. On the
basis of such inspection, specific measures may be required in cases where the
contractor is found to be noncompliant with contract safe.

E.24 Contractor Commitment to Diversity. The Contractor shall comply with and make reasonable
business efforts to exceed the commitment to diversity represented by the Contractor’s
Response to RFQ 32101-15557 (RFQ Attachment B, Section B.15) and resulting in this
Contract.

218
 The Contractor shall assist the State in monitoring the Contractor's performance of this
commitment by providing, as requested, a quarterly report of participation in the performance
of this Contract by small business enterprises and businesses owned by minorities, women,
and Tennessee service-disabled veterans. Such reports shall be provided to the State of
Tennessee Governor's Office of Diversity Business Enterprise in the required form and
substance.

IN WITNESS WHEREOF,

DELOITTE CONSULTING LLP:

9/14/16

CONTRACTOR SIGNATURE DATE

Brad Eskind, Principal

PRINTED NAME AND TITLE OF CONTRACTOR SIGNATORY (above)

DEPARTMENT OF FINANCE AND ADMINISTRATION

DIVISION OF HEALTH CARE FINANCE AND ADMINISTRATION:

r s
Larry B. Martin, Commissioner DATE

219
 Contract ATTACHMENT 1

ATTESTATION RE PERSONNEL USED IN CONTRACT PERFORMANCE

SUBJECT CONTRACT NUMBER:
#51758

CONTRACTOR LEGAL ENTITY NAME:

DELOITTE CONSULTING LLP

EDISON VENDOR ID #
#0000135163

The Contractor, identified above, does hereby attest, certify, warrant, and assure that the
Contractor shall not knowingly utilize the services of an illegal immigrant in the performance of
this Contract and shall not knowingly utilize the services of any subcontractor who will utilize the
services of an illegal immigrant in the performance of this Contract.

CONTRACTOR SIGNATURE
NOTICE: This attestation MUST be signed by an individual empowered to contractually bind the Contractor. Attach evidence
documenting the individual’s authority to contractually bind the Contractor, unless the signatory is the Contractor’s chief
executive or president.

Brad Eskind, Principal

PRINTED NAME AND TITLE OF SIGNATORY

9/14/16

DATE OF ATTESTATION

220
 Contract ATTACHMENT 2

LIQUIDATED DAMAGES
In the event of a Contract performance failure by Contractor and such Contract performance failure is not
included in the following table with an associated Liquidated Damage amount, the parties hereby agree
that the State may choose one of the following courses of action in order to obtain redressability for such
Contract performance failure: (1) the State may assess actual damages resulting from the Contract
performance failure against the Contractor in the event that such actual damages are known or are
reasonably ascertainable at the time of discovery of such Contract performance failure or (2) if such
actual damages are unknown or are not reasonably ascertainable at the time of discovery of the Contract
performance failure, the State may (a) require the Contractor to submit a corrective action plan to address
any such Contract performance failure and/or (b) assess a liquidated damage against Contractor for an
amount that is reasonable in relation to the Contract performance failure as measured at the time of
discovery of the Contract performance failure. In the event that the State chooses to assess a Liquidated
Damage for a Contract performance failure according to the immediately preceding sentence, in no event
shall such Liquidated Damage be in excess of $1,000 for any single Contract performance failure. HCFA
may elect to apply the following liquidated damages remedies in the event the Contractor fails to perform
its obligations under this Contract in a proper and/or timely manner. Upon determination by HCFA that the
Contractor has failed to meet any of the requirements of this Contract in a proper and/or timely manner,
HCFA will notify the Contractor in writing of the deficiency and of the potential liquidated damages to be
assessed. Should the deficiency remain uncorrected for more than thirty (30) calendar days from the date
of the original notification of the deficiency by HCFA, HCFA may impose an additional liquidated damage
of Five Hundred Dollars ($500) per day from the date of the original notification to Contractor until said
deficiency is resolved.

All liquidated damages remedies set forth in the following table may, at HCFA’s election, be retroactive to
the date of the initial occurrence of the failure to comply with the terms of the Contract as set forth in the
notice of deficiency from HCFA and may continue until such time as the HCFA Deputy Commissioner
determines the deficiency has been cured.

If liquidated damages are assessed, HCFA shall reduce the amount of any payment due to the Contractor
in the next invoice by the amount of damages. In the event that damages due exceed the amount HCFA
is to pay to Contractor in a given payment, HCFA shall invoice Contractor for the amount exceeding the
amount payable to Contractor, and such excess amount shall be paid by Contractor within thirty (30)
calendar days of the invoice date. In situations where the Contractor wishes to dispute any liquidated
damages assessed by HCFA, the Contractor must submit a written notice of dispute, including the
reasons for disputing the liquidated damages, within thirty (30) calendar days of receipt of the notice from
HCFA containing the total amount of damages assessed against the Contractor. If the Contractor fails to
timely dispute a liquidated damages assessment as set forth herein, such failure shall constitute a bar to
the Contractor seeking to have the assessment amount overturned in a forum or court of competent
jurisdiction.

Liquidated damages will apply in the below defect occurrences. Contractor acknowledges that the actual
damages likely to result from breach of the below SLRs are difficult to estimate and may be difficult for the
State to prove. The parties intend that the Contractor’s payment of assessed liquidated damages will
compensate the State for material breach by the Contractor obligations under this Contract. Liquidated
damages do not serve as punishment for any breach by the Contractor.

221
Defect severity will be assigned according to the following criteria:

Table 6: Defect Severity

Severity Description
Critical A complete failure of the Solution application or supported process in the Production Instance
has occurred. There is no work around for the problem. A majority of end users of the
Production Instance are affected or an entire business division is affected or the outage has
occurred during a critical business process or period, such as end of month or end of year
processing. Critical defects take precedence over all other requests.
High Major issues exist within the Solution or supported process in the Production Instance. The
issue affects large portions of the user community. This includes high visibility issues
involving upper management or time sensitive issues. An example of this priority level is an
impact to multiple users of the system, or an inability to process applicants.
Medium Issues exist with an application or supported process in the Production Instance that affects a
few users on a regular basis, thereby preventing some work from being accomplished.
Examples of this type of priority would be inability to access implemented functionality or
implemented functionality not operating as it should.
Low An informational inquiry or nonrecurring issue exists with the Production Instance that affects
a few non-critical users or processes. Workarounds are readily available.

222
 Table 7: Tennessee Eligibility Determination System - Service Level Requirements (SLR)
SLR # Service Level Service Required Service Level Description Liquidated Damage
Requirement Level
Category Requirement
Name
1.1 Production Account Within one calendar day Successfully execute daily account Five hundred dollars ($500) per calendar
Services Transfers of scheduled process transfer process between FDSH and day per account for each account not
time TEDS. successfully transferred between the
TEDS and FDSH within twenty four (24)
hours of its scheduled process time
(excludes transfers that fail due to FDSH
system failure). The maximum cap on
this LD shall be fifty thousand dollars
($50,000) per day.
1.2 Production Notice/Letter < forty-eight (48) Hours Letters/notices are produced, printed, One hundred dollars ($100) per
Services and Generation of event triggering folded/inserted, and delivered to the notice/letter per USPS service day until
Output letter/notice. If forty-eight USPS. This SLR excludes large the correspondence is produced, printed,
Management (48) hours falls during a (distributions over one million (1,000,000)) folded/inserted and delivered to the
period when the USPS letter/notice distributions covered in USPS. The maximum cap on this LD
is not accepting Section A.17.17.1.10.c of the Contract, shall be fifty thousand dollars ($50,000)
deliveries, the which shall follow the defined schedule. per day.
letter/notice must be
delivered to the USPS
within eight (8) hours of
the USPS opening.
2.1 Reporting Daily By noon (12:00pm) the Provide a timely and accurate Daily Five hundred dollars ($500) per clock
Requirements Operations following day Operations Report hour for each clock hour after noon
Report (12:00pm) that an accurate and complete
report is not received, unless waived by
HCFA. If the report is received on time
but the information reported is inaccurate
or incomplete, HCFA may assess up to
five hundred dollars ($500) per clock
hour until an acceptable report is
received, not to exceed ten thousand
dollars ($10,000) per day.
3.1 System System > ninety-nine point nine The availability of the main TEDS Two hundred fifty dollars per minute
Availability and Uptime percent (99.9%) customer interface. Number of hours that ($250) for every minute below than the
Reliability available the Contractor web site is operational and contracted target level of availability for
capable of performing all functions. the month.
Excluding scheduled system outages.
Note: < forty three point two (43.2)

223
SLR # Service Level Service Required Service Level Description Liquidated Damage
Requirement Level
Category Requirement
Name
minutes of allowable downtime for thirty
(30)-day month
4.1 Technical Defect Defect Resolution Time: Defect Resolution Time measures the The damages vary by criticality of the
Operations Resolution Low priority – twelve Contractor’s time to resolution of incidents incident and are:
Time (12) based upon critical, high, medium, and Fifty dollars ($50) per low incident per
Business hours* low priorities. business hour above four (4) Business
* Business hours = 8:00 a.m. – 5:00 p.m., hours,
Medium priority – eight Monday – Friday, except State holidays Fifty dollars ($50) per medium incident
(8) Business hours* ** Clock hours = clock time per business hour above two (2)
*** Clock minutes = clock time Business hours*,
High priority – one (1) Fifty dollars ($50) per high incident per
Clock hour** clock hour above one (1) Clock hour**,
Fifty dollars ($50) per critical incident per
clock minute above thirty (30) Clock
Critical priority – thirty minutes***.
(30) Clock minutes***
The LD amount for defect resolution time
shall not exceed (for all incidents) thirty
thousand dollars ($30,000) per month.
4.2 Technical Solution File For 24/7/365 requests, In the event of any failed storage for Two thousand five hundred dollars
Operations Backup and file restoration services 24/7/365 service level data, ninety-five ($2,500) per failure to meet either the
Restoration are to be ninety-five percent (95%) of files will be restored ninety-five percent (95%) threshold or the
percent (95%) within from backup within four (4) hours, and one hundred percent (100%) threshold
four (4) hours, and one one hundred (100%) will be restored (note that only one (1) LD per
hundred percent (100%) within twenty-four (24) hours. Restoration occurrence).
within twenty-four (24) from backups must be capable of initiation Two thousand five hundred dollars
hours. Restoration from within one (1) hour of request and ($2,500) per backup initiation not
daily and weekly completed within four (4) hours of complete within four (4) hours of request.
backups will be capable request.
of initiation within four
(4) hour of request, and
completed within eight
(8) hours of request.
4.3 Technical Interfaces Incoming interface System is able to request, receive, and One thousand dollars ($1,000) per
Operations transaction data is process accurate data updated on the calendar day per interface that the
correct and sufficient to required schedule from all incoming system is not able to request, receive,
perform the required interfaces from FDSH, IRS, SSA and and accurately process. The Contractor
transaction. State systems. All outgoing interfaces shall not be responsible for interface
shall provide accurate and complete data, technical problems that are caused by
as entered by users, to the partner interface source.

224
SLR # Service Level Service Required Service Level Description Liquidated Damage
Requirement Level
Category Requirement
Name
interfaces, as required for the required
transaction.
5.1 Performance Application Less than two (2) The Solution shall maintain an application Five thousand dollars ($5,000) per
Response seconds ninety-five response time of less than two (2) percentage point that exceeds the
Times percent (95%) of the seconds ninety-five percent (95%) of the Application Response Time SLR
time. time, for any user action. No action or timeframe. Not to exceed thirty thousand
page load shall have response times of dollars ($30,000) per month.
more than three (3) seconds. The
Solution component and system shall be
considered as unavailable if the online
response time is a factor of three (3)
greater than Application Response Time
SLR. In this case, Liquidated Damages
associated with SLR #3.1 above (System
Availability) shall apply.
6.1 Security and Privacy Immediately, not to Any Solution privacy incident involving One thousand ($1,000) per hour
Privacy Incident exceed one (1) hour sensitive data shall be reported, in (following the first hour) between Privacy
Reporting after awareness of accordance with HCFA privacy and Incident and written report of the breach
incident. security protocols for incident response, to the HCFA Privacy Office.
to the HCFA Privacy Office immediately
and not to exceed one (1) hour after
awareness of incident. For these
purposes, a Privacy Incident is defined
as, but not limited to: a loss of control,
compromise, unauthorized disclosure,
unauthorized acquisition, unauthorized
access, or any similar term referring to
situations where persons other than
authorized users, and for an unauthorized
purpose, have access or potential access
to PII/PHI/FTI in usable form, whether
physical or electronic.

225
 Table 8: Incident Resolution
Severity Time from receipt of State Liquidated Damages failure to Liquidated Damages for Liquidated Damages for
notice to CAP Approval complete an accepted CAP subsequent occurrences of subsequent occurrences of
within allotted time substantially the same issue, substantially the same issue
first 3 occurrences after CAP (for over 3 occurrences)
approval
Critical Fewer than 24 clock hours Five hundred dollars ($500) for Twenty-five thousand dollars Seventy-five thousand dollars
each additional clock hour ($25,000) per incident ($75,000) per incident
High Fewer than 48 clock hours Five hundred dollars ($500) for Twelve thousand five hundred Thirty-seven thousand five
each additional clock hour dollars ($12,500) per incident hundred dollars ($37,500) per
incident
Medium Fewer than 3 days Five hundred dollars ($500) for Two thousand five hundred Seven thousand five hundred
each additional day dollars ($2,500) per incident dollars ($7,500) per incident

226
 Contract ATTACHMENT 3

LIST OF NOTICES
The following is a list includes, but is not limited to, the Eligibility Operations Notices that shall be utilized by the State of Tennessee for the TEDS.

Table 9: Eligibility Operations – TC

TC Letter ID Description Current or Planned Monthly Volume
Policy – Letter Title) Frequency (Where Applicable)
Q3 Demographic - Address Change Letter Daily 10000
H5 Demographic -Temporary Reinstatement of Eligibility Daily 2
H6 Demographic - Adding Members to case Daily 0
P6 Demographic - Date of Birth change Daily 167
P8 Demographic - SSN change Daily 2441
207 Creditable Coverage Certificate - Daily Daily 268
058a Involuntary Termination - has access to health insurance or has health insurance Daily 0
061 Voluntary Termination - recip "asked" Daily 1367
058c Involuntary Termination - recip out of state Daily 151
250a Medicaid appr, new add or less than 62 day break, with MCO change option Daily 5000
250b Medicaid appr new or greater than 62 break with MCO change option Daily 7900
250c Medicaid approval as presumptive (pregnant) with MCO change option Daily 1238
250d Presumptive appr (pregnant) given 45 days with MCO change option Daily 179
251a Redetermination appr with copays; no MCO change option Weekly
251b Redetermination appr without copays; no MCO change option Weekly
251c Medicaid Eligibility Redetermination appr without copays; no MCO change option Weekly
251d ME Redetermination appr with copays; no MCO change option Weekly
252a New ME, rollover from Mcaid, Uninsured, income btwn 100-199% FPL appr, with Weekly
copays; no MCO change option
252b New ME, rollover from Mcaid, appr no copays; no MCO change option Weekly
252c New ME, rollover from Mcaid, income is above 200%, appr with copays; no MCO Weekly
change option
254 SSI Approval - Child is now SSI - new add Daily 143

227
 Table 10: Eligibility Operations – TEDS
TEDS Letter ID Description Current or Planned Monthly Volume
(Policy – Letter Title) Frequency (Where Applicable)
300 TEDS - Emergency - Alien approval for medical care Daily
301 TEDS - Denial for TCM, TCS, CoverKids,HealthyTNBabies Daily
301a, 301b Denials produced by TEAMS that may convert to TEDS Daily
301c TEDS - Denied due to No Response Bi-Monthly 2900
302 TEDS - Authorized rep change Daily
303 TEDS - Generic change notice Daily
304 TEDS - Citizenship verification - Approved for 90 days , TCM, CoverKids Daily
305 TEDS - Electronic notice selection Daily
306 TEDS - TCM CHOICES - Patient Liability - increase - decrease Daily
307 TEDS - Request for verification Daily
307a Weekly or Bi- 3500
Special mailing - EOG -Request for verification of income Weekly
307b Weekly or Bi- 4
Special mailing - EOG - Request for verification of citizenship Weekly
307c Weekly or Bi- 1484
Special mailing - EOG - Request for verification of income and citizenship Weekly
308 TEDS – Qualified Medicare Beneficiary, Specified Low Income Medicare Beneficiaries, Daily
Qualified Disabled Working Individual, QI-1 denial
309 TEDS - Out of state - 10 day response Daily
310 TEDS - Portal Password has changed Daily
311 TEDS - Cover page - resending a letter you requested. Daily
312 TEDS – Third Party Liability (TPL) verification Daily
313 TEDS - Application withdrawl Daily
314 TEDS - Confirmation that your application was received and in process Daily
315Ti TEDS - Involuntary Term notices - 058a and 058c and many other terms with different Daily
variables
316 TEDS - Spend Down requesting information Daily
317 TEDS -Spend Down needing additional information Daily
318 TEDS - Failed electronic letter delivery Daily
350 TEDS - Approval - CoverKids, HealthyTNBabies (CHIP approval) Daily
35–b - Daily
(replaces TN
250C) TEDS -Batch presumptive pregnant

228
TEDS Letter ID Description Current or Planned Monthly Volume
(Policy – Letter Title) Frequency (Where Applicable)
351d (replaces Daily
TN 250C) TEDS -Desktop at DOH presumptive pregnant
352b TEDS - Batch – Breast and Cervical Cancer (BCC) presumptive Daily
352d TEDS - Desktop - at DOH - BCC presumptive Daily
353 TEDS - Approval - Medicare Savings Program Daily
354 TEDS - Approval for BCC and Pregnant Daily
355 TEDS - Term notice due to reverification - you re- applied and are denied Daily

Table 11: Eligibility Operations – Renewal

Renewal Letter Description Current or Planned Monthly Volume
ID (Policy – Letter Title) Frequency (Where Applicable)
401 Renewal - MAGI Initial letter with renewal packet Monthly
401R Renewal - Reprint of Initial letter with renewal packet Daily
401a Renewal - Long Term Services and Supports (LTSS) Initial letter with renewal packet Monthly
401AR Renewal - Reprint of LTSS letter with NM renewal packet Daily
402 Redetermination - Approved for TennCare Medicaid Daily
402a Redetermination - Approved for TennCare Medicaid - during the 90 day reconsideration Daily
period - produced by interChange
403 Redetermination - Approval for Medicare Savings Program (MSP) Daily
404 Redetermination - Approved for TennCare Standard Daily
405 Redetermination - Approved for CoverKids - effective date to be included Daily
405a Redetermination - Approved for CoverKids - renewal received after coverage ended Daily
406 Redetermination - Cover page which proceeds all TN 406 letters with barcode that Daily
tracks back to the recipient that was mailed the letter
406a Renewal - need more information - Household Income Daily
406b Renewal - need more information - Citizenship or Immigration status and Household Daily
Income
406c Renewal - need more information - Citizenship or Immigration status Daily
406d Renewal - need more information - proof that you live in Tennessee Daily
406e Renewal - need more information - SSN or proof that you have applied for SSN Daily
406f Renewal - need more information - household income, including spousal support Daily
alimony payments (for Transitional/Extended)
406g Renewal - need more information - do you have or can get insurance through your job Daily
or a family members job
406h Renewal - your renewal packet was received, but not signed Daily

229
Renewal Letter Description Current or Planned Monthly Volume
ID (Policy – Letter Title) Frequency (Where Applicable)
406i Renewal - need more information - tell us about health problems, check for Medical Daily
Eligibility "ME" to apply for STD
406j Renewal - need more information - do you have insurance for pregnancy care, Daily
maternity benefits (CHIP only)
406k Renewal - need more information - missing ME packet information Daily
407 Renewal - packet received but you were not selected for renewal, or not currently Daily
enrolled
408 Renewal - Denied, 20 day term - you applied and we have determined you no longer Daily
quality for TC, Medicaid Savings Program (MSP), CK
408ftp Renewal - Denied, 20 day term - renewal packet received, we requested more Daily
information and you did not give us what we requested for TC, MSP, CK
409 Renewal - Denied during 90 day reconsideration period - you do not quality for TC, Daily
MSP or CK
409ftp Renewal - Denied during 90 day reconsideration period - renewal packet received, we Daily
requested more information, you did not give us what we requested for TC, MSP and
CK
410 will not be needed - letter cancelled
411 Renewal - 20 day term - No response to renewal mailing Monthly
412 Renewal - Packet returned after due date - you must reapply Daily

Table 12: Eligibility Operations – CoverKids

CoverKids Description Current or Planned Monthly Volume
Letter ID (Policy – Letter Title) Frequency (Where Applicable)
CK100 CoverKids - Approval with effective dates Daily
CK101 CoverKids - Approval for maternity only for mother and child with effective date Daily
CK102a CoverKids - Information is needed - SSN Daily
CK102b CoverKids - Information is needed - proof your other coverage does not cover Daily
pregnancy care (maternity benefits)
CK102c CoverKids - Information is needed - date of birth Daily
CK102d CoverKids - Information is needed - sign the application Daily
CK102e CoverKids - Information is needed - provide proof you live in Tennessee Daily
CK102f CoverKids - Information is needed - provide proof you have a verified American Daily
Indian/Alaska Native status
CK103 CoverKids - Denial - new application Daily
CK104 CoverKids - Termination - coverage will end in 20 days Daily
CK105 CoverKids - Voluntary Termination - request received to end CK coverage Daily

230
CoverKids Description Current or Planned Monthly Volume
Letter ID (Policy – Letter Title) Frequency (Where Applicable)
CK106 CoverKids - Coverage was ended due to receipt of Date Of Death Daily
CK107 CoverKids - Reminder - inform CK of baby's name and DOB Daily
CK108 CoverKids - You informed us of a demographic change Daily
CK109 CoverKids - Application was received - you already have TennCare, on this effective Daily
date
CK110 CoverKids - Please apply for CK on Health Insurance Marketplace Daily
CKSpec1 CoverKids- After denial, given second chance to complete renewal packet Daily

Table 13: Eligibility Operations – TEAMS

TEAMS Letter ID Description Current or Planned Monthly Volume
(Policy – Letter Title) Frequency (Where Applicable)
ELG 301d DENIAL - insufficient evidence of citizenship. Daily
ELG 301d DENIAL - insufficient evidence of citizenship. Daily
AP 1 A hearing has been scheduled - phone - date and time. Daily
ELG.AI.cit Additional Information needed to prove citizenship. Daily
ELG.AI.cit Additional Information needed to prove citizenship. Daily
AP NOH.ph.5 Delay appeal - general delay in processing of application. Daily
AP AI.10cit Delay appeal - additional information needed to prove citizenship - 10 days to Daily
respond.
AP AI.90cit CLOSING delay appeal - no response to request for proof of citizenship/immigrant Daily
eligibility - temporary TennCare APPROVED for 90 days.
AP AI.combo Delay appeal - additional information needed to prove income and citizenship - 10 Daily
days to respond.
AP AI.in Delay appeal - additional information needed to prove income - 10 days to respond. Daily
AP AI.MAGI Delay appeal - additional information needed - haven't received info from the Daily
Marketplace - complete attached TennCare Delayed Application - 10 days to
respond.
AP AI.PrApp.2 Delay appeal - additional information needed to prove applied for TennCare - 10 Daily
days to respond.
E–U - AD CLOSING delay appeal - a TennCare application decision has been made - will get Daily
a letter about that decision.
AP approved CLOSING delay appeal - TennCare application has been approved. Daily
AP CI.App CLOSING delay appeal - a TennCare application decision has been made - will get Daily
a letter with further information.
AP CI.no delay.2 CLOSING delay appeal - no delay detected - TennCare application sent to Eligibility. Daily

231
TEAMS Letter ID Description Current or Planned Monthly Volume
(Policy – Letter Title) Frequency (Where Applicable)
AP CI.NoPrApp Delay appeal CLOSED - no proof of date of application. Daily
AP D.cit DENIAL/Delay appeal CLOSED/OPTIONAL CoverKids APPROVAL - no proof of Daily
citizenship.
AP D.ftp DENIAL/Delay appeal CLOSED - failure to provide additional information. Daily
AP D.in.3 DENIAL/Delay appeal CLOSED/OPTIONAL CoverKids APPROVAL - income too Daily
high.
AP D.ng DENIAL/Delay appeal CLOSED - not in a group that Medicaid covers. Daily
AP D.nonres DENIAL/Delay appeal CLOSED - non Tennessee resident OR receiving Medicaid in Daily
another state.
AP D.prevcit DENIAL/Delay appeal CLOSED/OPTIONAL CoverKids APPROVAL - not a US Daily
Citizen or eligible immigrant.
AP IR CLOSING Delay appeal - already have TennCare. Daily
AP Late.ver Delay appeal is still CLOSED - appeal closed after no response to request for Daily
additional information - facts received after appeal closed - appeal still closed - facts
sent to Eligibility staff - will get a letter about their decision.
EAU.NP Closure CLOSING request for hearing - no response to Request for Proof of Application. Daily
AP NOH.ph.4 Delay appeal - general delay in processing of application. Daily
FORM "Request for Application Processing Delay Hearing" Daily
EAU.Untimely Cannot process request for hearing - no response to "Request for Application Daily
Closure Processing Delay Hearing."
AP res.app CLOSING Delay appeal - TennCare application was already denied (can appeal Daily
denial).
AP NOH.4 NOH - phone - delay appeal - appellant application for TennCare outstanding for 45 Daily
days or longer.
Final Order. Final Order. Daily
Order of Remand. Order of Remand. Daily
Res IR.appeal Denial appeal is CLOSED - already have TennCare. Daily
Auth R–p - FORM "…Authorization of Individual Representative." Daily
individual
Auth R–p - FORM "…Authorization of Representative Organization." Daily
Organization
EAU.AppDC CLOSING delay appeal - already have TennCare. Daily
Initial Order Initial Order rendered by an Administrative Judge. Daily
rendered by an
Administrative
Judge.
Cover Pa“e "See important information from TennCare on the next page of this letter." Daily

232
TEAMS Letter ID Description Current or Planned Monthly Volume
(Policy – Letter Title) Frequency (Where Applicable)
FIN.DEN NOH.ph NOH - phone - application denial - appellant does not met financial requirements for Daily
any open category of TennCare.
Denial NOH.2 NOH - in person - application denial - appellant does not meet requirements for any Daily
group eligible for requested benefits.
Denial NOH.2 NOH - phone - application denial - appellant does not meet requirements for any Daily
group eligible for requested benefits.
GEN.DEN NOH.ph NOH - phone - application denial - appellant does not meet requirements for any Daily
open TennCare Medicaid category.
TECH.DEN NOH - phone - application denial - appellant does not fall within any open category Daily
NOH.ph of TennCare eligibility.
ELG 301b DENIAL - not in a group that Medicaid covers. Daily
ELG 301c DENIAL - did not send the information needed to decide if you qualify. Daily
ELG 301a DENIAL - recorded monthly income is over the income limit for Medicaid. Daily
EAU.DHS Cont.2 Appeal will be processed by DHS. Daily
EAU.effAck Send proof of the date applied for TennCare. Daily
EFFDATE NOH.ph NOH - phone - effective date - appellant requests an effective date of____. Daily
Effdate res APPROVED requested effective date - hearing no longer necessary. Daily
Effdate res.2 APPROVED requested effective date - hearing no longer necessary. Daily
Effdate NOH.3 NOH - in person - effective date appeal - appellant requests an effective date of Daily
____.
Effdate NOH.3 NOH - phone - effective date appeal - appellant requests an effective date of ____. Daily
ELG.Ala.dh Before we set up a hearing we need to know more about household income. Daily
Initial Order Daily
VFD.in.2 Hearing DENIED - did not tell us about a mistake that might qualify you for Daily
Medicaid.
AP 2 Receipt of Motion Daily
AP 3 Receipt of Petition Daily
OIAI.1 After appeal/hearing/Judge's Order - additional information needed - 10 days to Daily
respond.
OIU AI.90cit After appeal/hearing/Judge's Order - no response to request for additional Daily
information needed - temporary TennCare APPROVED for 90 days.
OIU AI.combo After appeal/hearing/Judge's Order - additional information needed about household Daily
income and citizenship/immigration status - 10 days to respond.
OIU AI.in After appeal/hearing/Judge's Order - additional information needed about household Daily
income - 10 days to respond.

233
TEAMS Letter ID Description Current or Planned Monthly Volume
(Policy – Letter Title) Frequency (Where Applicable)
OIU AI.res After appeal/hearing/Judge's Order - additional information needed about Daily
Tennessee state residency - 10 days to respond.
OIU AI.resubmit After appeal/hearing/Judge's Order - please RESUBMIT additional information sent - Daily
10 days to respond.
OIU AI.ssn After appeal/hearing/Judge's Order - additional information needed of SSN - 10 Daily
days to respond.
OIU D.ftp After appeal/hearing/Judge's Order - application DENIED - appeal CLOSED - no Daily
response to request for additional information.
OIU D.in After appeal/hearing/Judge's Order - application DENIED - appeal Daily
CLOSED/OPTIONAL CoverKids APPROVAL - income too high.
OIU D.ng After appeal/hearing/Judge's Order - application DENIED - appeal CLOSED - not in Daily
a group that Medicaid covers.
OIU D.res After appeal/hearing/Judge's Order - application DENIED - appeal CLOSED - not Daily
TN resident OR receiving Medicaid from another state.
OIU D.prevcit After appeal/hearing/Judge's Order - application DENIED - appeal Daily
CLOSED/OPTIONAL CoverKids APPROVAL - non citizen or eligible immigrant.
OIU IR After appeal/hearing/Judge's Order - already have TennCare. Daily
OIU Order.gen After appeal/hearing - here is the Judge's Order… Daily
Initial Order for Initial Order for continuance of appeal Daily
continuance of
appeal
Order for Order for withdrawal of appeal Daily
withdrawal of
appeal
Order Order Daily
Notice of receipt Notice of receipt of petition for APPEAL of Initial Order. Daily
of petition for
APPEAL of Initial
Order.
Reconsideration Reconsideration Order Daily
Order
Order of Remand. Order of Remand. Daily
Refer to SSA Delay appeal CLOSED - SSI recipient - SSA decides start date. Daily
Res.approve.1 We agree with your appeal - call if you still want a hearing. Daily
GEN.TERM NOH - phone - termination. Daily
NOH.ph

234
TEAMS Letter ID Description Current or Planned Monthly Volume
(Policy – Letter Title) Frequency (Where Applicable)
Untimely CLOSING denial appeal - too late to appeal/after 40 day appeal period. Daily
Close.den.2
Untimely CLOSING effective date appeal - too late to appeal/after 40 day appeal period. Daily
Close.effdate.2
Accepted.1 Hearing APPROVED - phone. Daily
Denied.1 Hearing DENIED - appeal CLOSED - didn’t give facts needed. Daily
VFD.in.3 Hearing DENIED - did not tell us about a mistake that might qualify you for Daily
Medicaid.
VFD.in.4 Hearing DENIED - did not tell us about a mistake that might qualify you for Daily
Medicaid.
WD.Closure.1 Withdrawal form received - CLOSING appeal. Daily
Withdrawal form FORM "How to end your TennCare appeal." Daily
WD.Closure.1 Withdrawal form received - CLOSING appeal. Daily

235
 Contract ATTACHMENT 4

LETTER OF DIVERSITY COMMITMENT

Deloitte Consulting LLP

Suite 400
1033 Demonbreun St.
Nashville, TN 37203
September 6, 2016

Dear Alma Chilton,

Deloitte Consulting LLP is committed to achieving or surpassing a goal of 10% percent spend with certified
diversity business enterprise firms on State of Tennessee contract # 51758. Diversity businesses are
defined as those that are owned by minority, women, small business and Tennessee service-disabled
veterans which are certified by the Governor’s Office of Diversity Business Enterprise (Go-DBE).

We confirm our commitment of 10% participation on the Contract by using the following diversity
businesses:

(i) Name and ownership characteristics (i.e., ethnicity, gender, Tennessee service-disabled
veteran) of anticipated diversity subcontractors and suppliers): (1) AgreeYa—M/WBE; (2)
Briljent--WBE; (3) Technosoft--MBE; and (4) Zycron--MBE.

(ii) Participation estimates (expressed as a percent of the total contract value to be dedicated to
diversity subcontractors and suppliers): (1) AgreeYa—3.25%; (2) Briljent—1.5%; (3)
Technosoft—3.25&; and (4) Zycron—2%.

(iii) Description of anticipated services to be performed by diversity subcontractors and suppliers:

(1) AgreeYa— Application and technology staff augmentation services including development,
database administration and testing; (2) Briljent-- OCMT and help desk related services; (3)
Technosoft-- Application and technology staff augmentation services including development,
database administration and testing; and (4) Zycron--Application and technology staff
augmentation services including development, database administration and testing

We accept that our commitment to diversity advances the State’s efforts to expand opportunity of diversity
businesses to do business with the State as contractors and sub-contractors.

236
Further, we commit to:
1. Using applicable reporting tools that allow the State to track and report purchases from businesses
owned by minority, women, Tennessee service-disabled veterans and small business.

2. Reporting quarterly to the Go-DBE office the dollars spent with certified diversity
businesses owned by minority, women, Tennessee service-disabled veterans and small business
accomplished under contract # 51758.

Deloitte Consulting LLP is committed to working with the Go-DBE office to accomplish this goal.
Regards,

Brad Eskind

Deloitte Consulting LLP

Principal

Name: __Brad Eskind________________________________

Date: __ September 6, 2016____________________________

237
 Contract ATTACHMENT 5

LIST OF INTERFACES
The following is a list of Eligibility Operations Interfaces that shall be utilized by the State of Tennessee for the TEDS:

Table 14: Eligibility Operations Interfaces

Source Source Common File Name In/Out Frequency Destination Notes
Association
FDSH CMS H03 SSA Composite In On Demand TEDS
FDSH CMS H08T Verify Current In On Demand TEDS
Income
FDSH CMS H09T Verify Annual In On Demand TEDS
Household Income
FDSH CMS H59 Verify Lawful In On Demand TEDS
Presence
FDSH CMS H61 VLP Closed Case In On Demand TEDS

FDSH CMS H15 Account Transfer In Daily TEDS

TMED TennCare TMED In On Demand TEDS

TEDS TennCare H15 Account Transfer Out Daily FDSH

TEDS TennCare Inbound Eligibility Out Daily (every TSMIS TEDS to interChange Eligibility
Interface File business day, Interface File
Monday - Friday)
TEDS TennCare Inbound Linking Out Daily (every TSMIS Linking file from TEDS that shall be
Interface File business day, used to link recipients together
Monday - Friday)
TCMIS TennCare Eligibility/Demographic In Daily (every TEDS After interChange processes the daily
Error File business day, TEDS Eligibility/Demographic File, an
Monday - Friday) error response file shall be generated
and sent to TEDS containing all
processing errors
TCMIS TennCare Linking Error File In Daily (every TEDS After interChange processes the daily
business day, TEDS Linking file, an error response file
Monday - Friday)

238
Source Source Common File Name In/Out Frequency Destination Notes
Association
shall be generated and sent to TEDS
containing all processing errors.
TCMIS TennCare Run-Out File In Daily TEDS An interface between TEDS and
Containing interChange for Accent data during the
Demographics and Run out Period
Address (InterChange
to TEDS Outbound)
TCMIS TennCare Run-Out File In Daily TEDS An interface between TEDS and
Containing Recipient interChange for Accent data during the
Eligibility (InterChange Run out Period
to TEDS Outbound)
TCMIS TennCare MCO Reported In Weekly TEDS To Update MCO Reported address
Address from MMIS system to TEDS.
TCMIS TennCare TPL File In Monthly TEDS To Update MCO Reported address
from MMIS system to TEDS.
TCMIS TennCare ME Encounter File In Monthly TEDS To Update ME Encounter data from
MMIS system to TEDS.
TCMIS TennCare Priority Population File In Monthly TEDS To Update Priority Population (PP)
data from MMIS system to TEDS.
TCMIS TennCare NPI Provider File In Monthly TEDS To Update Priority Population (PP)
data from MMIS system to TEDS.
FDSH CMS H31 Verify Non- In On Demand TEDS
Employer Sponsored
Insurance Minimal
Essential Coverage
(Non-ESI MEC)
DHS SSA SDX In Daily and TEDS
Monthly
DHS SSA BEERS In Daily TEDS

DHS SSA Low Income In Daily TEDS

Subsidy(LIS)

239
Source Source Common File Name In/Out Frequency Destination Notes
Association
TALX NHI Employment and In On Demand TEDS TALX will provide employment and
Income Verification salary information upon request by
Systems (TALX) TEDS. TEDS will interface with the
Equifax/TALX Work Number system.
The Work Number provides
employment and salary information
DOL DOL Wage, New Hire and UI In Quarterly TEDS TEDS will receive quarterly wages, new
hire, and unemployment information
from the Tennessee Department of
Labor and Workforce.
DOH DOH Vital Statistics In Monthly TEDS

Correction DOC Prisoner File In Three times a TEDS

year
TennCare TEDS DIFSLA Out Yearly IRS TEDS will send eligibility data about
cases to the IRS through the Disclosure
of Information to Federal, State, and
Local Agencies (DIFSLA) interface. This
process will send updates on a yearly
basis
IRS IRS Federal Tax In Yearly TEDS This interface will allow TEDS to
Information (FTI) receive, store and process tax
information between itself and the FTI.
TennCare TEDS State Verification Out Daily SSA
Exchange (SVES)
TennCare TEDS Supplementary Out Monthly CMS
Medical Insurance
(SMI) Buy-In(s)
CMS CMS Supplementary In Monthly TEDS
Medical Insurance
(SMI) Buy-In(s)
PARIS ACF Public Assistance In Quarterly TEDS
Reporting Information
System (PARIS)

240
Source Source Common File Name In/Out Frequency Destination Notes
Association
PARIS ACF Public Assistance Out Quarterly ACF
Reporting Information
System (PARIS)
Tennessee Tennessee TISS Report In TEDS This interface will allow TEDS to
Department of Department of receive and process state employment
Finance, Benefits Finance, Benefits information
and Administration and Administration
EVVE NAPHSIS Electronic Verification In On Demand TEDS TEDS will interface with the National
of Vital Events (EVVE) Association for Public Health Statistics
and Information Services’ (NAPHSIS)
Electronic Verification of Vital Events
(EVVE) system to allow immediate
confirmation of the information on a
birth certificate presented by an
applicant

241
 Contract ATTACHMENT 6

LIST OF REPORTS
The following is a list of Eligibility Operations Reports that are currently generated by the State of
Tennessee:

Table 15: Eligibility Operations Reports

Report Name Type
Active Individuals by Program Report State
BCC Treatment Plan Report State
Deceased Report State
Daily Error Detail Report State
Daily Error Summary Report State
Pseudo SSN Report State
Pending Re-verification Report State
QI Eligible Individuals Report State
Application Aging Report State
Low Income Subsidy (LIS) Report State
LTSS Recipients With Trusts or Annuities Report State
Applications Disposed with a Time Frame Report State
Cost of Living Adjustment Report State
Applications Report State
Denials Report State
Redetermination Report State
MGMT 2050 Supervisory Report State
DCS Foster Care and Adoption Assistance Redetermination Report State
Foster Care and Adoption Assistance Pending Applications Report State
Error Reports from Mass Change Processing State
Active Case Report State/Federal
Application Processed Report State/Federal
Eligibility Determination Reports State/Federal
Application Status and Duration State
Number of Applications Received Through Various Channels State/Federal
Cases Approaching Timeliness Deadline Report State
Due and Past Due Case Report State
Processing Time by Application Date Report State/Federal
Processing Time by Receipt Date Report State/Federal
Case Load Report State
Report on the Amount of Active cases/Tasks assigned to a Unit, and Worker State
Program Enrollment Forecast State
Appeal Activity Report State
Appeals Summary Report State
KPI Reports State
Appeal Docket State
Appeal Dashboard State
Appeal Case Status Report State
Appeals Summary Report State
CHIP Report State

242
 Contract ATTACHMENT 7

DEFINITIONS AND ABBREVIATIONS

Table 16: Abbreviations
Abbreviation Definition
24/7/365 Available twenty-four (24) hours per day, seven (7) days per week, and three hundred sixty-
five (365) days per year
ACCENT Automated Client Certification and Eligibility Network for Tennessee
ACF Administration for Children and Families
ACH Automated Clearing House
AOA Annual Operational Assessment
ATC Authority to Connect
ATO Authority to Operate
ATP Account Transfer Process
BABOK Business Analysis Body of Knowledge
BC/DR Business Continuity and Disaster Recovery
BIA Business Impact Analysis
BOM Business Operating Model
BPM Business Process Management
BRD Business Requirements Document
BRE Business Rules Engine
BRMS Business Rules Management System
CAP Corrective Action Plan
CD Control Directive
CFR Code of Federal Regulations
CHIP Children's Health Insurance Program
CI Configuration Item
CIO Chief Information Officer
CIP Continuous Improvement Process
CISM Certified Information Security Manager
CISSP Certified Information Systems Security Professional
CM Control Memorandum
CMDB Configuration Management Database
CMPPA Computer Matching and Privacy Protection Act of 1988
CMS Centers for Medicare and Medicaid Services
COTS Commercial Off-the-Shelf
CP Contingency Plan
CPO Chief Privacy Officer
DAC Disabled Adult Child
DB Database
DBMS Database Management System
DCS Department of Children’s Services
DDI Design, Development, and Implementation
DED Deliverable Expectations Document
DHS Department of Human Services (State of Tennessee)
DIFSLA Disclosure of Information to Federal, State, and Local Agencies

243
Abbreviation Definition
DNS Domain Name System
DOH Department of Health
DOJ Department of Justice
DOLWD Department of Labor and Workforce Development
DUNS Data Universal Numbering System
EA Enterprise Architecture
ECM Electronic Content Management
ED Eligibility Determination
ELC Enterprise Life Cycle
EMP Eligibility Modernization Project
EMPPA Eligibility Modernization Project Process Agreement
EOG Eligibility Operations Group
ERR Environment Readiness Review
ESB Enterprise Service Bus
ESM Enterprise System Modernization
ETL Extract, Transform, and Load
EVVE Electronic Verification of Vital Events
FDSH Federal Data Services Hub
FEIN Federal Employer Identification Number
FFATA Federal Funding Accountability and Transparency Act
FFM Federally Facilitated Marketplace
FTE Full-time Equivalent
FTI Federal Tax Information
GIAC Global Information Assurance Certification
GLBA Graham-Leach-Bliley Act of 1999
Go-DBE Governor’s Office of Diversity Business Enterprise
GUI Graphical User Interface
HCFA Division of Health Care Finance and Administration (State of Tennessee)
HHS U.S. Department of Health and Human Services
HIPAA Health Insurance Portability and Accountability Act of 1996
HITECH Health Information Technology for Economic and Clinical Health Act
ICD Interface Control Document
IEA Information Exchange Agreement
IMS Integrated Master Schedule
IRC Internal Revenue Code
IRR Implementation Readiness Review
IRS Internal Revenue Service
IS Information Systems
ISA Interconnected Systems Agreement
IT Information Technology
ITIL Information Technology Infrastructure Library
IV&V Independent Verification and Validation
KPI Key Performance Indicator
LAN Local Area Network
LD Liquidated Damage
LIS Low Income Subsidy
LTSS Long Term Services and Supports

244
Abbreviation Definition
O&M Operations and Maintenance
MAGI Modified Adjusted Gross Income
MARS-E Minimum Acceptable Risk Standards for Exchanges
MCO Managed Care Organization
ME Medically Eligible
MFA Multi-Factor Authentication
MITA Medicaid Information Technology Architecture
MMIS Medicaid Management Information System
MMP Medicaid Modernization Program
MOU Memorandum of Understanding
MPI Master Person Index
MSP Medicare Savings Program
NAPHSIS National Association for Public Health Statistics and Information Services
NCPD Notice of Calculation of Potential Damages
NIAD Notice of Intent to Assess Damages
NIST National Institute of Standards and Technology
NOC Network Operations Center
NPD Notice of Potential Damages
NTP Network Time Protocol
OASDI Old Age, Survivor, and Disability Insurance
OCMT Organizational Change Management and Training
OMB Office of Management and Budget
OS Operating System
OSSTMM Open Source Security Testing Methodology Manual
PARIS Public Assistance Reporting Information System
PHI Protected Health Information
PIA Privacy Impact Assessment
PII Personally Identifiable Information
PMI Project Management Institute
PMLC Project Management Lifecycle
PMO Project Management Office
PMP Project Management Plan
POA&M Plan of Actions and Milestones
PP Priority Population
PPACA Patient Protection and Affordable Care Act
QA Quality Assurance
QI Qualified Individuals
QM Quality Management
RA Risk Assessment
RFC Request for Change
RFQ Request for Qualifications
RMF Risk Management Framework
RPO Recovery Point Objective
RTM Requirements Traceability Matrix
RTO Recovery Time Objective
SADD System Architecture Design Document
SCA Security Control Assessment

245
Abbreviation Definition
SDLC System Development Lifecycle
SDX State Data Exchange
SFTP Secure File Transfer Protocol
SI System Integration
SIT System Integration Testing
SLA Service Level Agreement
SLR Service Level Requirement
SME Subject Matter Expert
SMI Supplementary Medical Insurance
SNAP Supplemental Nutrition Assistance Program
SOA Service Oriented Architecture
SOAP Simple Object Access Protocol
SOP Standard Operating Procedure
SP Special Publication
SPMO Strategic Program Management Office
SQL Structured Query Language
SSA United States Social Security Administration
SSI Supplemental Security Income
SSN Social Security Number
SSO Systems Security Officer
SSP System Security Plan
SSR Safeguard Security Report
ST&E Security Test and Evaluation
STS Strategic Technology Solutions
TANF Temporary Assistance for Needy Families
TARB Technical Architecture Review Board
TAS Technical Advisory Services
TCA Tennessee Code Annotated
TCCB Technical Change Control Board
TCMIS TennCare Management Information System
TCRS Tennessee Consolidated Retirement System
TEAMS Tennessee Eligibility Appeals Management System
TEDS Tennessee Eligibility Determination System
TMED Tennessee Medical Eligibility Determination System
TNHC Tennessee Health Connection
TOGAF The Open Group Architecture Forum
TPL Third Party Liability
UAT User Acceptance Testing
USC United States Code
USPS United States Postal Service
VLP Verify Lawful Presence
WAN Wide Area Network
WBS Work Breakdown Structure
WCAG Web Content Accessibility Guidelines
WRS TN Tower William R. Snodgrass Tennessee Tower
XML Extensible Markup Language

246
 Table 17: Definitions
Term Definition
Accessibility Accessibility Testing is to ensure that the product is compliant with applicable Section 508
Testing Accessibility and WCAG 2.0 AA Standards identified in the completed Section 508 Product
Assessment. Software products (whether COTS, Government Off-the-Shelf, or custom-
developed software applications) must adhere to Section 508 accessibility and other
regulatory requirements governing the use of EIT in accordance with the CMS Policy for
Section 508 Compliance. Accessibility Testing is required if the business application has a
user interface or produces electronic output for direct access or use by federal employees or
the public.
Account Automated process to receive applications originally entered through the Federally Facilitated
transfers Marketplace.
Ad-hoc Testing Testing performed without planning and documentation where the tester tries to 'break' the
system by randomly trying the system's functionality. Ad-hoc testing is typically informal and
improvisational.
Alert/Monitoring Alert/Monitoring Testing is the type of testing that is done where you purposely end test
Testing scenarios/cases in actions that would result in a system alert/message, ensuring that the
correct actions are taken at that time. Alerts could be from a user perspective (telling the user
that they provided the wrong SSN because it begins with 999), or on the system side (the
system has received error code 01239, and the system knows how to handle that error code).
Monitoring testing is that for known errors/messages, the system should be ready to monitor
for those and intercept them and react to them appropriately.
Beta Testing Beta testing of the Solution is run in a production environment and in parallel with the legacy
production system. It allows a comparison of the results of processing between the legacy
system and the new solution based on live data in the parallel production environments. It
ensures that business sponsors are able to validate that the delivered solution in the target
production environment supports all business requirements.
Boundary Boundary Testing consists of testing the extremes of the input domain, e.g. maximum,
Testing minimum, just inside/outside boundaries, typical values, and error values.
Business Repository based on a defined strategy, allowing the defined rules to be managed in terms of
Management versions and variants. The Businesses Rules Management tool shall be available to all
Tool relevant stakeholders to define and manage the business rules.
Channel With reference to FR-INT-001, the channel is the method in which information is received.
Examples of channels include, but are not limited to, phone (inbound and outbound), mail, fax,
email, FFM Account Transfer, Member portal, Partner portal, and Worker portal.
Communication A component of the Project, Program, or Portfolio Management that describes how, when and
Management by whom information about the project will be administered and disseminated.
Compatibility Compatibility Testing validates how well a software performs in a particular
Testing hardware/software/operating system/network environment. Backward Compatibility Testing
tests the application or software in old or previous versions. Forward Compatibility Testing
tests the application or software in new or upcoming versions.
Component Component Integration Testing validates that all software components interact with one
Integration another correctly.
Testing
Configuration Configuration Management includes the process of documenting formal procedures to apply
Management technical and administrative direction and surveillance to: identify and document the functional
and physical characteristics of a product, result, service, or component; control any changes
to such characteristics; record and report each change and its implementation status; and
support the audit of the products, results or components to verify conformance to
requirements. It includes the documentation, tracking systems, and defined approvals
necessary for authorizing and controlling changes.
Conversion Conversion Testing is a testing process prescribed in the Data Conversion Plan that ensure
Testing testing is done in a manner reflective on how the system will be used in its "real" environment.
Eligibility The Eligibility Modernization Project represent the State of Tennessee’s highest priority in the
Modernization Medicaid Modernization Program. The project’s scope involves development and
Project implementation of an eligibility determination system for TennCare and CHIP, which shall
contain a rules-based decision engine, and that will be compliant with the Affordable Care Act,
CMS requirements and all applicable State and Federal Regulations.

247
Term Definition
Eligibility The Eligibility Modernization Project Process Agreement (EMPPA) is used to authorize and
Modernization document the justifications for using, not using, or combining specific Gate Reviews and the
Project Process selection of specific deliverables applicable to the investment of Eligibility Modernization
Agreement Project, including the expected level of detail to be provided. This document authorizes the
project to proceed according to agreed upon scope, time, costs, and quality including any
related exceptions as outlined within this document.
Eligibility Members of the Eligibility Modernization Project Steering Committee shall be defined by the
Modernization State.
Project Steering
Committee
End-to-End End-to-End Testing tests all of the business application’s access or touch points, and data,
Testing across multiple business applications and systems, front to back (horizontal) and top to bottom
(vertical), to ensure business processes are successfully completed. Testing will be conducted
on a complete, integrated set of business applications and systems to evaluate their
compliance with specified requirements, and to evaluate whether the business applications
and systems interoperate correctly, pass data and control correctly to one another, and store
data correctly.
Enterprise Enterprise Testing tests all enterprise business applications that may have direct or indirect
Testing touch-points across multiple business applications and systems. Testing will be conducted on
a complete, integrated set of enterprise business applications and systems to evaluate their
compliance with specified requirements, and to evaluate whether the business applications
and systems interoperate correctly, pass data and control correctly to one another, and store
data correctly.
Environment The Environment Readiness Review is a representation of the Validation Readiness Review,
Readiness Implementation Readiness Review, and Production Readiness Review. These reviews are
Review needed to enter the various CMS environments to test the solution and its contingency
operations. Not all solutions will go through all environments. Specific requirements for
running in each environment are provided by the environment’s owner.
Error Handling Assesses the ability of the system to properly process erroneous transactions. The main
Testing objectives are to ensure that all reasonably anticipated error conditions are recognizable by
the application system, accountability for processing errors has been assigned and that the
procedures provide a high probability that the error will be properly corrected, and that
reasonable control is maintained over errors during the correction process.
Exploratory Emphasizes the personal freedom and responsibility of the individual tester to continually
Testing optimize the quality of his/her work by treating test-related learning, test design, test
execution, and test result interpretation as mutually supportive activities that run in parallel
throughout the project.
External Applicants and Members
Resources
Failover Failover Clustering is a failsafe in which a two or more servers work together to ensure that if
Clustering one (or more) fail, that another can seamlessly take over the workload without any downtime.
Federal A CMS system providing consumer and small business access to a health insurance
Facilitated marketplace for states that have chosen not to build their own marketplace.
Marketplace
Financial Financial Management is a process which brings together planning, budgeting, accounting,
Management financial reporting, internal control, auditing, procurement, disbursement and the physical
performance of the project with the aim of managing project resources properly and achieving
the project’s objectives. Like the concept of Project Management, it is a strategic competency
for organizations and can make the difference between a successful project and audit reports.
Functional Functional requirements define the expected functionality of the product or Solution to be
Requirement created.
Functional Assess the input/output functions of a business application against pre-defined functional and
Testing data requirements. Each and every functionality of the system is tested by providing
appropriate input, verifying the output and comparing the actual results with the expected
results. Types of functional testing include: Unit Testing, Smoke Testing, Sanity Testing,
Integration Testing, White Box Testing, Black Box Testing, User Acceptance testing,
Regression Testing

248
Term Definition
Gate Review A Gate Review is a phase-driven go/no-go decision point where project activities are reviewed
to assure that appropriate requirements are observed. A project cannot proceed without a Go
decision by the appropriate senior management for a specific stage gate.
Each Gate Review is an independent confirmation by the Gate Review Team (including
relevant critical partners) to the IT Governance organization or delegated authority that all
required project reviews have been successfully conducted. It checks that the EMP Manager
has satisfactorily produced all the required deliverables and met all exit criteria for a given
SDLC phase to permit advancement to the next phase.
The emphasis of the Gate Review is on:
a) The successful accomplishment of SDLC phase objectives;
b) The plans for the next life cycle phase; and
c) The risks associated with moving into the next life cycle phase.
The results of the Gate Review Team’s assessment are provided with recommended action to
the IT Governance organization or delegated authority for decision.
Go-Live Successful implementation and deployment of all functionality aligned with a Release to the
end-user population.
Go/No-Go Point at which a decision to continue or stop a course of action is made. If a decision is made
Decision to "go", this denotes that the solution conforms to the documented specifications.
GUI Navigation Validates the system logic behind when a user navigates from one screen to another. In a GUI
Testing system, at each time frame there is an active screen interacting with the user. The active
screen, when triggered by specific event, will disappear or be deactivated and another one will
be loaded in or activated. The two screens are logically connected by the event and such a
scenario where the screen focus is shifted is called screen navigation.
GUI Software Testing through the use of a GUI, to ensure it meets agreed upon specifications as defined
Testing prior to software development. GUI testing evaluates design elements such as layout, colors,
fonts, font sizes, labels, text boxes, text formatting, captions, buttons, lists, icons, links, and
content.
Human A component of the Project Management Plan that describes how the roles and
Resources responsibilities, reporting relationships, and staff management will be addressed and
Management structured.
Implementation Gate Review to ensure the solution completed thorough Integration Testing and is ready for
Readiness turnover to the formal, controlled test environment for Production Readiness.
Review
Interface Interface Testing tests all of the business application’s access or touch points, and data,
Testing across multiple business applications and systems, front to back (horizontal) and top to bottom
(vertical), to ensure business processes are successfully completed. Testing will be
conducted on a complete, integrated set of business applications and systems to evaluate
their compliance with specified requirements, and to evaluate whether the business
applications and systems interoperate correctly, pass data and control correctly to one
another, and store data correctly. This testing function is sometimes referred to as End-to-
End Integration Testing.
Internal Users of Worker and Partner Portal
Resources
IV&V IV&V Attestation is the process of establishing documented evidence that the solution does
Attestation what it has been designed to do and will continue to operate correctly in the future. IV&V
Attestation provides objective evidence that all software requirements have been implemented
correctly and completely. This includes evidence that the solution produces the intended
results and that all functionality is traceable to solution requirements.
MARS-E A document suite of guidance, requirements, and templates assembled by CMS. The
document suite contains implementation standards for key security requirements contained in
Department of Health and Human Services (HHS) ACA Regulations (45 CFR §§155.260 and
155.280) and other State and Federal regulations and policies. This is a harmonized set of
guidelines inclusive of CMS and IRS requirements. Any reference to this package, even
under CMS context references, should also infer compliance with current IRS Safeguards
Program and IRS Pub 1075 where applicable by usage of data type and/or classification.

249
Term Definition
Medicaid Medicaid Modernization Program is comprised of multiple sub-projects and is an initiative by
Modernization the State of Tennessee to improve health care quality and access for members, achieve
Program greater accountability for outcomes, create a more predictable and sustainable Medicaid
budget, achieve more flexibility and scalability to meet the future needs of TennCare and
CHIP program.
Member Determination if any given individual is a current Medicaid member (if they have a current
Matching Medicaid Plan)
Member Portal The Member Portal shall provide Solution access to applicable insurance plan members or
applicants.
Near Real Time As defined by CMS’ “Achieving Real Time Eligibility Determinations” presentation, near
real time is “promptly and without undue delay.”
Negative A Negative test will assess the response of the system outside of normal parameters and is
Testing designed to assess the system’s ability to successfully perform error handling with the
unexpected input. The tester uses invalid inputs or imitates unexpected user behavior to
expose potential errors and system risk.
Non-Functional Non-functional Requirements define the specific technical functionality that must exist in the
Requirement Solution to deliver the business functionality, the operational objectives of the Solution, and
the methodology and processes to manage the Solution delivery.
Operational Ensure that the operational readiness is appropriately comprehensive and inclusive of all
Readiness elements of the State enterprise impacted by the TEDS deployment. Operational readiness
Testing may include checking the backup/restore facilities, IT disaster recovery procedures,
maintenance tasks, and periodic check of security vulnerabilities.
Page Viewable screens within the Solution
Partner Portal The Partner Portal shall provide Solution access to current TennCare Pre-Admission
Evaluation System users, nursing homes, and hospitals. The Partner Portal shall be
accessible both within the State of Tennessee network, and outside of the State of Tennessee
network.
Performance Performance Management is the use of performance measurement information to help set
Management agreed-upon performance goals, allocate and prioritize resources, inform managers to either
confirm or change current policy or program directions to meet those goals, and report on the
success in meeting those goals.
Performance Assesses the capacity and throughput of a business application and/or infrastructure in
Testing processing time, CPU utilization, network utilization, and memory and storage capacities
relative to expected normal (average and peak) user and processing load as defined in the
system’s requirements document and/or Operation Manual document.
Prime A Contractor that holds the System Integration contract to design, develop, and implement the
Contractor eligibility system.
Production Denotes the version of the code that is in operation.
Instance
Quality Control Testing that determines if the system is performing and adheres to the predetermined
Testing requirements and expectations. The testing will verify the system was developed as outlined in
the documented requirements.
Quality Quality Management includes the process and activities of performing organization that
Management determine quality policies, objectives, and responsibilities so that the project will satisfy the
needs for which it was undertaken. Quality Management uses policies and procedures to
implement, within the project’s context, the organization’s quality management system and, as
appropriate, it supports continuous process improvement activities as undertaken on behalf of
the performing organization. Quality Management works to ensure that the project
requirements, including product requirements are met and validated.
Release A Release is the distribution of the updated version of the solution. Release can be a stage in
development of a solution or maturity for a piece of software: ranging from its initial
development to its eventual release, and including updated versions of the released version to
help improve software or fix bugs still present in the solution.
Recovery Validates how well an application is able to recover from crashes, hardware failures, and other
Testing similar problems. Recovery testing is the forced failure of the software in a variety of ways to
verify that recovery is properly performed.

250
Term Definition
Regression Selective re-testing to validate that modifications have not caused unintended functional or
Testing data results and that the application still complies with its specific requirements.
Reliability Monitor the operational availability of business applications and/or infrastructure,
Testing problems/incidents, performance/service level, and capacity utilization of production systems,
and will validate the gathered data against expected results (documented in the system’s
requirement document and/or Operation Manual document) to ensure that the implemented
application or infrastructure performs as expected in production. This testing function is
sometimes referred to as Reliability Validation, Burn in Period, Reliability Test, or Extended
Reliability Test.
Requirements Repository based on a defined strategy, identifying the relationship, interface, or dependency
Management on data in other tools. A Requirements Management tool will describe how the traceability
Tool strategy and how the requirements will be structured.
Requirements A grid that links product requirements from their origin to the deliverables that satisfy them.
Traceability The implementation of Requirements Traceability Matrix helps ensure that each requirement
Matrix adds business value by linking it to the business and project objectives. It provides a means to
track requirements throughout the project lifecycle, helping to ensure that requirements
approved in the requirements documentation are delivered at the end of the project. Finally, it
provides a structure for managing changes to the scope.
Risk and Issue Process of identifying time frames and the management chains (names) for escalation of
Escalation issues and risks that cannot be resolved at a lower staff level.
Risk Framework required by the State of Tennessee to inform, advise, and manage the activities of
Management security categorization (as defined in the federal publication FIPS 199), security control
Framework selection and implementation, security control assessment, information system authorization
(RMF) (ATO and ATC), and security control monitoring. The State must approve the RMF and it must
meet standard practices associated with effective implementation, management, and
maintenance of the NIST RMF.
Scalability Identify major workloads and mitigate bottlenecks that can impede the scalability of the
Testing application. Scalability testing is a subset of performance testing. Performance testing can be
used to establish a baseline against which future performance tests can be compared against.
Schedule Schedule Management is a subsidiary of, and integrated with, the Project Management.
Management Schedule Management identifies a scheduling method and scheduling tool and sets the format
and establishes criteria for developing and controlling the project schedule. The selected
scheduling method defines the framework and algorithms used in the scheduling tool to create
the schedule model. Some of the better known scheduling methods include Critical Path
Method and Critical Chain Method.
Scope Scope Management is a discipline of Project Management that defines how the project scope
Management will be defined, validated and controlled. The key benefit of the process is that it provides
guidance on how scope will be managed throughout the project.
Security and The security and privacy controls that apply to information assets, in principal, are
Privacy commensurate with the potential impact on information assets, organizational operations, or
Controls individuals, should there be a compromise of confidentiality, integrity, or availability of the
information. Federal and State regulations and policies define specific classifications of data
that require specific levels of control. In some instances, such as FTI, the source of the data is
a factor in determining the security and privacy controls that apply to data elements. Security
and privacy controls shall include, at a minimum:
a) Role based access
b) Data ownership/authorization rights
c) MFA - when a third party accesses sensitive information about another person
d) Encryption of information in transit
e) Encryption of information at rest
f) Data masking/synthetic data requirements
g) Secure file transfers
h) Masking of data elements on displays or reports (for example, replacing all but the
last four digits of a key person identifier such as an SSN)
i) Recording an audit trail of who accesses what specific sensitive data and when
Training

251
Term Definition
Classification of the data, with respect to sensitivity of content and source governance, drives
the security and privacy controls for the data. This is a key activity that shall be completed to
the approval of the State Chief Security Officer, Chief Privacy Officer (CPO), and other
stakeholders at project initiation. This classification serves as the foundation for security
activities throughout the SDLC.
Security and The State requires management of security and privacy in compliance with Federal and State
Privacy regulations and policies. The Contractor shall provide the expertise to utilize these tools
Management throughout the SDLC for the project, including, at a minimum:
Tools a) Database Security Monitoring and Compliance Reporting (Oracle Audit Vault or
functional equivalent)
b) Vulnerability Scan (Nessus or functional equivalent)
c) Security Information and Event Management (Qradar or functional equivalent)
d) Static Code Checking (Fortify or functional equivalent)
e) Log Server (SysLog Server or functional equivalent)
f) File Integrity Checker (Advanced Intrusion Detection Environment or functional
equivalent)
g) Virus Scan (Symantec Endpoint Protection (Windows), Clam Antivirus (Linux), or
functional equivalent)
h) Compliance and Information Security Program Management (Lockpath Keylight or
functional equivalent)
i) Identity and Access Management (Oracle Identity and Access Management or
functional equivalent)
j) System Monitoring (Sitescope or functional equivalent)
k) Application Scanning (NetSparker Server or functional equivalent)
Security A Security Test & Evaluation (ST&E) will validate all applicable security controls defined in the
Compliance CMS Policy for the Information Security Program. ST&E validates that business application or
Testing infrastructure are implemented correctly, operate as intended, and produce the desired
outcome with respect to meeting the security requirements for the application or infrastructure.
ST&E may include vulnerability scanning, penetration testing, and/or testing security
standards and policy.
Security Addresses how the evaluator shall perform active security testing of the information system to
Control assess the implemented security controls and to identify gaps between the implemented
Assessment controls and the documented controls. The evaluator shall capture, document and retain
information sufficient to prove the existence or non-existence of vulnerabilities discovered
through the assessment process. Any gaps identified during the documentation review,
interviews or security control assessments will be reported in the findings report based on the
CMS Reporting Procedure for Information Security Assessments.
Smoke/Sanity Smoke Tests are shallow and wide, testing all areas of the application without getting deep in
Testing focus. Sanity tests are narrow and deep regression tests, testing one or a few areas of
functionality. These tests are used to determine if an environment or Release is stable enough
to begin a testing cycle.
Solution or Solution describes features, functions, and characteristics of the product, system, service, or
System result that will meet the business and stakeholder requirements.
Source With reference to FR-INT-001, the source is the entity that is interfacing with the future
state Solution.
Stakeholder The Stakeholder Management Process is used to identify the project’s key stakeholders and
Management their roles and responsibilities within the project, provide an analysis of their interests in and
Process attitude towards the effort, and manage stakeholder participation to secure positive support for
the project. The Stakeholder Management process capability identifies the impacted groups or
individuals and their needed level of commitment and establishes detailed engagement plans
for impacted stakeholders to ensure project success.

Successful All designed capabilities are operational according to specification and the State accepts the
Release Go-Live deliverable

252
Term Definition
Technical The Technical Sandbox is an isolated and restricted computer environment where developers
Sandbox conduct testing on untested and untrusted codes. A restricted environment is created to
ensure stability and security.
Test Repository for all test documents, cases, results, statues, and how testing was done. The
Management testing repository will include all automated and manual activities.
Tool
Time-travel Ability to future-date or back-date operating system date in order to assist in testing of
functionality related to time-driven events.
Unit Testing Unit Testing is performed by the system developer/maintainer subsequent to or in parallel with
application development to assess and correct the functionality and data of a business
application’s individual code modules.
Usability Testing technique typically performed by end users to verify the appropriate level of ease with
Testing which a user can learn to operate, prepare inputs for, and interpret outputs of a system or
component.
User Assess and accept the overall functionality and interoperability of a business application’s
Acceptance solution in an operational mode. UAT allows end users to use the solution in a manner that
Testing most resembles actual production use. Testing is performed against the Business
Product/Code based on the user’s requirements, and may include Training Artifacts and User
Manual. UAT may also assess the user’s experience with the application to determine if users
are able to accomplish their tasks and goals satisfactorily and efficiently to help identify
potential problems and possible improvements (i.e., usability testing). Success in UAT will
result in a sign-off by the business owner, validating that the business application meets
documented requirements.
Worker Portal The Worker Portal shall provide Solution access to member services workers,
appeals unit workers, service center staff (TNHC intake, including intake for CHIP & the
Redetermination Vendor), State office users outside of member services, including internal
audit, policy, fiscal, and help desk, Department of Children's Services (Foster Care), and other
Department of Health (DOH) application intake. The Worker Portal shall be accessible both
within the State of Tennessee network, and outside of the State of Tennessee network.

253
 Contract ATTACHMENT 8

FRAMEWORK DELIVERABLES
TAS
Framework Framework Applicable Relevant
Contract Framework Deliverable
Deliverable Deliverable Contract Contract
Reference Description
Name Type Deliverable Sections
#
The plan details the
approach, related
activities and
deliverables that will be
Enterprise
completed for each
Architecture
Program project and that
(EA) - Business
will be included as part of
Operating Model
the Program and each
(BOM)
project’s EA – BOM Project-
A.17 Management Current A.7
Design. The EA-BOM wide
Plan
Management Plan
includes State
architectural an
infrastructural standards
and is based on industry
leading practices and
enterprise reference
architectures.
Program Project Charter
Standards and a
Program Project Charter
Project Charter
template and method for
Standards
management of the Deliverable
A.18 Program Project Future A.8
creation of Program 1
Charter
Project Charters for State
Template
and other stakeholder
review, and State
approval.
The plan details the roles
of the TAS Contractor,
the State, the State MMP
Contractors in the overall
Project and Systems
Development Lifecycle
Management Design. Deliverable
Project and
The plan details the 1
Systems
standards for the Project Deliverable
Development A.8,
A.25 Current and Systems 17
Lifecycle A.19,A.19.14
Development Lifecycle Deliverable
Management
Management framework, 18
Plan
and the tools and
technologies used to
manage it. This plan
serves as specifications
for the creation of each
project's related plans
that are to be performed

254
 TAS
Framework Framework Applicable Relevant
Contract Framework Deliverable
Deliverable Deliverable Contract Contract
Reference Description
Name Type Deliverable Sections
#
by the applicable State
MMP Contractors.
The plan defines the
approach to identifying,
analyzing, recording and
maintaining the
Stakeholders for each
Program project in a
Program Stakeholder
Register. The plan details
Stakeholder
roles for TAS Contractor,
Analysis and Deliverable
A.26 Future the State, the State MMP A.102, A.20
Management 1
Contractors and any
Plan
other Program actor in
the completion and State
approval of Stakeholder
analysis. The final
designation of roles to be
performed by each party
shall be made by the
State.
The plan details the roles
of the TAS Contractor,
the State, and the State
MMP Contractors in the
overall Business Analysis
approach. This plan also
Business Deliverable
A.27 Future serves as specifications A.10.3.3
Analysis Plan 5
for the creation of each
project Business Analysis
Plan that is to be
performed by the
applicable State MMP
Contractors.
The plan details the roles
of the TAS Contractor,
the State, and the State
MMP Contractor in the
overall creation and
maintenance of business Deliverable
processes. The plan also 5
Business details the standards for Deliverable
Process the Program business 19
A.28 Future A.10.7
Management process management Deliverable
Plan framework and the 20
standards for the Deliverable
definition of the business 26
processes. This plan also
serves as specifications
for the creation of each
project Business Process
Management Plan that is
255
 TAS
Framework Framework Applicable Relevant
Contract Framework Deliverable
Deliverable Deliverable Contract Contract
Reference Description
Name Type Deliverable Sections
#
to be performed by the
applicable State MMP
Contractors.
The plan details the roles
of the TAS Contractor,
the State, and the State
MMP Contractors in the
overall Business Rules
Definition framework and
approach. The plan also
details the standards for
the Program business
rules management
framework, the standards
Business Rules
for the definition of the Deliverable
A.29 Management Future A.10.8
rules, and the 4
Plan
technologies used to
deploy and maintain
business rules. This plan
also serves as
specifications for the
creation of each project
Business Rules
Management Plan that is
to be performed by the
applicable State MMP
Contractors.
The plan details the roles
of the TAS Contractor,
the State, and the State
MMP Contractors in the
overall Requirements
Management framework
and approach. The plan
also details the standards
for the Program
requirements
management framework,
Requirements the standards for the
Deliverable
A.30 Management Current definition of the A.10.9
3
Plan requirements, and the
technologies used to
deploy and maintain
requirements. This plan
also serves as
specifications for the
creation of each project
Requirements
Management Plan that is
to be performed by the
applicable State MMP
Contractors
256
 TAS
Framework Framework Applicable Relevant
Contract Framework Deliverable
Deliverable Deliverable Contract Contract
Reference Description
Name Type Deliverable Sections
#
The plan details the roles
of the TAS Contractor,
the State, and the State
MMP Contractors in the
overall Configuration
Management framework
and approach. The plan
also details the standards
for the Program
configuration
management framework,
the standards for
Configuration
Management, and the
technologies used to
perform Configuration
Management. This plan
also serves as
specifications for the
creation of each project
Configuration
Management Plan that is Deliverable
Configuration
to be performed by the 1
A.31 Management Future A.17.10
applicable State MMP Deliverable
Plan
Contractors. The 27
Configuration
Management Plan
defines the controls that
will be followed for all the
projects within the
Program related to
managing the changes to
any item under
configuration control.
This includes
deliverables as well as
software systems
developed to meet
functional requirements.
All projects in this
Program will follow the
defined Configuration
Management Plan to
maintain version integrity
of documents as well as
software systems.
The Plan details the roles
of the TAS Contractor,
Change
the State, and the State Deliverable
A.32 Management Future A.17.11
MMP Contractors in the 1
Plan
overall Change
Management framework
257
 TAS
Framework Framework Applicable Relevant
Contract Framework Deliverable
Deliverable Deliverable Contract Contract
Reference Description
Name Type Deliverable Sections
#
and approach. The plan
will also detail the
standards for the
Program change
management framework,
the standards for Change
Management, and the
technologies used to
perform Change
Management. This plan
also serves as
specifications for the
creation of each project
Change Management
Plan that is to be
performed by the
applicable State MMP
Contractors.
The plan details the roles
of the TAS Contractor,
the State, and the State
MMP Contractors in the
overall Test Management
The plan details the roles
of the TAS Contractor,
the State, and the State
MMP Contractors in the
overall Test Management
performed by the
applicable State MMP
Contractors. The Test
Management Plan
Test
defines the standard test Deliverable
A.33 Management Current A.10.10.8
management phases and 6
Plan
the related entrance and
exit criteria the processes
and standards to be used
in all phases of testing for
all projects. The plan
includes definition of the
specific roles and
services the TAS
Contractor will provide in
Program Test
Management on behalf of
the State and in relation
to the various State MMP
Contractors.
Interface / The plan details the roles
Integration of the TAS Contractor, Deliverable
A.34 Current A.10.11
Management the State, and the State 22
Plan MMP Contractors in the
258
 TAS
Framework Framework Applicable Relevant
Contract Framework Deliverable
Deliverable Deliverable Contract Contract
Reference Description
Name Type Deliverable Sections
#
overall Interface/
Integration Management
framework and approach.
The Interface/ Integration
Management Plan
defines the framework for
Interface/Integration
design, testing and
deployment that will
support the formation of
each Program project's
Interface/Integration
Management plans that
will collectively yield
overall optimal,
enterprise systems
Interface/Integration.
The plan details the roles
of the TAS Contractor,
the State, and the State
MMP Contractors in the
overall System
Performance and
Availability framework
and approach. The
System Performance and
Availability Management
System Plan defines the Deliverable
Performance framework for System 1
A.35 Future A.8, A.17.5
Management Performance and Deliverable
Plan Availability design, 13
testing and deployment
that will support the
formation of each
Program project’s
System Performance and
Availability plans that will
collectively yield overall
optimal, System
Performance and
Availability.
The plan details the roles
of the TAS Contractor,
the State, and the State
MMP Contractors in the
overall System Capacity
System Deliverable
A.36 Future framework and approach. A.17.5.4
Capacity Plan 11
The System Capacity
Plan defines the
framework for System
Capacity design, testing
and deployment that will
259
 TAS
Framework Framework Applicable Relevant
Contract Framework Deliverable
Deliverable Deliverable Contract Contract
Reference Description
Name Type Deliverable Sections
#
support the formation of
each Program project’s
System Capacity plans
that will collectively yield
overall optimal, System
Capacity. It shall include
specifications for each
project to perform a
Business Impact Analysis
and insure the System
Capacity approach and
technology selected and
designed represents
industry leading practices
and is appropriate for the
project with consideration
for existing State
standards and applicable
federal regulations/
requirements. It shall
also include
specifications for the
System Capacity process
design framework
detailing the industry
standard
Interface/Integration
process elements.
The plan details the roles
of the TAS Contractor,
the State, and the State
MMP Contractors in the
overall Software Problem
Resolution
Standards/Procedures
framework and approach.
The plan also details the
standards for the
Software
Software Problem Deliverable
Problem
Resolution 46 A.10.10,
A.37 Resolution Future
Standards/Procedures Deliverable A.10.11
Standards /
framework, the standards 58
Procedures Plan
for Software Problem
Resolution/Procedures,
and the technologies
used to perform Software
Problem Resolution /
Procedures. This plan
also serves as
specifications for the
creation of each project
Change Management
260
 TAS
Framework Framework Applicable Relevant
Contract Framework Deliverable
Deliverable Deliverable Contract Contract
Reference Description
Name Type Deliverable Sections
#
Plan that is to be
performed by the
applicable State MMP
Contractors.
The plan defines the
framework for BC/DR
design, testing and
deployment that will
support the formation of
each Program project’s
BC/DR plans that will
collectively yield an
overall optimal,
integrated enterprise
BC/DR capability. It shall
include, but not be limited
to specifications for each
project to perform a
Business Impact Analysis
and insure the
technology selected and
designed represents
industry leading practices
Integrated
and is appropriate for the
Business
project with consideration Deliverable
A.38 Continuity / Future A.17.7
for existing State 10
Disaster
standards and applicable
Recovery Plan
federal
regulations/requirements.
The plan shall also
include specification for
the BC / DR process
design framework
detailing the industry
standard BC/DR process
elements. The plan
drives an enterprise
approach to all project
BC/DR design, testing
and deployment. This
plan also defines the type
of metrics and
acceptance criteria that
are to be defined for
each project’s BC/DR
plan.
The plan defines the
Integrated
framework for Integrated
System
System Implementation Deliverable
A.39 Implementation Future A.10.12
Management activities. It 7
Management
shall include, but not be
Plan
limited to specifications
261
 TAS
Framework Framework Applicable Relevant
Contract Framework Deliverable
Deliverable Deliverable Contract Contract
Reference Description
Name Type Deliverable Sections
#
for each project to
perform a Business
Impact Analysis and
insure the technology
selected and designed
represents industry
leading practices and is
appropriate for the
project with consideration
for existing State
standards and applicable
federal regulations/
requirements. The plan
shall also include
specification for the
System Implementation
process framework
detailing the industry
standard System
Implementation process
elements. The plan
drives an enterprise
approach to all project
System Implementation
activities. This plan also
defines the type of
metrics and acceptance
criteria that are to be
defined for each project’s
System Implementation
Plan that is to be
performed by the
applicable State MMP
Contactors.
The plan details the roles
of the TAS Contractor,
the State, the State MMP
Contactors in the overall
Post Implementation
Evaluation framework
and approach. The plan
also details the standards Deliverable
Post
for the Post 7
A.40 Implementation Future A.10.13
Implementation Deliverable
Evaluation Plan
Evaluation framework 57
and the standards for the
Post Implementation
Evaluation processes.
This plan also serves as
specifications for the
creation of each project
System Capacity Plan
262
 TAS
Framework Framework Applicable Relevant
Contract Framework Deliverable
Deliverable Deliverable Contract Contract
Reference Description
Name Type Deliverable Sections
#
that is to be performed by
the applicable State
MMP Contactors. The
Post Implementation
Evaluation Plan
describes the metrics
and criteria by which the
TAS and IV&V
Contractors will perform
the post implementation
evaluation for each
project. The plan defines
how the EA-BOM design
will be used during the
evaluation process. This
plan also defines the
process to be used to
identify the approach to
decommissioning
replaced systems in a
cost effective manner
and covers cancelation of
licenses, confirming data
removal, and confirming
termination of hardware
and software use.
The plan defines the
framework for Integrated
Program Operations &
Maintenance
Planning/Deployment
activities. The plan drives
an enterprise approach
Integrated
to all project Program
Program
Operations & Deliverable
Operations and
Maintenance 46
A.41 Maintenance Current
Planning/deployment Deliverable
(O&M) Planning
activities as well as 58
/ Deployment
defines the type of
Plan
metrics and acceptance
criteria that are to be
defined for each project's
Program Operations &
Maintenance
Planning/Deployment
Plan.

263
 TAS
Framework Framework Applicable Relevant
Contract Framework Deliverable
Deliverable Deliverable Contract Contract
Reference Description
Name Type Deliverable Sections
#
The plan details the roles
of the TAS Contractor,
HCFA State personnel
and other State MMP
Contractor personnel
involved in external State
and Federal
Agency/Committee
Program
Communications, regular
and ad hoc Program
communications.
Communications shall
include Program status,
risks, issues, and action
items identification,
reporting, escalation and
State & Federal
mitigation/resolution with
Agency /
agencies and
Committee Deliverable A.5, A.10.1,
A.42 Future committees. The plan
Communications 1 A.24
shall include a State and
Management
Federal Agency I
Plan
Committee
communications
management plan
involving all TAS Key
Project Personnel and
Non-Key Project
Personnel, the State and
other State MMP
Contractor personnel
communications
involving these agencies
/ committees that
categorizes
communication types,
their priorities and
communication and issue
escalation paths.
The plan details the
roles, processes and
technologies involved in
drafting, submitting,
reviewing and approving
Procurement all procurements of
Project- A.17.12,
A.43 Management Future professional services,
wide A.24
Plan products and sub-
systems required for or
associated with the
Program. The plan shall
is based on State
procurement laws,
264
 TAS
Framework Framework Applicable Relevant
Contract Framework Deliverable
Deliverable Deliverable Contract Contract
Reference Description
Name Type Deliverable Sections
#
policies and procedures.
The plan addresses all
necessary procurement
steps both inside and
outside of HCFA.
The plan defines the
overall Program strategy
and methodology to be
used to manage
Organizational
organizational change
Change &
management and Deliverable
A.46 Training Current A.10.2, A.20
training. The plan also 1
Management
defines the planning and
Plan
execution of the project
organizational change
activities and training
delivery.
The plan defines how
project communications
will be planned,
structured, monitored,
and controlled for all
Stakeholders. This plan
also defines the
framework for the
Communications
Management Plans for
Communication
each of the projects Deliverable
A.47 Management Current A.8, A.10.11
included within the 1
Plan
Program. The details
associated with
managing
communications on the
various projects will be
developed by the Project
Manager of that specific
project in accordance
with this defined
framework.
The plan documents the
State's framework
approach to Program
document management.
The approach prescribes
Document the people (roles and
Deliverable
A.48 Management Future responsibilities), A.24
1
Plan processes and
technologies, new or
existing, that will be used
for document
management over the
lifecycle of the Program.
265
 TAS
Framework Framework Applicable Relevant
Contract Framework Deliverable
Deliverable Deliverable Contract Contract
Reference Description
Name Type Deliverable Sections
#
Industry leading practices
shall be used to
determine the roles and
responsibilities of the
State, the State MMP
Contractors and any
other relevant parties.

The plan establishes the

framework for how
people, processes and
technology will work
Program
together for effective
Governance Deliverable
A.49 Current planning, decision A.5
Management 1
making and oversight of
Plan
Program projects and
their subsequent
operations and
maintenance.
The plans details the (i)
scope and approach for
MMP Quality
Management; (ii) quality
management roles of the
Quality
TAS Contractor, the Deliverable
A.50 Management Future A.8
State, and the State 1
Plan
MMP Contractors; and
(iii) quality standards and
the metrics that will be
used to measure the
standards.
The plan prescribes the
technologies, new or
existing, that will be used
for issues, risks and
action items registries
over the lifecycle of the
Deliverable
Issues, Risks, Program. Industry
1
A.51 Action Items Future leading practices inform A.19.14
Deliverable
Registers Plan the prescribed registers
15
and the related roles and
responsibilities for each
major Program
participant including the
State and the State MMP
Contractors.

266
 ATTACHMENT 9

This Attachment contains the following Sections as referenced in Contract Section

A.6.1.
• Release Schedule

• Assumptions

o Effort Assumptions

o Cost Assumptions

• Functional Requirements

• Non-Functional Requirements

267
Release Schedule
The timelines reflected below were copied from Contractor's original Proposal response. Notwithstanding
the dates in such timelines, the parties agree that the actual start date will be the Project Start Date (as
defined in Section A.3 of the Contract) and all subsequent dates in the timelines are shifted accordingly
as a result of the change to the start date, provided that in finalizing the Baselined Work Plan and
Schedule (Deliverable 16), Contractor and the State shall work together to agree in writing to any
changes in the Release 1 schedule (and any resulting changes to other aspects of Release 1, such as
timelines or resources, as necessary), with the goal of keeping the Release 1 Go-Live date as shown in
the timelines below.

The following figures summarize our proposed timeline at a high level.

RELEASE 1

TURNOVER
September 2016 – September 2017 M&O TURNOVER
(13 months)
(Ongoing after each (Aligned towards the

POST
RELEASE 2 Statewide release) end of contract
October 2017 – January 2019 Deployment
(16 months) (3 months) period)

2016 2017 2018 2019 2020

MAR

MAR

MAR

MAR
MAY

MAY

MAY

MAY
AUG

AUG

AUG

AUG
NOV

NOV

NOV

NOV

NOV
DEC

DEC

DEC

DEC
OCT

OCT

OCT

OCT

OCT
APR

APR

APR

APR
SEP

SEP

SEP

SEP
JAN
FEB

JUN

JAN
FEB

JUN

JAN
FEB

JUN

JAN
FEB

JUN
SET

JUL

JUL

JUL

JUL
Functionality in Functionality in Statewide
Release 2 Go-Live M&O Turnover
Release 1 Deployment

TN_Medicaid EMP-005a_9

The timeline chart below highlights the key components delivered for each release.

268
 RELEASE 1

TURNOVER
September 2016 – September 2017 M&O TURNOVER
(13 months)
(Ongoing after each (Aligned towards the

POST
RELEASE 2 Statewide release) end of contract
October 2017 – January 2019 Deployment
(16 months) (3 months) period)

2016 2017 2018 2019 2020

MAR

MAR

MAR

MAR
MAY

MAY

MAY

MAY
AUG

AUG

AUG

AUG
NOV

NOV

NOV

NOV

NOV
DEC

DEC

DEC

DEC
OCT

OCT

OCT

OCT

OCT
APR

APR

APR

APR
SEP

SEP

SEP

SEP
JAN
FEB

JUN

JAN
FEB

JUN

JAN
FEB

JUN

JAN
FEB

JUN
SET

JUL

JUL

JUL

JUL
• MAGI Medicaid
• Intake/Registration
• Redeterminations
• Change Reporting
Worker Portal

• Non MAGI
• Appeals

• Apply for Benefits

• Real Time or Near-Real Time Eligibility
Member

Post Turnover On-Call Support

• Partner/Provider Access
Portal • Check Benefits
• My Account

• FDSH, FFM, MMIS, State Data

Sources
Interfaces
• Non MAGI Related Interfaces

• Legal & Policy Workgroup

Organizational • Rules and Policy Management
Initiatives • Marketing and Communications
• Training

• MAGI Related Reports and Notices

Back Office
• BI/Data Analytics
• Reports and Notices

• Enterprise Infrastructure
• Enterprise Security
Enabling • Master Data Management • Enterprise Content Management – OCR
Projects • Conversion • Conversion
• Enterprise Content Management • Master Data Management
• Scanning and Indexing • Enterprise Infrastructure
• Electronic Casefile • Enterprise Security

Primary
Projects – • Mobile
External • Enhanced Contact Center
Facing

M&O Legend

Functionality in Functionality in 1 Month Defect 6 Months 2 Months Warranty

Release 2 Go-Live Turnover
Release 1 Fixing Warranty Defects

TN_Medicaid EMP-005_9

269
Assumptions
Effort Assumptions
Proposal
Section,
Item Page,
# Paragraph Description Rationale Potential Impact
1 C.3.1, Our overall work effort is based on Most effective and efficient Impacts project schedule and
page C-42 our proposed release schedule, approach to meet the State's work effort
including the two release schedule vision
and the specifics of each.

See release schedule above.

Proposal
Item Section, Page,
# Paragraph Description Rationale Potential Impact
2 C.3.1.2, Table Our overall work effort is based on Provides a clear definition of the Impacts project schedule
C.3-3 and our proposed scope of Release 1, release 1 scope and work effort
following including the number of notices,
paragraph, reports and interfaces.
page C-45 - C-
46

The table below illustrates the key modules that will be implemented in Release 1.

Key Modules Key Functionalities NextGen Components

Worker Portal • MAGI/CHIP • Java on IBM Application Server
• Intake/Registration • Oracle Database
• Redetermination • HP Exstream
• Eligibility • IBM WebSphere Operational Decision
• Case Management Management (ODM) for BRMS
• Alerts
• Automated Processes
• MAGI related Notices, Reports and Interfaces
Interfaces • State Interfaces • IBM Integration Bus
• Federal Interfaces
• Other Misc. Interfaces
Enterprise • Scanning and Indexing, Electronic Case File • IBM DataCap image capture integration with
Content State Existing FileNet
Management
Back Office • Operational Reports • Deloitte ClearLight
• Executive Level Reports

270
The table below summarizes the number of Notices, Reports, and Interfaces that are included in Release
1. We understand that additional notices, reports, and interfaces may be identified as part of
requirements. The scope allows an increase of up to 10% per category with no impact to the project
schedule or financials, if identified during the requirements phase.

Notices Reports Interfaces

79 27 22

Release 1: Notices, Reports and Interfaces

Notices Reports Interfaces

Demographic - Address Change Letter Active Individuals by Program FFM – Interface (inbound and
Report outbound)
Demographic -Temporary Reinstatement of Eligibility State Employee Health
Coverage with state source -
Deceased Report Interface
Demographic - Adding Members to case Daily Error Detail Report H03 SSA Composite
Demographic - Date of Birth change Daily Error Summary Report H08T Verify Current Income
Demographic - SSN change H09T Verify Annual
Pseudo SSN Report Household Income
Creditable Coverage Certificate - Daily Pending Re-verification
Report H59 Verify Lawful Presence
Involuntary Termination - has access to health insurance or
has health insurance QI Eligible Individuals Report H61 VLP Closed Case
Voluntary Termination - recip "asked" Application Aging Report H15 Account Transfer
Involuntary Termination - recip out of state Applications Disposed with a
Time Frame Report TMED
Medicaid appr, new add or less than 62 day break, with MCO Cost of Living Adjustment MMIS Inbound Eligibility
change option Report Interface File
Medicaid appr new or greater than 62 break with MCO change MMIS Inbound Linking
option Applications Report Interface File
Medicaid approval as presumptive (pregnant) with MCO MMIS Eligibility/Demographic
change option Denials Report Error File
Redetermination appr with copays; no MCO change option
Redetermination Report MMIS Linking Error File
Redetermination appr without copays; no MCO change option MMIS Run‐Out File
Containing Demographics
MGMT 2050 Supervisory and Address (InterChange to
Report TEDS Outbound)
Medicaid Eligibility Redetermination appr without copays; no MMIS Run‐Out File
MCO change option Containing Recipient Eligibility
Error Reports from Mass (InterChange to TEDS
Change Processing Outbound)
TEDS - Denial for TCM, TCS, CoverKids, HealthyTNBabies MMIS MCO Reported
Active Case Report Address
TEDS - Denied due to No Response
Application Processed Report MMIS TPL File
TEDS - Authorized rep change Eligibility Determination
Reports MMIS ME Encounter File
TEDS - Generic change notice Application Status and
Duration MMIS Priority Population File

271
Notices Reports Interfaces
TEDS - Citizenship verification - Approved for 90 days , TCM, Number of Applications
CoverKids Received Through Various
Channels MMIS NPI Provider File
TEDS - Electronic notice selection H31 Verify Non‐ Employer
Sponsored Insurance Minimal
Cases Approaching Essential Coverage (Non‐ESI
Timeliness Deadline Report MEC)
TEDS - Request for verification Due and Past Due Case Federal Tax Information (FTI)
Report
Special mailing - EOG -Request for verification of income Processing Time by
Application Date Report
Special mailing - EOG - Request for verification of citizenship Processing Time by Receipt
Date Report
Special mailing - EOG - Request for verification of income and
citizenship Case Load Report
TEDS - Out of state - 10 day response Report on the Amount of
Active cases/Tasks assigned
to a Unit, and Worker
TEDS - Portal Password has changed CHIP Report
TEDS - Cover page - resending a letter you requested.
TEDS - Application withdrawal

TEDS - Confirmation that your application was received and in

process
TEDS - Involuntary Term notices - 058a and 058c and many
other terms with different variables
TEDS - Failed electronic letter delivery
TEDS - Approval - CoverKids, HealthyTNBabies (CHIP
approval)
TEDS - Approval - Medicare Savings Program
TEDS - Term notice due to reverification - you re- applied and
are denied
Renewal - MAGI Initial letter with renewal packet
Renewal - Reprint of Initial letter with renewal packet
Redetermination - Approved for TennCare Medicaid
Redetermination - Approved for TennCare Medicaid - during
the 90 day reconsideration period - produced by interChange
Redetermination - Approved for TennCare Standard
Redetermination - Approved for CoverKids - effective date to
be included
Redetermination - Approved for CoverKids - renewal received
after coverage ended
Redetermination - Cover page which proceeds all TN 406
letters with barcode that tracks back to the recipient that was
mailed the letter
Renewal - need more information - Household Income
Renewal - need more information - Citizenship or Immigration
status and Household Income

272
Notices Reports Interfaces
Renewal - need more information - Citizenship or Immigration
status
Renewal - need more information - proof that you live in
Tennessee
Renewal - need more information - SSN or proof that you have
applied for SSN
Renewal - need more information - do you have or can get
insurance through your job or a family members job
Renewal - your renewal packet was received, but not signed
Renewal - need more information - do you have insurance for
pregnancy care, maternity benefits (CHIP only)
Renewal - packet received but you were not selected for
renewal, or not currently enrolled
Renewal - Denied, 20 day term - you applied and we have
determined you no longer quality for TC, Medicaid Savings
Program (MSP), CK
Renewal - Denied, 20 day term - renewal packet received, we
requested more information and you did not give us what we
requested for TC, MSP, CK
Renewal - Denied during 90 day reconsideration period - you
do not quality for TC, MSP or CK
Renewal - Denied during 90 day reconsideration period -
renewal packet received, we requested more information, you
did not give us what we requested for TC, MSP and CK
Renewal - 20 day term - No response to renewal mailing
Renewal - Packet returned after due date - you must reapply
CoverKids - Approval with effective dates
CoverKids - Approval for maternity only for mother and child
with effective date
CoverKids - Information is needed - SSN
CoverKids - Information is needed - proof your other coverage
does not cover pregnancy care (maternity benefits)
CoverKids - Information is needed - date of birth
CoverKids - Information is needed - sign the application
CoverKids - Information is needed - provide proof you live in
Tennessee
CoverKids - Information is needed - provide proof you have a
verified American Indian/Alaska Native status
CoverKids - Denial - new application
CoverKids - Termination - coverage will end in 20 days
CoverKids - Voluntary Termination - request received to end
CK coverage
CoverKids - Coverage was ended due to receipt of Date Of
Death
CoverKids - Reminder - inform CK of baby's name and DOB
CoverKids - You informed us of a demographic change
CoverKids - Application was received - you already have
TennCare, on this effective date

273
 Notices Reports Interfaces
CoverKids - Please apply for CK on Health Insurance
Marketplace
CoverKids- After denial, given second chance to complete
renewal packet
DENIAL - insufficient evidence of citizenship.
DENIAL - insufficient evidence of citizenship.
Additional Information needed to prove citizenship.
Additional Information needed to prove citizenship.

Proposal
Item Section, Page,
# Paragraph Description Rationale Potential Impact
3 C.3.1.3, Table Our overall work effort is based on Provides a clear definition of the Impacts project schedule
C.3-5 and our proposed scope of Release 2, release 2 scope and work effort
following including the number of notices,
paragraph, reports and interfaces.
page C-48

The table below illustrates the key modules that will be implemented in Release 2.

Key Modules Key Functionalities NextGen Components

Worker Portal • Non-MAGI eligibility determination • IBM Data Stage
• Change Reporting, Redetermination • Java on IBM Application Server
• Appeals • Oracle Database
• Operations and Maintenance • HP Exstream
• IBM WebSphere Operational Decision
Management (ODM) for BRMS
Mobile • Create Account • iOS and Android supported native app
• Check Benefits
• Document Upload
• View Notices
• View/Manage Reminders
• Report Changes
• Locate local offices
Member Portal • Apply for Benefits • IBM DataStage
• Real Time or Near Real-time Eligibility • Java on IBM Application Server
Determination • Oracle Database
• My Account • IBM Integration Bus
• Notices • IBM WebSphere Operational Decision
Management (ODM) for BRMS
Partner Portal • Partner/Provider Access to submit • IBM DataStage
applications • Java on IBM Application Server
• Oracle Database
• IBM Integration Bus
• IBM DataCap image capture integration with State
Existing FileNet
• IBM WebSphere Operational Decision
Management (ODM) for BRMS
Organizational Continue the following:
Initiatives
• Legal & Policy Workgroup
• Rules and Policy Management

274
 Key Modules Key Functionalities NextGen Components
• Marketing and Communications
• Training
Enterprise Content OCR capabilities • IBM DataCap image capture integration with State
Management Existing FileNet
Back Office Continue the following: • Deloitte ClearLight
• Operational Reports • IBM Integration Bus
• Executive Level Reports
• Business Process Management
• Business Intelligence and Data Analytics
• Integration with Contact Center

The table below summarizes the number of notices, reports, and interfaces that are included in Release
2. We understand that additional notices, reports, and interfaces may be identified as part of
requirements. The scope allows an increase of up to 10% per category with no impact to the project
schedule or financials, if identified during the requirements phase.

Notices Reports Interfaces

109 13 17

Release 2: Notices, Reports and Interfaces

Notices Reports Interfaces

Presumptive appr (pregnant) given 45 days with MCO change
option BCC Treatment Plan Report SDX - Interface
Low Income Subsidy (LIS)
ME Redetermination appr with copays; no MCO change option Report BENDEX - Interface
New ME, rollover from Mcaid, Uninsured, income btwn 100- LTSS Recipients With Trusts
199% FPL appr, with copays; no MCO change option or Annuities Report SVES - Interface
DCS Foster Care and
New ME, rollover from Mcaid, appr no copays; no MCO change Adoption Assistance
option Redetermination Report SOLQ - Interface
Foster Care and Adoption
New ME, rollover from Mcaid, income is above 200%, appr with Assistance Pending
copays; no MCO change Applications Report DOC - Interface
SSI Approval - Child is now SSI - new add Program Enrollment Forecast SAVE - Interface
TEDS - Emergency - Alien approval for medical care Appeal Activity Report Asset Verification - Interface
State Dept of labor ( UI and
Denials produced by TEAMS that may convert to TEDS Appeals Summary Report Quarterly) - Interface
TEDS - TCM CHOICES - Patient Liability - increase - decrease KPI Reports Work Number - Interface
TEDS – Qualified Medicare Beneficiary, Specified Low Income
Medicare Beneficiaries, Qualified Disabled Working Individual, Residency Verification with
QI-1 denial Appeal Docket state source - Interface
TEDS – Third Party Liability (TPL) verification Appeal Dashboard Low Income Subsidy(LIS)
Employment and Income
TEDS - Spend Down requesting information Appeal Case Status Report Verification Systems (TALX)
TEDS -Spend Down needing additional information Appeals Summary Report DIFSLA
Supplementary Medical
TEDS -Batch presumptive pregnant Insurance (SMI) Buy‐ In(s)
Public Assistance Reporting
TEDS -Desktop at DOH presumptive pregnant Information System (PARIS)

275
Notices Reports Interfaces

TEDS - Batch – Breast and Cervical Cancer (BCC) presumptive TISS Report (TDFBA)
Electronic Verification of
TEDS - Desktop - at DOH - BCC presumptive Vital Events (EVVE)
TEDS - Approval for BCC and Pregnant
Renewal - Long Term Services and Supports (LTSS) Initial
letter with renewal packet
Renewal - Reprint of LTSS letter with NM renewal packet
Redetermination - Approval for Medicare Savings Program
(MSP)
Renewal - need more information - household income, including
spousal support alimony payments (for Transitional/Extended)
Renewal - need more information - tell us about health
problems, check for Medical Eligibility "ME" to apply for STD
Renewal - need more information - missing ME packet
information
A hearing has been scheduled - phone - date and time.
Delay appeal - general delay in processing of application.
Delay appeal - additional information needed to prove
citizenship - 10 days to respond.
CLOSING delay appeal - no response to request for proof of
citizenship/immigrant eligibility - temporary TennCare
APPROVED for 90 days.
Delay appeal - additional information needed to prove income
and citizenship - 10 days to respond.
Delay appeal - additional information needed to prove income -
10 days to respond.
Delay appeal - additional information needed - haven't received
info from the Marketplace - complete attached TennCare
Delayed Application - 10 days to respond.
Delay appeal - additional information needed to prove applied
for TennCare - 10 days to respond.
CLOSING delay appeal - a TennCare application decision has
been made - will get a letter about that decision.
CLOSING delay appeal - TennCare application has been
approved.
CLOSING delay appeal - a TennCare application decision has
been made - will get a letter with further information.
CLOSING delay appeal - no delay detected - TennCare
application sent to Eligibility.
Delay appeal CLOSED - no proof of date of application.
DENIAL/Delay appeal CLOSED/OPTIONAL CoverKids
APPROVAL - no proof of citizenship.
DENIAL/Delay appeal CLOSED - failure to provide additional
information.
DENIAL/Delay appeal CLOSED/OPTIONAL CoverKids
APPROVAL - income too high.
DENIAL/Delay appeal CLOSED - not in a group that Medicaid
covers.

276
Notices Reports Interfaces
DENIAL/Delay appeal CLOSED - non Tennessee resident OR
receiving Medicaid in another state.
DENIAL/Delay appeal CLOSED/OPTIONAL CoverKids
APPROVAL - not a US Citizen or eligible immigrant.
CLOSING Delay appeal - already have TennCare.
Delay appeal is still CLOSED - appeal closed after no response
to request for additional information - facts received after appeal
closed - appeal still closed - facts sent to Eligibility staff - will get
a letter about their decision.
CLOSING request for hearing - no response to Request for
Proof of Application.
Delay appeal - general delay in processing of application.
FORM "Request for Application Processing Delay Hearing"
Cannot process request for hearing - no response to "Request
for Application Processing Delay Hearing."
CLOSING Delay appeal - TennCare application was already
denied (can appeal denial).
NOH - phone - delay appeal - appellant application for
TennCare outstanding for 45 days or longer.
Final Order.
Order of Remand.
Denial appeal is CLOSED - already have TennCare.
FORM "…Authorization of Individual Representative."
FORM "…Authorization of Representative Organization."
CLOSING delay appeal - already have TennCare.
Initial Order rendered by an Administrative Judge.
See important information from TennCare on the next page of
this letter.
NOH - phone - application denial - appellant does not met
financial requirements for any open category of TennCare.
NOH - in person - application denial - appellant does not meet
requirements for any group eligible for requested benefits.
NOH - phone - application denial - appellant does not meet
requirements for any group eligible for requested benefits.
NOH - phone - application denial - appellant does not meet
requirements for any open TennCare Medicaid category.
NOH - phone - application denial - appellant does not fall within
any open category of TennCare eligibility.
DENIAL - not in a group that Medicaid covers.
DENIAL - did not send the information needed to decide if you
qualify.
DENIAL - recorded monthly income is over the income limit for
Medicaid.
Appeal will be processed by DHS.
Send proof of the date applied for TennCare.
NOH - phone - effective date - appellant requests an effective
date of____.

277
Notices Reports Interfaces
APPROVED requested effective date - hearing no longer
necessary.
APPROVED requested effective date - hearing no longer
necessary.
NOH - in person - effective date appeal - appellant requests an
effective date of ____.
NOH - phone - effective date appeal - appellant requests an
effective date of ____.
Before we set up a hearing we need to know more about
household income. Initial Order
Hearing DENIED - did not tell us about a mistake that might
qualify you for Medicaid.
Receipt of Motion
Receipt of Petition
After appeal/hearing/Judge's Order - additional information
needed - 10 days to respond.
After appeal/hearing/Judge's Order - no response to request for
additional information needed - temporary TennCare
APPROVED for 90 days.
After appeal/hearing/Judge's Order - additional information
needed about household income and citizenship/immigration
status - 10 days to respond.
After appeal/hearing/Judge's Order - additional information
needed about household income - 10 days to respond.
After appeal/hearing/Judge's Order - additional information
needed about Tennessee state residency - 10 days to respond.
After appeal/hearing/Judge's Order - please RESUBMIT
additional information sent - 10 days to respond.
After appeal/hearing/Judge's Order - additional information
needed of SSN - 10 days to respond.
After appeal/hearing/Judge's Order - application DENIED -
appeal CLOSED - no response to request for additional
information.
After appeal/hearing/Judge's Order - application DENIED -
appeal CLOSED/OPTIONAL CoverKids APPROVAL - income
too high.
After appeal/hearing/Judge's Order - application DENIED -
appeal CLOSED - not in a group that Medicaid covers.
After appeal/hearing/Judge's Order - application DENIED -
appeal CLOSED - not TN resident OR receiving Medicaid from
another state.
After appeal/hearing/Judge's Order - application DENIED -
appeal CLOSED/OPTIONAL CoverKids APPROVAL - non
citizen or eligible immigrant.
After appeal/hearing/Judge's Order - already have TennCare.
After appeal/hearing - here is the Judge's Order…
Initial Order for continuance of appeal
Order for withdrawal of appeal
Order
Notice of receipt of petition for APPEAL of Initial Order.

278
Notices Reports Interfaces
Reconsideration Order
Order of Remand.
Delay appeal CLOSED - SSI recipient - SSA decides start date.
We agree with your appeal - call if you still want a hearing.
NOH - phone - termination.
CLOSING denial appeal - too late to appeal/after 40 day appeal
period.
CLOSING effective date appeal - too late to appeal/after 40 day
appeal period.
Hearing APPROVED - phone.
Hearing DENIED - appeal CLOSED - didn’t give facts needed.
Hearing DENIED - did not tell us about a mistake that might
qualify you for Medicaid.
Hearing DENIED - did not tell us about a mistake that might
qualify you for Medicaid.
Withdrawal form received - CLOSING appeal.
FORM "How to end your TennCare appeal."
Withdrawal form received - CLOSING appeal.

Proposal
Item Section, Page,
# Paragraph Description Rationale Potential Impact
5 C.11 - Our work effort for data conversion is Provides a clear definition of the Impacts project
C.11.1.1, Table based on our conversion approach scope of data conversion and the schedule work effort
C.11-2, page for automated and manual associated responsibilities
C-162 - C-165 conversion, including the expected
legacy data sources, the
responsibilities of the State and the
requirements for converting
previously scanned
documents/images.

279
 Proposal
Item Section, Page,
# Paragraph Description Rationale Potential Impact
6 Appendix 5 - Our work effort for our technology Provides a clear line of Impacts project work
Technical solution team activities are based on responsibilities for the scope of effort for Deloitte
Roles and the clearly defined roles and technology activities technology solution
Responsibilities responsibilities between the State team
(and/or State's contractors) and the
Deloitte Technology Solution Team.

See Technical Roles and Responsibilities below.

280
The table below identifies those responsibilities associated with the technical activities that are assigned to the State and Deloitte.

Component Activity Activity Development Test Training Disaster Recovery Production

Description
Deloitte State Deloitte State Deloitte State Deloitte State Deloitte State
Hardware Server Hardware Setup Provide the Build, install Provide the Build, install Provide the Build, install Provide the Build, install Provide the Build, install
of Servers server and setup server and setup server and setup server and setup server and setup
(Rack, power, specification rack, power specification rack, power specification rack, power specification rack, power specification rack, power
server) structure as couplings and structure as couplings and structure as couplings and structure as couplings and structure as couplings and
part of the servers for part of the servers for part of the servers for part of the servers for part of the servers for
System TEDS solution System TEDS solution System TEDS solution System TEDS solution System TEDS solution
Architecture Architecture Architecture Architecture Architecture
Perform Perform Perform Perform Perform
Deliverable Deliverable Deliverable Deliverable Deliverable
required required required required required
hardware hardware hardware hardware hardware
maintenance maintenance maintenance maintenance maintenance
and servicing and servicing and servicing and servicing and servicing
of physical of physical of physical of physical of physical
and virtual and virtual and virtual and virtual and virtual
machines to machines to machines to machines to machines to
support TEDS support TEDS support TEDS support TEDS support TEDS
solution solution solution solution solution

Storage Hardware Setup Provide the Decide Provide the Decide Provide the Decide Provide the Decide Provide the Decide
Device of SAN and NAS storage storage device storage storage device storage storage device storage storage device storage storage device
devices specification size specification size specification size specification size specification size
Setup as part of the as part of the as part of the as part of the as part of the
Configure Configure Configure Configure and Configure and
System System System System System
storage device storage device storage device provision provision
Architecture Architecture Architecture Architecture Architecture
for for test servers for training storage pools storage pools
Deliverable Deliverable Deliverable Deliverable Deliverable
development servers including SAN including SAN
servers and NAS and NAS

DR Setup for None None None None None None Provide the Configure Provide the Configure
High Availability storage storage storage storage
(dual channel specification devices for specification devices for
connection) as part of the Disaster as part of the Disaster
Backup Storage System Recovery System Recovery
(configure pools) Architecture including dual Architecture including dual
Deliverable channel Deliverable channel
connections connections

DR Integration None None None None None None None Setup and Setup and
to Backup configure configure
Device. Setup Backup Backup
Archived data Device Device
storage integration for integration for
storage storage
hardware hardware

Backup Tape Library None Configure None Configure None Configure None Identify data to None Setup,
Device setup backup setup backup setup backup setup be archived for integrate and
Backup Pool for Dev for Test for Training TEDS maintain Tape
definition (on environment environment environment Libraries for all
Setup,
disk) storage
integrate and
maintain Tape Setup and
configure data
281
Component Activity Activity Development Test Training Disaster Recovery Production
Description
Deloitte State Deloitte State Deloitte State Deloitte State Deloitte State
Libraries for all archival for
storage TEDS solution
data on
Setup and
NAS/SAN and
configure data
Tape Libraries
archival for
TEDS solution
data on
NAS/SAN and
Tape Libraries

Desktop Desktop Provide Provision, Provide Provision, Provide Provide and None None None Provision,
hardware desktop install and desktop install and desktop install state install and
standardization hardware for maintain all hardware for maintain all hardware for specific maintain all
and Deloitte staff hardware and Deloitte staff hardware and training users hardware for hardware and
requirements software for software for during initial training users. software for
State end-user State end-user Go-Live. Provision, State end-user
Desktops. Desktops. install and Desktops.
maintain all
hardware and
software for
State end-user
Desktops after
Go-Live.

Setup of Install None Install Install and None Install and None None None Install and
Desktop development software maintain maintain maintain State
application software packages and software for software for desktop
distribution packages and enable remote State testing training users software for
(software, enable remote capabilities for staff production
desktop capabilities for Deloitte testing users
Provide
software Deloitte staff
installation
package development
instructions
configuration) staff
and support
for installing
State software
on Deloitte
testing
machines

File Share Setting up of Provide server Provision, Provide server Provision, Provide server Provision, Provide server Provision, Provide server Provision,
servers for the names where install and names where install and names where install and names where install and names where install and
secure storage File Share is maintain File Share is maintain File Share is maintain File Share is maintain File Share is maintain
and sharing of needed for secure storage needed for secure storage needed for secure storage needed for secure storage needed for secure storage
data files TEDS servers file share TEDS servers file share TEDS servers file share TEDS servers file share TEDS servers file share
servers for servers for servers for servers for servers for
data storage data storage data storage data storage data storage

282
Component Activity Activity Development Test Training Disaster Recovery Production
Description
Deloitte State Deloitte State Deloitte State Deloitte State Deloitte State
Printing Printing Print output Provide Print output Provide Print output Provide Print output Provide Print output Provide
Devices Architecture management printing management printing management printing management printing management printing
Printers functions specifications functions specifications functions specifications functions specifications functions specifications
supported along with the such as but along with the such as but along with the such as but along with the such as but along with the such as but
Printer definition necessary not limited to necessary not limited to necessary not limited to necessary not limited to necessary not limited to
(in application infrastructure margins, infrastructure margins, infrastructure margins, infrastructure margins, infrastructure margins,
and Windows) including logos, fonts, including logos, fonts, including logos, fonts, including logos, fonts, including logos, fonts,
Printer management and non- management and non- management and non- management and non- management and non-
Installation of the print standard of the print standard of the print standard of the print standard of the print standard
services paper. Provide services paper. Provide services paper. Provide services paper. Provide services paper. Provide
partner printers for partner printers for partner printers for partner printers for partner printers for
State offices. State offices. State offices. State offices. State offices.

Browser Browser Install the Install the Install the Install the Install the Install the None Support the None Support the
compatibility for required required required required required required required required
Desktop browsers on browser on browser on browser on browser on browser on desktop desktop
browsers Deloitte State testing Deloitte testing State testing training training browser browser
development machines. machines. machines. machines as machines after
machines. part of initial initial Go-Live
Go-Live for State staff.
training.

Browser Install mobile Configure Install mobile Install mobile None Install mobile None Support the None Support the
compatibility for simulator on State solution simulator on simulator on simulator on required required
mobile browsers Deloitte to be support Deloitte testing State testing training mobile mobile
development the required machines machines machines browser browser
machines mobile
browsers

Access Devices used for Provide and Provide and Provide and Provide and None Provide and None Provide and None Provide and
Devices accessing manage onsite manage onsite manage onsite manage onsite manage onsite manage data manage data
facilities and remote and remote and remote and remote project center facilities center facilities
project project project project facilities access for access for
facilities facilities facilities facilities access for State staff State staff
access for access for access for access for State staff
Deloitte staff State staff Deloitte staff State staff

Infrastructure Server Installation and None Install and None Install and None Install and None Install and None Install and
Software Operating configuration of configure configure configure configure configure
System the server server server server server server
operating operating operating operating operating operating
systems systems systems systems systems systems
Install and Install and Install and Install and Install and
configure configure configure configure configure
patches and patches and patches and patches and patches and
upgrades for upgrades for upgrades for upgrades for upgrades for
server server server server server
operating operating operating operating operating
systems systems systems systems systems

System Installation and Install system None Install system None Install system None None Generate DR Install system None
Monitoring setup of System monitoring monitoring monitoring site Health monitoring
monitoring software software software check reports software

283
Component Activity Activity Development Test Training Disaster Recovery Production
Description
Deloitte State Deloitte State Deloitte State Deloitte State Deloitte State
software including including including including including
Installation of agents and agents and agents and monitoring of agents and
system scripts for scripts for scripts for DR equipment scripts for
monitoring monitoring the monitoring the monitoring the readiness. monitoring the
Agents on application application application application
servers
Install and Install and Install and Install and
Installation and
configure configure configure configure
configuration of
server and server and server and server and
Network
network network network network
monitoring
monitoring monitoring monitoring monitoring
software
tools tools tools tools
Install Install Install Install
database database database database
monitoring monitoring monitoring monitoring
tools tools tools tools
Configure Configure Configure Configure
application application application application
specific alerts specific alerts specific alerts specific alerts
Generate
scheduled
operational
reports

Database Installation of Install and Install physical Install and Submit Install and Submit Submit Install and Submit Install and
the database setup database setup requests for setup requests for requests for setup requests for setup
Identification of database hardware. database database database database database database database database
storage instances and instances and access. instances and access. access. instances and access. instances and
requirements storage storage storage storage storage
(RAID, size) including RAID including RAID
Install and Install and Install and
configurations configurations
setup setup setup
database database database Create Create
instances and instances and instances and database database
storage storage storage maintenance maintenance
plan and plan and
Provide Provide Provide
schedule schedule
database database database
connections connections connections Perform Perform
and support and support and support scheduled scheduled
for developers for developers for developers maintenance maintenance
to use the data to use the data to use the data of database of database
sources sources sources instances instances
including including
Create Create Create
backup, backup,
database database database
restore and restore and
maintenance maintenance maintenance
restarts restarts
plan and plan and plan and
schedule schedule schedule
Perform Perform Perform
scheduled scheduled scheduled
maintenance maintenance maintenance
of database of database of database

284
Component Activity Activity Development Test Training Disaster Recovery Production
Description
Deloitte State Deloitte State Deloitte State Deloitte State Deloitte State
instances instances instances
including including including
backup, backup, backup,
restore and restore and restore and
restarts restarts restarts

Data Setup of data None None None None None None Identify Install and Identify Install and
replication replication servers and configure data servers and configure data
between storage databases for replication databases for replication
devices TEDS devices TEDS devices

Backup Installation and None Install and None Install and None Install and None Install and None Install and
Software configuration of configure configure configure configure configure
Backup software Backup Backup Backup Backup Backup
Software Software Software Software Software
Create and Create and Create and Create and Create and
maintain data maintain data maintain data maintain data maintain data
backup plan backup plan backup plan backup plan backup plan

Terminal Installation and None Install and None Install and None Install and None Install and None Install and
Server configuration of configure configure configure configure configure
Terminal server terminal server terminal server terminal server terminal server terminal server
application to application application application application application
support
business
applications

Secure Installation and Configure and Configure and Configure and Configure and None Configure and None Configure and None Configure and
Token configuration of install Secure install Secure install Secure install Secure install Secure install Secure install Secure
security Token Token Token Token Token Token Token
software to infrastructure infrastructure infrastructure infrastructure infrastructure infrastructure infrastructure
support external on Deloitte on Deloitte
Install and Install and Install and Install and Install and
access machines machines
configure on configure on configure on configure on configure on
State State State State State
workstations workstations workstations workstations workstations

Application, Installation of Install and Provide OS Install and Provide OS Install and Provide OS Provide Install and Provide Install and
Middleware the application configure on level support configure on level support configure on level support installation configure on installation configure on
and COTS components top of the and network top of the and network top of the and network guidance, top of the guidance, top of the
Platform including provisioned support provisioned support provisioned support deployment provisioned deployment provisioned
Products in clustering VM. Setup including VM. Setup including VM. Setup including guidance and VM. Setup guidance and VM. Setup
the clustering and reverse proxy clustering and reverse proxy clustering and reverse proxy troubleshootin clustering and troubleshootin clustering and
approved application and firewall application and firewall application and firewall g support. application g support. application
TEDS BOM specific nodes setup. specific nodes setup. specific nodes setup. specific nodes specific nodes
excluding and and and and and
State configuration configuration configuration configuration configuration
existing policies. policies. policies. policies. policies.
systems
Provide OS Provide OS
level support level support
and network and network
support support
including including
reverse proxy reverse proxy

285
Component Activity Activity Development Test Training Disaster Recovery Production
Description
Deloitte State Deloitte State Deloitte State Deloitte State Deloitte State
and firewall and firewall
setup. setup.

Network VPN Installation and Install and Install and Install and Install and None Install and None Install and None Install and
configuration of configure VPN configure VPN configure VPN configure VPN configure VPN configure VPN configure VPN
a VPN device to clients for clients for clients for clients for clients for clients for clients for
allow external Deloitte State Deloitte State training State State
access via the workstations workstations workstations workstations workstations workstations workstations
Internet to access to access to access to access to access to access to access
(Hardware, development development testing testing training Disaster Production
Network environment environment environment environment environment Recovery servers
Connection) servers servers servers servers servers servers

Firewall Installation, Provide Install, Provide Install, Provide Install, Review and Install, Review and Install,
configuration requests for configure and requests for configure and requests for configure and confirm configure and confirm configure and
and servers that maintain servers that maintain servers that maintain firewall rules maintain firewall rules maintain
maintenance of need to firewall need to firewall need to firewall entered by the firewall entered by the firewall
Firewalls communicate. devices for the communicate. devices for the communicate. devices for the state are devices for the state are devices for the
Review and State Review and State Review and State maintained in State maintained in State
confirm confirm confirm a central a central
Run scans for Run scans for Run scans for Run scans for Run scans for
firewall rules firewall rules firewall rules document. document.
violation of key violation of key violation of key violation of key violation of key
entered by the entered by the entered by the
network network network network network
state are state are state are
policies on policies on policies on policies on policies on
maintained in maintained in maintained in
TEDS servers TEDS servers TEDS servers TEDS servers TEDS servers
a central a central a central
document. Perform port document. Perform port document. Perform port Perform port Perform port
scanning of scanning of scanning of scanning of scanning of
TEDS solution TEDS solution TEDS solution TEDS solution TEDS solution
servers and servers and servers and servers and servers and
provide provide provide provide provide
monthly monthly monthly monthly monthly
operational operational operational operational operational
report to report to report to report to report to
capture port capture port capture port capture port capture port
violation and violation and violation and violation and violation and
dispositions of dispositions of dispositions of dispositions of dispositions of
valid port valid port valid port valid port valid port
usage usage usage usage. usage.
Provide Provide
requests for requests for
servers that servers that
need to need to
communicate. communicate.

DNS Installation and None Install and None Install and None Install and None Install and None Install and
configuration of configure DNS configure DNS configure DNS configure DNS configure DNS
DNS servers servers servers servers servers servers

Network Installation of Review Install and Review Install and Review Install and Review Install and Review Install and
Monitoring Network monitoring configure monitoring configure monitoring configure monitoring configure monitoring configure
monitoring alerts network alerts network alerts network alerts network alerts network
agents configuration monitoring configuration monitoring configuration monitoring configuration monitoring configuration monitoring
agents agents agents agents agents

286
Component Activity Activity Development Test Training Disaster Recovery Production
Description
Deloitte State Deloitte State Deloitte State Deloitte State Deloitte State
Document Document Document Document Document
both agent both agent both agent both agent both agent
monitored and monitored and monitored and monitored and monitored and
agentless agentless agentless agentless agentless
monitored monitored monitored monitored monitored
network network network network network
segments segments segments segments segments
Monitor Monitor Monitor Monitor Monitor
inbound and inbound and inbound and inbound and inbound and
outbound outbound outbound outbound outbound
network traffic network traffic network traffic network traffic network traffic
within State within State within State within State within State
data center for data center for data center for data center for data center for
high network high high high high
bandwidth bandwidth bandwidth bandwidth bandwidth
consumption alerts as well alerts as well alerts as well alerts as well
alerts as well as network as network as network as network
as network contention contention contention contention
contention
Work directly Work directly Work directly Work directly
alerts
with the State with the State with the State with the State
Work directly to sort out any to sort out any to sort out any to sort out any
with the State network network network network
to sort out any utilization and utilization and utilization and utilization and
network bandwidth bandwidth bandwidth bandwidth
utilization and issues issues issues issues
bandwidth including including including including
issues connectivity connectivity connectivity connectivity
including from State from State from State from State
connectivity offices to State offices to State offices to State offices to State
from State datacenter datacenter datacenter datacenter
offices to State
datacenter

Network Perform Review Administer all Review Administer all Review Administer all Review Administer all Review Administer all
administrati changes to monthly network monthly network monthly network monthly network monthly network
on network networking components networking components networking components networking components networking components
appliances reports within the reports within the reports within the reports within the reports within the
including State network State network State network State network State network
management of and any and any and any and any and any
controls that connections to connections to connections to connections to connections to
allow filtering of interfacing interfacing interfacing interfacing interfacing
traffic and systems systems systems systems systems
activities
Provide Provide Provide Provide Provide
monthly monthly monthly monthly monthly
networking networking networking networking networking
reports reports reports reports reports

Technical Daily VM Development of Subscribe to Provide VM Subscribe to Provide VM Subscribe to Provide VM Subscribe to Provide VM Subscribe to Provide VM
Procedures Monitoring procedures to alerts for CPU, level alerts for CPU, level alerts for CPU, level alerts for CPU, level alerts for CPU, level
monitoring monitoring monitoring monitoring monitoring

287
Component Activity Activity Development Test Training Disaster Recovery Production
Description
Deloitte State Deloitte State Deloitte State Deloitte State Deloitte State
support daily Memory and support for Memory and support for Memory and support for Memory and support for Memory and support for
tasks Disk. servers Disk. servers Disk. servers Disk. servers Disk. servers
Provide Provide Provide Provide Provide
monitoring monitoring monitoring monitoring monitoring
support for support for support for support for support for
database database database database database
instances instances instances instances instances

Change Development of Define JIRA Review Define JIRA Review Define JIRA Review Define JIRA Review Define JIRA Review
Control procedures to structure for traceability structure for traceability structure for traceability structure for traceability structure for traceability
support changes traceability structure and traceability structure and traceability structure and traceability structure and traceability structure and
to the Technical from provide from provide from provide from provide from provide
environment requirements support for requirements support for requirements support for requirements support for requirements support for
to design, test JIRA hosting to design, test JIRA hosting to design, test JIRA hosting to design, test JIRA hosting to design, test JIRA hosting
cases and at the OS cases and at the OS cases and at the OS cases and at the OS cases and at the OS
development level. development level. development level. development level. development level.
item tracking Participate item tracking item tracking item tracking item tracking
actively in
Use JIRA to Use JIRA to Use JIRA to Use JIRA to Use JIRA to
TARB and
manage manage manage manage manage
CCB.
defects and defects and defects and defects and defects and
track changes track changes track changes track changes track changes
for Deloitte for Deloitte for Deloitte for Deloitte for Deloitte
developed developed developed developed developed
code. code. code. code. code.
Develop and Develop and Develop and Develop and Develop and
execute execute execute execute execute
scripts to scripts to scripts to scripts to scripts to
migrate migrate migrate migrate migrate
application application application application application
and database and database and database and database and database
packages packages packages packages packages
Manage and Manage and Manage and Manage and Manage and
Host JIRA Host JIRA Host JIRA Host JIRA Host JIRA
server server server server server
Provide server Provide server Provide server Provide server Provide server
administration administration administration administration administration
support for support for support for support for support for
builds and builds and builds and builds and builds and
deployments. deployments. deployments. deployments. deployments.
Present Present Present Present Present
requests to requests to requests to requests to requests to
TARB and TARB and TARB and TARB and TARB and
CCB for CCB for CCB for CCB for CCB for
System patch System patch System patch System patch System patch
and upgrades. and upgrades. and upgrades. and upgrades. and upgrades.

Batch Job Development of Help define Provide Help define Provide and Help define Provide and Help define Provide and Help define Provide and
Schedule procedures for batch job access to the batch job create the batch job create the batch job create the batch job Create the
Batch Job schedule for central schedule for batch job schedule for batch job schedule for batch job schedule for batch job
Scheduling jobs scheduling jobs schedule and jobs schedule and jobs schedule and jobs schedule and
developed by tool to create developed by developed by developed by developed by

288
Component Activity Activity Development Test Training Disaster Recovery Production
Description
Deloitte State Deloitte State Deloitte State Deloitte State Deloitte State
Deloitte such schedules in Deloitte such batch job Deloitte such batch job Deloitte such batch job Deloitte such batch job
as ETL jobs. CA Workload as ETL jobs dependencies as ETL jobs dependencies as ETL jobs dependencies as ETL jobs dependencies
Provide and automation.
Install and Install and Install and Install and
create the
configure configure configure configure
batch job
batch jobs and batch jobs and batch jobs and batch jobs and
schedule and
containers to containers to containers to containers to
batch job
execute jobs execute jobs execute jobs execute jobs
dependencies
using the using the using the using the
Install and scheduler scheduler scheduler scheduler
configure
Monitor batch Monitor batch Monitor batch Monitor batch
batch jobs and
schedules schedules schedules schedules
containers to
execute jobs
using the
scheduler
Monitor batch
schedules

Backup Development of Review State Update Review State Update Review State Update Review State Update Review State Update
Procedures procedures for backup existing State backup existing State backup existing State backup existing State backup existing State
the backup of procedures backup procedures backup procedures backup procedures backup procedures backup
Operating procedures to procedures to procedures to procedures to procedures to
Systems, include TEDS include TEDS include TEDS include TEDS include TEDS
Databases and solution solution solution solution solution
business servers servers servers servers servers
applications

Restore Development of Review State Develop Review State Develop Review State Develop Review State Develop Review State Develop
Procedures Recovery developed recovery developed recovery developed recovery developed recovery developed recovery
procedures recovery procedures recovery procedures recovery procedures recovery procedures recovery procedures
Development of procedures procedures procedures procedures procedures
procedures for
the offsite
storage and
recovery of
tapes

High Clustering Design, Design, Review Design, Review Design, Review Review Install and Review Install and
Availability Installation and Installation configuration Installation configuration Installation configuration configuration configure configuration configure
Setup of clusters and Setup of and Setup of and Setup of application application
to support clusters to clusters to clusters to based based
application and support support support clustering clustering
database application application application
Install and Install and
failover and database and database and database
configure configure
failover failover failover
COTS to COTS to
support load support load
balancing balancing
and/or failover and/or failover
configuration configuration
Setup
database for

289
Component Activity Activity Development Test Training Disaster Recovery Production
Description
Deloitte State Deloitte State Deloitte State Deloitte State Deloitte State
failover and Setup
clustering database
clustering
Configure
Network Configure
appliances to Network
support COTS appliances to
load balancing support COTS
and/or failover load balancing
and/or failover

Disk Identification of Provide inputs Install and Provide inputs Install and Provide inputs Install and Provide inputs Install and Provide inputs Install and
Mirroring data replication on disk space configure Disk on disk space configure Disk on disk space configure Disk on disk space configure Disk on disk space configure Disk
requirements and type of Mirroring and type of Mirroring and type of Mirroring and type of Mirroring and type of Mirroring
data used by regions for data used by regions for data used by regions for data used by regions for data used by regions for
the application NAS and SAN the application NAS and SAN the application NAS and SAN the application NAS and SAN the application NAS and SAN
devices devices devices devices devices

Disaster Disaster Develop DR Develop DR Develop DR Develop DR Develop DR

Recovery Recovery procedures plans around procedures plans around procedures
Procedures TEDS servers, TEDS servers,
application/pla
network and application/pla
network and
tform level storage tform level storage
components. including components. including
hypervisor and hypervisor and
Support DR Support DR
backup/restore backup/restore
testing of testing of
procedures. procedures.
application application
Schedule, plan Schedule, plan
components components
and execute and execute
and database. and database.
DR tests. DR tests.

Backup and Backup and Develop Develop VM Develop Develop VM

Recovery recovery backup and based backup and based
procedures that recovery recovery recovery recovery
need to be used procedures for procedures of procedures for procedures of
for restart of database application, database application,
TEDS solution in restore and middleware restore and middleware
the DR site application and COTS application and COTS
files, servers files, servers
configuration configuration
at the platform at the platform
level. level.
Review Review
backup and backup and
recovery recovery
procedures for procedures for
database database
restore restore
Review VM Review VM
based State based State
recovery recovery
procedures of procedures of
application, application,

290
Component Activity Activity Development Test Training Disaster Recovery Production
Description
Deloitte State Deloitte State Deloitte State Deloitte State Deloitte State
middleware middleware
and COTS and COTS
servers servers

Identity and Integration Configure and Configure and Perform Configure and Perform Configure and Perform Provide Perform Provide Perform
Access of the develop custom develop hardware develop hardware develop hardware guidance to hardware guidance to hardware
Management: State’s code where custom code maintenance custom code maintenance custom code maintenance the State to maintenance the State to maintenance
Oracle IAM existing required for where and servicing where and servicing where and servicing Configure and and servicing configure and and servicing
suite of Oracle IAM components of required for of physical required for of physical required for of physical migrate of physical migrate of physical
Products (OIM, suite of the Oracle IAM the and virtual the and virtual the and virtual custom code and virtual custom code and virtual
OAM, OAAM, products suite of products components of machines to components of machines to components of machines to for the machines to for the machines to
and OID) with the to allow the Oracle support the the Oracle support the the Oracle support the components of support the components of support the
TEDS integration with IAM suite of Oracle IAM IAM suite of Oracle IAM IAM suite of Oracle IAM the Oracle Oracle IAM the Oracle Oracle IAM
solution and the Worker products to suite of products to suite of products to suite of IAM suite of suite of IAM suite of suite of
install Portal, Self- allow products that integrate with products that allow products that products to products that products to products that
Oracle IAM Service Portal, integration will be the Worker will be integration will be allow will be allow will be
products and TEDS with the integrated with Portal, Self- integrated with with the integrated with integration integrated with integration integrated with
that are not solutions. Worker Portal, the TEDS Service Portal, the TEDS Worker Portal, the TEDS with the the TEDS with the the TEDS
present e.g. Self-Service solution. and TEDS solution. Self-Service solution. Worker Portal, solution. Worker Portal, solution.
OAAM if it Portal, and solutions. Portal, and Self-Service Self-Service
is not TEDS TEDS Portal, and Portal, and
present. solutions. solutions. TEDS TEDS
solutions. solutions.

Security Security Integrate TEDS Integrate Integrate Integrate Integrate Integrate Integrate Deloitte to Integrate Deloitte to Integrate
Monitoring: IBM event solution log TEDS TEDS TEDS TEDS TEDS TEDS provide TEDS provide TEDS
QRadar SIEM monitoring sources with the application, infrastructure application, infrastructure application, infrastructure guidance to infrastructure guidance to infrastructure
integration State’s existing database and log sources database and log sources database and log sources the State to log sources the State to log sources
instance of web services with the web services with the web services with the integrate with the integrate with the
QRadar. gateway log State’s gateway log State’s gateway log State’s TEDS State’s TEDS State’s
sources with existing sources with existing sources with existing application, existing application, existing
the State’s instance of the State’s instance of the State’s instance of database and instance of database and instance of
existing QRadar. This existing QRadar. This existing QRadar. This web services QRadar. This web services QRadar. This
instance of includes instance of includes instance of includes gateway log includes gateway log includes
QRadar. This operation QRadar. This operation QRadar. This operation sources with operating sources with Operation
includes the system, Active includes the system, Active includes the system, Active the State’s system, Active the State’s System, Active
development Directory, development Directory, development Directory, existing Directory, existing Directory,
of reports, firewall, of reports, firewall, of reports, firewall, instance of firewall, instance of Firewall,
alerts, and IDS/IPS, and alerts, and IDS/IPS, and alerts, and IDS/IPS, and QRadar. This IDS/IPS, and QRadar. This IDS/IPS, and
dashboards to other network dashboards to other network dashboards to other network includes the other network includes the other network
address devices that address devices that address devices that development devices that development devices that
auditing and process auditing and process auditing and process of reports, process of reports, sensitive data
accountability sensitive data accountability sensitive data accountability sensitive data alerts, and sensitive data alerts, and for the TEDS
requirements for the TEDS requirements for the TEDS requirements for the TEDS dashboards to for the TEDS dashboards to solution flows
outlined in the solution. The outlined in the solution. The outlined in the solution. The address solution. The address through. The
MARS-E 2.0 State will MARS-E 2.0 State will MARS-E 2.0 State will auditing and State will auditing and State will
standard Audit configure and standard Audit configure and standard Audit configure and accountability configure and accountability configure and
and develop and develop and develop requirements develop requirements develop
Accountability reports, alerts, Accountability reports, alerts, Accountability reports, alerts, outlined in the reports, alerts, outlined in the reports, alerts,
(AU) control and (AU) control and (AU) control and MARS-E 2.0 and MARS-E 2.0 and
family to dashboards to family to dashboards to family to dashboards to standard Audit dashboards to standard Audit dashboards to
address address address address address address and address and address
federal and auditing and federal and auditing and federal and auditing and Accountability auditing and Accountability auditing and
state accountability state accountability state accountability (AU) control accountability (AU) control accountability
291
Component Activity Activity Development Test Training Disaster Recovery Production
Description
Deloitte State Deloitte State Deloitte State Deloitte State Deloitte State
standards for requirements standards for requirements standards for requirements family to requirements family to requirements
continuous outlined in the continuous outlined in the continuous outlined in the address outlined in the address outlined in the
monitoring. MARS-E 2.0 monitoring. MARS-E 2.0 monitoring. MARS-E 2.0 federal and MARS-E 2.0 federal and MARS-E 2.0
Deloitte will standard Audit Deloitte will standard Audit Deloitte will standard Audit state standard Audit state standard Audit
provide and provide and provide and standards for and standards for and
guidance to Accountability guidance to Accountability guidance to Accountability continuous Accountability continuous Accountability
the State on (AU) control the State on (AU) control the State on (AU) control monitoring. (AU) control monitoring. (AU) control
what reports, family to what reports, family to what reports, family to Deloitte will family to Deloitte will family to
alerts, and address alerts, and address alerts, and address also provide address also provide address
dashboards federal and dashboards federal and dashboards federal and guidance to federal and guidance to federal and
need to be state need to be state need to be state the State on state the State on state
configured/dev standards for configured/dev standards for configured/dev standards for what reports, standards for what reports, standards for
eloped for continuous eloped for continuous eloped for continuous alerts, and continuous alerts, and continuous
infrastructure monitoring. infrastructure monitoring. infrastructure monitoring. dashboards monitoring. dashboards monitoring.
security security security need to be need to be
The State will The State will
monitoring to monitoring to monitoring to configured/dev configured/dev
monitor monitor
address AU address AU address AU eloped for eloped for
reports, alerts, reports, alerts,
requirements. requirements. requirements. infrastructure infrastructure
and and
security security
dashboards dashboards
monitoring. monitoring.
for TEDS for TEDS
Deloitte will infrastructure Deloitte will infrastructure
monitor security monitor security
reports, alerts, events, and reports, alerts, events, and
and report and report
dashboards anomalies per dashboards anomalies per
for TEDS the approved for TEDS the approved
application, Auditing, application, Auditing,
database and Logging, and database and Logging, and
web services Monitoring web services Monitoring
gateway Plan that will gateway Plan that will
security be included as security be included as
events, and part of the events, and part of the
report overall report overall
anomalies per Operations anomalies per Operations
the approved Documentatio the approved Documentatio
Auditing, n for the TEDS Auditing, n for the TEDS
Logging, and solution. Logging, and solution.
Monitoring Monitoring
Plan that will Plan that will
be included as be included as
part of the part of the
overall overall
Operations Operations
Documentatio Documentatio
n for the TEDS n for the TEDS
solution. solution.

Security Database Integrate TEDS Integrate Support the Integrate Support the Integrate Support the Provide Integrate Provide Integrate
Monitoring: security database log TEDS Deloitte team TEDS Deloitte team TEDS Deloitte team guidance to TEDS guidance to TEDS
Oracle Audit monitoring sources with the database log in database log in database log in the State to database log the State to database log
Vault integration State’s existing sources with implementing sources with implementing sources with implementing integrate sources with integrate sources with
instance of the State’s Oracle Audit the State’s Oracle Audit the State’s Oracle Audit TEDS the State’s TEDS the State’s
existing Vault through existing Vault through existing Vault through database log existing database log existing

292
Component Activity Activity Development Test Training Disaster Recovery Production
Description
Deloitte State Deloitte State Deloitte State Deloitte State Deloitte State
Oracle Audit instance of performance instance of performance instance of performance sources with instance of sources with instance of
Vault Oracle Audit of the required Oracle Audit of the required Oracle Audit of the required the State’s Oracle Audit the State’s Oracle Audit
Vault. This infrastructure Vault. This infrastructure Vault. This infrastructure existing Vault with existing Vault with
includes the activities. includes the activities. includes the activities. instance of guidance from instance of guidance from
development development development Oracle Audit the Deloitte Oracle Audit the Deloitte
of reports, of reports, of reports, Vault. This team. This Vault. This team. This
alerts, and alerts, and alerts, and includes the includes the includes the includes the
dashboards to dashboards to dashboards to development development development development
address address address of reports, of reports, of reports, of reports,
auditing and auditing and auditing and alerts, and alerts, and alerts, and alerts, and
accountability accountability accountability dashboards to dashboards to dashboards to dashboards to
requirements requirements requirements address address address address
outlined in the outlined in the outlined in the auditing and auditing and auditing and auditing and
MARS-E 2.0 MARS-E 2.0 MARS-E 2.0 accountability accountability accountability accountability
standard Audit standard Audit standard Audit requirements requirements requirements requirements
and and and outlined in the outlined in the outlined in the outlined in the
Accountability Accountability Accountability MARS-E 2.0 MARS-E 2.0 MARS-E 2.0 MARS-E 2.0
(AU) control (AU) control (AU) control standard Audit standard Audit standard Audit standard Audit
family to family to family to and and and and
address address address Accountability Accountability Accountability Accountability
federal and federal and federal and (AU) control (AU) control (AU) control (AU) control
state state state family to family to family to family to
standards for standards for standards for address address address address
continuous continuous continuous federal and federal and federal and federal and
monitoring. monitoring. monitoring. state state state state
standards for standards for standards for standards for
continuous continuous continuous continuous
monitoring. monitoring. monitoring. monitoring.
Deloitte will Deloitte will
monitor monitor
reports, alerts, reports, alerts,
and and
dashboards dashboards
for TEDS for TEDS
database database
security security
events, and events, and
report report
anomalies per anomalies per
the approved the approved
Auditing, Auditing,
Logging, and Logging, and
Monitoring Monitoring
Plan that will Plan that will
be included as be included as
part of the part of the
overall overall
Operations Operations
Documentatio Documentatio
n for the TEDS n for the TEDS
solution. solution.

293
Component Activity Activity Development Test Training Disaster Recovery Production
Description
Deloitte State Deloitte State Deloitte State Deloitte State Deloitte State
SOA Security: IBM Configure IBM Configure the Support the Configure the Support the Configure the Support the Provide Configure the Provide Configure the
IBM DataPower DataPower DataPower to State’s Deloitte team State’s Deloitte team State’s Deloitte Team guidance to State’s guidance to State’s
integration provide existing in the existing in the existing in the the State to existing the State to existing
authentication, instance of implementatio instance of implementatio instance of implementatio configure the instance of configure the instance of
authorization, IBM n of IBM IBM n of IBM IBM n of IBM State’s IBM State’s IBM
and encryption DataPower to DataPower DataPower to DataPower DataPower to DataPower existing DataPower to existing DataPower to
of externally provide through provide through provide through instance of provide instance of provide
facing web authentication, performance authentication, performance authentication, performance IBM authentication, IBM authentication,
services in the authorization, of the required authorization, of the required authorization, of the required DataPower to authorization, DataPower to authorization,
TEDS solution. and encryption infrastructure and encryption infrastructure and encryption infrastructure provide and encryption provide and encryption
of externally activities. e.g. of externally activities. e.g. of externally activities. e.g. authentication, of externally authentication, of externally
facing web configuring facing web configuring facing web configuring authorization, facing web authorization, facing web
services in the firewall rules, services in the firewall rules, services in the firewall rules, and encryption services in the and encryption services in the
TEDS establishing TEDS establishing TEDS establishing of externally TEDS of externally TEDS
solution. connectivity, solution. connectivity, solution. connectivity, facing web solution. facing web solution.
etc. etc. etc. services in the services in the
TEDS TEDS
solution. solution.

Data Implement Implement Implement State to Implement State to Implement State to Deloitte to Implement Deloitte to Implement
Protection: Oracle TDE Oracle Oracle TDE determine Oracle TDE determine Oracle TDE determine provide Oracle TDE provide Oracle TDE
Oracle TDE, for for encryption appropriate for encryption appropriate for encryption appropriate guidance to for encryption guidance to for encryption
Microsoft encryption of sensitive data at rest to of sensitive data at rest to of sensitive data at rest to the State to of sensitive the State to of sensitive
BitLocker, of sensitive data at rest in encrypt for data at rest in encrypt for data at rest in encrypt for implement data at rest in implement data at rest in
LINUX Unified data at rest TEDS Oracle databases, TEDS Oracle databases, TEDS Oracle databases, Oracle TDE TEDS Oracle Oracle TDE TEDS Oracle
Key Setup in TEDS databases. files and databases. files and databases. files and for encryption databases in for encryption databases in
(LUKS),TLS Oracle server image server image server image of sensitive the DR of sensitive the DR
encryption databases. backups that backups that backups that data at rest in environment. data at rest in environment.
have PHI/PII have PHI/PII have PHI/PII TEDS Oracle TEDS Oracle
using FIPS using FIPS using FIPS databases in databases in
140-2 140-2 140-2 the DR the DR
compliance compliance compliance environment. environment.
algorithms. algorithms. algorithms.

Implement Provide Provide Deploy Provide Deploy Provide Deploy Provide Deploy Provide Deploy
Microsoft guidance to the guidance to Microsoft guidance to Microsoft guidance to Microsoft guidance to Microsoft guidance to Microsoft
BitLocker State to deploy the State to BitLocker for the State to BitLocker for the State to BitLocker for the State to BitLocker for the State to BitLocker for
Microsoft deploy Windows deploy Windows deploy Windows deploy Windows deploy Windows
BitLocker for Microsoft system disk Microsoft system disk Microsoft system disk Microsoft system disk Microsoft system disk
Windows BitLocker for encryption to BitLocker for encryption to BitLocker for encryption to BitLocker for encryption to BitLocker for encryption to
system disk Windows address FIPS Windows address FIPS Windows address FIPS Windows address FIPS Windows address FIPS
encryption to system disk 140-2 system disk 140-2 system disk 140-2 system disk 140-2 system disk 140-2
address FIPS encryption to encryption encryption to encryption encryption to encryption encryption to encryption encryption to encryption
140-2 encryption address FIPS standards. address FIPS standards. address FIPS standards. address FIPS standards. address FIPS standards.
standards. 140-2 140-2 140-2 140-2 140-2
encryption encryption encryption encryption encryption
standards. standards. standards. standards. standards.

Implement Implement Provide Deploy LINUX Provide Deploy LINUX Provide Deploy LINUX Provide Deploy LINUX Provide Deploy LINUX
LINUX LINUX Unified guidance to Unified Key guidance to Unified Key guidance to Unified Key guidance to Unified Key guidance to Unified Key
Unified Key Key Setup the State to Setup (LUKS) the State to Setup (LUKS) the State to Setup (LUKS) the State to Setup (LUKS) the State to Setup (LUKS)
Setup (LUKS) for deploy LINUX for LINUX deploy LINUX for LINUX deploy LINUX for LINUX deploy LINUX for LINUX deploy LINUX for LINUX
(LUKS) LINUX system Unified Key system disk Unified Key system disk Unified Key system disk Unified Key system disk Unified Key system disk
disk encryption Setup (LUKS) encryption to Setup (LUKS) encryption to Setup (LUKS) encryption to Setup (LUKS) encryption to Setup (LUKS) encryption to
294
Component Activity Activity Development Test Training Disaster Recovery Production
Description
Deloitte State Deloitte State Deloitte State Deloitte State Deloitte State
to address FIPS for LINUX address FIPS for LINUX address FIPS for LINUX address FIPS for LINUX address FIPS for LINUX address FIPS
140-2 encryption system disk 140-2 system disk 140-2 system disk 140-2 system disk 140-2 system disk 140-2
standards. encryption to encryption encryption to encryption encryption to encryption encryption to encryption encryption to encryption
address FIPS standards. address FIPS standards. address FIPS standards. address FIPS standards. address FIPS standards.
140-2 140-2 140-2 140-2 140-2
encryption encryption encryption encryption encryption
standards. standards. standards. standards. standards.

Data In TLS 1.2 Deloitte will The State will Deloitte will The State will Deloitte will The State will Provide The State will Provide The State will
Transit encryption to configure configure configure configure configure configure guidance to configure guidance to configure
address FIPS TEDS infrastructure TEDS infrastructure TEDS infrastructure the State to infrastructure the State to infrastructure
140-2 encryption application related application related application related configure related configure related
standards for components components in components components in components components in infrastructure components in infrastructure components in
encrypting and Oracle the TEDS and Oracle the TEDS and Oracle the TEDS related the TEDS related the TEDS
sensitive data in IAM suite solution to IAM suite solution to IAM suite solution to components in solution to components in solution to
transit components to communicate components to communicate components to communicate the TEDS communicate the TEDS communicate
communicate using TLS 1.2 communicate using TLS 1.2 communicate using TLS 1.2 solution to using TLS 1.2 solution to using TLS 1.2
using TLS 1.2 encryption, using TLS 1.2 encryption, using TLS 1.2 encryption, communicate encryption, communicate encryption,
encryption. including encryption. including encryption. including using TLS 1.2 including using TLS 1.2 including
SFTP utilities SFTP utilities SFTP utilities encryption, SFTP utilities encryption, SFTP utilities
for the transfer for the transfer for the transfer including for the transfer including for the transfer
of files of files of files SFTP utilities of files SFTP utilities of files
containing containing containing for the transfer containing for the transfer containing
sensitive sensitive sensitive of files sensitive of files sensitive
information. information. information. containing information. containing information.
The State will sensitive The State will sensitive The State will
also generate information. also generate information. also generate
certificate The State will certificate The State will certificate
requests for also generate requests for also generate requests for
obtaining 3rd- certificate obtaining 3rd- certificate obtaining 3rd-
party requests for party requests for party
Certificate obtaining 3rd- Certificate obtaining 3rd- Certificate
Authority (CA) party Authority (CA) party Authority (CA)
certificates Certificate certificates Certificate certificates
from the Authority (CA) from the Authority (CA) from the
State’s certificates State’s certificates State’s
preferred CA from the preferred CA from the preferred CA
vendor. State’s vendor. State’s vendor.
preferred CA preferred CA
vendor. vendor.

Vulnerability Secure Perform secure Deloitte will Work with Deloitte will Work with Not applicable Not applicable Not applicable Not applicable Not applicable Not applicable
Management: code review code review of perform two Deloitte to perform two Deloitte to (N/A) as code (N/A) as code (N/A) as code (N/A) as code (N/A) as code (N/A) as code
HP Fortify using HP custom code in iterations of determine iterations of determine that addresses that addresses that addresses that addresses that addresses that addresses
Fortify the TEDS secure code mutually secure code mutually the mutually the mutually the mutually the mutually the mutually the mutually
IBM AppScan
solution using a review using agreeable review using agreeable agreeable agreeable agreeable agreeable agreeable agreeable
Tenable Nessus combination of the State’s acceptance the State’s acceptance acceptance acceptance acceptance acceptance acceptance acceptance
Symantec Anti- HP Fortify and instance of HP criteria for instance of HP criteria for criteria for criteria for criteria for criteria for criteria for criteria for
Virus performing Fortify (one in secure code Fortify (one in secure code secure code secure code secure code secure code secure code secure code
Clam Anti-Virus manual analysis. development review testing development review testing review testing review testing review testing review testing review testing review testing
for LINUX and one in and and one in and will be will be will be will be will be will be
test) per remediation. test) per remediation. migrated into migrated into migrated into migrated into migrated into migrated into
release and The State will release and The State will
issue one review the issue one review the
295
Component Activity Activity Development Test Training Disaster Recovery Production
Description
Deloitte State Deloitte State Deloitte State Deloitte State Deloitte State
report scan results report scan results the training the training the DR the DR the production the production
deliverable per report and deliverable per report and environment environment environment environment environment environment
release during collaborate Release collaborate
the DDI phase with Deloitte to during the DDI with Deloitte to
of the project. determine the phase of the determine the
Monthly code remediation project. remediation
reviews will be plan for each Monthly code plan for each
performed release. reviews will be release.
during the performed
M&O phase of during the
the project M&O phase of
including the project
issuance of a including
report issuance of a
deliverable report
once per deliverable
release during once per
the M&O release during
phase of the the M&O
project. phase of the
project.

Application Perform Deloitte will Work with Deloitte will Work with Not applicable Not applicable Not applicable Not applicable Not applicable Not applicable
vulnerability application perform two Deloitte to perform two Deloitte to (N/A) as code (N/A) as code (N/A) as code (N/A) as code (N/A) as code (N/A) as code
testing vulnerability iterations of determine iterations of determine that addresses that addresses that addresses that addresses that addresses that addresses
using IBM testing of the application mutually application mutually the mutually the mutually the mutually the mutually the mutually the mutually
AppScan TEDS Worker vulnerability agreeable vulnerability agreeable agreeable agreeable agreeable agreeable agreeable agreeable
Portal and Self- testing using acceptance testing using acceptance acceptance acceptance acceptance acceptance acceptance acceptance
Service IBM AppScan criteria for IBM AppScan criteria for criteria for criteria for criteria for criteria for criteria for criteria for
components and manual application and manual application application application application application application application
using a analysis (one vulnerability analysis (one vulnerability vulnerability vulnerability vulnerability vulnerability vulnerability vulnerability
combination of in testing and in testing and testing will be testing will be testing will be testing will be testing will be testing will be
IBM AppScan development remediation. Development remediation. migrated into migrated into migrated into migrated into migrated into migrated into
and performing and one in The State will and one in The State will the training the training the DR the DR the production the production
manual analysis. test) per review the Test) per review the environment environment environment environment environment environment
release and scan results release and scan results
issue one report and issue one report and
report collaborate report collaborate
deliverable per with Deloitte to deliverable per with Deloitte to
release during determine the Release determine the
the DDI phase remediation during the DDI remediation
of the project. plan for each phase of the plan for each
Monthly release. project. release.
application Monthly
vulnerability application
scanning will vulnerability
be performed scanning will
during the be performed
M&O phase of during the
the project M&O phase of
including the project
issuance of a including
report issuance of a

296
Component Activity Activity Development Test Training Disaster Recovery Production
Description
Deloitte State Deloitte State Deloitte State Deloitte State Deloitte State
deliverable report
once per deliverable
release during once per
the M&O release during
phase of the the M&O
project. phase of the
project.

Infrastructur Perform Deloitte will Perform Deloitte will Perform Deloitte to The State Deloitte to The State Deloitte to The State
e infrastructure provide infrastructure provide infrastructure provide should have provide should have provide should have
vulnerability vulnerability guidance to vulnerability guidance to vulnerability guidance to an guidance to an guidance to an
testing scanning using the State to testing once the State to testing once the State to independent the State to independent the State to independent
using Tenable Nessus perform per release perform per release have an 3rd-party scan have an 3rd-party scan have an 3rd-party scan
Tenable to determine infrastructure during the DDI infrastructure during the DDI independent the TEDS independent the TEDS independent the TEDS
Nessus vulnerabilities of vulnerability phase of the vulnerability phase of the 3rd-party scan infrastructure 3rd-party scan infrastructure 3rd-party scan infrastructure
TEDS testing once project and testing once project and the TEDS components the TEDS components the TEDS components
infrastructure per release monthly during per release monthly during infrastructure as part of the infrastructure as part of the infrastructure as part of the
components. during the DDI the M&O during the DDI the M&O components continuous components continuous components continuous
phase of the phase of the phase of the phase of the as part of the monitoring as part of the monitoring as part of the monitoring
project and contract. Work project and contract. Work continuous process to continuous process to continuous process to
monthly during with Deloitte to monthly during with Deloitte to monitoring address monitoring address monitoring address
the M&O provide the M&O provide process to federal and process to federal and process to federal and
phase of the scanning phase of the scanning address state address state address state
contract. results and contract. results and federal and regulatory federal and regulatory federal and regulatory
Deloitte will identify false Deloitte will identify false state requirements. state requirements. state requirements.
work with the positives so work with the positives so regulatory regulatory regulatory
State to that Deloitte State to that Deloitte requirements. requirements. requirements.
produce an can produce produce an can produce
Infrastructure an Infrastructure an
Vulnerability Infrastructure Vulnerability Infrastructure
Assessment Vulnerability Assessment Vulnerability
Report Assessment Report Assessment
deliverable Report deliverable Report
once per deliverable once per deliverable
release during once per release during once per
both the DDI release during both the DDI release during
and M&O both the DDI and M&O both the DDI
phases of the and M&O phases of the and M&O
project. phases of the project. phases of the
project. project.

Integration Integrating Deloitte to Integrate Deloitte to Integrate Deloitte to Integrate Deloitte to Integrate Deloitte to Integrate
of Symantec Anti- provide Symantec provide Symantec provide Symantec provide Symantec provide Symantec
Symantec Virus and Clam guidance to Anti-Virus and guidance to Anti-Virus and guidance to Anti-Virus and guidance to Anti-Virus and guidance to Anti-Virus and
Anti-Virus Anti-Virus for the State to Clam Anti- the State to Clam Anti- the State to Clam Anti- the State to Clam Anti- the State to Clam Anti-
and Clam LINUX with integrate Virus for integrate Virus for integrate Virus for integrate Virus for integrate Virus for
Anti-Virus TEDS solution Symantec LINUX with Symantec LINUX with Symantec LINUX with Symantec LINUX with Symantec LINUX with
for LINUX operating Anti-Virus and TEDS solution Anti-Virus and TEDS solution Anti-Virus and TEDS solution Anti-Virus and TEDS solution Anti-Virus and TEDS solution
systems. Clam Anti- operating Clam Anti- operating Clam Anti- operating Clam Anti- operating Clam Anti- operating
Virus for systems. Virus for systems. Virus for systems. Virus for systems. Virus for systems.
LINUX with LINUX with LINUX with LINUX with LINUX with
TEDS solution TEDS solution TEDS solution TEDS solution TEDS solution

297
Component Activity Activity Development Test Training Disaster Recovery Production
Description
Deloitte State Deloitte State Deloitte State Deloitte State Deloitte State
operating operating operating operating operating
systems. systems. systems. systems. systems.

Configuratio Configure Deloitte will Support the Deloitte will Support the Deloitte will Support the Deloitte will Support the Deloitte will Support the
n of Symantec Anti- configure Deloitte team configure Deloitte team implement Deloitte team implement Deloitte team implement Deloitte team
Symantec Virus for Symantec with Symantec with Symantec with Symantec with Symantec with
Anti-Virus scanning file Anti-Virus for performance Anti-Virus for performance Anti-Virus for performance Anti-Virus for performance Anti-Virus for performance
for file uploads to the scanning file of the required scanning file of the required scanning file of the required scanning file of the required scanning file of the required
uploads TEDS solution. uploads to the infrastructure uploads to the infrastructure uploads to the infrastructure uploads to the infrastructure uploads to the infrastructure
TEDS activities for TEDS activities for TEDS activities for TEDS activities for TEDS activities for
solution. the solution. the solution. the solution. the solution. the
configuration configuration configuration configuration configuration
of the State’s of the State’s of the State’s of the State’s of the State’s
existing existing existing existing existing
instance of instance of instance of instance of instance of
Symantec Symantec Symantec Symantec Symantec
Anti-Virus to Anti-Virus to Anti-Virus to Anti-Virus to Anti-Virus to
perform perform perform perform perform
scanning of scanning of scanning of scanning of scanning of
file uploads to file uploads to file uploads to file uploads to file uploads to
the TEDS the TEDS the TEDS the TEDS the TEDS
solution. solution. solution. solution. solution.

Infrastructure IDS/IPS Configure the Provide Configure the Provide Configure the Provide Configure the Provide Configure the Provide Configure the
Security configuratio IDS/IPS solution guidance to IDS/IPS guidance to IDS/IPS guidance to IDS/IPS guidance to IDS/IPS guidance to IDS/IPS
IDS/IPS n that is integrated the State on solution that is the State on solution that is the State on solution that is the State on solution that is the State on solution that is
with the TEDS what events integrated with what events integrated with what events integrated with what events integrated with what events integrated with
solution. should be the TEDS should be the TEDS should be the TEDS should be the TEDS should be the TEDS
logged for the solution to logged for the solution to logged for the solution to logged for the solution to logged for the solution to
IDS/IPS address IDS/IPS address IDS/IPS address IDS/IPS address IDS/IPS address
solution in applicable solution in applicable solution in applicable solution in applicable solution in applicable
order for the federal and order for the federal and order for the federal and order for the federal and order for the federal and
QRadar SIEM state QRadar SIEM state QRadar SIEM state QRadar SIEM state QRadar SIEM state
solution to regulatory solution to regulatory solution to regulatory solution to regulatory solution to regulatory
consume requirements consume requirements consume requirements consume requirements consume requirements
those log for boundary those log for boundary those log for boundary those log for boundary those log for boundary
events. protection. events. protection. events. protection. events. protection. events. protection.

Compliance Implement Implementation Deloitte will Implement the Deloitte will Implement the Deloitte will Implement the Deloitte will Implement the Deloitte will Implement the
and Information the of the Lockpath provide State’s provide State’s provide State’s provide State’s provide State’s
Security Lockpath Keylight guidance to existing guidance to existing guidance to existing guidance to existing guidance to existing
Program Keylight compliance and the State to instance of the the State to instance of the the State to instance of the the State to instance of the the State to instance of the
Management: compliance information address Lockpath address Lockpath address Lockpath address Lockpath address Lockpath
Lockpath and security program regulatory Keylight regulatory Keylight regulatory Keylight regulatory Keylight regulatory Keylight
Keylight information management requirements compliance requirements compliance requirements compliance requirements compliance requirements compliance
compliance and security solution with the as it pertains and as it pertains and as it pertains and as it pertains and as it pertains and
information program TEDS solution. to the information to the information to the information to the information to the information
security manageme implementatio security implementatio security implementatio security implementatio security implementatio security
program nt solution n of the program n of the program n of the program n of the program n of the program
management State’s management State’s management State’s management State’s management State’s management
solution existing solution to existing solution to existing solution to existing solution to existing solution to
instance of the facilitate instance of the facilitate instance of the facilitate instance of the facilitate instance of the facilitate
Lockpath addressing Lockpath addressing Lockpath addressing Lockpath addressing Lockpath addressing
Keylight CMS, IRS and Keylight CMS, IRS and Keylight CMS, IRS and Keylight CMS, IRS and Keylight CMS, IRS and

298
Component Activity Activity Development Test Training Disaster Recovery Production
Description
Deloitte State Deloitte State Deloitte State Deloitte State Deloitte State
compliance SSA compliance SSA compliance SSA compliance SSA compliance SSA
and continuous and continuous and continuous and continuous and continuous
information monitoring and information monitoring and information monitoring and information monitoring and information monitoring and
security incident security incident security incident security incident security incident
program reporting program reporting program reporting program reporting program reporting
management directives. management directives. management directives. management directives. management directives.
solution. solution. solution. solution. solution.

299
 Proposal
Item Section, Page,
# Paragraph Description Rationale Potential Impact
7 C.18, J.1, Our overall work effort and project Provides a clear definition of how Impacts project
Appendix 3 schedule is based on our the requirement will be realized schedule and work
assessment of the RFQ functional effort
requirements and our proposed
approach to fulfilling these
requirements with our NextGen
solution as described in C.18 and
the associated J.1 and Appendix 3.

See Functional and Non-Functional requirements and approach below.

Proposal
Item Section, Page,
# Paragraph Description Rationale Potential Impact
8 RFQ page 83, Our overall schedule is based on our Manages the scope during Maintains predictability
A.11.10 - Table proposed approached to deliverable deliverable review and maintain for deliverable approval
1: Table of review and acceptance and our project schedules and avoids impact to
Deliverables redline comments to Section A.11 of project milestones.
the pro forma contract.

Proposal
Item Section, Page,
# Paragraph Description Rationale Potential Impact
10 Appendix 6 - Our proposed TEDS solution will To reuse existing State assets, Allows the State to
List of leverage the State's existing IAM where possible reuse existing assets
Hardware, solution, including existing while helping to
Software and infrastructure and licenses. increase synergies and
Licenses gain efficiencies in
procurement and
setup. Impacts project
schedule and work
effort.
11 Appendix 6 - Our proposed TEDS solution will To reuse existing State assets, Allows the State to
List of leverage the State's existing FileNet where possible reuse existing assets
Hardware, solution, including existing while helping to
Software and infrastructure and licenses. increase synergies and
Licenses gain efficiencies in
procurement and
setup. Impacts project
schedule and work
effort.
12 Appendix 6 - Our proposed TEDS solution will To reuse existing State assets, Allows the State to
List of leverage the State's existing Nessus where possible reuse existing assets
Hardware, solution, including existing while helping to
Software and infrastructure and licenses. increase synergies and
Licenses gain efficiencies in
procurement and
setup. Impacts project
schedule and work
effort.
13 Appendix 6 - Our proposed TEDS solution will To reuse existing State assets, Allows the State to
List of leverage the State's existing where possible reuse existing assets
Hardware, Sitescope solution, including existing while helping to
Software and infrastructure and licenses. increase synergies and
Licenses gain efficiencies in
procurement and
setup. Impacts project
300
 Proposal
Item Section, Page,
# Paragraph Description Rationale Potential Impact
schedule and work
effort.

14 Appendix 6 - Our proposed TEDS solution will To reuse existing State assets, Allows the State to
List of leverage the State's existing Qradar where possible reuse existing assets
Hardware, solution, including existing while helping to
Software and infrastructure and licenses. increase synergies and
Licenses gain efficiencies in
procurement and
setup. Impacts project
schedule and work
effort.
15 Appendix 6 - Our proposed TEDS solution will To reuse existing State assets, Allows the State to
List of leverage the State's existing Master where possible reuse existing assets
Hardware, Client Index. while helping to
Software and increase synergies and
Licenses gain efficiencies in
procurement and
setup. Impacts project
schedule and work
effort.
16 Appendix 6 - Our proposed TEDS solution will To reuse existing State assets, Allows the State to
List of leverage the State's existing where possible reuse existing assets
Hardware, Advanced Intrusion Detection while helping to
Software and Environment File Integrity Checker increase synergies and
Licenses solution, including existing gain efficiencies in
infrastructure and licenses. procurement and
setup. Impacts project
schedule and work
effort.
17 Appendix 6 - Our proposed TEDS solution will To reuse existing State assets, Allows the State to
List of leverage the State's existing QAS where possible reuse existing assets
Hardware, Address Verification solution, while helping to
Software and including existing infrastructure and increase synergies and
Licenses licenses. gain efficiencies in
procurement and
setup. Impacts project
schedule and work
effort.
18 Appendix 6 - Our proposed TEDS solution will To reuse existing State assets, Allows the State to
List of leverage the State's existing where possible reuse existing assets
Hardware, Lockpath Keylight – Compliance and while helping to
Software and Information Security Program increase synergies and
Licenses Management solution, including gain efficiencies in
existing infrastructure and licenses. procurement and
setup. Impacts project
schedule and work
effort.
19 Appendix 6 - Our proposed TEDS solution will To reuse existing State assets, Allows the State to
List of leverage the State's existing Active where possible reuse existing assets
Hardware, Directory for Worker Portal. while helping to
Software and increase synergies and
Licenses gain efficiencies in
procurement and
setup. Impacts project
schedule and work
effort.

301
 Proposal
Item Section, Page,
# Paragraph Description Rationale Potential Impact
20 J.2 - NFR-SC- For our proposed TEDS solution, the Capacity planning for server and Allows for
009 Worker Portal solution is sized to environment sizing environments and
support 2000 concurrent users. servers to be sized
upfront, limiting the
potential for additional
or larger servers and
environments being
resized, and resulting
in additional hardware
and software licenses
and further installation
activities during the
DDI phase of the
project. Impacts
project schedule and
work effort.
22 Appendix 6 - We assume that the State's existing To reuse existing State assets, Allows for reuse and
List of IAM solution includes Multi-Factor where possible reduced effort for setup
Hardware, Authentication. and configuration.
Software and Impacts project
Licenses schedule and work
effort.
23 Appendix 6 - Our proposed TEDS solution will To reuse existing State assets, Allows the State to
List of leverage the State's existing back-up where possible reuse existing assets
Hardware, solution, including existing while helping to
Software and infrastructure and licenses. increase synergies and
Licenses gain efficiencies in
procurement and
setup. Impacts project
schedule and work
effort.
24 RFQ page 52, We assume that the State's Our proposed TEDS solution will Project schedule could
A.9 Solution datacenter has the capacity (floor be hosted in existing State be impacted if the data
Infrastructure space, bandwidth, power, etc.) to facilities, and will require space center facilities had to
host the proposed hardware. and connections to existing State be expanded.
infrastructure.
25 Appendix 6 - Our proposed TEDS solution will To reuse existing State assets, Allows the State to
List of leverage the State's existing where possible reuse existing assets
Hardware, Symantec Endpoint Protection while helping to
Software and solution, including existing increase synergies and
Licenses infrastructure and licenses. gain efficiencies in
procurement and
setup. Impacts project
schedule and work
effort.
26 Appendix 6 - Our proposed TEDS solution will To reuse existing State assets, Allows the State to
List of leverage the State's existing IBM where possible reuse existing assets
Hardware, Integration Bus and WSRR, while helping to
Software and including existing infrastructure and increase synergies and
Licenses licenses. gain efficiencies in
procurement and
setup. Impacts project
schedule and work
effort.
27 C.12 The Contractor shall perform To align workbook structure and Benefit to the State is
Operations and Operations and Maintenance (O&M) industry practice increased control and
Maintenance, utilizing the staff hours as specified predictable results
page C-178 - in Tab 3 O&M Effort of the Effort
C-222 Workbook. O&M work activity shall
be planned and prioritized with the
State utilizing the specified
staffing. The SOP will further detail
the planning and prioritization
processes. Highest priority will be
given to correction of High or Critical
Defects, and as necessary to comply
302
 Proposal
Item Section, Page,
# Paragraph Description Rationale Potential Impact
with any SLAs applicable to Medium
or Low defects. Adjustments to
O&M staffing shall be done,
including through the CM process,
using the rates and categories as
specified in Attachment D.1.

Cost Assumptions
Proposal
Section,
Item Page,
# Paragraph Description Rationale Potential Impact
1 The State has chosen a report
solution that is on premise. This
will be included in a future bill of
materials (BOM).

2 RFQ Deloitte has incorporated into our

If the number of individuals
A.20.10.1.9 cost proposal the a facility that The facility enables at least 100
that need to be trained
Page 129 enables the training of at least 100 individuals to meet the State’s
simultaneously increases,
individuals simultaneously across 5 need to train the number of
additional space will need to
training rooms (at least 20 per users at one time.
be procured.
room)
3 RFQ page In the print/mail industry items are
114, A.17.17 typically priced and charged by
- Print item printed and mailed. Given the
Output structure of the RFQ didn't allow for
Management this method, we have provided a
number of assumptions which is
the basis for our pricing. We
strongly encourage the State to
consider a more traditional pricing
methodology for this portion of the
contract.

Please see the following

assumptions related to
printing/mailing
4 RFQ page We assume the annual volume for Calculated based on Medicaid Allows for predictability of
114, A.17.17 year 1 of O&M processing mailing volumes from 'similar' Fixed Fee Costing of printing.
- Print (following release 1) of implementations. Changes from this volume will
Output notice/letters generated from TEDS result in a increase/decrease
Management to be 3 million packages to be in cost
printed mailed, comprised of the
following:
MAIL PKG 1: #10 3 sheets per
package resulting in 2,550,000
packages
MAIL PKG 2: 6x9 7 sheets per
package resulting in 330,000
packages
MAIL PKG 3: 9X12 25 sheets per
package resulting in 120,000
packages
REMIT ENVELOPE required In
45% of Packages resulting in
1,364,412 remit envelopes

303
 Proposal
Section,
Item Page,
# Paragraph Description Rationale Potential Impact
5 RFQ page We assume the annual volume for Calculated based on Medicaid Allows for predictability of
114, A.17.17 year 2 of O&M processing mailing volumes from 'similar' Fixed Fee Costing of printing.
- Print (following release 1 & release 2) of implementations. Changes from this volume will
Output notice/letters generated from TEDS result in a increase/decrease
Management to be 5 million packages to be in cost
printed mailed, comprised of the
following:MAIL PKG 1: #10 3
sheets per package resulting in
4,250,000 packagesMAIL PKG 2:
6x9 7 sheets per package resulting
in 550,000 packagesMAIL PKG 3:
9X12 25 sheets per package
resulting in 200,000
packagesREMIT ENVELOPE
required In 45% of Packages
resulting in 2,250,000 remit
envelopes
6 RFQ page We assume the annual volume for Calculated based on Medicaid Allows for predictability of
114, A.17.17 year 3 of O&M processing mailing volumes from 'similar' Fixed Fee Costing of printing.
- Print (following all DDI releases) of implementations. Changes from this volume will
Output notice/letters generated from TEDS result in a increase/decrease
Management to be 5 million packages to be in cost
printed mailed, comprised of the
following:
MAIL PKG 1: #10 3 sheets per
package resulting in 4,250,000
packages
MAIL PKG 2: 6x9 7 sheets per
package resulting in 550,000
packages
MAIL PKG 3: 9X12 25 sheets per
package resulting in 200,000
packages
REMIT ENVELOPE required In
45% of Packages resulting in
2,250,000 remit envelopes
7 RFQ page We assume the annual volume for Calculated based on Medicaid Allows for predictability of
114, A.17.17 extension years of O&M processing mailing volumes from 'similar' Fixed Fee Costing of printing.
- Print (following all DDI releases) of implementations. Changes from this volume will
Output notice/letters generated from TEDS result in a increase/decrease
Management to be 5 million packages to be in cost
printed mailed, comprised of the
following:
MAIL PKG 1: #10 3 sheets per
package resulting in 4,250,000
packages
MAIL PKG 2: 6x9 7 sheets per
package resulting in 550,000
packages
MAIL PKG 3: 9X12 25 sheets per
package resulting in 200,000
packages
REMIT ENVELOPE required In
45% of Packages resulting in
2,250,000 remit envelopes

304
 Proposal
Section,
Item Page,
# Paragraph Description Rationale Potential Impact
8 RFQ page We assume the following Baseline assumptions based on Allows for predictability of
114, A.17.17 component specification for the experience and lack of detailed Fixed Fee Costing of printing.
- Print print/mail packages:• Pages specifications in the RFQ Changes from the
Output (sheets): 8.5x11, 24# White Bond, envelope/sheet makeup will
Management blank, no perforations• Envelope 1: result in a increase/decrease
Size #10, 24# white wove, blank, in cost
stock double window, generic tint •
Envelope 2: Size 6x9, 24# white
wove, blank, stock double window,
generic tint • Envelope 3: Size
9x12, 24# white wove, blank, stock
single window generic • Imaging:
Black and White, duplex
9 RFQ Our pricing is based on USPS first USPS first class postage is Allows for predictability of
A.17.17.1.12 class comingle rate at the time of calculated by size and weight, Fixed Fee Costing of mailing.
- Print proposal submission. per USPS guidelines which are Changes from the current
Output updated and adjusted USPS comingled rate will
Management continuously. In order to fix a result in a increase/decrease
cost, the current rate was used in cost
10 RFQ Our pricing is based on postage USPS first class postage is Allows for predictability of
A.17.17.1.12 being applied via permit or calculated by size and weight, Fixed Fee Costing of mailing.
- Print meter/commingle per USPS guidelines which are Changes from the current
Output updated and adjusted USPS comingled rate will
Management continuously. In order to fix a result in a increase/decrease
cost, the current rate was used in cost
11 RFQ page Our pricing assumings 2.5% of the Baseline assumptions based on Allows for predictability of
114, A.17.17 packages will require return mail industry standards for returned Fixed Fee Costing of mailing.
- Print processing services. Based on the mail items from USPS Changes from the volume of
Output volume projections above, this returned mail items will result
Management assums the following: in a increase/decrease in cost
- year 1 of O&M processing
(following release 1) - 75,000
retuned items
- year 2 of O&M process (following
release 2) - 125,000 returned items
- year 3 of O&M process (following
all DDI releases) - 125,000 retuned
items
- extension years of O&M process
(following all DDI releases) -
125,000 retuned items
12 RFQ page Our pricing assumings fixed Baseline assumptions based on Allows for predictability of
114, A.17.17 number of manual pulls & process experience performing similar Fixed Fee Costing of printing.
- Print per day - for unique notices (i.e. projects Changes from the volume of
Output number of pages exceed the plan items requiring manual pulls
Management for a particular notice) Based on will result in a
the volume projections above, this increase/decrease in cost
assumes the following:- year 1 of
O&M processing (following release
1) - 15 per day require manual pulls
& processing- year 2 of O&M
process (following release 2) - 20
per day require manual pulls &
processing- year 3 of O&M process
(following all DDI releases) - 20 per
day require manual pulls &
processing- extension yearsof O&M
process (following all DDI releases)
- 20 per day require manual pulls &
processing
13 RFQ page Data will be sent from TEDS to the standard process for generating Changes in format/approach
114, A.17.17 print vendor via PCL format print image. could impact the printing cost
- Print
Output
Management

305
 Proposal
Section,
Item Page,
# Paragraph Description Rationale Potential Impact
14 RFQ page Files will adhere to a consistent set standard process for generating Changes in format/approach
114, A.17.17 of standards to aid in barcoding, print image. could impact the printing cost
- Print address hygiene, and layout within
Output the envelopes
Management
15 RFQ page Printing will be processed in Taylor Best equipped facilitiy to Changes in the location
114, A.17.17 Communications Charlotte, North complete the work (except for BC/DR) could
- Print Carolina secure fulfillment facility result in a increase in cost
Output
Management
16 RFQ Cost assumes the daily print files Baseline projection for Changes in daily maximum
A.17.17.1.10 will arrive by 8am to the print facility estimating maximum throughput volume will require
- Print and the maximum volume will not requirements for printing adjustments to the service
Output exceed 100,000 packages in order level requirements
Management to retain the turnaround service
level of second business day
17 RFQ Returned mail will be securely The cost to returning the mail to Changes to this assumption
A.17.17.1.5 - destroyed once processed another location designated by will impact the print mailing
Print Output the State is not included cost
Management
18 RFQ Address hygiene will be performed Defines a common standard for Changes to this assumption
A.17.17.1.6 - in compliance with USPS address hygiene will impact the mailing cost
Print Output regulations
Management
19 RFQ page We assume that a consolidated We considered best practices Allows for predictability of
114, A.17.17 Case Change notice will be from other implementations Fixed Fee Costing of printing.
- Print designed to accommodate all case where we have optimized We have provided volume
Output actions, even though the current information delivery using a based printing costs to help
Management notice list in the RFQ separates consolidated case change the State understand how cost
them out. notice to minimize cost. would be impacted if print
volumes increase.
20 RFQ page We assume that only one case Case status could change Allows for predictability of
114, A.17.17 change notice will be mailed to a during the course of the day Fixed Fee Costing of printing.
- Print client on a given day based on the depending on the number of We have provided volume
Output final authorized eligibility at the end times a case is authorized. based printing costs to help
Management of the day. Sending the final notice at the the State understand how cost
end of the day reduces print would be impacted if print
cost and confusion to the client. volumes increase.

306
Functional Requirements
This table is a copy of the functional requirements from the RFP response – C.18 Functional Requirements
Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall Intake --- INT 1.1
FR- record the source --- Appendix
Out of Release Our NextGen Solution provides the ability to record the
INT- and channel via Identifies/Selects Intake H 3, Section
the Box 1 source and channel via which all information is received.
001 which all information Application 1.1.1
is received. Process Channel

Our proposed solution provides the capability for a trusted

third party system such as an IVR or a CRM to integrate
with our NextGen solution using pre-built web services. Our
solution provides the capability to receive a request from
third party system with parameters including the case
The Solution shall number and client ID. A response is then generated from
Intake --- INT 1.1
integrate seamlessly our system and sent to the third party system. The response
FR- --- Appendix
with software Custom - Release provides a summary of the case level and member level
INT- Identifies/Selects Intake H 3, Section
implemented within Moderate 2 information including the household members, status of
002 Application 1.1.1
the centralized programs, household address, household contact
Process Channel
contact center. information and member level data including names, DOB,
SSN, active programs of members, race and ethnicity

307
 Our solution provides the ability to support internal and
external user interaction through the following channels

Phone Inbound - Our solution provides the ability for contact

center users to enter applications received by phone using
the worker portal.
Phone Outbound - Our solution provides the ability to send
text notifications to enrolled members who choose 'Text
Messaging' as their preferred method of communication.
Text Messages are sent to notify members about new
correspondences, automatic deletion of inactive
applications.
Mail, Fax, Email - Our solution provides the ability for users
to scan applications received by mail, fax, email using the
The Solution shall IBM DataCap scanning tool. Our workflow rules engine
support interaction creates a task for a user when applications are scanned.
with internal and FFM Account Transfer - Our solution provides the capability
external users to receive and automatically process applications received
Intake --- INT 1.1
through the following The from FFM. Our solution will also send the responses back to
FR- --- Appendix
channels: phone 200.03 Applicat Out of Release the FFM.
INT- Identifies/Selects Intake H 3, Section
(inbound and 0 ion the Box 1 Member Portal - Our solution provides the capability for
003 Application 1.1.1
outbound), mail, fax, Process member to apply for a new application, report changes,
Process Channel
email, FFM Account check benefits and renew their benefits online using
Transfer, Member member portal.
portal, Partner portal Partner Portal - Our solution provides the capability for
and Worker portal. partners to apply for new application, check benefits for
members and evaluate members for presumptive and
immediate eligibility online using partner portal.
Worker Portal - Our solution provides the capability for users
to evaluate members for eligibility and perform case
maintenance using the worker portal.

Our Proposed NextGen Solution supports internal user

interactions though the Worker and Partner Portals. Our
solution supports external user interaction using the
member portal. In addition to the portals, out solution
supports receiving and processing applications through the
FFM Account Transfers, mail and fax. Contact center
workers also have the capability to register phone
applications using our worker portal.

308
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution for all
portals (member,
worker and partner)
shall be compliant Our proposed NextGen solution portals (worker, member,
Intake --- INT 1.1
with Section 508 c of The partner) are 508 compliant, and this compliance is
FR- --- Appendix
the Amendment to 200.03 Applicat Out of Release continually re-assessed throughout the systems
INT- Identifies/Selects Intake H 3, Section
Rehabilitation Act of 0 ion the Box 1 development lifecycle as customization or configuration
004 Application 1.1.2
1973 to eliminate Process updates are made to align with your requirements
Process Channel
barriers for people throughout the system.
with disabilities in
using the online
portals.

Our proposed NextGen solution supports the capability to

designate authorized representatives using both the
member, worker and partner portals. It also captures
additional data for the authorized representative as listed
below
The Solution shall Intake --- INT 1.1 - Name of the authorized Representative
The
FR- allow a user to --- Appendix - Relationship of the Authorized Representative to the
200.03 Applicat Out of Release
INT- designate an Identifies/Selects Intake H 3, Section member
0 ion the Box 1
005 authorized Application 1.1.4 - Address of the Authorized Representative
Process
representative. Process Channel - Contact information of the Authorized Representative.

Our solution provides out of box capabilities for authorized

representatives to submit an application for other members
and also receive correspondences when a notice of action is
generated.

309
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

Our member portal provides an application workflow that

replicates the paper application. Our member portal
captures information is a specific order similar to the single
streamlined applications for Medicaid. Our redeterminations
workflow also replicates a paper application.
The Solution shall
have an application Our proposed Member Portal solution for the TEDS can be
Intake --- INT 1.2 accessed through mobile applications using web browsers.
workflow that The
FR- --- Member Appendix For more information on web browser support refer to Non
replicates the paper 200.03 Applicat Configur Release
INT- Portal/Mobile Intake H 3, Section Functional Requirement NFR-AA-022. Our proposed
application form for 0 ion ation 2
006 Application 1.1.4 solution for Member Portal also features a native application
a new applications Process
Information for member use only that supports IOS 9 and Android 6.0
and/or
redetermination. Marshmallow. The native mobile application will allow
members to create user accounts, setup alerts and
reminders, check benefits, report changes, and perform
document upload functions.

Intake --- INT 1.2 Our proposed NextGen solution provides pre-defined help
The Solution shall
FR- --- Member Appendix text that helps accelerate the "learning curve" of the new
provide online help Out of Release
INT- Portal/Mobile Intake H 3, Section system and promote user adoption. The help text is
functionality for the the Box 2
007 Application 1.1.3.1 available at the page and field level and is available in both
member portal.
Information English and Spanish.

Questions throughout the application are queued

The Solution shall dynamically based on the program(s) selected, and as the
Intake --- INT 1.2
have a dynamic use progresses through the application information they
FR- --- Member Appendix
user-interface and Out of Release provide further drives the data collection questions. The
INT- Portal/Mobile Intake H 3, Section
workflow based on the Box 2 questions are also dynamically queues based on gender,
008 Application 1.1.4
information provided age and details of specific questions are only queued based
Information
by the user. on the members responding as 'yes' to the questions at the
summary level.

310
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

Our member portal provides the ability to the following data

as part of application/case information.1. Address of the
The Solution shall
applicant.2. Authorized Representative Information.3.
have the ability to Intake --- INT 1.2
The Person Information including the members seeking
FR- capture --- Member Appendix
200.03 Applicat Out of Release assistance.4. Relationship Details of Household Members5.
INT- application/case Portal/Mobile Intake H 3, Section
0 ion the Box 2 Earned and Unearned Income Details6. Resources7.
009 information through Application 1.1.4
Process Expenses7. MCO and Health coverage details.Our NextGen
the online member Information
member portal has been approved by CMS and FNS. It
portal.
also captures data in accordance with the single streamlined
application.

The Solution shall

Intake --- INT 1.2 Our proposed NextGen solution utilizes error and warning
have the ability to
FR- --- Member Appendix messages to prevent the entry of invalid data, such as
prohibit the use of Out of Release
INT- Portal/Mobile Intake H 3, Section special characters. Our solution has out of box capabilities
special characters, the Box 2
010 Application 1.1.4 to handle the error scenarios. The restrictions present are
as defined by the
Information reviewed with the state during the design sessions.
State.

Member Portal /
Mobile
Application
Information ---
The Solution shall
INT 1.2.1 ---
allow
Access the The online member portal provides the users the ability to
FR- applicant/member to Appendix
Member Portal Out of Release view case and application data online. This includes the
INT- view application Intake H 3, Section
and Provide the Box 2 status of a submitted application, current and previous
011 status, coverage, 1.1.3.1
Account benefits coverages, and notices.
and notices through
Credentials to
an online channel.
Submit
Application /
Change of
Circumstance

311
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

Our solution provides the ability for members to submit an

Member Portal / application for Medical Assistance using the member portal.
Mobile Our solution also provides the capability to report the
Application following changes online.
The Solution shall Information --- - Change of Address
allow INT 1.2.1 --- - Members moving into the household
applicant/member Access the The - Members moving out of the household including deceased.
FR- Appendix
ability to Member Portal 200.03 Applicat Out of Release - Change in Citizenship and Immigration status
INT- Intake H 3, Section
submit/update and Provide 0 ion the Box 2 - Change of circumstances with pregnancy information on
012 1.1.3.1
application or report Account Process the case
changes through an Credentials to - Change in marital status
online channel. Submit - Change in Healthcare and Other Medicaid Coverage
Application / - Change in Income and Resources
Change of - Change in Bills and Expenses
Circumstance - Change in Authorized Representative data
- Request for Withdrawal or Closure.

The Solution shall

have the ability to
Member Portal /
display State- Our proposed solution provides the ability to display the
Mobile Confide
FR- specific content that Appendix data confidentiality information upon login to the member
Application 200.00 ntiality Out of Release
INT- informs the Intake H 3, Section portal. Our solution currently prompts the user to read and
Information --- 5 and the Box 2
013 consumer/applicant 1.1.3.2 acknowledge this information upon signing into the member
INT 1.2.2 --- Privacy
regarding the portal.
Display login
confidentiality of
their data.
The Solution shall
have the ability to Member Portal /
Our solution currently prompts the members to read and
display privacy Mobile
FR- Appendix acknowledge this information upon signing into the member
notifications, Application Out of Release
INT- Intake H 3, Section portal. It provides the ability to display the privacy
including Section Information --- the Box 2
014 1.1.3.2 notification and section 508 compliance notifications upon
508 compliance INT 1.2.2 ---
login to the member portal.
notifications, as Display login
defined by the State.
The Solution shall Member Portal /
have the ability to Mobile
FR- Appendix Our proposed solution validates the user at each login and
notify the Application Out of Release
INT- Intake H 3, Section informs the user if the information is incorrect or does not
applicant/member if Information --- the Box 2
015 1.1.3.2 exist.
an account does not INT 1.2.2 ---
exist. Display login

312
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
have the ability to
automatically Member Portal /
deactivate a user Mobile Our proposed solution has the ability to automatically
FR- Appendix
account if there has Application Out of Release deactivate users that have not logged in for a specified
INT- Intake H 3, Section
been no recent log- Information --- the Box 2 period of time. Our solution also has the capability to
016 1.1.3.2
in based on INT 1.2.2 --- configure the period of inactivity.
configurable time Display login
frame as defined by
the State.
The Solution shall
Member Portal /
have the ability to Our solution will allow specific user roles the ability to
Mobile
FR- allow user roles, as Appendix manually deactivate a user login for members using the
Application Custom - Release
INT- defined by the State, Intake H 3, Section worker portal. The Self Service module in our worker portal
Information --- Easy 2
017 to manually 1.1.3.2 will have a new screen that will allow the users to achieve
INT 1.2.2 ---
deactivate a user this functionality.
Display login
login.

The Solution shall Once a user is logged into their member portal account,
display all current they can view all default or current preferences using the
Member Portal /
user specified Member Portal's Manage Preferences Screen. The screen
Mobile
FR- preferences (if Appendix also allows members to add or update the following
Application Out of Release
INT- existing) or default Intake H 3, Section preferences
Information --- the Box 2
018 preferences (if none 1.1.3.2
INT 1.2.2 ---
exist) and allow the - receive notifications by mail
Create Account
user to confirm or - receive notifications by email
change preferences. - receive notifications by text messages

313
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
allow a client to
specify or update
their preferences.
Preferences may
Our proposed solution allows a member to update their
include, but are not
preferences from within their account using the Manage My
limited to:
Account module in member portal. Our solution provides the
following capabilities
i. Preferred method
of communication
i. Allow members to update their method of communication
(e.g., e-mail, SMS,
Member Portal / to one of the three values email, SMS and telephone
phone, etc.)
Mobile number.
FR- Appendix
Application Custom - Release ii. Allow members to opt in and opt out of receiving
INT- ii. Subscription to Intake H 3, Section
Information --- Easy 2 notifications using email and SMS.
019 alerts and 1.1.3.2
INT 1.2.3 --- iii. Allow members to capture the notification type if they
notifications (e.g.,
Create Account choose to opt in for notifications. Our solution provides
changes to client
capability to send notifications by email and SMS.
record, new
iv. Our solution will be customized to capture the member's
messages, referral
language preference to one of the two values - English and
changes, etc.)
Spanish. Once the preferences are updated, our solution
can be customized to create an task to the worker to update
iii. Notification types
the language information using worker portal.
desired
iv. Language
preference including
notification
(Spanish/English)
The Solution shall
Member Portal /
generate a
Mobile After preferences are updated, the solution confirms the
FR- notification to the Appendix
Application Out of Release update to the user and notifies the user that their
INT- user that the Intake H 3, Section
Information --- the Box 2 preferences have been updated by either sending an email
020 personal 1.1.3.2
INT 1.2.3 --- confirmation or by sending a text message.
preferences have
Create Account
been updated.
The Solution shall Member Portal /
have the ability to Mobile
FR- provide account Application Appendix Our proposed solution provides account confirmation and
Out of Release
INT- confirmation and Information --- Intake H 3, Section sends notifications to users based on their selected
the Box 2
021 send notification to INT 1.2.4 --- 1.1.3.2 preference for notification type.
the user based on Account
user preferences. Confirmation
Member Portal /
The Solution shall Mobile
FR- have the ability for Application Appendix
Out of Release Our proposed solution allows the applicant to provide their
INT- the applicant to Information --- Intake H 3, Section
the Box 2 user name and password prior to accessing the portal.
023 provide login INT 1.2.6 --- 1.1.3.2
information. Provide Login
Credentials

314
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

Our proposed solution has built in functionality for allowing

Member Portal / the members to retrieve their user ID and reset their
The Solution shall Mobile password. The members can retrieve the user ID by
FR- have the ability for Application Appendix entering their case information like SSN, Date of Birth and
Out of Release
INT- the applicant to Information --- Intake H 3, Section Client ID. The members can reset the password either using
the Box 2
024 retrieve or reset user INT 1.2.6 --- 1.1.3.2 their secret questions entered at the time of account
id/password. Provide Login creation online or preferring to receive their temporary
Credentials password to their preferred method of communication
(email/SMS)

Member Portal /
Mobile Our solution provides the capability for the members to
The Solution shall
FR- Application Appendix enter their username and password on the login screen.
have the ability to Out of Release
INT- Information --- Intake H 3, Section Once the member enters the data, our solution provides the
validate the login the Box 2
025 INT 1.2.7 --- 1.1.3.2 authenticates the information by connecting with the active
credentials.
Validate Login directory.
Credential
The Solution shall Member Portal /
Our proposed solution has functionality to restrict access to
have the ability to Mobile
the portal based on number of failed attempts. This
FR- restrict the applicant Application Appendix
Out of Release number is configurable and defined during the design
INT- from logging in after Information --- Intake H 3, Section
the Box 2 sessions. The number of remaining attempts is also
026 reaching maximum INT 1.2.7 --- 1.1.3.2
displayed to the member to prevent them from getting their
number of invalid Validate Login
account locked.
login attempts. Credential
Member Portal /
The Solution shall After validating the login credentials, our proposed solution
Mobile
have the ability to routes the user to the Check my Benefits page following the
FR- Application Appendix
automatically direct Out of Release acceptance of the confidentiality and privacy agreement.
INT- Information --- Intake H 3, Section
a user to a landing the Box 2 The Check My benefits page allows the members to apply
027 INT 1.2.8 --- 1.1.3.2
'Home' page upon a for a new application and also to check the status of their
Direct to Home
successful log-in. benefits.
Page
The Solution shall
Member Portal /
provide guidance on
Mobile
the Member Portal
FR- Application Appendix Our proposed solution incorporates guidance in the member
regarding how to 200.05 Configur Release
INT- Information --- Intake H Appeals 3, Section portal on how to appeal a decision via static text as defined
appeal a decision, 5 ation 2
028 INT 1.2.8 --- 1.1.3.2 by the State.
either via static text
Direct to Home
or a link to static
Page
text.
Member Portal /
The Solution shall
Mobile
allow an online
Application Our proposed solution provides the ability to resume a
FR- applicant/member to Appendix
Information --- Out of Release previously started application. Our solution also provides the
INT- retrieve an Intake H 3, Section
INT 1.2.9 --- the Box 2 capability to take the members to the page where they had
029 application that was 1.1.4
Open an Existing left while saving the application.
saved for additional
Application/COC/
data collection prior
Link Document

315
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
to submission or re-
saving.

Member Portal /
The Solution shall Our member portal provides the ability for the members to
Mobile
allow an online navigate to sections previous completed by using our
Application
FR- applicant/member to Appendix summary screens that get queued up after every logical unit
Information --- Out of Release
INT- navigate to sections Intake H 3, Section like person, income, expenses and resources. Members will
INT 1.2.9 --- the Box 2
030 previously 1.1.4 be able to navigate to the screens using the navigation
Open an Existing
completed without module displayed on top of all our screens and also using
Application/COC/
losing data entered. the back and next buttons on all member portal screens.
Link Document

As defined in requirement FR-INT-008 our solution provides

The Solution shall Member Portal / the capability of a dynamic user interface that allows
provide a Mobile queuing of questions based on the user input and also on
mechanism to Application other parameters like gender and age. Once the data for
FR- Appendix
manually Information --- Out of Release the required questions are captured our solution provides
INT- Intake H 3, Section
navigate/skip to any INT 1.2.9 --- the Box 2 the ability to navigate manually to all screens they have
031 1.1.4
screens that the Open an Existing access to, using the navigations tool that is available on top
user is authorized to Application/COC/ of all our member portal screens. This feature allows the
access. Link Document members to skip the data for screens they have already
entered.

The Solution shall Member Portal / Our proposed solution provides a mechanism for document
allow Mobile upload through the member portal. The solution provides
member/applicants Application the capability for members to upload documents after
FR- Appendix
to attach documents Information --- 200.03 Verificat Out of Release submitting an application, change report or renewal online
INT- Intake H 3, Section
(including but not INT 1.2.9 --- 5 ion the Box 2 through the member portal's Document Upload Capability
032 1.1.4.1
limited to verification Open an Existing module. The solution also provides the capability to upload
proof documents) to Application/COC/ pending verification documents through the Check My
a case/individual. Link Document Benefits module in our solution.

316
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

Search for Our proposed solution allows users with specific access to
The Solution shall
Existing update the metadata of documents using the Document
allow user roles, as
FR- Application/Case Appendix Inquiry and Re-index screen. This allows users to reassign
defined by the State, Out of Release
INT- --- INT 1.3.5 --- Intake H 3, Section documents at the case and individual level. Our solution
to reassign the Box 1
033 Open an Existing 1.1.4.1 also provides the capability to automatically reassign
documents from a
Application/COC/ documents the documents to the new case, when members
case/ individual.
Link Document move from one case to the other.

Member Portal /
The Solution shall Mobile
allow Application Our proposed member portal solution allows members to
FR- Appendix
members/applicants Information --- Out of Release preview and delete uploaded documents before final
INT- Intake H 3, Section
to delete documents INT 1.2.9 --- the Box 2 submission. A summary screen is queued up for the
034 1.1.4.1
from an Open an Existing members to accomplish this functionality.
individual/case. Application/COC/
Link Document

Our proposed solution allows specific worker portal users to

The Solution shall Search for update the metadata of documents as defined in
allow user roles, as Existing requirement # FR-INT-033. The worker portal's Document
FR- defined by the State, Application/Case Appendix Re-index Screen also allows users to mark a document for
Out of Release
INT- to delete or reassign --- INT 1.3.5 --- Intake H 3, Section deletion. This functionality only removes the document
the Box 1
035 documents from an Open an Existing 1.1.4.1 reference from the member and does not physically delete
individual application Application/COC/ the document from ECM. All the delete and update
or eligibility case. Link Document transactions are also captured in our audit log and can be
viewed by the users using the Case Action History screen.

Member Portal /
The Solution shall
Mobile
have the ability to Our solution has the ability to accept medical bills for
Application
FR- accept medical bills Appendix Medically Needy applicants and Medical Packets along with
Information --- Out of Release
INT- for Medically Needy Intake H 3, Section all other types of documents. Our member portal's
INT 1.2.9 --- the Box 2
036 applications and 1.1.4.1 Document Upload Capability module allows users to choose
Open an Existing
Medical Packet for specific document types including medical bills.
Application/COC/
TennCare Standard.
Link Document

Member Portal / Our member portal allows members to upload documents to

Mobile an application or case. The members portal allows the
The Solution shall
Application capability to upload the documents for all individuals
FR- provide capability to Appendix
Information --- Out of Release belonging to the case or application. Our member portal
INT- link a document to Intake H 3, Section
INT 1.2.9 --- the Box 2 also provides the capability to automatically filter the
037 multiple members 1.1.4.1
Open an Existing document types based on the category. For example our
and cases.
Application/COC/ document would list a subset of document related to income
Link Document for cases where an income verification is required.

317
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
Member Portal /
The Solution shall Mobile
Our proposed solution allows members to update to
allow Application
FR- Appendix add/remove/change a document type description before the
member/applicants Information --- Out of Release
INT- Intake H 3, Section final submission. Our summary screen provides the
to add, remove, or INT 1.2.9 --- the Box 2
038 1.1.4.1 capability to preview and update the document type
change document Open an Existing
description based on document categories.
type descriptions. Application/COC/
Link Document

Our proposed solution provides the capability for changes in

circumstance to be reported through the online portal. Our
The Solution shall solution captures details including the type of change,
Member Portal /
provide the effective date of change. Our solution provides the capability
Mobile
capability for online to report the following changes online.- Change of Address-
Application The
FR- applicants/member Appendix Members moving into the household- Members moving out
Information --- 200.03 Applicat Out of Release
INT- to enter or report Intake H 3, Section of the household- Change in Citizenship and Immigration
INT 1.2.9 --- 0 ion the Box 2
039 changes of 1.1.3.1 status- Change of circumstances with pregnancy
Open an Existing Process
circumstances information on the case- Changes with school enrollment-
Application/COC/
through the online Change in marital status- Change in Healthcare and Other
Link Document
portal. Medicaid Coverage- Change in Income and Resources-
Change in Bills and Expenses- Change in Authorized
Representative data- Request for Withdrawal or Closure.

Member Portal /
The Solution shall Applications submitted through the online portal have the
Mobile
FR- allow Appendix opportunity to be reviewed and updated prior to submission.
Application Out of Release
INT- member/applicants Intake H 3, Section Following submission, a printable PDF of the application
Information --- the Box 2
040 to review, update, or 1.1.4 data entered is available for print and stored in the user's
INT 1.2.9 ---
print an application. account.
Open an Existing

318
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
Application/COC/
Link Document

Member Portal / Our solution provides the ability for a customer to request
The Solution shall Mobile an application withdrawal before submission if they wish to
allow Application The retract their application. Furthermore, applications not
FR- Appendix
member/applicants Information --- 200.03 Applicat Out of Release submitted will be purged from the user's account after a
INT- Intake H 3, Section
to withdraw an INT 1.2.9 --- 0 ion the Box 2 specified period of time, as defined by the State. Once an
041 1.1.4
application, before Open an Existing Process application is submitted our solution provides the capability
or after submission. Application/COC/ for members to request a withdrawal or closure using the
Link Document online change reporting module.

Member Portal /
Mobile The
Application State
The Solution shall
Information --- shall plan
interface with the Our proposed solution provides the ability to interface with
INT 1.2.9 --- to re-use,
Electronic Content state's IBM Filenet Electronic Content Management system
Open an Existing Electroni where
FR- Management Appendix to access and display case and member documents and
Application/COC/ c Content possible, Out of Release
INT- system(s) to access H 3, Section notices. Our solution provides web services that can be
Link Document Manage the the Box 2
042 and display 1.1.4.1 integrated with FileNet 1. Add document, 2. View Document,
Eligibility ment currently
documents and 3.Update Document, 4.Search Document, and 5. Re-Index
Determination --- utilized
notices related to Documents, which are available to FileNet on Day 1.
ED 1.6 --- ECM
members and cases.
Assess tool,
Verification FileNET.
Information
The Solution shall
Member Portal /
allow an online
Mobile
applicant/members
FR- Application Appendix Our online application will allow an online applicant/member
to enter income, Out of Release
INT- Information --- Intake H 3, Section to enter income, resource, and other asset data consistent
resource, and other the Box 2
043 INT 1.2.10 --- 1.1.4 with program policy.
asset data
Create a New
consistent with
Application
program policy.
Worker/Partner
The Solution shall Our solution provides the capability to capture the
Portal Application
FR- have the ability to Appendix applicant's Managed Care Organization (MCO) preference
Information --- Out of Release
INT- capture Intake H 3, Section while submitting an application for HealthCare. Our solution
INT 1.2.10 --- the Box 2
044 applicant/member 1.1.4 has the capability to configure the MCO's specific to State of
Create a New
MCO preference. Tennessee.
Application

319
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
Member Portal /
The Solution shall Mobile
FR- allow an online Application Appendix
Out of Release The online portal allows the applicant to save an application
INT- applicant/member to Information --- Intake H 3, Section
the Box 2 for a specified period of time prior to submission.
045 save an application INT 1.2.10 --- 1.1.4
without submitting it. Create a New
Application
Member Portal /
Mobile NextGen applications are all electronically signed prior to
The Solution shall The
FR- Application Appendix submission by capturing the applicant's name and date
have the ability to 200.03 Applicat Out of Release
INT- Information --- Intake H 3, Section attesting to agreement of state specific rights and
capture a digital 0 ion the Box 2
046 INT 1.2.10 --- 1.1.4 responsibilities. This method has been implemented in other
signature. Process
Create a New states by Deloitte and is approved by CMS.
Application

NextGen' s built in features help guide applicants through

The Solution shall the data collection process. Our proposed solution uses
Member Portal /
provide interactive error and warning message to prompt the user and prevent
Mobile
capability to present The the entry of incorrect or incomplete data. Additionally our
FR- Application Appendix
applicants with 200.03 Applicat Out of Release solution provides the capability to collect data at the
INT- Information --- Intake H 3, Section
prompts to efficiently 0 ion the Box 2 individual level and display the information collected at a
047 INT 1.2.10 --- 1.1.4
gather additional Process summary at the end of all logical areas like person, income
Create a New
information when and resources. Our solution also provides icons with the
Application
required. member names at our question level pages, helping the
members interactively to capture data.

The Solution shall

provide a Member Portal /
mechanism to define Mobile
The
FR- required and Application Appendix Our solution is configurable to define required and optional
200.03 Applicat Out of Release
INT- optional fields, Information --- Intake H 3, Section fields, including default values, based on your specific
0 ion the Box 2
048 including default INT 1.2.10 --- 1.1.4 program rules.
Process
data values as Create a New
applicable, based on Application
program rules.
The Solution shall
provide field level Member Portal /
help for each online Mobile
FR- application data Application Appendix Our proposed solution is configurable to provide field level
Out of Release
INT- element that Information --- Intake H 3, Section help for online application data elements through the use of
the Box 2
049 includes description INT 1.2.10 --- 1.1.3.1 hover text, as allowable by 508 compliance standards.
and required format Create a New
in the form of pop- Application
up/hover.

320
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
provide static text on Member Portal / Our proposed member portal solution has the capability to
the web and Mobile support static text in two languages English and Spanish.
FR- application in Application Appendix Our solution provides the capability to enter a Spanish text
Out of Release
INT- languages defined Information --- Intake H 3, Section the state provides along with their English equivalent. Our
the Box 2
050 by the State, INT 1.2.10 --- 1.1.3.1 solution also allows members to dynamically switch
including: Create a New between the two languages using the language link
i. English Application displayed on all member portal screens.
ii. Spanish

Our solution supports the ability to apply for Medicaid, CHIP,

and multiple public assistance programs. We recognize that
Member Portal /
the state intends to expand the member portal to support
The Solution shall Mobile
The SNAP, TANF and Child Care. Our solution has supported
FR- allow applicant to Application Appendix
200.03 Applicat Out of Release the ability for a member to apply for SNAP, TANF and Child
INT- apply for multiple Information --- Intake H 3, Section
0 ion the Box 2 Care in addition to Medicaid in other states. The member
051 public assistance INT 1.2.10 --- 1.1.4
Process portal that we propose to implement in Tennessee will
programs online. Create a New
contain this capability which can be extended to support
Application
Tennessee specific application requirements for these
public assistance programs.

The Solution shall Member Portal /

allow applicants to Mobile
The
FR- apply for multiple Application Appendix
200.03 Applicat Out of Release NextGen will allow applicants to apply for multiple programs
INT- programs in person, Information --- Intake H 3, Section
0 ion the Box 2 in person, through mail, fax, online or call centers.
052 through mail, fax, INT 1.2.10 --- 1.1.1
Process
online or call Create a New
centers. Application

The Solution shall If the

be capable of newly
accepting a newly submitte
submitted d
application for applicatio
healthcare and n is for
Member Portal / Our proposed member portal solution allows members to
process it as a MSP or
Mobile submit for applications and does not restrict the members
change of The LTSS,
FR- Application Appendix under any circumstances. Once the applications are
circumstance when: 200.03 Applicat then the Out of Release
INT- Information --- Intake H 3, Section submitted, our worker portal has the capability to process
i. The applicant is a 0 ion applicatio the Box 2
053 INT 1.2.10 --- 1.1.4 the application as a change if the member is already
member who is Process n would
Create a New receiving benefits. Our file clearance process enables the
receiving existing not be
Application user identify if the members are already on benefits.
benefits, or consider
ii. The applicant has ed a
an online account change
and previously of
submitted healthcare circumst
applications. ance.

321
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall Member Portal /
As defined in requirement FR-INT-036, our solution has the
have the ability to Mobile
ability to accept medical bills for Medically Needy applicants
FR- accept a completed Application Appendix
Out of Release and Medical Packets along with all other types of
INT- document regarding Information --- Intake H 3, Section
the Box 2 documents. Our member portal's Document Upload
054 an individual's INT 1.2.10 --- 1.1.4.1
Capability module allows users to choose specific document
medical records or Create a New
types including medical bills.
medical bills. Application

Member Portal / Our proposed solution allows members/applicants to submit

Mobile an application through member portal online. Our member
The Solution shall
Application The portal will capture data that can be used to evaluate
FR- allow Appendix
Information --- 200.03 Applicat Out of Release members for all categories of medical assistance benefits
INT- member/applicants Intake H 3, Section
INT 1.2.11 --- 0 ion the Box 2 listed in the RFQ. Once an application is submitted our
055 to submit an 1.1.4
Submit Process solution also provides the capability to treat the application
application.
Application / as a change if the member is already receiving benefits
Update Case through our file clearance module in worker portal.

Member Portal /
Mobile
The Solution shall
Application
FR- assign a Appendix
Information --- Out of Release Upon application submission, our proposed solution assigns
INT- configurable unique Intake H 3, Section
INT 1.2.11 --- the Box 2 each application a unique application identifier.
056 identifier for each 1.1.4
Submit
application recorded.
Application /
Update Case
The Solution shall
Member Portal /
have the ability to
Mobile
automatically
Application
FR- remove an in- Appendix
Information --- Out of Release In-progress applications are purged from our proposed
INT- progress application Intake H 3, Section
INT 1.2.11 --- the Box 2 solution based on the timeframe defined by the State.
057 based on a 1.1.4
Submit
configurable
Application /
timeframe, as
Update Case
defined by the State.

The Solution shall

have the ability to Member Portal / Our proposed solution is customizable to generate a
alert Mobile notification to an applicant based on their preferred method
applicants/members Application of communication if their un submitted applications is in
FR- Appendix
prior to their un- Information --- Custom - Release jeopardy of being discarded by the system. However for this
INT- Intake H 3, Section
submitted INT 1.2.11 --- Easy 2 to be achievable the applicant must provide a preferred
058 1.1.4
application being Submit method of communication. After a specified duration of days
deleted at the end of Application / from when the communication is sent out a batch process
the State-defined Update Case will discard un submitted applications.
time period.

322
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall Member Portal /
have the ability to Mobile
prohibit the Application The Our proposed solution makes use of error and warning
FR- Appendix
submission of an Information --- 200.03 Applicat Out of Release messages to prohibit the submission of an application that
INT- Intake H 3, Section
application that does INT 1.2.11 --- 0 ion the Box 2 does not include all State defined mandatory fields for each
059 1.1.4
not contain all Submit Process program.
mandatory fields, as Application /
defined by the State. Update Case
Member Portal /
The Solution shall
Mobile
have the ability to
Application
FR- alert the Appendix Our proposed member portal solution makes use or error
Information --- Out of Release
INT- member/applicant Intake H 3, Section and warning messages to alert the member when
INT 1.2.11 --- the Box 2
060 when incomplete or 1.1.4 incomplete or invalid data is entered.
Submit
invalid data is
Application /
entered.
Update Case
Member Portal / For Release 2, our member portal provides summary
The Solution shall
Mobile screens at the end of each module to review application
present the
Application information prior to submission.
FR- applicant/worker Appendix
Information --- Out of Release
INT- with a summary view Intake H 3, Section
INT 1.2.11 --- the Box 2 For Release 1, our worker portal also provides the summary
061 of the information 1.1.4
Submit module for the worker at the end of each module, allowing
entered prior to
Application / the users to view a summary of the information entered and
submission.
Update Case also to update and delete the data entered.
Member Portal /
The Solution shall
Mobile
allow an online
Application Online applicants are able to review all data entered in their
FR- applicant to review Appendix
Information --- Out of Release online application prior to submitting. After submission, the
INT- the current Intake H 3, Section
INT 1.2.11 --- the Box 2 solution generates a PDF of the application data entered
062 application before 1.1.4
Submit that is available for review and printing.
and after formal
Application /
submission.
Update Case

The Solution shall

Member Portal / Our proposed solution has a robust signature page that
require the
Mobile includes all State defined affirmations an agreements. The
applicant/member to
Application The signature page displays all the required state defined
FR- agree to all required Appendix
Information --- 200.03 Applicat Out of Release agreements for the members and also captures the member
INT- affirmations and Intake H 3, Section
INT 1.2.11 --- 0 ion the Box 2 first name, middle initial and last name as an indication of
063 agreements, as 1.1.4
Submit Process his digital signature. This page is reviewed carefully during
defined by the State,
Application / the design sessions, as requirements often vary between
prior to submitting
Update Case states.
an application.

323
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
provide the ability to
automatically and
Our proposed solution allows all information collected from
manually collect,
paper applications to be uploaded to the Electronic Content
update, and manage
Intake --- INT 1.3 Management system for use in the intake process. The
FR- information about Appendix
--- Mail/Fax Configur Release solution uses the OCR capabilities to populate data and also
INT- applicant/member Intake H 3, Section
Application ation 1 allows users to manually enter data from the paper
064 population from 1.1.7
Information applications. Data entered during the intake process from
paper applications
the paper application is collected, updated, and managed
(delivered through
throughout the lifecycle of the application and case.
mail or in person) to
be used in the intake
process.
Mail/Fax
Application
Information ---
INT 1.3.2 ---
Receive
application/ The
Verification State
Request for shall plan Documentation that is mailed, faxed, or e-faxed is received
The Solution shall Verification --- to re-use, and scanned through our proposed IBM Datacap scanning
have the ability to ED 1.7.4 --- Electroni where and indexing solution. Once the documents are scanned our
FR- Appendix
receive and store Receive c Content possible, Out of Release solution will store the document using state's existing IBM
INT- H 3, Section
documentation Information Manage the the Box 1 Filenet Electronic Content Management (ECM) system. Our
066 1.1.7.1
received via mail, Post-Eligibility ment currently member, partner, worker portal also provides the capability
fax or e-faxed. Verifications --- utilized to interface with the state's ECM to retrieve and display the
CM 1.2.9 --- ECM documents to members, partners and users respectively.
Member Sends tool,
Information FileNET.
Post-Eligibility
Verifications ---
CM 1.2.10 ---
Receive
Information

324
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
Mail/Fax
Application
Information ---
INT 1.3.3 ---
Scan and Index
Document
Request for
Verification ---
ED 1.7.5 ---
Store Provided
Information
Post-Eligibility
Verifications ---
The Solution shall Our proposed IBM DataCap solution provides scanning and
CM 1.2.11 ---
FR- have the ability to Documen Appendix indexing capabilities to the State of Tennessee users The
Store Information Out of Release
INT- scan documentation t H 3, Section IBM Datacap solution also seamless integrates with the
Received the Box 1
067 and store document Scanning 1.1.7.1 NextGen solution for creating tasks and the state's IBM
Appeals Intake --
images. Filenet solution for storing and retrieving documents.
- AP 1.1.1.4 ---
Scan, Index, and
Assign Type
Appeals Intake --
- AP 1.1.1.6 ---
Supplemental
Data Entry
ART/AIR --- AP
1.1.3.4 ---
Consolidate
Information
Associated with
Appeal
Mail/Fax
Application
Information ---
INT 1.3.3 --- The
Scan and Index State
Document shall plan Our proposed IBM Datacap solution allows users to
The Solution shall
Appeals Intake -- to re-use, configure metadata of scanned documents such as
have the ability to
- AP 1.1.1.4 --- Electroni where document title, case number, client ID, first name, last
FR- capture defining Appendix
Scan, Index, and c Content possible, Out of Release name, office name etc. Our proposed solution provides the
INT- characteristics H 3, Section
Assign Type Manage the the Box 1 capability to automatically populate the metadata for
068 (metadata) of 1.1.7.3
Appeals Intake -- ment currently documents using OCR capabilities. Our solution also allows
scanned
- AP 1.1.1.6 --- utilized users indexing documents to record the metadata for all
documentation.
Supplemental ECM scanned documents manually.
Data Entry tool,
ART/AIR --- AP FileNET.
1.1.3.4 ---
Consolidate
Information

325
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
Associated with
Appeal

Mail/Fax
Application
Information ---
INT 1.3.3 ---
Scan and Index The
Document State
Appeals Intake -- shall plan
- AP 1.1.1.4 --- to re-use,
The Solution shall Our IBM DataCap scanning solution captures the date and
Scan, Index, and Electroni The where
FR- have the ability to Appendix timestamp of the scanned documents in the format
Assign Type c Content 200.03 Applicat possible, Out of Release
INT- electronically date H 3, Section preferred by the state. This information is also transferred to
Appeals Intake -- Manage 0 ion the the Box 1
069 and time stamp 1.1.7.5 the NextGen solution and is available for the users to be
- AP 1.1.1.6 --- ment Process currently
scanned documents. viewed on the worker portal.
Supplemental utilized
Data Entry ECM
ART/AIR --- AP tool,
1.1.3.4 --- FileNET.
Consolidate
Information
Associated with
Appeal
Mail/Fax
Application
Information ---
INT 1.3.3 ---
The Solution shall Scan and Index
have the ability to DocumentAppeal Our proposed IBM DataCap solution provides the state with
FR- Documen Appendix
configure recognition s Intake --- AP Configur Release the ability to configure the out of box tool with OCR
INT- t M 3, Section
thresholds 1.1.1.4 --- Scan, ation 2 threshold limits. The Configuration capabilities include
070 Scanning 1.1.7.4
associated with Index, and removal of spaces, skip recognition and spell check options.
OCR capability. Assign
TypeAppeals
Intake --- AP
1.1.1.6 ---
Supplemental

326
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
Data
EntryART/AIR ---
AP 1.1.3.4 ---
Consolidate
Information
Associated with
Appeal

Mail/Fax
Application
Information ---
INT 1.3.3 ---
Scan and Index The
Document State
Appeals Intake -- shall plan
Our solution provides the State of Tennessee workers the
- AP 1.1.1.4 --- to re-use,
The Solution shall capability to search documents by using the Worker Portal.
Scan, Index, and Electroni where
FR- allow searching of Appendix Our solution makes use Document Inquiry Screen in
Assign Type c Content possible, Configur Release
INT- documents by M 3, Section Worker Portal to search and view documents. The
Appeals Intake -- Manage the ation 1
071 document type and 1.1.7.7 documents for a specific case can also be viewed using the
- AP 1.1.1.6 --- ment currently
sub-type. Electronic Case File option that is available to the users on
Supplemental utilized
all Data Collection screens.
Data Entry ECM
ART/AIR --- AP tool,
1.1.3.4 --- FileNET.
Consolidate
Information
Associated with
Appeal
The
Mail/Fax State
Application shall plan
Information --- to re-use,
The Solution shall
INT 1.3.3 --- Electroni where
FR- assign a Appendix Each document that gets scanned using our proposed IBM
Scan and Index c Content possible, Out of Release
INT- configurable unique H 3, Section DataCap solution will have a unique identifier that gets
Document Manage the the Box 1
072 identifier to each 1.1.7.6 associated with it.
Appeals Intake -- ment currently
scanned document.
- AP 1.1.1.4 --- utilized
Scan, Index, and ECM
Assign Type tool,
FileNET.

327
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

Our proposed solution has the capability of recognizing and

capturing various types of data from the scanned image
Mail/Fax document. The solutions can capture below types of data
Application from the image file
The Solution shall
Information ---
have Optical
INT 1.3.4 --- 1. Hand written – using intelligent character recognition
Character
Validate (ICR) engine
FR- Recognition (OCR) Documen Appendix
Scanned Out of Release 2. Machine printed – using optical character recognition
INT- capability to read the t M 3, Section
Documents the Box 2 (OCR) engine
073 scanned documents Scanning 1.1.7.2
Appeals Intake -- 3. Checkbox marking – using optical mark recognition
and associate the
- AP 1.1.1.5 --- (OMR) engine
data with an
Validate 4. Barcodes
application/case.
Scanned
Documents For documents that cannot be recognized using the OCR,
our solution provides the capability to route them to a
specific queue, so that users can manually index the same.

Mail/Fax
Application
Information --- Our proposed IBM DataCap solution will allow users to
The Solution shall
INT 1.3.4 --- validate the scanned documents using the verify panel.
allow user roles, as
Validate Once the scanning process is complete, our NextGen
FR- defined by the State, Documen Appendix
Scanned Out of Release worker portal will also allow the users to view the documents
INT- to validate the t H 3, Section
Documents the Box 1 from either the Inbox or the Document Inquiry Screen. Our
074 scanned Scanning 1.1.7.8
Appeals Intake -- solution's role based access capability can also be used to
application/documen
- AP 1.1.1.5 --- grant and remove access to specific users to perform
t.
Validate document search/view capabilities.
Scanned
Documents
Mail/Fax
Application
Information ---
The Solution shall INT 1.3.4 ---
allow user roles, as Validate Document Re-index screen in our solution will allow users
defined by the State, Scanned with access to update metadata information such as case
FR- Documen Appendix
to edit/update a Documents Out of Release number, client ID etc. Our solution will also integrate with
INT- t H 3, Section
scanned Appeals Intake -- the Box 1 the state's IBM Filenet repository to update the metadata
075 Scanning 1.1.7.8
applications/docume - AP 1.1.1.4 --- information back. This will keep the data from both systems
ntation and its Scan, Index, and to be consistent.
metadata. Assign Type
Appeals Intake --
- AP 1.1.1.5 ---
Validate

328
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
Scanned
Documents

Mail/Fax
The Solution shall Application
FR- allow user roles, as Information --- Appendix Our solution provides the capability for authorized users to
Out of Release
INT- defined by the State, INT 1.3.5 --- Intake H 3, Section do a member search using the Person Search Screen in our
the Box 1
076 to search for Search for 1.1.6.3 worker portal.
members. Existing
Application/Case
The Solution shall
allow users roles, as
defined by the State,
to search using
criteria that may
include, but is not
limited to:

1. First name (partial Search for

name) Existing
Our proposed solution has a robust search criteria, including
Application/Case The
FR- Appendix : first name (partial search), last name (partial search), date
2. Last name (partial --- INT 1.3.5.1 --- 200.03 Applicat Out of Release
INT- Intake H 3, Section of birth/age, social security number, address, unique
name) Enter Information 0 ion the Box 1
077 1.1.6.3 identifier (i.e. application number), household members
to Search for Process
using our Person Search screen in our worker portal.
3. Date of birth / age Existing
Application

4. Social security
number

5. Address

6. Unique Identifier
7. Any Member in a
Household
Search for
The Solution shall Our solution generates an application number upon
FR- Existing Appendix
have the capability Out of Release application submission which can be used to search for a
INT- Application/Case Intake H 3, Section
to search for an in- the Box 1 submitted, in progress, or complete application using our
078 --- INT 1.3.5.1 --- 1.1.6.3
progress application Application Inquiry Screen in worker portal
Enter Information

329
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
through an to Search for
application ID. Existing
Application

Search for
Existing Searches within NextGen Worker Portal can be performed
The Solution shall
Application/Case using single or multiple data criteria. All our inquiry screens
FR- allow a search Appendix
--- INT 1.3.5.1 --- Out of Release provide search options (text boxes, dropdowns and check
INT- based on one single Intake H 3, Section
Enter Information the Box 1 boxes) on the top of the screens with a summary of the
079 criteria or multiple 1.1.6.3
to Search for results in the bottom. Our solution provides the capability for
search criteria.
Existing the users to search using one or more of the search options.
Application
Search for
Existing
The Solution shall
Application/Case
FR- allow user roles, as Appendix Our proposed solution can be customized to save search
--- INT 1.3.5.1 --- Custom - Release
INT- defined by the State, Intake M 3, Section criteria commonly used by certain user roles. This allows for
Enter Information Easy 1
080 to save their search 1.1.6.3 easier and quicker use of the search functionality.
to Search for
criteria.
Existing
Application
The Solution shall Search for
display search Existing
The search criteria in our proposed solution is robust, and
results in order of Application/Case
FR- Appendix results are displayed in order of relevancy based on the
relevancy (i.e. --- INT 1.3.5.1 --- Out of Release
INT- Intake H 3, Section module. For example our solution has the capability to sort
matches meeting Enter Information the Box 1
081 1.1.6.3 the person search using the matching score logic and
most criteria) and to Search for
displays the most relevant search on top of the results.
other criteria defined Existing
by the State. Application
The Solution shall
allow user roles, as Search for
Our solution contains many search screens that can be
defined by the State, Existing
used to perform data searches by key attributes. While
to refine search Application/Case
FR- Appendix certain fields remain mandatory these screens provide
results by adding --- INT 1.3.5.1 --- Out of Release
INT- Intake H 3, Section optional fields that can be used to refine search criteria.
additional search Enter Information the Box 1
082 1.1.6.3 However, these optional fields are specific to the type of
criteria which is to Search for
search screens and driven by the current configuration and
applied to the Existing
can be extended based on the state's requirements.
existing search Application
results.

Search for When a search is performed in NextGen, the results are

The Solution shall
Existing displayed and can be sorted and filtered by the individual
FR- allow sorting and Appendix
Application/Case Out of Release search criteria. Our summary results table displays arrows
INT- filtering of search Intake H 3, Section
--- INT 1.3.5.1 --- the Box 1 on each of the field element in its header. Our solution
083 results by search 1.1.6.3
Enter Information provides the users the capability to sort using the arrow
criteria.
to Search for icons.

330
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
Existing
Application

The Solution shall

Search for
display search
Existing
results in summary
Application/Case When a search is performed in NextGen, the results are
FR- form (subset of Appendix
--- INT 1.3.5.1 --- Out of Release displayed in summary form. The solution also allows users
INT- search criteria such Intake H 3, Section
Enter Information the Box 1 to view details of each search result by clicking on the
084 as first name, last 1.1.6.3
to Search for details icon listed near the summary results.
name and age) and
Existing
detail (display all
Application
search criteria).

Our proposed solution provides the ability for the users with
the following search capabilities on our inquiry
The Solution shall Search for screens.Partial Text Search - Our solution supports partial
allow for partial text Existing text searches and displays the results. For example while
search ability (or Application/Case searching for a city, our solution will bring the result all the
FR- Appendix
fuzzy search), --- INT 1.3.5.1 --- Out of Release members with address as Nashville if the users search for
INT- Intake H 3, Section
phonetic search and Enter Information the Box 1 the word Nash.Phonetic Search - This capability is provided
085 1.1.6.3
value range (e.g., to Search for in our Person Search Screen that supports the member
dates, age, zip Existing searching using our file clearance module. Value Range
codes) search. Application Search - A most common search mechanism that is used in
our inquiry screens that provides users the ability to search
using date parameters.

Search for
The Solution shall
Existing
allow user roles, as
Application/Case
FR- defined by the State, Appendix Our solution provides wild card and phonetic search
--- INT 1.3.5.1 --- Custom - Release
INT- to enable on- Intake M 3, Section capability out of the box. Our solution can be customized to
Enter Information Easy 1
086 demand partial text 1.1.6.3 support fuzzy search capabilities.
to Search for
search ability (or
Existing
fuzzy search).
Application

331
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall Search for
have the ability to Existing Our proposed solution organizes results in groups that are
present search Application/Case visually pleasing. Nextback paging capability is included for
FR- Appendix
results in small --- INT 1.3.5.1 --- Out of Release searches that return multiple records that cannot be
INT- Intake H 3, Section
groups of data with Enter Information the Box 1 displayed in a single page. Our solution also provides the
087 1.1.6.3
Next/Back paging to Search for capability to configure the number of results that can be
capability for Existing displayed on a given page.
multiple pages. Application
The Solution shall Search for
allow user roles, as Existing
defined by the State, Application/Case
FR- Appendix Hyperlinks in the NextGen search results provide the user
to access --- INT 1.3.5.1 --- Out of Release
INT- Intake H 3, Section with a quick way to navigate to an application, case,
individual/case Enter Information the Box 1
088 1.1.6.3 individual, or subset of data.
information through to Search for
links from a search Existing
result. Application

The Solution shall Our worker Portal allows contact center users to register
support the initiation applications through telephone. Contact center workers will
Intake --- INT 1.4 The
FR- and capture of Appendix have the ability to enter data though our worker portal's
--- Phone 200.03 Applicat Out of Release
INT- application Intake L 3, Section Application registration and Data Collection modules. The
Application 0 ion the Box 2
089 information via 1.1.4 screens also provides the capability for the users to indicate
Information Process
telephonic the source and channel of application as they are entering
technology. the data.

The Solution shall

have the ability to
record application Our proposed solution has the capability to integrate with a
date/time, the Intake --- INT 1.4 The document management system that contains an audio
FR- Appendix
minimum required --- Phone 200.03 Applicat Custom - Release recording captured and stored by the state's telephonic
INT- Intake L 3, Section
application Application 0 ion Moderate 2 system of the member's telephonic signature and associate
090 1.1.4
information including Information Process that to an incoming application. This audio file will remain
the telephonic within the electronic case file of the application.
signature via an
inbound call.
The Solution shall
have the ability to
generate a notice to
Intake --- INT 1.4 NextGen Worker portal generates a notice to phone
FR- the phone applicant Appendix
--- Phone Out of Release applicants once the worker portal processes the data
INT- including the Intake H 3, Section
Application the Box 2 entered by the contact center users and determines
091 application 1.1.4
Information eligibility for the members.
information that was
submitted in the
system.

332
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall Intake --- INT 1.5 Our proposed solution includes a screen where workers can
FR- have the ability to --- Appendix access all scanned application/case documents. Authorized
Out of Release
INT- provide a link to Worker/Partner Intake H 3, Section users have access to our worker portal's document inquiry
the Box 1
095 scanned application Portal Application 1.1.4.1 screen and the electronic case file screen to view the
documentation. Information documents.

The Solution shall Questions throughout the application are queued

have the ability to dynamically based on the program(s) selected, and as the
Intake --- INT 1.5
enter user progresses through the application information they
FR- --- Appendix
application/case Out of Release provide further drives the data collection questions. The
INT- Worker/Partner Intake H 3, Section
information through the Box 1 questions are also dynamically queues based on gender,
096 Portal Application 1.1.6.4
the worker portal age and details of specific questions are only queued based
Information
with a dynamic user on the users responding as 'yes' to the questions at the
interface. summary level.
Intake --- INT 1.5
---
The Solution shall
Worker/Partner
have the ability to
Portal Application
enter
Information
application/case
Worker/Partner Our solution includes a partner portal module that allows the
information through
Portal Application State to provide partners with the ability to submit member
the partner portal
FR- Information --- Appendix applications. Our common online application screens are
with a dynamic user Out of Release
INT- INT 1.5.4 --- Intake H 3, Section queued based on a configurable driver flow that can be
interface. Partners the Box 2
097 Complete Full 1.1.5 used to cater to other types of Medicaid applications for
include, but are not
Application other agencies including the Department of Children
limited to:
Worker/Partner Services and the Department of Health.
i. Department of
Portal Application
Children Services
Information ---
ii. Department of
INT 1.5.6 ---
Health
Complete Full
Application
The Solution shall
have the ability to
allow role-based Intake --- INT 1.5
FR- users, as defined by --- Appendix Our solution provides the ability to configure role-based
Out of Release
INT- the State, to access Worker/Partner Intake H 3, Section access to all system functionality, including accessing in-
the Box 1
098 in-progress Portal Application 1.1.6.3 progress applications from the worker and partner portals.
applications from the Information
Worker Portal and
Partner Portal.
The Solution shall
provide guidance on
Intake --- INT 1.5
the Partner Portal
FR- --- Appendix Our proposed solution incorporates guidance in the partner
regarding how to 200.05 Out of Release
INT- Worker/Partner Intake H Appeals 3, Section portal on how to appeal a decision via static text as defined
appeal a decision, 5 the Box 2
099 Portal Application 1.1.5 by the State.
either via static text
Information
or a link to static
text.

333
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
Intake --- INT 1.5
The Solution shall Our solution can leveraged its role-based functionality to
FR- --- Appendix
allow administrators Configur Release provide access to specific users in the State to reset the
INT- Worker/Partner Intake H 3, Section
to reset internal ation 1 password for other internal users using the Maintain
124 Portal Application 1.1.6.1
user’s passwords. Employee screen in the worker portal.
Information
Worker/Partner
Portal Application
Information ---
INT 1.5.2 ---
Check MMIS to
Verify Existing
Medicaid
The Solution shall Benefits
We will make use of NextGen’ s existing real-time
have the ability to Worker/Partner
interfacing capabilities and our knowledge of State MMIS
interface with the Portal Application
FR- Appendix system to build a new interface with the MMIS on a real‐time
MMIS to verify Information --- MMIS Custom - Release
INT- H 3, Section or near real‐time basis. This real-time interfacing capability
existing Medicaid INT 1.5.5 --- Interface Easy 1
101 1.1.8.3 will help partners to verify if the member is already receiving
eligibility on a real- Check MMIS to
Medicaid and also reduce the time for workers to process
time or near real- Verify Existing
duplicate applications.
time basis. Medicaid
Benefits
Denial /
Terminate ---
E&DT 1.2.1 ---
Verify Existing
Enrolment
Record
Worker/Partner
Portal Application
Information ---
INT 1.5.3 ---
The Solution shall Complete
allow user roles, as Presumptive
defined by the State, Eligibility Our partner portal allows users to complete an application
FR- Appendix
to enter the Application Custom - Release for presumptive eligibility. Our solution also allows users to
INT- Intake H 3, Section
individual's Worker/Partner Easy 2 enter the presumptive eligibility information into the worker
102 1.1.5
presumptive Portal Application portal using a new screen in the Data Collection module
eligibility into the Information ---
eligibility system. INT 1.5.7 ---
Complete
Immediate
Eligibility
Application

334
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

The Solution shall

have the ability to Intake --- INT 1.6 The Our worker portal captures the application date and time for
FR- Appendix
record application --- Store 200.03 Applicat Out of Release all applications entered into the system. This date is
INT- Intake H 3, Section
date and application Application 0 ion the Box 1 automatically calculated by the system for applications
107 1.1.6.2
time upon Information Process originating from member portal, partner portal and FFM.
submission.

The Solution shall

store a record of all
HICFA
applications/docume Intake --- INT 1.6 Our Solution stores a record of all documents that either get
FR- Not docume Appendix
nts submitted, --- Store Out of Release scanned or uploaded from the member and partner portals.
INT- Intake H Availa nt 3, Section
including those Application the Box 1 The records are archived as per the TN OGC archival
108 ble retentio 1.1.6.2
withdrawn, based on Information policy.
n
TN OGC archival
policy.
The Solution shall
have the ability to Our worker portal collects data at the household and
Intake --- INT 1.6
FR- collect Appendix individual level. Once the data is collected, it can be shared
--- Store Out of Release
INT- applicant/household Intake L 3, Section across programs and there is no need for the user to collect
Application the Box 1
109 information and 1.1.4 or enter the data again for determining eligibility for other
Information
share across programs.
multiple programs.
The Solution shall
have the ability to
status a
stored/saved
Our solution provides the capability to process applications
application as either
and determine eligibility for members even if there are
'in-progress' or
pending application associated with the case. For example
'submitted', while Intake --- INT 1.6
FR- Appendix our application continues to determine eligibility for cases
continuing eligibility --- Store Out of Release
INT- Intake H 3, Section that have one application in the submitted status and the
determination Application the Box 1
110 1.1.6.2 other in-progress. Our solution also determines eligibility at
processing Information
the member level and can evaluate one member's eligibility
(including
while keeping the other members pending for reasons
verifications) for all
including verifications.
'submitted' status
applications in a real
time/near real-time
basis.

335
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

The NextGen solution will make use of H15 Account transfer

The Solution shall service for establishing the interface from FFM, and will
be able to receive receive applications from the FFM. The system will initiate
and process ‘No touch processing’ for these applications, register the
Intake --- INT 1.8 The
FR- applications, Appendix application, perform and update verifications, run eligibility
--- Transfer 200.03 Applicat Out of Release
INT- including the Intake H 3, Section and authorize the case per the Tennessee business policy.
Account 0 ion the Box 1
112 eligibility 1.1.8.1
Information Process
assessment, from
FFM without human
intervention.

Upon receipt of the application from the FFM, a complete

The Solution shall record of each application received from the FFM will be
have the ability Intake --- INT 1.8 The stored in a staging table. Using this information, NextGen
FR- Appendix
acknowledge receipt --- Transfer 200.03 Applicat Out of Release will attempt to populate the applicable database tables, and
INT- Intake H 3, Section
of an account Account 0 ion the Box 1 will send either an electronic error message or
113 1.1.8.1
transfer from the Information Process acknowledgement response to the FFM without human
FFM. intervention. The electronic acknowledgement is sent as a
real time response back to the FFM.

336
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
have the ability to
receive updates of Our solution provides the capability to identify a change of
account information Intake --- INT 1.8 The circumstances from FFM using the application id received.
FR- Appendix
and change of --- Transfer 200.03 Applicat Out of Release For all updates and changes, our solution acknowledges the
INT- Intake H 3, Section
circumstance (COC) Account 0 ion the Box 1 FFM transaction on a real-time basis. Our solution then
114 1.1.8.1
from the FFM and Information Process generates a PDF document of the change and creates a
acknowledge receipt task for the workers to look at and process the change.
without human
intervention.
The Solution shall
Intake --- INT 1.8 The Our proposed solution would be able to perform a review in
FR- be able to review Appendix
--- Transfer 200.03 Applicat Out of Release the form of an XSD level Schematron validation on the
INT- data received from Intake H 3, Section
Account 0 ion the Box 1 application received from the FFM, and report back any
115 FFM and report any 1.1.8.1
Information Process errors to FFM.
errors to FFM.

The Solution shall Our solution will make use of the state's existing IBM
Intake --- INT 1.8 The
FR- have the ability to Appendix FileNet content repository to store documents received from
--- Transfer 200.03 Applicat Custom - Release
INT- receive and store Intake L 3, Section FFM. Once the documents are stored in the state's IBM File
Account 0 ion Easy 1
116 images from the 1.1.8.1 net repository, our solution provides the capability to create
Information Process
FFM. tasks for the workers.

The Solution shall Our solution will make use of the state's existing IBM
have the ability to FileNet content repository to store documents received from
Intake --- INT 1.8 The
FR- index and align Appendix FFM. Our solution will also pass the metadata parameters to
--- Transfer 200.03 Applicat Configur Release
INT- images received Intake L 3, Section associate the documents with an application/case. Once the
Account 0 ion ation 1
117 from the FFM to the 1.1.8.1 documents are stored in the state's IBM File net repository,
Information Process
associated our solution provides the capability to create tasks for the
applications/cases. workers.

The Solution shall

enable input
processing of H15
The NextGen solution will make use of the H15 Account
account transfer
Intake --- INT 1.8 The transfer service for establishing the FFM Account Transfer
FR- transactions from Appendix
--- Transfer 200.03 Applicat Out of Release interfaces, and receiving account transfers from the FFM.
INT- the FFM in Intake H 3, Section
Account 0 ion the Box 1 The FFM accounts transfers are received by our solution
118 accordance with 1.1.8.1
Information Process and the acknowledgement is sent back to FFM on a real
State and Federal
time basis.
defined format,
schedule and
processing rules.

337
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

The NextGen solution will also enable the system to send

account referrals to the FFM for applicable cases using H15
The Solution shall
service based interface. Cases needing to be referred per
create and transmit
CMS guidance fit into two categories:
H15 account transfer
- An application originating from the FFM has a final
referral transactions Intake --- INT 1.8 The
FR- Appendix eligibility determination made.
to the FFM in --- Transfer 200.03 Applicat Out of Release
INT- Intake H 3, Section - An application not originating from the FFM qualifies to
accordance with Account 0 ion the Box 1
119 1.1.8.1 have an account transferred to the FFM. The NextGen
State and Federal Information Process
solution is equipped with the necessary logic to send the
defined format,
qualifying application as a referral to the FFM.
schedule and
processing rules.
The referral transactions are sent to FFM every night, once
the final eligibility for the applications/cases are determined.

The Solution shall

interface with the
Our proposed solution contains built-in interfaces with the
Social Security
following SSA interfaces
Administration's Intake --- INT 1.9 The
FR- Appendix
(SSA) system in --- Send SSI 200.03 Applicat Out of Release
INT- Intake H 3, Section - SDX - Daily and Monthly
accordance with Recipient 0 ion the Box 2
120 1.1.8.2 - LIS - Daily Interface
State and Federal Information Process
- SVES - Daily Interface
defined format,
- BEERS- Daily Interface
schedule and
processing rules.

The Solution shall

have the ability to
process the Intake --- INT 1.9 The Our proposed solution contains built-in interfaces daily
FR- Appendix
BENDEX file --- Send SSI 200.03 Applicat Out of Release interfaces with the SSA’s Beneficiary Data Exchange
INT- Intake H 3, Section
received from the Recipient 0 ion the Box 2 (BENDEX) system receive individual disability (SSDI and
121 1.1.8.4
Social Security Information Process RSDI) income information.
Administration
(SSA).
The Solution shall
receive and utilize
State Data
Exchange (SDX) Intake --- INT 1.9 The
FR- Appendix Our proposed solution contains built-in daily interfaces with
data needed to: --- Send SSI 200.03 Applicat Out of Release
INT- Intake H 3, Section the SSA’s State Data Exchange (SDX) system receive
i. Determine if an Recipient 0 ion the Box 2
122 1.1.8.2 individual Supplementary Security Income (SSI) information.
applicant/member is Information Process
receiving SSI
ii. Determine
eligibility

338
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
Our proposed solution has a number of interfaces (both
have the ability to
real-time and batch) with the SSA for eligibility and
receive information The
Intake --- INT 1.9 demographic information, appeals and closures. Our
FR- on eligibility Applicat Appendix
--- Send SSI Multipl 200.030 Out of Release solution has the capability to interface with SSA real-time
INT- information, Intake H ion 3, Section
Recipient e 200.055 the Box 2 through the SOLQ-I service, and has batch interfaces
123 demographics, Process 1.1.8.2
Information through SDX, BENDEX, SVES, LIS, BEERS with the SSA to
appeals, and Appeals
facilitate the verification/entry of different
closures from the
eligibility/demographic information in the system.
SSA.

Our proposed solution provides dynamic access to solution

The Solution shall functionality based on the user's assigned roles. Users do
have the ability to not see information that they do not have access to, and
FR- Eligibility Appendix
define security user Out of Release these roles are made even more robust by providing for
ED- Determin H 3, Section
roles that govern the Box 1 read-write, read-only, or no access to certain role-based
001 ation 1.1.6.1
access to functions. Our manage employees module allows admin
functionality. users to add, update and remove the roles to the users of
the worker portal.
The Solution shall
have the
Eligibility
functionality to Deeme At the time of member registration, our solution
FR- Determination --- Eligibility Appendix
identify existing 015.01 d Out of Release automatically invokes the MCI file clearance service to
ED- ED 1.1 --- Determin H 3, Section
individuals in a data 0 Newbor the Box 1 identify existing individuals. The results of file clearance are
002 Member ation 1.2.1
registry prior to n displayed to the user in the order of matching score.
Matching
creating a new
record.
CMS 7-
Criteria
match
(This is
not an
The Solution shall
eligibilit Based on matching algorithms, our solution provides the
have the ability to
Member y policy capability of identifying full, partial and no matches for
identify full matches,
FR- Matching --- ED Eligibility docume Appendix individuals. Our solution also provides a matching score
partial matches and Configur Release
ED- 1.1.1 --- Perform Determin H TBD nt, but 3, Section using the member match IBM initiate tool for all the results
no matches ation 1
003 Member ation is one 1.2.1 based on the criteria defined by the state. The results are
according to criteria
Matching of displayed to the user using the File Clearance results
defined by the
several screen and is sorted based on the matching score.
State.
inputs
related
to this
require
ment.)

339
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

The Solution shall Member

FR- have the ability to Matching --- ED Eligibility Appendix Our solution will provide the ability to electronically match
Out of Release
ED- electronically match 1.1.2 --- Auto Determin H 3, Section and line an individual to an existing record per Tennessee
the Box 1
004 and link an individual Selection of ation 1.2.1 business policy.
to an existing record. Record

The Solution shall

have the ability to
assign a pseudo
SSN and pseudo Our solution automatically generates a generates a Pseudo
Member
SSN reason for SSN when actual SSN is not reported by the user. Pseudo
FR- Matching --- ED Eligibility Appendix
purposes of unique 005.02 Enumer Out of Release SSN is an internal system generated identifier that can be
ED- 1.1.3 --- Manual Determin H 3, Section
identification of 0 ation the Box 1 used for data exchange with external agencies to uniquely
005 partial match ation 1.2.1
individuals via identify the individual . Our system can also be configured to
reconciliation
system interfaces add a pseudo SSN reason for the individual
using SSN, when
member does not
have an SSN.
The Solution shall
allow user roles, as Member Our solution shall allow business roles and privileges set up
FR- defined by the State, Matching --- ED Eligibility Appendix for case workers to perform match and un-match persons
Out of Release
ED- to match and un- 1.1.3 --- Manual Determin H 3, Section based on member matching criteria. Our solution also
the Box 1
006 match persons partial match ation 1.2.1 provides the capability for users with authorized access to
based on member reconciliation merge two duplicate individuals within the system.
matching criteria.

The Solution shall Our solution creates a client ID for every new member
have the ability to established in the system. Every time an member is
Member
FR- create a new Eligibility Appendix established, the state's Master Client Index (MCI) is also
Matching --- ED Out of Release
ED- tracking number for Determin H 3, Section updated to include this new member The client ID is created
1.1.4 --- Create the Box 1
007 each person that ation 1.2.1 automatically by the system while processing applications
new tracking key
does not exist in from FFM and member portal and also allows the users to
their data registry. create one while processing the paper applications.

The Solution shall Member Our solution created a new unique tracking number for
have the ability to Matching --- ED every new member established in the system. The unique
FR- Eligibility Appendix
assign a unique 1.1.5 --- Unique Out of Release identifier referred to as client ID in our system is associated
ED- Determin H 3, Section
tracking number to tracking key the Box 1 to a given client and will not change if the member moves
008 ation 1.2.1
each person, assigned to each from one case to another or if the member belongs to more
independent of their member and than one case or application.

340
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
association to cases association to
or applications. case data

The Solution shall

have the ability to
Eligibility Househ Our NextGen solution provides the capability to contain
determine MAGI
FR- Determination --- Eligibility old Appendix within a case both MAGI and non-MAGI assistance groups.
Medicaid Household 010.01 Out of Release
ED- ED 1.2 --- MAGI Determin H Compos 3, Section Our Eligibility Determination Engine is capable of spawning
and an FRR 5 the Box 1
009 Household ation ition for 1.2.2.5 separate eligibility determination processes to determine
Medicaid Household
Composition MAGI eligibility for members within these groups.
within the same
application/case.
The Solution shall Unborn
have the ability to Eligibility Status
FR- calculate MAGI Determination --- Eligibility Househ Appendix Our solution provides the capability to automatically
Multipl 005.030 Out of Release
ED- Medicaid household ED 1.2 --- MAGI Determin H old 3, Section determine household size for MAGI Medical programs
e 010.015 the Box 1
010 size for each Household ation Compos 1.2.2.5 based on either tax status rules or relationship rules.
individual in an Composition ition for
application. MAGI
The Solution shall
have the ability to
Eligibility Househ The verification process is also configurable by program to
accept self-
FR- Determination --- Eligibility old Appendix allow for self-attestation for certain types of information such
attestation of 010.01 Out of Release
ED- ED 1.2 --- MAGI Determin H Compos 3, Section as the attestation of pregnancy for pregnant woman,
pregnancy and 5 the Box 1
011 Household ation ition for 1.2.2.14 residency information and immigration / citizenship details
consider it verified
Composition MAGI when under the reasonable opportunity period for Medicaid.
when determining
eligibility.
The Solution shall
In order to make the determination using relationship rules
automatically
Eligibility Househ less error prone the system will automatically populate
populate reciprocal
FR- Determination --- Eligibility old Appendix reciprocal relationships when entered by the worker which
relationships for both 010.01 Out of Release
ED- ED 1.2 --- MAGI Determin H Compos 3, Section are then automatically used by eligibility when relationship
MAGI Medicaid 5 the Box 1
012 Household ation ition for 1.2.2.5 rules are required. Users also have the ability to check the
Households and an
Composition MAGI calculated reverse relationship values using our
FRR Medicaid
Relationship Screen.
Households.

341
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
Child 0-
1 MAGI
Child 1-
5 MAGI
Child 6-
18
MAGI
Presum
The eligibility non-financial sub-module applies program and
The Solution shall ptive
015.015 category-specific rules to determine whether each
have the ability to Eligibility Eligible
015.020 individual, and then the entire case, meets additional
FR- verify all non- Determination --- Eligibility Pregna Appendix
Multipl 015.025 Out of Release eligibility criteria dictated by TN policy. For example, for
ED- financial eligibility ED 1.3 --- MAGI Determin H nt 3, Section
e 015.030 the Box 1 Medicaid, an applicant’s residency, citizenship and SSN
013 requirements for Non-Financial ation Women 1.2.2.7
015.035 compliance must be evaluated. This module sets the
MAGI programs, as Verification Pregna
015.040 appropriate notice reasons if an individual or household fails
defined by the State. ncy
015.045 one of the program specific non-financial criteria
MAGI
Caretak
er
Relative
MAGI
Child
Medicall
y Needy
The Solution shall
have the ability to
verify applicant data Our solution has the capability to verify member data with
through State data Eligibility both federal and state sources. Our automatic real time
FR- sources and/or Determination --- Eligibility Appendix eligibility processing module already has the capability to
200.03 Verificat Configur Release
ED- Federal data ED 1.3 --- MAGI Determin H 3, Section use a hierarchical approach to verify data using federal and
5 ion ation 1
014 services in Non-Financial ation 1.2.2.14 state data sources. The effort remaining would be to
hierarchical order Verification configure the verification hierarchy based on the review of
according to the the State Verification Plan.
State Verification
Plan.

342
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

The Solution shall Eligibility

The NextGen solution has interfaces built in with the Federal
FR- have the ability to Determination --- Eligibility Appendix
200.03 Verificat Out of Release Hub to facilitate automatic verification of member's
ED- verify applicant data ED 1.3 --- MAGI Determin H 3, Section
5 ion the Box 1 information. These services are real time and can be
015 through the Federal Non-Financial ation 1.2.3.2
invoked either automatically or by the user real time.
Data Services Hub. Verification

Eligibility
Determination ---
The Solution shall ED 1.3 --- MAGI Our proposed solution has built-in interfaces with multiple
perform verification Non-Financial sources as the CMS' Federal Hub, and SSA's SVES and
FR- of identity with Verification Eligibility Appendix SOLQ-I services to verify member's identity information.
200.03 Verificat Out of Release
ED- external data Post-Eligibility Determin H 3, Section Federal Hub and SOLQ-I are real time interfaces which are
5 ion the Box 1
016 sources to include Verifications --- ation 1.2.3.2 either invoked by the system automatically or by the user on
but not limited to CM 1.2.4 --- demand using the Person Data Collection screen. SVES is
SSA and SIEVS. Receive a daily batch interface that is used to verify the information.
Verification
Result
Our proposed solution has built-in interfaces with multiple
sources as the CMS' Federal Hub, and SSA's SVES and
SOLQ-I services to verify member's citizenship information.
Federal Hub and SOLQ-I are real time interfaces which are
The Solution shall
either invoked by the system automatically or by the user on
perform verification
Eligibility demand using the demographics data collection screen.
of attested Citizens
FR- Determination --- Eligibility Appendix SVES is a daily batch interface that is used to verify the
citizenship with 005.01 hip and Out of Release
ED- ED 1.3 --- MAGI Determin H 3, Section information.
external databases, 0 Immigra the Box 1
017 Non-Financial ation 1.2.3.2
to include but not tion
Verification In addition, our solution contains interfaces with the Federal
limited to SSA data
Data Services Hub’s Verify Lawful Presence (VLP) service
sources.
and the U.S. Department of Homeland Security's (DHS)
Systematic Alien Verification for Entitlements (SAVE)
program to verify Immigration Status/Lawful Presence when
relevant.

343
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

The Solution shall The NextGen solution contains interfaces with the Federal
perform verification Data Services Hub’s Verify Lawful Presence (VLP) service
of attested Eligibility and the U.S. Department of Homeland Security's (DHS)
Citizens
FR- immigration status Determination --- Eligibility Appendix Systematic Alien Verification for Entitlements (SAVE)
005.01 hip and Out of Release
ED- with external ED 1.3 --- MAGI Determin H 3, Section program to verify Immigration Status/Lawful Presence when
0 Immigra the Box 1
018 databases, to Non-Financial ation 1.2.3.4 relevant. Both SAVE and VLP are time interfaces which
tion
include but not Verification are either invoked by the system automatically or by the
limited to DHS user on demand using the immigration data collection
(SAVE) data source. screen.

The Solution shall Our NextGen solution in other States has implemented
Eligibility
perform verification interfaces with the State Vital Records system to verify
FR- Determination --- Eligibility Appendix
of residency using 200.03 Verificat Custom - Release citizenship ad residency information for individuals. Our
ED- ED 1.3 --- MAGI Determin L 3, Section
State of TN internal 5 ion Moderate 2 solution will customize this interface according to State of
019 Non-Financial ation 1.2.3.7
and/or external data Tennessee specified requirements and interface file
Verification
sources. formats.

The Solution shall

have the ability to
queue requests for
Eligibility The NextGen interfaces module has the capability to queue
information when
FR- Determination --- Eligibility Appendix requests that fail the first time. The solution has the
information Out of Release
ED- ED 1.3 --- MAGI Determin H 3, Section capability to invoke the electronic interfaces automatically in
providers, including the Box 1
020 Non-Financial ation 1.2.3.1 such instances based on configurable timeframes and
FDSH, are not
Verification attempts.
available or
otherwise return an
error.
The Solution shall
The NextGen interfaces module has the capability to queue
have the ability to
requests that fail the first time. The solution has the
configure the Eligibility
capability to set a specific number for re-try attempts to
FR- number of Determination --- Eligibility Appendix
Out of Release invoke the electronic interfaces automatically in such
ED- information request ED 1.3 --- MAGI Determin H 3, Section
the Box 1 instances with a threshold on the number of attempts. Once
021 attempts Non-Financial ation 1.2.3.1
the threshold is reached, our solution stops making the fail
automatically made Verification
over calls and allows the user to verify the information
over a period of
manually.
time.

344
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

If electronic verification cannot be achieved, our solution

integrates the verification process with the Notices Module,
The Solution shall automatically triggering a Request for Verification and
Eligibility
generate a provides the member a dynamic list of the acceptable
FR- Determination --- Eligibility Appendix
configurable listing 200.03 Verificat Out of Release verifications for the information requested. The amount of
ED- ED 1.3 --- MAGI Determin H 3, Section
of verification proof 5 ion the Box 1 time the member has to respond to the verification is based
022 Non-Financial ation 1.2.2.14
documents for each on program and type of verification. The worker can track
Verification
type of verification. the number of times a verification request has been made
been made by reviewing the historical correspondence sent
to the member

The Solution shall Our proposed solution supports the ability to identify
provide the ability to verification requirements based on type of data per
Eligibility
identify the program. The solutions integrates electronic verification
FR- Determination --- Eligibility Appendix
appropriate 200.03 Verificat Out of Release when applicable and allows self-attestation for certain types
ED- ED 1.3 --- MAGI Determin H 3, Section
verification items 5 ion the Box 1 of information such as the attestation of pregnancy for
023 Non-Financial ation 1.2.2.14
based on program pregnant woman, residency information and immigration /
Verification
criteria and citizenship details when under the reasonable opportunity
application data. period for Medicaid.

When an individual returns a verification based on the notice

generated requesting proof the worker, our system will
The Solution shall
automatically generate a task for the user. The users will
allow user roles, as
Eligibility then be able to mark that verification as received and
defined by the State,
FR- Determination --- Eligibility Appendix update the verification source based on the information
to view documents 200.03 Verificat Out of Release
ED- ED 1.3 --- MAGI Determin H 3, Section provided by the member Our solution also provides the
submitted to verify 5 ion the Box 1
024 Non-Financial ation 1.2.2.14 Electronic Case File (ECF) Screen that allows workers to
data that could not
Verification view either the documents already part of the member case
be validated through
file or the documents the member submitted as a result of
data sources.
the verification notice sent to them. The ECF screen is
available to the user on all of the data collection screens.

345
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The
existing
eligibility
policy
documen
ts
describe
the
The Solution shall
channels
allow
by which The solutions will allow members to submit required
applicants/members,
applicant verifications electronically through the self-service portal
as defined by the
s and using the web and mobile capabilities. Our mobile solution
State, to submit Eligibility
members allows members to take a picture of the verification
FR- verification materials Determination --- Eligibility Appendix
can Configur Release document and upload the same either through our native
ED- electronically, by ED 1.3 --- MAGI Determin H 3, Section
submit ation 2 mobile application or by using the member portal on their
025 using a mobile Non-Financial ation 1.2.2.14
applicatio mobile phones. Our solution provides the capability for
device to send a Verification
ns. It is members to identify a document type while uploading and
photograph of the
anticipat tasks are created for the users with that specific document
document using
ed that type.
MMS (Multi Media
this new
Message) or email.
capability
will
eventuall
y also be
included
in policy
documen
ts.

MAGI Non- Our solution provides the capability for the workers to verify
The Solution shall Financial the member's data of birth using FDSH or SOLQ- I
FR- Eligibility Appendix
have the ability to Verification --- Out of Release electronic interfaces. For clients who cannot be verified
ED- Determin H 5.025 Age 3, Section
verify the date of ED 1.3.1 --- the Box 1 using electronic data sources our solution provides the
026 ation 1.2.2.14
birth of the applicant. Verify capability to verify manually using documents submitted and
Enumeration record the same in our worker portal

The Solution shall

have the ability to
Our worker portal's data collection module captures if the
verify that the MAGI Non-
application possess a valid SSN. For members who do not
applicant possess a Financial
FR- Eligibility Appendix have an SSN, our solution automatically queues up further
valid Social Security Verification --- 005.02 Enumer Out of Release
ED- Determin H 3, Section screens to capture if they have applied for one and any
Number (SSN) or ED 1.3.1 --- 0 ation the Box 1
027 ation 1.2.2.14 exception reasons for not possessing an SSN. These
proof of application Verify
questions are incorporated in our rules engine to determine
for a SSN, unless Enumeration
eligibility for members.
they meet an
exception.

346
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

As defined in requirement FR-ED-018 , The NextGen

solution contains interfaces with the Federal Data Services
The Solution shall MAGI Non-
Hub’s Verify Lawful Presence (VLP) service and the U.S.
interface with the Financial Citizens
FR- Eligibility Appendix Department of Homeland Security's (DHS) Systematic Alien
FDSH for Verification --- 005.01 hip and Out of Release
ED- Determin H 3, Section Verification for Entitlements (SAVE) program to verify
DHS/SAVE ED 1.3.1 --- 0 Immigra the Box 1
028 ation 1.2.3.4 Immigration Status/Lawful Presence when relevant. Both
immigration status Verify tion
SAVE and VLP are time interfaces which are either
verification. Enumeration
invoked by the system automatically or by the user on
demand using the immigration data collection screen.

MAGI Non- As defined in requirement FR-ED-017, Our proposed

The Solution shall
Financial solution has built-in interfaces with multiple sources as the
have the ability to
Verification --- Citizens CMS' Federal Hub, and SSA's SVES and SOLQ-I services
FR- verify that the Eligibility Appendix
ED 1.3.2 --- 005.01 hip and Out of Release to verify member citizenship information. Federal Hub and
ED- applicant is a U.S. Determin H 3, Section
Verify 0 Immigra the Box 1 SOLQ-I are real time interfaces which are either invoked by
029 Citizen, U.S. ation 1.2.3.2
Citizenship/Qualif tion the system automatically or by the user on demand using
National, or eligible
ied Non-Citizen the demographics data collection screen. SVES is a daily
non-citizen.
Status batch interface that is used to verify the information.

The Solution shall

have the ability to MAGI Non-
accept the self- Financial Our solution provides the ability to allow for self-attestation
attestation of Verification --- Citizens of immigration / citizenship details and thereby providing
FR- Eligibility Appendix
citizenship or ED 1.3.2 --- 005.01 hip and Out of Release the reasonable opportunity period for Medicaid. Our Data
ED- Determin H 3, Section
immigration, for the Verify 0 Immigra the Box 1 collection screens provides the capability to document a
030 ation 1.2.2.14
purpose of Citizenship/Qualif tion value namely 'Client Statement' that serves as a self
establishing a ied Non-Citizen attestation of the member.
reasonable Status
opportunity period.
The Solution shall
MAGI Non-
have the ability to The worker portal data Collection module captures the
FR- Financial Eligibility State Appendix
validate that the 005.00 Out of Release information regarding residency status of members Our
ED- Verification --- Determin H Residen 3, Section
applicant is a 5 the Box 1 system will be customized to verify the data with identified
031 ED 1.3.3 --- ation ce 1.2.2.14
resident of verification source from State of Tennessee.
Verify Residency
Tennessee.

For members who cannot be verified using the state of

The Solution shall MAGI Non- Tennessee data source, our solution has the ability to
FR- have the ability to Financial Eligibility State Appendix accept self-attestation of residency status and provide
005.00 Out of Release
ED- accept self- Verification --- Determin H Residen 3, Section eligibility. Our Data Collection screens capture a value
5 the Box 1
032 attestation of ED 1.3.3 --- ation ce 1.2.2.14 namely 'Client Statement' for residency verification and our
residency status. Verify Residency rules engine provides the capability to accept this value for
eligibility determinations.

347
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

The Solution shall Deloitte’s NextGen solution has multiple interfaces built in to
Not in
perform verification facilitate automatic verification of prisoner data and
eligibility
of attested non- MAGI Non- incarceration status. The Federal Hub’s SSA Composite
policy
incarceration status Financial State of service, in addition to SSN, Date of Birth and Citizenship
FR- Eligibility documen Appendix
with external data, Verification --- TN Custom - Release Status, also provides Incarceration information. In addition
ED- Determin H N/A ts, but 3, Section
including but not ED 1.3.4 --- Verificat Easy 2 to the real-time SSA Composite service, the solution also
034 ation updated 1.2.3.3
limited to: TN Dept. Verify ion Plan offers verification of incarceration through the SVES
Verificati
of Corrections file Incarceration interface that operates as part of the nightly batch process.
on Plan
match and/or We will also customize our solution to interface data with the
is input.
database. TN Dept of Corrections to identify incarcerated members.

The Solution shall

have the capability
to request and store
results of verification MAGI Non-
of individual's Financial The NextGen solution in other States has implemented
coverage and Verification --- similar interfaces with the State Benefit Administration to
FR- Eligibility Appendix
access to State ED 1.3.5 --- 025.00 CoverKi Custom - Release identify and verify individuals who might be receiving
ED- Determin H 3, Section
Employee Health Verify State 5 ds Easy 1 benefits under the State Health Benefit Plans. Our solution
035 ation 1.2.3.8
Coverage via Employee Health will customize this interface according to State specified
external sources, Coverage and requirements and interface file formats.
including but not Access
limited to the State
Benefit
Administration.

The NextGen solution provides verification of Medicare Part

A/Part B through two sources – the State Online Query-I
The Solution shall
(SOLQ-I) real-time we service and the Beneficiary Data
have the ability to MAGI Non-
Exchange (BENDEX) batch interface with the Social
verify an individuals Financial
Security Administration. Anytime during the intake/case
entitlement and/or Verification ---
FR- Eligibility Appendix change/case review/renewal process, the worker can
enrollment in ED 1.3.5 --- 200.03 Verificat Out of Release
ED- Determin H 3, Section request Medicare Part A/Part B information through the
Medicare Part A with Verify State 5 ion the Box 2
036 ation 1.2.3.9 SOLQ-I interface, which will send a real-time request to SSA
the Social Security Employee Health
and populate the response in a screen for the worker to
Administration by Coverage and
verify. The BENDEX process operates as part of the nightly
social security Access
batch process and sends out a request for all individuals
number.
eligible for Medicaid to the BENDEX system to check for
Medicare enrollment in addition to receipt of Title II Income.

348
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
have the ability to MAGI Non- Former
verify that the Financial Foster Our solution is currently capable of receiving information
FR- Eligibility Appendix
individual was in Verification --- 015.00 Care Custom - Release from a DCS agency via batch files and has the ability to use
ED- Determin H 3, Section
DCS custody and ED 1.3.6 --- 5 Children Easy 2 the information to verify if the members are receiving
037 ation 1.2.2.14
received TennCare Verify Former up to TennCare Medicaid on their 18th birthday.
Medicaid on his or Foster Care Age 26
her 18th birthday.
The Solution shall
provide capability to The solution has the capability to determine historical
Eligibility
perform eligibility months of eligibility. Any applicable standards including
FR- Determination --- Eligibility Income Appendix
determination 010.01 Out of Release historical case data, FPL limits for the historical months are
ED- ED 1.4 --- MAGI Determin H Overvie 3, Section
calculations based 0 the Box 1 contained in reference tables which are versioned by date in
038 Household ation w 1.2.2.6
on any order to allow for appropriate calculations for the historical
Verification
historic/current period.
stored value tables.

The Solution shall

NextGen solution uses multiple reference tables that store
provide the
values applicable for a date range. The Eligibility module
capability to store Overvie
access relevant reference table value for each month being
multiple value w of
evaluated. The reference tables are versioned so that
tables, including but Eligibility Financi
different standards can be applied to different months within
FR- not limited to: Determination --- Eligibility al Appendix
Multipl 010.005 Out of Release the same eligibility determination. For example when the
ED- i. Federal Poverty ED 1.4 --- MAGI Determin H Eligibilit 3, Section
e 010.010 the Box 1 FPL values change effective March we are able to update
039 Level (FPL) Household ation y 1.2.2.6
the reference table version to apply the new income limits
Reference Tables Verification Income
from March onward and the old limits if eligibility is re-
ii. COLA Reference Overvie
determined prior to March. Our solution provides multiple
Tables w
value tables for FPL reference tables, COLA Reference
iii. SIS Reference
tables and also SIS reference tables
Tables

Verificat
ion
Child 0-
1 MAGI
Child 1-
The Solution shall 200.035
5 MAGI
have the ability to Eligibility 015.015
Child 6-
FR- verify all financial Determination --- Eligibility 015.020 Appendix The solution has the ability to verify all financial eligibility
Multipl 18 Out of Release
ED- eligibility ED 1.4 --- MAGI Determin H 015.025 3, Section requirements using federal/state data sources and/or
e MAGI the Box 1
040 requirements for Financial ation 015.035 1.2.2.14 documents provided by the members
Pregna
MAGI programs, as Verification 015.040
ncy
defined by the State. 200.015
MAGI
Caretak
er
Relative
MAGI

349
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
Applicat
ion for
Other
Progra
m
Benefits

Our NextGen solution provides the following services to

The Solution shall verify attested income with external databases
perform verification 200.035
of attested income 115.025 FSDH- IRS - Real time service to verify annual income
with external SSA -SOLQ I- Real time service to verify SSI and RSDI
Verificat
databases, to MAGI Financial Any income
ion
FR- include but not Verification --- Eligibility interactio Appendix Work Number - Real time Interface to verify wages
Multipl SSI Custom - Release
ED- limited to IRS, SSA ED 1.4.1 --- Determin H n with 3, Section
e Cash Easy 1
041 (for SSI and SSDI), Annual Income ation the IRS 1.2.3.6 Our solution will be customized to develop a new interface
Recipie
TN Unemployment Verification implies with the TN Department of Labor to verify the following
nt
Data, Quarterly the use information.
Wage Data and The of FTI
Work Number data. Quarterly Wage
database. TN Unemployment Data

350
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

The Solution shall

MAGI Financial
calculate the As defined in requirement FR-ED-041 our solution
Verification ---
reasonable interfaces with multiple data sources to verify income. The
ED 1.4.2 ---
compatibility of Reason eligibility module will perform a reasonable compatibility
Compare
attested total able determination when processing eligibility for Medical in an
attested income
FR- monthly income to Eligibility Compati Appendix effort to verify income electronically. If the income returned
to annual income 010.03 Out of Release
ED- external databases Determin H bility 3, Section from clearances such as the Federal Data Services Hub, the
Non-MAGI 5 the Box 1
042 income in ation and 1.2.2.9 Work Number is within a defined threshold percentage from
Financial
accordance with Verificat the member's attested income then the system will consider
Verification ---
applicable federal ion that income as verified. Our solution also has the capability
ED 1.11.1 ---
regulations and to configure the thresholds using a reference table, thereby
Current Income
State of TN business allow state users to make the changes with ease.
Verification
rules.

The Solution shall When determining presumptive eligibility, the member

MAGI Financial Presum
have the ability to attested income reported as part of the application will be
Verification --- ptive
FR- accept the self- Eligibility Appendix used for the eligibility determination. The NextGen solution
ED 1.4.2 --- 015.03 Eligible Out of Release
ED- attestation of income Determin H 3, Section provides presumptive coverage through the end of the
Compare 0 Pregna the Box 2
043 when applying for ation 1.2.2.10 month following the month in which the eligibility
attested income nt
presumptive determination was made or the day on which a decision is
to annual income Women
eligibility. made on a filed Medicaid application.

The Solution shall This EDBC sub-module uses the income reported for the
MAGI Financial
be able to verify the household, the individuals whose income should be
FR- Verification --- Eligibility Appendix
income level of the 200.03 Verificat Out of Release included for the group (including disqualified individuals)
ED- ED 1.4.3 --- Determin H 3, Section
individual based on 5 ion the Box 1 including earned income, unearned income, self-
044 Verify Current ation 1.2.2.8
Household employment income, and deemed income to establish a
Income Sources
composition. monthly income budget for the household

The Solution shall

have the ability to MAGI Financial Counta
The solution provides the ability to verify all income reported
FR- verify individual Verification --- Eligibility ble and Appendix
010.02 Out of Release on the case whether countable or excluded income. The
ED- countable income ED 1.4.3 --- Determin H Exclude 3, Section
0 the Box 1 verification rules for income is based on the type of income
045 and excluded Verify Current ation d 1.2.2.8
and the program being determined.
income for each Income Sources Income
household member.

Emerge Our Data Collection module captures details on member

The Solution shall Eligibility
ncy expenses including medical bills. The module also has the
have the ability to Determination ---
FR- Eligibility Medical Appendix capability for the worker to capture the verification of
designate that ED 1.5 --- Multipl 020.0052 Out of Release
ED- Determin H Service 3, Section medical bills. If a worker cannot verify the information our
medical records Medical Records e 00.035 the Box 2
046 ation s 1.2.2.11 solution provides the capability for the worker to mark the
and/or medical bills and Medical Bills
Verificat medical bill as 'Not verified' resulting in a notice being sent
have been verified. Assessment
ion to the member to provide the verification documents.

351
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

When a member's income is above the resource or income

limit for a program the eligibility module has the capability to
Eligibility cascade into a spenddown type of assistance. The eligibility
The Solution shall Determination --- Medicall module will automatically calculate the amount the individual
FR- Eligibility Appendix
have the ability to ED 1.5 --- 010.05 y Needy Out of Release is over either the resource or income limit and determine the
ED- Determin H 3, Section
calculate medically Medical Records 0 Spend the Box 2 spenddown amount. Once the spenddown amount has been
047 ation 1.2.2.11
needy spend down. and Medical Bills Down determined the system will use the verified medical
Assessment expenses incurred by the household to try and meet
spenddown and establish eligibility from the spenddown met
date.

As part of the spenddown calculation if there are medical

Eligibility bills that are not used in their entirety they will be carried
The Solution shall Determination --- Medicall forward to meet future spenddown months. The system is
FR- Eligibility Appendix
have the ability to ED 1.5 --- 010.05 y Needy Out of Release also configurable to stop using a medical expense as of a
ED- Determin H 3, Section
calculate carry- Medical Records 0 Spend the Box 2 certain date or after a certain period of time. Based on the
048 ation 1.2.2.12
forward balance. and Medical Bills Down type of medical expenses, like Medicare premiums, the
Assessment system can be configured to make expenses recurring so
the same amount is budgeted each month.

The Solution shall When an individual returns a verification based on the notice
have the ability to Eligibility generated requesting proof the worker will mark that
indicate which Determination --- verification as received and update the verification source
FR- Eligibility Appendix
verification ED 1.6 --- Out of Release based on the information provided by the member If there is
ED- Determin H 3, Section
documents have Assess the Box 1 still additional information that is required the caseworker
049 ation 1.2.2.14
already been Verification can track additional verifications through the updated
provided within the Information request page to see which verifications have yet to be
allotted time period. received.

The Solution shall Eligibility Our solution has the ability to automatically update
have the ability to Determination --- verification information as they are received. When the
FR- Eligibility Appendix
automatically update ED 1.6 --- Out of Release verification information is received, our solution
ED- Determin H 3, Section
a case when Assess the Box 1 automatically updates the information and also creates
050 ation 1.2.2.14
verification items are Verification eligibility triggers to automatically run and process eligibility
received. Information per Tennessee business policy.

352
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

If there is still additional information that is required the

caseworker can track additional verifications through the
updated request page to see which verifications have yet to
The Solution shall Eligibility
be received. If an individual has not provided all required
have the ability to Determination ---
FR- Eligibility Appendix documentation during the required time period when
designate that ED 1.6 --- Out of Release
ED- Determin H 3, Section rerunning eligibility their benefits will be denied or
verification Assess the Box 1
051 ation 1.2.2.14 terminated based on the failure to provide required
information is Verification
information. If the caseworker determines that there is a
missing. Information
valid reason for additional time to be allotted to the member
to comply the system will provided the option to extend the
verification due dates.

The Solution shall

Eligibility
provide the ability to
Determination ---
FR- determine how many Eligibility Appendix The worker can track the number of times a verification
ED 1.7 --- Out of Release
ED- times a verification Determin H 3, Section request has been made been made by reviewing the
Request for the Box 1
053 attempt was made ation 1.2.2.14 historical verification correspondence sent to the member.
Verification
and display the
Notice
count.

The Solution shall Eligibility

have the ability to Determination ---
FR- Eligibility Appendix
configure the ED 1.7 --- Configur Release Our solution has the capability to configure the number of
ED- Determin H 3, Section
number of times a Request for ation 1 times a verification attempt can be made.
054 ation 1.2.2.14
verification attempt Verification
is made. Notice

The Solution shall

enable automated
Verification
Eligibility
Requests to be The NextGen solution has the capability to interface with
Determination ---
FR- generated for Eligibility Appendix any third party tool/software identified by the State.
ED 1.7 --- Custom - Release
ED- selected financial Determin L 3, Section Requests for verification of resources would be made by the
Request for Easy 2
055 institutions and pre- ation 1.2.2.14 system to the third party software's database that would in
Verification
populated with the turn route the requests to financial institutions.
Notice
applicant/member
information at the
state's request.

353
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
notify users when If electronic verification cannot be achieved, our solution
additional Request for integrates the verification process with the Notices Module,
verification Verification --- automatically triggering a Request for Verification and
FR- Eligibility Appendix
documents are ED 1.7.1 --- 200.03 Verificat Out of Release provides the member a dynamic list of the acceptable
ED- Determin H 3, Section
necessary to Request for 5 ion the Box 1 verifications for the information requested. Our solution also
056 ation 1.2.2.14
complete the Verification provides the capability to automatically pend the program in
eligibility Notice such instances and allows the users to see the reason for
determination pending the application on the eligibility summary screen.
process.

Request for
Our proposed NextGen solution provides the ability to
Verification
search and view Notices that were sent to the members in
Notice --- ED
the past. The case worker will have the ability to search for
1.7.1.1 ---
The Solution shall historic correspondence using multiple criteria including
Retrieve notice
allow user roles, as Eligibilit Case Number, Client ID and Print date. The case worker will
FR- from Digital Appendix
defined by the State, 200.04 y Out of Release also, be able to retrieve a selected correspondence with the
ED- Repository Notices H 3, Section
to re-generate 0 Determi the Box 1 original content from a document management system. If a
057 Post-Eligibility 1.2.4.5
notices with original nation client request that the historic correspondence be sent to
Verifications ---
content. them again, the worker can reprint the historic
CM 1.2.7 ---
correspondence using the 'Reprint' functionality. The
Request for
correspondence will be sent by mail to the address in file for
Verification
that client.
Notice

The Solution shall

The proposed NextGen solution comes with a framework
generate notices
Request for that allows for triggering and generating notices using HP
and dynamically
Verification Exstream. The configuration activities that remain would be
populate the text in Eligibilit
FR- Notice --- ED Eligibility Appendix 1. Build the Tennessee specific notices and look and feel, 2.
accordance with 200.04 y Configur Release
ED- 1.7.1.2 --- Determin H 3, Section the integration with HP Exstream to pass case/member
State and Federal 0 Determi ation 1
058 Identify Notice ation 1.2.4.1 specific details to the notice and 3. any notice triggers that
Program rules, nation
Triggers and are associated with new notices added. We are basing our
policy, administrative
variable content fit rating on the notices universe provided by the state in this
procedures and
RFQ which we have included in Appendix 4.
State design.

354
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

The proposed NextGen solution has a 'Generate Manual

Request for Correspondence' module which will allow case workers to
The Solution shall Verification trigger correspondences manually. The case worker can
Eligibilit
FR- allow user roles, as Notice --- ED Eligibility Appendix pick from a list of templates. The templates will be auto
200.04 y Out of Release
ED- defined by the State, 1.7.1.2 --- Determin H 3, Section populated with information that is available in the system for
0 Determi the Box 1
059 to manually trigger Identify Notice ation 1.2.4.5 a case/member. The system will also, allow user to provided
nation
notices. Triggers and additional information that goes on the template. The case
variable content worker will be able to preview the correspondence before
sending it to the client.

The proposed NextGen solution supports the generation of

correspondence in English and Spanish, allowing the State
the flexibility to address the varying needs of a diverse
The Solution shall Request for member population. The system will automatically identify
produce notices in Verification the ‘Primary correspondence language’ chosen by the head
Rights
FR- English and Notice --- ED Eligibility Appendix of household and generate the correspondence in English
200.01 and Out of Release
ED- Spanish, in addition 1.7.1.2 --- Determin H 3, Section or Spanish accordingly. Notice templates are built following
0 Respon the Box 1
060 to other languages Identify Notice ation 1.2.4.2 a multi-lingual template providing capability to add additional
sibilities
as defined by the Triggers and languages at a later date, when known.
State. variable content
In addition, the solution supports taglines in the required
language added to the notice which provides further
instruction to the member/applicant.
Request for
The Solution shall
Verification
allow user roles, as
FR- Notice --- ED Eligibility Appendix
defined by the State Out of Release The NextGen solution allows the users to create new notice
ED- 1.7.1.2 --- Determin H 3, Section
of TN, to design and the Box 1 templates with ease using the HPX notice Generation Tool.
061 Identify Notice ation 1.2.4.1
create notice
Triggers and
templates.
variable content
Request for
The Solution shall Verification
The proposed solution allows users to edit and update
FR- allow user roles, as Notice --- ED Eligibility Appendix
Configur Release existing notice templates. The solution also allows users to
ED- defined by the State 1.7.1.2 --- Determin M 3, Section
ation 1 specify areas that are static and those that will be
062 of TN, to edit Identify Notice ation 1.2.4.5
dynamically populated.
existing notices. Triggers and
variable content
Request for
The NextGen solution provides the out of box functionality
The Solution shall Verification
for the user to manually compose a notice using the
FR- allow user roles, as Notice --- ED Eligibility Appendix
Out of Release Generate Manual Correspondence screens. This screen is
ED- defined by the State 1.7.1.2 --- Determin L 3, Section
the Box 1 used when the users want to generate a notice to the
063 of TN, to manually Identify Notice ation 1.2.4.5
member that is not triggered by any automated system
compose a notice. Triggers and
actions.
variable content

355
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
Request for
The Solution shall The NextGen solution has a 'Pending Correspondence'
Verification
allow user roles, as screen which will allow case worker to review/preview
FR- Notice --- ED Eligibility Appendix
defined by the State Out of Release correspondence before it is sent to the member The notices
ED- 1.7.1.2 --- Determin L 3, Section
of TN, to review a the Box 1 are sent to the members by our nightly batch process and it
064 Identify Notice ation 1.2.4.5
notice prior to its provides an opportunity for the workers to review before it is
Triggers and
production. being actually sent.
variable content

The proposed NextGen solution comes with a framework

The Solution shall Request for that allows for triggering and generating notices using HP
generate notices Verification Exstream. The configuration activities that remain would be
FR- and forms pre- Notice --- ED Eligibility Appendix 1. Build the Tennessee specific notices and look and feel, 2.
Configur Release
ED- populated with case 1.7.1.2 --- Determin H 3, Section the integration with HP Exstream to pass case/member
ation 1
065 data based on Identify Notice ation 1.2.4.6 specific details to the notice and 3. any notice triggers that
triggers approved by Triggers and are associated with new notices added. We are basing our
the State. variable content fit rating on the notices universe provided by the state in this
RFQ which we have included in Appendix 4.

Request for
The Solution shall
Verification
FR- generate notices at Eligibility Appendix
Notice --- ED Out of Release The NextGen solution will trigger notices at the applicant,
ED- the Determin H 3, Section
1.7.1.3 --- the Box 1 member and case level as per Tennessee business policy.
066 applicant/member/ca ation 1.2.4.2
Generate Notice
se level.
Record

The proposed NextGen solution stores all the

correspondence generated by the system or the worker in
Request for
the states IBM Filenet Electronic Content Management
The Solution shall Verification
FR- Eligibility Appendix System (ECM). NextGen solution utilizes the FileNet's real
have the ability to Notice --- ED Out of Release
ED- Determin H 3, Section time service capabilities to store the notices when they are
electronically store 1.7.1.4 --- Store the Box 1
067 ation 1.2.4.6 printed either as a Local print or through the nightly batch
generated notices. Notice in Digital
process. The Document Management module in the system
Repository
allows the user to retrieve the documents stored in the ECM
based on different search criteria.

The Solution shall In proposed NextGen solution, case worker will be able to
allow user roles, as Request for review the pending correspondence using the preview
FR- defined by the State, Verification Eligibility Appendix functionality before it is sent to the print vendor. If the worker
Out of Release
ED- to suppress notices Notice --- ED Determin H 3, Section feels that the information on the notice is not correct, they
the Box 1
068 on a 1.7.1.5 --- Send ation 1.2.4.5 can suppress the correspondence using the options
applicant/member/ca Notices to Queue provided on the Pending Correspondence screen and
se-level basis. prevent it from being mailed to the member

356
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The NextGen solution provides the ability for case workers
The Solution shall to suppress or un-suppress notices generated to members
Request for
allow user roles, as on a program level or case level or client level. The pending
FR- Verification Eligibility Appendix
defined by the State, Out of Release correspondence screen displays all the pending notices for
ED- Notice --- ED Determin H 3, Section
to suppress notices the Box 1 the case and all members associated with the case. Users
069 1.7.1.5 --- Send ation 1.2.4.5
on a program-level can select one or more than one notice from the screen and
Notices to Queue
basis. suppress them using the Suppress options provided on the
screen.
The Solution shall
have the ability to
generate a file of all Request for The proposed NextGen solution will generate a consolidated
FR- notices to be printed Verification Eligibility Appendix PDF or multiple consolidated PDFs for all the
Out of Release
ED- and mailed from a Notice --- ED Determin H 3, Section correspondence generated during the business day. The
the Box 1
070 centralized location 1.7.1.5 --- Send ation 1.2.4.2 PDF/PDFs will be transferred to the print vendor for printing
in accordance with Notices to Queue via a SFTP transfer every night.
State design and
rules.
Request for
Verification
Notice --- ED
1.7.1.6 --- Send
Email
Hearing --- AP
1.2.9 --- Denial of
The Solution shall The proposed NextGen solution supports 'Go Green'
Continuance
FR- have the ability to Appendix functionality, where the members will be able opt out of
Order / Notice Out of Release
ED- distribute notice- Alerts H 3, Section paper notifications and opt in to receive notifications only by
Petition --- AP the Box 1
071 related alerts via 1.2.4.3 email. Members will be able to change the 'Go Green'
1.3.2 --- Notify
email. preference any time they wish via the member portal.
Appellant of
Petition
Petition --- AP
1.3.11 ---
Distribute
Petition Receipts
/ Orders
If a opted for 'email only option' and member's email comes
The Solution shall Request for
back as an invalid email or undeliverable, the system will
have the ability to Verification
FR- Eligibility Appendix able to track such failures. Our solution provides the ability
identify when an Notice --- ED Out of Release
ED- Determin H 3, Section to generate this data on an ad-hoc basis and can be used
email has not been 1.7.1.7 --- Detect the Box 1
072 ation 1.2.4.3 by the state workers to contact the members or update their
successfully System Non-
preferences in the worker portal. Returned email will result
delivered. delivery
in default back to paper notices.

357
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

The proposed NextGen solution allows the caseworker to

'Central Print' or 'Local Print' correspondence. The 'Central
Request for
Eligibilit Printed' correspondence will be added to the mailing queue.
FR- The Solution shall Verification Eligibility Appendix
200.04 y Out of Release At the end of the business day all the correspondences in
ED- have the ability to Notice --- ED Determin H 3, Section
0 Determi the Box 1 the mailing queue will be merged together as a single PDF
073 print a notice. 1.7.1.8 --- Send ation 1.2.4.5
nation file and sent to print vendor. The correspondence can also
Mail
be printed on-demand and in real time at a printer in
worker’s office using the 'Local Print' functionality.

Request for
Verification
Notice --- ED
1.7.1.8 --- Send
Mail
Hearing --- AP The proposed NextGen solution provides the capability to
1.2.9 --- Denial of generate and apply barcodes on the correspondence sent to
The Solution shall Continuance members. The barcodes generated will be in accordance
FR- Appendix
apply USPS bar- Order / Notice Out of Release with USPS standards to sort and scan for mailing. The
ED- Notices H 3, Section
coding to all mailed Petition --- AP the Box 1 information on the bar codes will be customized such that
074 1.2.4.2
documents. 1.3.2 --- Notify they contain case/member information. This information will
Appellant of be used to trigger tasks when the member returns the
Petition correspondence with information filled in it.
Petition --- AP
1.3.11 ---
Distribute
Petition Receipts
/ Orders
The Solution shall
have the ability to NextGen solution has the ability to consolidate notices by
Request for
bundle and send out recipient prior to sending to the print facility. This includes
FR- Verification Eligibility Appendix
multiple notices Configur Release attachments that may be tied to specific notices. What is
ED- Notice --- ED Determin H 3, Section
and/or send out ation 1 remaining to be done is a configuration activity to tie notices
075 1.7.1.8 --- Send ation 1.2.4.2
notices with and respective attachments so that they can be
Mail
corresponding forms consolidated during generation.
together.

The Solution shall The proposed NextGen solution will record if a

Request for
have the ability to correspondence is system generated or generated by a user
FR- Verification Eligibility Appendix
identify whether Out of Release using the View History Correspondence screen.
ED- Notice --- ED Determin H 3, Section
notice was auto- the Box 1 Additionally the users can search for all the
076 1.7.1.8 --- Send ation 1.2.4.5
generated or worker- correspondences that were both created by an user or by an
Mail
generated. automated process.

358
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

The The proposed NextGen solution has built in intelligence to

The Solution shall State identify invalid addresses so that the correspondences are
Request for
have the ability to currently not mailed to an invalid address. When the mailing address
FR- Verification Eligibility Appendix
auto-correct mailing utilizes Configur Release data is loaded into the data collection module the system
ED- Notice --- ED Determin H 3, Section
address to be QAS for ation 1 will provide the worker with an option to validate the mailing
077 1.7.1.8 --- Send ation 1.2.4.4
compliant with address address. The validate functionality will make a web service
Mail
USPS guidelines. verificatio call to state's QAS address validation services and return
n. with potential match when a mailing address is not correct.

The Solution shall Request for

have the ability to Verification --- The verification time period is configurable based on the
FR- Eligibility Appendix
configure verification ED 1.7.3 --- 200.03 Verificat Out of Release type of verification that is required. For example the solution
ED- Determin H 3, Section
time frames and Applicant/Membe 5 ion the Box 1 can be configured to request 10 days for income verification
081 ation 1.2.2.14
verifications by r Sends or 90 days for citizenship.
program. Information
Request for
Verification ---
ED 1.7.3 ---
The Solution shall
Applicant/Membe Our solution provides the capability for authorized users to
have the ability to
FR- r Sends Case Appendix extend verification dates for members who have valid
allow verification Out of Release
ED- Information Maintena H 3, Section reason for additional time. Our solution captures the reason
times to be the Box 1
082 Post-Eligibility nce 1.2.2.14 for extension using the Pending verification Checklist screen
extended, as defined
Verifications --- in Data Collection module.
by the State.
CM 1.2.9 ---
Member Sends
Information
Request for
Verification ---
ED 1.7.3 ---
The Solution shall
Applicant/Membe
provide the ability to
FR- r Sends Case Appendix Our solution provides the capability to automatically deny or
deny or terminate 200.03 Verificat Out of Release
ED- Information Maintena H 3, Section terminate members based on the failure to provide required
applications when 5 ion the Box 1
083 Post-Eligibility nce 1.2.2.14 documentation that is needed for processing eligibility.
verification time
Verifications ---
frames have lapsed.
CM 1.2.9 ---
Member Sends
Information
Too
numero
The Solution shall
us to
have the ability to Eligibility The solution has a configurable rules-based engine to
list.
FR- determine eligibility Determination --- Eligibility Appendix deliver quick and accurate eligibility determination
Multipl Every Out of Release
ED- based on a ED 1.8 --- Determin H 3, Section functionality for its users A rules-based engine enables a
e policy the Box 1
086 configurable list of Determine ation 1.2.2.20 streamlined automation of business logic and simplifies the
will
business rules Eligibility process of managing and implementing ongoing changes
generat
defined by the State.
e
specific

359
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
detail
busines
s rules.

The Solution shall

retain access to
every production-
released version of
the eligibility rules,
identified by version
Eligibility
dates, and allow Our proposed solution leverages an off the shelf rules
FR- Determination --- Eligibility Appendix
authorized user Out of Release engine that provides version controlled rules. The system
ED- ED 1.8 --- Determin H 3, Section
roles, as specified the Box 1 maintains rules for reference so that eligibility rules can be
087 Determine ation 1.2.2.20
by the State, to processed for any time period.
Eligibility
process eligibility
determinations using
any current or
former version of the
rules, by specific
date, as necessary.
Eligibility
The Solution shall
FR- Determination --- Eligibility Appendix
provide version Out of Release The solutions has version controlled business rules that are
ED- ED 1.8 --- Determin H 3, Section
control of the the Box 1 configurable by program.
088 Determine ation 1.2.2.20
business rules.
Eligibility
Eligibility
The Solution shall
FR- Determination --- Eligibility Appendix Our solution provides the capability to lock the rules while
provide locking Out of Release
ED- ED 1.8 --- Determin H 3, Section being modified by the user. This prevent others users from
mechanisms (e.g., the Box 1
089 Determine ation 1.2.2.20 accessing the same and overlay the changes made.
check-in/check-out).
Eligibility

The solution has a version based rules engine and all rules
The Solution shall Eligibility are maintained for reference so that eligibility rules can be
FR- provide the Determination --- Eligibility Appendix processed for any time period. Our version control software
Out of Release
ED- capability to roll back ED 1.8 --- Determin H 3, Section maintain the version of all the rules and provides the
the Box 1
090 to prior version of Determine ation 1.2.2.20 capability for a user to user a older version of the rule if
rule. Eligibility necessary. The old version of the rules are then checked
into our version control tool as the most updated rule.

The Solution shall

Eligibility
provide simulation The solution has a simulation and test modes to allow for
FR- Determination --- Eligibility Appendix
tools to perform Out of Release testing of rules behavior under various scenarios. Rule
ED- ED 1.8 --- Determin H 3, Section
what-if analytics with the Box 1 changes can be tested independently and as an
091 Determine ation 1.2.2.20
runtime data to interconnected flow.
Eligibility
analyze the behavior

360
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
of rules
independently and in
conjunction with
other rules.

Overvie
w of
Financi
al
Eligibilit
y,
Income
Overvie
w,
Counta
ble and
Exclude
d
Income,
Expens 010.005
Determine
es, 010.010
The Solution shall Eligibility --- ED Eligibility for the MAGI programs are supported using out
FR- Eligibility The 5 010.020 Appendix
have the ability to 1.8.1 --- Perform Multipl Out of Release NextGen solution ‘Out of the Box’. Additional programs and
ED- Determin H Percent 010.025 3, Section
determine eligibility Eligibility e the Box 1 TN specific rules can be built on the NextGen COTS BRE
092 ation Federal 010.030 1.2.2.1
for MAGI. Determination framework.
Poverty 010.035
Process
Level TBD
Disrega
rd for
MAGI,
and
Reason
able
Compati
bility
and
Verificat
ion
Hospital
Presum
ptive

361
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
Medicall
y Needy
Counta
ble and
Exclude
d
Income
Medicall
y Needy
Spend
Down
Treatme
nt of
Resourc
es:
Owners
hip
Counta
ble and
Exclude
010.045
d
010.050 Eligibility for the Non-MAGI programs are supported using
Resourc
Determine 010.055 out NextGen solution. Out of the Box we are able to bring
es for
The Solution shall Eligibility --- ED 010.060 rules set that have been developed based on other state
FR- Eligibility Medicall Appendix
have the ability to 1.8.1 --- Perform Multipl 010.0065 Configur Release specific non-MAGI eligibility requirements. Our team will
ED- Determin H y Needy 3, Section
determine eligibility Eligibility e 010.070 ation 2 work with you during design to configure Tennessee specific
093 ation Inacces 1.2.2.1
for Non-MAGI. Determination 110.025 eligibility rules for non-MAGI Medicaid categories using the
sible
Process 110.030 'Out of Box' non-MAGI baseline rules that we bring to
Resourc
110.035 Tennessee.
es for
110.040
Medicall
y Needy
Trusts
and
Medicall
y Needy
Categor
ies
ABD
Earned
Income
ABD
Unearn
ed
Income
ABD
Income
Disrega
rds and
Expens

362
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
es
ABD
Deemin
g of
Income
and
Resourc
es

363
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
Medicar
e
Savings
Progra
ms
Overvie
w
Qualifie
d
Medicar
e
Benefici
ary
Determine
The Solution shall Specifie 120.005
Eligibility --- ED Eligibility for the MSP programs are supported using out
FR- have the ability to Eligibility d Low 120.010 Appendix
1.8.1 --- Perform Multipl Out of Release NextGen solution ‘Out of the Box’. Additional programs and
ED- determine eligibility Determin H Income 120.015 3, Section
Eligibility e the Box 2 TN specific rules can be built on the NextGen COTS BRE
094 for Medicare ation Medicar 120.020 1.2.2.1
Determination framework.
Savings Programs. e 120.025
Process
Benefici
ary
Qualifyi
ng
Individu
als 1
Qualifie
d
Disable
d
Working
Individu
als
Institutio
nal
Status,
TennCa
re
Choices
Determine in Long-
The Solution shall Eligibility --- ED Term 125.005 Eligibility for LTSS programs are supported using out
FR- Eligibility Appendix
have the ability to 1.8.1 --- Perform Multipl Service 130.005 Out of Release NextGen solution ‘Out of the Box’. Additional programs and
ED- Determin H 3, Section
determine eligibility Eligibility e s, 125.015 the Box 2 TN specific rules can be built on the NextGen COTS BRE
095 ation 1.2.2.1
for LTSS. Determination Resourc 125.025 framework.
Process e
Assess
ment,
and
Long-
Term
Care

364
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
Partner
ship

The Solution shall

Determine
automatically
Eligibility --- ED Eligibilit
FR- determine eligibility Eligibility Appendix Our solution supports automatic eligibility determination
1.8.1 --- Perform 200.04 y Out of Release
ED- for a specific Determin H 3, Section based on other interfaces as defined by business policy and
Eligibility 0 Determi the Box 1
096 program when ation 1.2.2.1 implemented per business rules.
Determination nation
verifications are
Process
resolved.

DeathA
BD
DeathCi
tizenshi
p and
Immigra
tionCoo
peration
with CS
Service
sABD
The Solution shall Citizens 005.0451
Determine
have the ability to hip and 00.03000
Eligibility --- ED
FR- deny or terminate Eligibility Immigra 5.010005 Appendix
1.8.1 --- Perform Multipl Configur Release Our solution can be configured to end benefits on any day of
ED- eligibility effective Determin H tionBrea .035100. 3, Section
Eligibility e ation 1 the month based on State specific rules and program types.
097 any day of the ation st or 010115.0 1.2.2.3
Determination
month based on Cervical 05125.00
Process
State policies. CancerI 5130.005
nstitutio
nal
StatusT
ennCar
e
CHOIC
ES in
LTSSOt
her
program
s not

365
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
listed
above
may
also
require
a
'specific
date'
terminat
ion.

The Solution shall

be able to support
Determine Transfer
penalty period Our solution provides the capability to capture the asset
Eligibility --- ED of
FR- identification, Eligibility Appendix transfer data within the resources module in Data Collection.
1.8.1 --- Perform 125.01 Assets Out of Release
ED- including retroactive Determin H 3, Section Based on the data captured our solution automatically
Eligibility 0 and the Box 1
098 application of ation 1.2.2.17 creates a penalty period for long term care members
Determination Penalty
penalty period, due including the retroactive application periods.
Process Periods
to transfer of
resources.
The Solution shall
be able to calculate Determine Transfer
As per the details in requirement FR-ED-098, our solution
penalty period based Eligibility --- ED of
FR- Eligibility Appendix automatically calculates the penalty period for asset
on entered asset 1.8.1 --- Perform 125.01 Assets Out of Release
ED- Determin H 3, Section transfer. Our business rules engine calculates this based on
transfer information Eligibility 0 and the Box 2
099 ation 1.2.2.17 the statewide average nursing facility rate information stored
and statewide Determination Penalty
in our reference tables.
average of nursing Process Periods
facility rate.
Determine Transfer
The Solution shall Eligibility --- ED of
FR- Eligibility Appendix As defined in requirements FR-ED-098 our solution
apply the penalty 1.8.1 --- Perform 125.01 Assets Out of Release
ED- Determin H 3, Section automatically calculate the penalty period and applies to
period to the Eligibility 0 and the Box 2
100 ation 1.2.2.17 eligibility periods for active Long term care members.
eligibility period. Determination Penalty
Process Periods

366
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
Determine Transfer
The Solution shall Eligibility --- ED of
FR- Eligibility Appendix Our solution provides the ability to track members penalty
provide the ability to 1.8.1 --- Perform 125.01 Assets Out of Release
ED- Determin H 3, Section period using the eligibility summary and individual eligibility
track a members Eligibility 0 and the Box 2
101 ation 1.2.2.17 summary screens.
penalty period. Determination Penalty
Process Periods
Institutio
nal
Status
Determine The EDBC module also includes information about the
The Solution shall TennCa
Eligibility --- ED scope of coverage, or level of care, for which an individual is
FR- be able to support Eligibility re Appendix
1.8.1 --- Perform Multipl 125.005 Out of Release authorized upon approval for certain Medicaid programs. In
ED- tracking of level of Determin H Choices 3, Section
Eligibility e 130.005 the Box 2 addition to the level of care, the copay amount an individual
102 care for LTSS ation in Long- 1.2.2.15
Determination is responsible for contributing, for example, towards the cost
applicants/members. Term
Process of a residential care facility, is also available.
Service
s and
Support
The Solution shall
Determine Transfer
be able to override As per the details in requirement FR-ED-098, our solution
Eligibility --- ED of
FR- an asset transfer Eligibility Appendix automatically calculates the penalty period for asset
1.8.1 --- Perform 125.01 Assets Out of Release
ED- penalty period or Determin H 3, Section transfer. Our solution provides also capability to add
Eligibility 0 and the Box 2
103 excess home equity ation 1.2.2.18 systematic exemptions for transfer penalty logic to override
Determination Penalty
denial due to a eligibility determination for hardship waiver.
Process Periods
hardship waiver.

The Solution shall Determine

determine the start Eligibility --- ED Eligibilit
FR- Eligibility Appendix
date and end date of 1.8.1 --- Perform 200.04 y Out of Release Our solution is configurable to end benefits on any day of
ED- Determin H 3, Section
eligibility, on any day Eligibility 0 Determi the Box 1 the month based on State specific rules.
104 ation 1.2.2.3
of the month, based Determination nation
on State policies. Process

367
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

The Solution shall

have the ability to The system will have special rules to determine eligibility for
provide presumptive Presum the TN presumptive and expedited programs eligibility
coverage through ptively programs. Presumptive eligibility will allow for specific
the end of the month Determine Eligible groups of people to receive immediate eligibility based on
following the month Eligibility --- ED Pregna member attested information. The NextGen solution
FR- Eligibility Appendix
in which the 1.8.1 --- Perform Multipl nt 015.030 Out of Release provides presumptive coverage through the end of the
ED- Determin H 3, Section
eligibility Eligibility e Women 115.005 the Box 2 month following the month in which the eligibility
105 ation 1.2.2.4
determination was Determination Breast determination was made or the day on which a decision is
made OR the day on Process or made on a filed Medicaid application. Expedited eligibility
which a decision is Cervical logic is also part of the eligibility module which will allow for
made on a filed Cancer compliance with Federal determination requirements even
Medicaid when a verification is still pending.
application.

The Solution shall Determine

have the ability to Eligibility --- ED Eligibilit Our solution provides the capability to generate reasons for
FR- Eligibility Appendix
designate the 1.8.1 --- Perform 200.04 y Out of Release the eligibility determination for approvals, denials and
ED- Determin H 3, Section
reason/trigger for an Eligibility 0 Determi the Box 1 terminations. The reasons are displayed to the users using
106 ation 1.2.2.19
eligibility Determination nation the Eligibility Summary screen.
determination. Process

Policy
The Solution shall for
Determine
have the ability to Immedi
Eligibility --- ED Our solution will provides the capability to interface with
FR- determine eligibility Eligibility Un- ate Appendix
1.8.1 --- Perform Custom - Release DCS to receive information for foster care members Our
ED- based on applicant Determin H numbe Eligibilit 3, Section
Eligibility Easy 2 rules engine will be customized to evaluate foster care
107 being in current ation red y for 1.2.2.7
Determination Medicaid for members being on the DCS custody.
State of TN DCS Current
Process
custody. DCS
Custody

368
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

The Mass Update module provides the functionality to

The Solution shall quickly implement new policy, changes to eligibility
have the ability for standards, and other time-based regulatory changes
appropriate user (COLA, RSDI and MSP premium amounts) without direct
Medicar
roles to perform Determine user intervention. This module executes these changes
e
mass changes to Eligibility --- ED across applicable cases in an automated manner. The Mass
FR- Eligibility Savings Appendix
implement updated 1.8.1 --- Perform 120.00 Out of Release Update module identifies impacted cases, excludes cases
ED- Determin H Progra 3, Section
MSP Premium Eligibility 5 the Box 2 that meet pre-defined criteria, updates case data (as
108 ation ms 1.2.2.19
Amounts (based on Determination required), invokes eligibility and authorization on cases
Overvie
federal COLA) or Process identified, and generates alerts and member letters
w
other similar including notices of action (NOAs) and various reports, as
reference value applicable. This module also generate reports and statistics
changes. regarding the outcome of mass updates, and provide
meaningful information to personnel.

The Solution shall

Determine The system will have special rules to determine eligibility for
have the ability to Eligibilit
FR- Eligibility --- ED Eligibility Appendix the TN presumptive and expedited programs eligibility
apply immediate 200.04 y Out of Release
ED- 1.8.2 --- Assign Determin H 3, Section programs. Presumptive eligibility allows for specific groups
eligibility for 0 Determi the Box 2
109 individual to one ation 1.2.2.4 of people to receive immediate eligibility based on member
designated nation
eligibility group attested information.
categories.

Presum
ptively
Eligible
Pregna
nt
Women The NextGen solution provides presumptive coverage
The Solution shall 015.030
Determine Breast through the end of the month following the month in which
have the ability to 115.005
FR- Eligibility --- ED Eligibility or Appendix the eligibility determination was made or the day on which a
apply presumptive Multipl 015.010 Out of Release
ED- 1.8.2 --- Assign Determin H Cervical 3, Section decision is made on a filed Medicaid application. Expedited
eligibility for e TBD-not the Box 2
110 individual to one ation Cancer 1.2.2.4 eligibility logic is also part of the eligibility module which
designated issued
eligibility group Deeme allows for compliance with Federal determination
categories. yet
d requirements even when a verification is still pending.
Newbor
ns
Hospital
Presum
ptive

369
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

After an eligibility determination has been made the results

are displayed to the case worker. The worker can view the
eligibility result per group per month. The result displays the
eligibility result at a module level such as non-financial,
Determine
FR- The Solution shall Eligibility Appendix financial and verification. The worker can see for each
Eligibility --- ED Out of Release
ED- have the ability to Determin H 3, Section segment a descriptive reason for ineligibility if the member
1.8.2 --- Store the Box 1
111 store eligibility result. ation 1.2.2.16 was determined ineligible as well as which additional
Eligibility Result
verifications are required. The system will allow the worker
to validate the income and resource calculations as well as
which individuals are included in the group prior to
authorizing the benefits.

The worker can see for each segment a descriptive reason

The Solution shall Determine for ineligibility if the member was determined ineligible as
FR- Eligibility Appendix
have the ability to Eligibility --- ED Out of Release well as which additional verifications are required. The
ED- Determin H 3, Section
store eligibility result 1.8.2 --- Store the Box 1 system will allow the worker to validate the income and
112 ation 1.2.2.16
reason. Eligibility Result resource calculations as well as which individuals are
included in the group prior to authorizing the benefits.

The Solution shall

Our solution has the capability to provide a link to the State
provide a link to the Determine
of Tennessee’s Eligibility policy manual in all of the Data
FR- relevant section of Eligibility --- ED Eligibility Appendix
Out of Release Collection and eligibility screens to serve as a reference for
ED- policy manuals to 1.8.3 --- Assign Determin H 3, Section
the Box 1 the user. All it would be remaining to do is place the State of
113 identify the policy individual to one ation 1.2
Tennessee's Eligibility policy manual link in a configuration
directing the eligibility group
location to drive this process.
eligibility outcome.

The Solution shall

allow user roles, as
Our proposed solution's eligibility module automatically
defined by the State,
determines eligibility for each program administered. The
to manually override Determine
solution provides authorized users with the ability to modify
FR- an eligibility Eligibility --- ED Eligibility Appendix
Out of Release these results, due to a unique member circumstance, by
ED- decision, eligibility 1.8.3 --- Assign Determin H 3, Section
the Box 1 overriding the eligibility determination. Our solution provides
114 category, eligibility individual to one ation 1.2.2.18
the capability to override categories of eligibility, and
start dates, or eligibility group
program dates. It also provides the user to capture the
eligibility end dates,
reason for the override.
as defined by the
state of TN.

370
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
Medicall
y Needy
When an end user initiates the eligibility process, or “runs
Househ
EDBC” for a specific case, the eligibility module gathers the
old
The Solution shall case and individual information that has been collected in
Compos
enable, for each the system and evaluates it against the policy rules for the
ition
applicant, calculation programs that have been requested to form an eligibility
ABD
of Financially Eligibility determination group. For MAGI Medical programs the
Househ
FR- Responsible Determination --- Eligibility 010.040 Appendix system will first determine if tax or relationship rules are
Multipl old Out of Release
ED- Relatives (FRR) ED 1.9 --- FRR Determin H 110.010 3, Section required based on the tax status of the households and
e Compos the Box 2
115 Medicaid household Household ation 110.020 1.2.2.5 applicable exemptions. Once the type of group composition
ition
size and association Composition rules are defined the system automatically builds the group.
ABD
to FRR household In order to make the determination using relationship rules
Financi
composition less error prone the system will automatically populate
ally
members. reciprocal relationships when entered by the worker which
Respon
are then automatically used by eligibility when relationship
sible
rules are required.
Relative
s
ABD
State
Residen
ce
ABD
Citizens
hip and
Immigra
tion
ABD
Qualifie
100.005
The Solution shall d Non- Eligibility for the Non-MAGI programs are supported using
100.010
have the ability to Eligibility Citizens out NextGen solution. Out of the Box we are able to bring
100.015
verify all non- Determination --- ABD rules set that have been developed based on other state
FR- Eligibility 100.020 Appendix
financial eligibility ED 1.10 --- Non- Multipl Enumer Configur Release specific non-MAGI eligibility requirements. Our team will
ED- Determin H 100.025 3, Section
requirements for MAGI Non- e ation ation 2 work with you during design to configure Tennessee specific
116 ation 115.050 1.2.2.7
Non-MAGI Financial ABD eligibility rules for non-MAGI Medicaid categories using the
115.010
programs, as Verification Age 'Out of Box' non-MAGI baseline rules that we bring to
115.030
defined by the State. Pickle Tennessee.
Pass-
along
Disable
d Adult
Children
Widow/
Widowe
r
Categor
ies

371
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
Non-MAGI Non-
The Solution shall Financial
FR- Eligibility Pickle Appendix The business rules engine and data collections of our
have the ability to Verification --- 115.05 Custom - Release
ED- Determin H Pass- 3, Section NextGen solution can be customized to capture data and
verify Pickle-Pass ED 1.10.1 --- 0 Easy 2
117 ation along 1.2.2.1 evaluate eligibility for Pickle -Pass category.
along status. Pickle Pass
Along Verification
Non-MAGI Non-
The Solution shall Financial Eligibility for the DAC programs are supported using out
FR- Eligibility Disable Appendix
have the ability to Verification --- 115.01 Out of Release NextGen solution ‘Out of the Box’. Additional programs and
ED- Determin H d Adult 3, Section
verify Disabled Adult ED 1.10.2 --- 0 the Box 2 TN specific rules can be built on the NextGen COTS BRE
118 ation Children 1.2.2.1
Child status. Disabled Adult framework.
Child Verification
Non-MAGI Non-
The Solution shall Widow/
Financial Eligibility for the Widow(er) programs are supported using
FR- have the ability to Eligibility Widowe Appendix
Verification --- 115.03 Out of Release out NextGen solution ‘Out of the Box’. Additional programs
ED- verify Determin H r 3, Section
ED 1.10.3 --- 0 the Box 2 and TN specific rules can be built on the NextGen COTS
119 Widow/Widower ation Categor 1.2.2.1
Widow/Widower BRE framework.
status. ies
Verification

The NextGen solution provides verification of Medicare Part

A/Part B through two sources – the State Online Query-I
The Solution shall (SOLQ-I) real-time we service and the Beneficiary Data
perform verification Exchange (BENDEX) batch interface with the Social
Non-MAGI Non-
of attested access to Security Administration. Anytime during the intake/case
Financial
FR- and enrollment in Eligibility Appendix change/case review/renewal process, the worker can
Verification --- 200.03 Verificat Out of Release
ED- Medicare with Determin H 3, Section request Medicare Part A/Part B information through the
ED 1.10.4 --- 5 ion the Box 2
120 external data ation 1.2.3.9 SOLQ-I interface, which will send a real-time request to SSA
Medicare
sources, including and populate the response in a screen for the worker to
Verification
but not limited to verify. The BENDEX process operates as part of the nightly
SSA BENDEX. batch process and sends out a request for all individuals
eligible for Medicaid to the BENDEX system to check for
Medicare enrollment in addition to receipt of Title II Income.

ABD
Income
Overvie
The Solution shall w Eligibility for the Non-MAGI programs are supported using
have the ability to ABD out NextGen solution. Out of the Box we are able to bring
Eligibility
verify all financial Treatme rules set that have been developed based on other state
FR- Determination --- Eligibility Appendix
eligibility Multipl nt of Configur Release specific non-MAGI eligibility requirements. Our team will
ED- ED 1.11 --- Non- Determin H 3, Section
requirements for e Resourc ation 2 work with you during design to configure Tennessee specific
121 MAGI Financial ation 1.2.2.8
Non-MAGI es: eligibility rules for non-MAGI Medicaid categories using the
Verification
programs, as Owners 'Out of Box' non-MAGI baseline rules that we bring to
defined by the State. hip Tennessee.
ABD
Trusts
ABD

372
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
Inacces
sible
Resourc
es
Applicat
ion for
Other
Progra
m
Benefits

Treatme
nt of
Resourc
The Asset Verification Service (AVS) is currently being used
The Solution shall es:
in various state Medicaid programs throughout the country
have the ability to Non-MAGI Owners
to coordinate benefits, implement program integrity, and
electronically verify Financial hip,
FR- Eligibility Appendix verify resources of recipients. Our NextGen solution has the
assets and Verification --- 010.05 Equity Configur Release
ED- Determin H 3, Section capability to interface with a third party tool/software
resources for all ED 1.11.2 --- 5 Value ation 2
123 ation 1.2.3.5 identified by the state in order to verify both disclosed and
applicants upon Resource/Asset and
undisclosed resources. Our solution has a pre-built
submission of an Verification Accessi
interface that can be configured per the third party
application. bility for
tool/software identified by the State.
Medicall
y
Needy
Treatme
nt of
Resourc
The Solution shall es:
have the ability to Non-MAGI Owners
electronically verify Financial hip, The Asset Verification Service (AVS) in the NextGen
FR- Eligibility Appendix
assets and Verification --- 010.05 Equity Custom - Release solution is customizable to be invoked during several points
ED- Determin H 3, Section
resources for all ED 1.11.2 --- 5 Value Difficult 2 in a case's lifecycle - intake, redetermination, case change
124 ation 1.2.3.5
members for Resource/Asset and and case review.
redetermination of Verification Accessi
program services. bility for
Medicall
y
Needy

373
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
Treatme
nt of
The
Resourc
State
es:
may plan
The Solution shall Non-MAGI Owners
to The NextGen solution has the capability to interface with
have the ability to Financial hip,
FR- Eligibility provide Appendix any third party tool/software identified by the State.
send electronic Verification --- 010.05 Equity Custom - Release
ED- Determin L an Asset 3, Section Requests for verification of resources would be made by the
verification requests ED 1.11.2 --- 5 Value Difficult 2
125 ation Verificati 1.2.3.5 system to the third party software's database that would in
to financial Resource/Asset and
on turn route the requests to financial institutions.
institutions. Verification Accessi
system
bility for
at a later
Medicall
date.
y
Needy

The Solution shall Our proposed solution has the ability to poll for
Non-MAGI
have the ability to asynchronous responses from the asset verification third
Financial
FR- provide alerts upon Eligibility Appendix party software, and create alerts for users upon receipt of
Verification --- Custom - Release
ED- receipt of Determin H 3, Section asset/resource verifications from the data source. Our
ED 1.11.2 --- Difficult 2
126 information from an ation 1.2.3.5 solution also provides the capability to create tasks for a
Resource/Asset
applicant/member or user when a member submits a verification through the
Verification
data source. member portal or by mail.

The Solution shall Non-MAGI Our solution features pre-built interfaces that are
have the ability to Financial customized and configured to process electronic verification
FR- Eligibility Appendix
process electronic Verification --- 200.03 Verificat Custom - Release per program rules. The Federal interfaces are provided with
ED- Determin H 3, Section
verification ED 1.11.2 --- 5 ion Difficult 2 configuration as they are adapted to meet the TN
127 ation 1.2.3.5
responses received Resource/Asset infrastructure. The State interfaces are customized to meet
per program rules. Verification the needs of the various State system requirements.

Treatme
nt of
The Solution shall Non-MAGI Resourc As defined in requirement FR-ED-098 and FR-ED-099,our
have the ability to Financial es: solution provides the capability to capture the asset transfer
FR- Eligibility Appendix
calculate appropriate Verification --- Multipl Owners 010.055 Out of Release data within the resources module in Data Collection. Based
ED- Determin H 3, Section
penalty period for ED 1.11.2 --- e hip 115.015 the Box 2 on the data captured our solution automatically creates a
128 ation 1.2.3.5
the transfer of Resource/Asset Institutio penalty period for long term care members including the
assets/resources. Verification nal retroactive application periods.
Medicai
d

374
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
Treatme
nt of
Resourc
The Solution shall es:
have the ability to Non-MAGI Owners
Our solution's Business Rules Engine has the capability to
verify resource limits Financial hip,
FR- Eligibility Appendix calculate resources for members or couples who are
do not exceed Verification --- 010.05 Equity Out of Release
ED- Determin H 3, Section potentially eligible for Non MAGI categories of Eligibility.
individual or couple ED 1.11.2 --- 5 Value the Box 2
129 ation 1.2.3.5 Households that have an resource exceeded the threshold
thresholds as Resource/Asset and
will not be eligible for assistance as per the program rules.
specified in State Verification Accessi
policy. bility for
Medicall
y
Needy

Non-MAGI
The Solution shall Financial Medicall
FR- Eligibility Appendix
have the ability to Verification --- 010.05 y Needy Out of Release
ED- Determin H 3, Section The solution has the ability to calculate asset spend down.
calculate asset ED 1.11.2 --- 0 Spend the Box 2
130 ation 1.2.3.5
spend down. Resource/Asset Down
Verification

The solution has the functionality to post date letters in order

The Solution shall to allow for the appropriate time for compliance to be
FR- Appendix
have the ability to Configur Release provided to the members. For example if it takes two dates
ED- Notices H 3, Section
future date letters ation 1 for a piece of mail to be printed and sent the verification
131 1.2.4.2
and notices. documents can be configured to add two days to the due
date.

The Solution shall

determine
Emergency
Medicaid eligibility
for persons with an The system contains preconfigured rules to determine
FR- emergency medical Appendix eligibility for Emergency Medicaid eligibility programs.
Out of Release
ED- condition who 3, Section Expedited eligibility logic is also part of the eligibility module
the Box 2
132 otherwise meet all 1.2.2.1 which will allow for compliance with Federal determination
Medicaid eligibility requirements even when a verification is still pending.
requirements except
for citizenship or
immigration
requirements.

375
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
determine Hospital
The system contains preconfigured rules to determine
Presumptive
eligibility for presumptive and expedited eligibility programs.
eligibility for persons
The NextGen solution provides presumptive coverage
who attest to
FR- Appendix through the end of the month following the month in which
meeting the MAGI Out of Release
ED- 3, Section the eligibility determination was made or the day on which a
Medicaid eligibility the Box 2
133 1.2.2.10 decision is made on a filed Medicaid application. Expedited
requirements and
eligibility logic is also part of the eligibility module which will
apply through
allow for compliance with Federal determination
participating
requirements even when a verification is still pending.
hospitals in the State
of Tennessee.

The system will have special rules to determine eligibility for

the TN presumptive and expedited programs eligibility
The Solution shall programs. Presumptive eligibility will allow for specific
determine groups of people to receive immediate eligibility based on
Presumptive member attested information. The NextGen solution
FR- Appendix
eligibility for persons Out of Release provides presumptive coverage through the end of the
ED- 3, Section
who attest to the Box 2 month following the month in which the eligibility
134 1.2.2.10
meeting Medicaid determination was made or the day on which a decision is
eligibility made on a filed Medicaid application. Expedited eligibility
requirements. logic is also part of the eligibility module which will allow for
compliance with Federal determination requirements even
when a verification is still pending.

Request for
Verification
Notice --- ED
1.7.1.1 ---
The system is configured to be able to generate
The Solution shall Retrieve notice
Eligibilit correspondence to more than one mailing address per case.
FR- have the ability to from Digital Appendix
200.04 y Out of Release The number of addresses that can be assigned to a case is
ED- generate a copy of a Repository Notices H 3, Section
0 Determi the Box 1 configurable based on TN needs. The solution also has the
135 notice for multiple Post-Eligibility 1.2.4.2
nation capability to sends notices to authorized representatives
mailing addresses. Verifications ---
and facilities for Long Term Medicaid.
CM 1.2.7 ---
Request for
Verification
Notice

376
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

Deloitte’s NextGen solution is engineered to keep track of

The Solution shall eligibility determinations and benefit approvals, and trigger
Enrollment & Enrollme
FR- implement an interfaces to transfer Medicaid eligibility information to the
Denial / nt & Appendix
E&D enrollment-related Out of Release State Medicaid Management Information System (MMIS)
Terminate --- Denial / H 3, Section
T- workflow to address the Box 1 through a daily batch process. Our solution also sends back
E&DT 1.1 --- Terminati 1.3.3
001 individuals that are the data to FFM through a daily batch process for
Enrollment on
determined eligible. applications originated from them. Our solution also
provides the capability to send an approval notice.

The Solution shall

Enrollment &
implement a Enrollme Our solution has the capability to send data to the Federally
FR- Denial /
denial/termination- nt & Appendix Facilitated Marketplace through a daily batch interface for all
E&D Terminate --- Out of Release
related workflow to Denial / H 3, Section members determined as ineligible. The referrals are sent to
T- E&DT 1.2 --- the Box 1
address individuals Terminati 1.3.3 FFM irrespective of the source of the applications. Our
002 Denial /
that are determined on solution also provides the capability to send denial notices.
Terminate
ineligible.

As defined in requirement FR-E&DT-001 and FR-E&DT-

002, the NextGen solution will also enable the system to
The Solution shall send account referrals to the FFM for applicable cases
create and transmit using H15 service based interface. Cases needing to be
H15 account transfer referred per CMS guidance fit into two categories:
Enrollme
FR- transactions to the Enrollment --- The - An application originating from the FFM has a final
nt & Appendix
E&D FFM in accordance E&DT 1.1.1 --- 200.03 Applicat Out of Release eligibility determination made.
Denial / H 3, Section
T- with State and Outbound 0 ion the Box 1 - An application not originating from the FFM qualifies to
Terminati 1.3.3
003 Federal defined Account Transfer Process have an account transferred to the FFM. The NextGen
on
format, schedule solution is equipped with the necessary logic to send the
and processing qualifying application as a referral to the FFM.
rules.
Both the above transactions are sent through a daily batch
process.

377
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
have the ability to re-
transmit H15 Eligibility
account transfer Information
transactions to the Transfer to
Enrollme Our proposed solution has the ability to receive an
FR- FFM in accordance External Sources The
nt & Appendix acknowledgement response from the FFM upon
E&D with State and (Outbound 200.03 Applicat Out of Release
Denial / H 3, Section transmission of account responses/referrals, processing the
T- Federal defined Account 0 ion the Box 1
Terminati 1.3.3 response from FFM and re-transmitting the accounts back
004 format, schedule Transfer) --- Process
on to the FFM in the case of errors.
and processing rules E&DT 1.1.1.1 ---
when the previous Send Eligibility
transfer was Record
unsuccessful or
unconfirmed.
Eligibility
Information
The Solution shall
Transfer to
have the ability to Enrollme
FR- External Sources
configure the nt & Appendix Our proposed solution has the capability to automatically
E&D (Outbound Out of Release
timeframe Denial / H 3, Section schedule transmission of data through the automatic batch
T- Account the Box 1
associated with Terminati 1.3.3 scheduling tool built into the system.
005 Transfer) ---
automatic on
E&DT 1.1.1.1 ---
transmission of data.
Send Eligibility
Record
Eligibility
Information
Transfer to
The Solution shall External Sources Enrollme Our proposed solution has the ability to receive an
FR- The
have the ability to (Outbound nt & Appendix acknowledgement response from the FFM upon
E&D 200.03 Applicat Out of Release
verify the receipt of Account Denial / H 3, Section transmission of account responses/referrals, processing the
T- 0 ion the Box 1
data transfers from Transfer) --- Terminati 1.3.3 response from FFM and re-transmitting the accounts back
008 Process
the FFM. E&DT 1.1.1.4 --- on to the FFM in the case of errors.
Verify
Acknowledgeme
nt Received

378
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

Deloitte’s NextGen solution is engineered to keep track of

eligibility determinations and benefit approvals, and trigger
The Solution shall
interfaces to transfer Medicaid eligibility information to the
have the ability to Enrollme
FR- Enrollment --- State Medicaid Management Information System (MMIS).
transmit new and nt & Appendix
E&D E&DT 1.1.2 --- Out of Release For any newly approved and authorized case, a trigger
updated eligibility Denial / H 3, Section
T- Send Eligibility the Box 1 record would be created when eligibility runs.
and case information Terminati 1.3.2
009 Record to MMIS .
to MMIS, as defined on
For any case undergoing changes, potentially affecting
by the State.
eligibility, a trigger record would be created when eligibility
runs.

The Solution shall Our solution has the ability to receive and process the error
have the ability to re- Send Eligibility Enrollme report produced by the MMIS system. The error report
FR-
transmit eligibility Record to MMIS nt & Appendix produced by MMIS upon processing of the daily MMIS file
E&D Out of Release
information to MMIS --- E&DT 1.1.2.1 Denial / H 3, Section would be analyzed by the support team on a daily basis and
T- the Box 1
for eligibility records --- Send Eligibility Terminati 1.3.2 the records contained within the error report would be
010
designated in the Record on regenerated in the following MMIS batch file and sent out to
error report. MMIS.

Our solution has the ability to receive and process the error
Send Eligibility
The Solution shall Enrollme report produced by the MMIS system. The error report
FR- Record to MMIS
have the ability to nt & Appendix produced by MMIS upon processing of the daily MMIS file
E&D --- E&DT 1.1.2.3 Out of Release
receive and process Denial / H 3, Section would be analyzed by the support team on a daily basis and
T- --- Receive and the Box 1
the error report Terminati 1.3.2 the records contained within the error report would be
012 Process Error
generated by MMIS. on regenerated in the following MMIS batch file and sent out to
Report
MMIS.

379
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
have the ability to
generate an
Eligibility
Determination
Notice that includes,
but is not limited to,
for each applicant
that was determined:
The proposed NextGen solution comes with a framework
i. All applicable Send Eligibility
Enrollme that allows for triggering and generating notices using HP
FR- reasons for Record to MMIS Eligibilit
nt & Appendix Exstream. The configuration activities that remain would be
E&D eligibility/ineligibility --- E&DT 1.1.2.5 200.04 y Configur Release
Denial / H 3, Section 1. Build the Tennessee specific notices and look and feel for
T- ii. The associated --- Eligibility 0 Determi ation 1
Terminati 1.3 eligibility determination and , 2. the integration with HP
014 eligibility program. Determination nation
on Exstream to pass case/member specific details to support
iii. Effective dates of Notice
this notice.
eligibility.
iv. Appeal language
and appeal dates.
v. Preferred MCO
vi. Notification of
application being
transferred to FFM
for health exchange
consideration
The Solution shall
have the ability to
report on the
following
reconciliation items:
i. All members that The NextGen solution also has a MMIS Reconciliation
were sent to MMIS process with MMIS systems in the other states where it has
were actually been successfully implemented. As part of this reconciliation
Send Eligibility Enrollme
FR- received process, the system sends out a Medicaid Reconciliation
Record to MMIS nt & Appendix
E&D ii. Member’s Out of Release File containing all individuals active in Medicaid to the MMIS
--- E&DT 1.1.2.1 Denial / H 3, Section
T- eligibility start, the Box 1 system. The MMIS system would process these files,
--- Send Eligibility Terminati 1.3.2
015 change or update demographic and eligibility information based on the
Record on
termination date is information sent out in the file, and process closures for
correct cases present in MMIS and absent in the file, upon review
iii. Member’s and approval from State business personnel.
eligibility group is
correct
iv. Member is added
to the correct
household

380
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
Case
allow user roles, as Our proposed NextGen solution maintains an audit trail for
Maintenance ---
defined by the State, all the updates on member information. The data collection
CM 1.1 --- Case
to view historical screens provides the capability for viewing all historical
FR- Support Case Appendix
information in Out of Release records though dedicated buttons called ‘View Case
CM- Send Eligibility Maintena H 3, Section
chronological order the Box 1 Reading Results(VCR)’. These buttons helps case workers
001 Record to MMIS nce 1.4.1
for a Members and navigate through historical information for any particular
--- E&DT 1.1.2.4
their Eligibility Case screen. Our solution also provides the capability for the
--- Resolve MMIS
or Appeals Case. workers to view the case comments entered for the case.
Error Report
(Separate logs).

The Solution shall Case

allow user roles, as Maintenance --- Our solution allows the workers with specific roles to update
defined by the State, CM 1.1 --- Case information of members using multiple case actions
to update Support depending upon the status of the case. Workers can use the
FR- Case Appendix
case/member Appeals Order Out of Release Case Change action to update information of ongoing active
CM- Maintena H 3, Section
information for open Implementation -- the Box 1 cases, Recertification Action to start a new recertification
002 nce 1.4.3
and closed - AP 1.4.3 --- and Intake Case Action to update information for a pending
application/eligibility Update Member case. Our solution also provides capability to specific users
cases/appeals Application / based on roles to update case data of closed cases.
cases. Eligibility Case
The Solution shall
allow user roles, as Case
FR- Case Appendix Our solution can be customized to allow the case workers to
defined by the State, Maintenance --- Custom - Release
CM- Maintena H 3, Section flag an eligibility case as 'Undergoing Investigation' on our
to flag an eligibility CM 1.1 --- Case Easy 2
003 nce 1.4.3 Data Collection Screens.
case for fraud Support
investigation.
The Solution shall
allow user roles, as
Case
FR- defined by the State, Case Appendix Our Case Inquiry module will display a flag for all cases
Maintenance --- Custom - Release
CM- to identify an Maintena H 3, Section identified as 'Undergoing Investigation' as per the details
CM 1.1 --- Case Easy 2
004 eligibility case nce 1.4.3 listed in the requirement number 'FR-CM-003'
Support
undergoing a fraud
investigation.

The Solution shall

The View History Correspondence module in our solution
display all notices Case
FR- Case Appendix will allow the workers to view a history of all eligibility and
and correspondence Maintenance --- Out of Release
CM- Maintena H 3, Section appeals cases in chronological order. The screen will also
for an eligibility case CM 1.1 --- Case the Box 1
005 nce 1.4.1 allow the workers to search correspondences using
or appeals case in Support
generation dates and correspondence types.
chronological order.

The Solution shall

Our Solution shall allow closed eligibility cases within
allow closed Case
FR- Case Appendix specified time frame to be re-opened without requiring a
eligibility cases to be Maintenance --- Out of Release
CM- Maintena H 3, Section separate application using the Reinstate Case action. All
re-opened within CM 1.1 --- Case the Box 1
006 nce 1.4.3 the existing case data will be used to process reinstatement
State-defined time Support
without reentry of data
period without

381
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
requiring a new
application or re-
entry of data.

The Solution shall

allow user roles, as
defined by the State, Our solution's role based access functionality allows
to designate any Case Confide specific workers to designate a case as confidential.
FR- Case Appendix
eligibility case as Maintenance --- 200.00 ntiality Out of Release Further, our role based access functionality will prevent
CM- Maintena H 3, Section
confidential and limit CM 1.1 --- Case 5 & the Box 2 specific users from accessing and updating such cases. Our
007 nce 1.4.3
accessibility. (All Support Privacy solution also provides the capability for authorized users to
appeals cases are access to the appeals module by specific roles.
limited access by
role.)
(The
ability to
edit/upda
Case
te/brows
Maintenance ---
e case
CM 1.1 --- Case
The Solution shall notes
Support
allow user roles, as refers to
Request for
defined by the State, separate
Verification Our solution provides the role based access to specific
FR- to edit case notes. Case note logs Appendix
Notice --- ED Configur Release users to update the case notes. Furthermore our solution
CM- Case note logs shall Maintena H for an 3, Section
1.7.1.10 --- ation 1 provides the capability to maintain separate cases notes for
008 be maintained nce appeals 1.4.2
Update Case eligibility and appeals cases.
separately for case and
Notes
eligibility cases and an
Hearing --- AP
appeals cases. eligibility
1.2.5 --- Accept
case (not
Request for
just a
Continuance
single log
for case
notes).)
The Solution shall
provide the
capability to select
templates to Case Our solution will provide the users the ability to choose
FR- Case Appendix
generate case Maintenance --- Custom - Release templates while entering the case notes. The templates will
CM- Maintena M 3, Section
notes, with distinct CM 1.1 --- Case Easy 1 also be stored in a reference table allowing the users to
009 nce 1.4.2
templates for Support configure the templates for eligibility and appeals cases.
Eligibility Case
Notes and Appeals
Case Notes.

382
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
allow user roles, as
Our solution also provides the user a summary view of all
defined by the State, Case
FR- Case Appendix case notes entered and allows the users to sort them based
to access and Maintenance --- Configur Release
CM- Maintena H 3, Section on dates and categories. We will configure our case notes
search case note CM 1.1 --- Case ation 1
010 nce 1.4.2 screen that allows the user to search for case notes using
logs for Eligibility Support
program, date , user and common templates.
Cases and Appeals
Cases.
The Solution shall
allow user roles, as
defined by the State,
Our solution currently maintains the case notes at an
to move or copy:-
eligibility and appeals case level. Case notes entered at
eligibility case notes Case
FR- Case Appendix member level automatically move from one case to another
from one eligibility Maintenance --- Custom - Release
CM- Maintena H 3, Section when the client moves between cases. Our solution can be
case to another CM 1.1 --- Case Easy 1
011 nce 1.4.2 customized to allow workers an option to copy specific case
eligibility case, or- Support
notes from one eligibility case to another and also from one
appeals case notes
appeals case to another.
from one appeals
case to another
appeals case.

The Solution shall Our solution shall allow user roles, as defined by the State,
allow user roles, as to access the eligibility case summary by navigation to our
defined by the State, Case Eligibility Summary module. Eligibility summary module
FR- Case Appendix
to access the Maintenance --- Out of Release provides a summary of all eligibility information for the entire
CM- Maintena H 3, Section
eligibility case CM 1.1 --- Case the Box 1 household from the month of their application and also
012 nce 1.4.2
summary from any Support allows workers to sort by eligibility dates and categories of
eligibility case eligibility. It also allows workers to view historical eligibility
screen. information.

The Solution shall

allow user roles, as Case
FR- Case Appendix Our solution provides the capability, based on our role
defined by the State, Maintenance --- Out of Release
CM- Maintena H 3, Section based access, to allow users to delete eligibility and appeals
to delete eligibility CM 1.1 --- Case the Box 1
013 nce 1.4.2 case comments.
case notes or Support
appeals case notes.
The Solution shall
allow user roles, as Case
FR- Case Appendix Our solution's Appeals Inquiry module allows users to view
defined by the State, Maintenance --- Out of Release
CM- Maintena H 3, Section the summary of appeals cases including the status of the
to view appeals CM 1.1 --- Case the Box 2
014 nce 1.4.3 hearing.
cases or appeals Support
hearings status.

383
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
allow user roles, as
defined by the State,
to view and update
appeal case
information
including, but not
limited to:
Case
FR- i. Status of the Valid Case Appendix Our solution allows users to view and update appeals case
Maintenance --- Out of Release
CM- Factual Dispute Maintena H 3, Section data. Our role based access functionality provides access to
CM 1.1 --- Case the Box 2
015 review nce 1.4.3 appeals users to perform specific actions
Support
ii. Status of the
Hearing Preparation
review
iii. Status of the
Post-Hearing
Preliminary Order
Implementation
Review
The Solution shall
allow user roles, as
defined by the State, Case
FR- Case Appendix
to view and search Maintenance --- Out of Release The Appeals inquiry module in our solution allows workers
CM- Maintena H 3, Section
for appeals CM 1.1 --- Case the Box 2 to view all current and historical appeals information.
016 nce 1.4.3
information from Support
current and historical
incidents.

384
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

Our solution comes inbuilt with a suite of federal/state/third

party interfaces that are used to process the verification of
member data without any manual intervention by our real
The Solution shall time eligibility process. The interfaces are invoked
have the ability to automatically by our Real Time Eligibility process while
automatically Cooper processing an application for members. Our system also
perform post- ation performs the auto redetermination using the interfaces and
eligibility verification Case with extends the redetermination dates. The following interfaces
FR- to verify applicant Maintenance --- Case Child Appendix are used by our Real time process
Multipl 005.035 Out of Release
CM- data including but CM 1.2 --- Post- Maintena H Support 3, Section
e 200.035 the Box 1
017 not limited to Eligibility nce Service 1.4.4 1. FSDH - SSI Composite - To verify SSN, Date of Birth,
wages, Verifications s, and Incarceration Data , SSI and RSDI income
unemployment, Verificat 2. FDSH - VLP - To verify the member's legal alien status.
SSDI, incarceration, ion 3. FDSH - IRS/Work Number - To verify wages
death and access to 4. TN DOL- To verify quarterly income and Unemployment
other coverage. income
5. State Employee Health Coverage - To verify health
coverage for members.
6. Vital Statistics to verify death

The Solution shall Prohibiti

Our solution has the capability to perform a period matching
perform periodic Post-Eligibility on
of member's data with the data sources for members who
matching of Verifications --- Against
FR- Case Appendix cannot be verified the first time. The frequency of this
applicant data with CM 1.2.1 --- 200.02 Concurr Custom - Release
CM- Maintena H 3, Section process can also be configured. Our solution can be
external data Send a 0 ent Easy 1
018 nce 1.4.4 customized to do a periodic matching of all the interfaces
sources on a Verification Receipt
listed in requirement FR-ED-017 with member data on a
configurable Request of
configurable frequency.
frequency. Benefits
The Solution shall
have the ability to
store verification
information received
from external
Post-Eligibility
information sources, Our solution has the capability to store the data received
FR- Verifications --- Case Appendix
including but not 200.03 Verificat Out of Release from external data sources in our system. Our inquiry
CM- CM 1.2.5 --- Maintena H 3, Section
limited to verification 5 ion the Box 1 screens allows the workers to search and view for the data
022 Store Verification nce 1.4.4
status, date of received from the external sources.
Record
verification receipt,
time of verification
receipt, and external
information source
name.

385
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
compare external Post-Eligibility
Our solution has the capability to compare income data
data source Verifications ---
FR- Case Appendix reported by the member with the data received from our
information to CM 1.2.6 --- 200.03 Verificat Out of Release
CM- Maintena H 3, Section incomed data source interface with FDSH and State's
member's attested Assess 5 ion the Box 1
023 nce 1.4.4 Department of Labor and identify any discrepancy with the
information and Verification
data.
identify any data Information
discrepancies.
The Solution shall
have the ability to
Post-Eligibility
configure threshold Our solution allows the workers to configure threshold
Verifications ---
FR- values to be utilized Case Appendix values with the income comparison detailed in requirement
CM 1.2.6 --- Out of Release
CM- during comparison Maintena H 3, Section FR-CM-023. This provides the ability to perform a
Assess the Box 1
024 of external data nce 1.4.5 reasonable compatibility of income and consider the income
Verification
source information reported by member if the values fall under the threshold.
Information
to member attested
information.
The Solution shall
Post
have the ability to Post-Eligibility Our eligibility determination module captures information
Eligibilit
FR- capture and update Verifications --- Case Appendix required to calculate patient liability amounts for members
125.02 y Out of Release
CM- information related CM 1.2.10 --- Maintena H 3, Section requesting assistance for Long Term Care Medicaid.
0 Treatme the Box 2
029 to Patient Liability Receive nce 1.4.4 Information including income, resources for members and
nt of
within an Eligibility Information spouses are captured to calculate the liability amount.
Income
Case.
The Solution shall Post
Post-Eligibility
have the ability to Eligibilit
FR- Verifications --- Case Appendix Our solution expenses module allows users to capture data
capture information 125.02 y Out of Release
CM- CM 1.2.10 --- Maintena H 3, Section on member's item D deductions to process eligibility for
related to Item D 0 Treatme the Box 2
030 Receive nce 1.4.4 Long Term Care members.
deductions within an nt of
Information
Eligibility Case. Income

The Solution shall Post Based on the information captured for patient liability
Post-Eligibility
have the ability to Eligibilit amount (detailed in requirement FR-CM-029) our eligibility
FR- Verifications --- Case Appendix
calculate patient 125.02 y Out of Release determination module calculates patient liability and co-pay
CM- CM 1.2.10 --- Maintena H 3, Section
liability amounts 0 Treatme the Box 2 amount for members approved on Long term Care Medicaid
031 Receive nce 1.4.4
within eligibility case nt of cases. Separate screens in eligibility determination module
Information
maintenance. Income calculates and displays these amounts.

386
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

Our solution allows the workers with specific roles to update

The Solution shall information of members using multiple case actions
Post-Eligibility
allow user roles, as depending upon the status of the case. Workers can use the
FR- Verifications --- Case Appendix
defined by the State, Out of Release Case Change action to update information of ongoing active
CM- CM 1.2.12 --- Maintena H 3, Section
to update eligibility the Box 1 cases, Recertification Action to start a new recertification
033 Verify and nce 1.4.3
case/member and Intake Case Action to update information for a pending
Update Case
information. case. Our solution also provides capability to specific users
based on roles to update case data of closed cases.

The Solution shall

Post-Eligibility
have the ability to
Verifications ---
automatically update
FR- CM 1.2.13 --- Case Appendix
eligibility Out of Release Our solution has the ability to automatically update eligibility
CM- Update Case Maintena H 3, Section
case/member the Box 1 case/member information or appeals case information.
034 Based on nce 1.4.3
information or
External Data
appeals case
Sources
information.

The Solution shall

Our solution provides an automatic renewal process to
have the ability to
Case trigger redetermination for cases that are due within a
FR- automatically trigger Case Appendix
Maintenance --- Out of Release specified timeframe without any manual user intervention.
CM- eligibility case Maintena H 3, Section
CM 1.3 --- the Box 1 Our system will invoke a real time interface using our
035 redeterminations in nce 1.4.5
Redetermination federal, state and third party interfaces to verify the
accordance with
member's data
State policy.
The Solution shall
have the ability to
update the
member's scheduled
date for the next Our proposed solution will automatically set the
Case
FR- redetermination, Case Appendix redetermination date once the renewal process has
Maintenance --- Configur Release
CM- upon completion of a Maintena H 3, Section completed successfully. Our solution also provides the
CM 1.3 --- ation 1
036 redetermination nce 1.4.5 ability to change this date based on the results of an
Redetermination
process or upon appeals case.
completion of an
appeals case that
revised a member's
effective date.

387
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
have the ability to
automate the As defined in requirements FR-CM-035 and FR-CM-036 our
redetermination solution will automatically initiate the process for renewal
process if Case and extend the redetermination dates for MAGI Medicaid
FR- Case Appendix
application Maintenance --- Out of Release cases for which the verifications were successful. Our
CM- Maintena H 3, Section
information remains CM 1.3 --- the Box 1 solution also has the capability to configure threshold values
037 nce 1.4.5
the same or if Redetermination for income while verifying the data with the interfaces. This
verified information requirement applies to release 1 for MAGI and release 2 for
remains within non-MAGI based Medicaid.
configurable
thresholds.
The Solution shall
have the ability to
automatically
reschedule Our business rules engine has the capability to align the
Case
FR- redetermination Case Appendix renewal dates for members within the same case together.
Maintenance --- Out of Release
CM- dates to align Maintena H 3, Section This happens at intake for members requesting assistance
CM 1.3 --- the Box 1
038 renewal dates for nce 1.4.5 at the same time or at recertification for member requesting
Redetermination
multiple members of assistance at different times.
the same case, in
accordance with
program rules.

The Solution shall Our solution has the capability to automatically initiate the
have the ability to Redetermination process of renewal using the data sources and determine
FR- provide a preliminary --- CM 1.3.1 --- Case Appendix eligibility for members For successful renewals the solution
Out of Release
CM- redetermination of Perform Ex Parte Maintena H 3, Section automatically extends the redetermination dates and no
the Box 1
039 eligibility based on Eligibility nce 1.4.5 contact is needed to be made with the members For
updated data from Determination members for whom the data cannot be verified, tasks are
external sources. created for the users to perform this process manually.

The Solution shall

Redetermination
have the ability to
--- CM 1.3.2 --- During the auto renewal process, if the system cannot
FR- generate an Case Appendix
Pre-populated Out of Release automatically extend the dates, our solution has the
CM- automated pre- Maintena H 3, Section
Eligibility the Box 1 capability to generate a prepopulated redetermination form
040 populated nce 1.4.5
Redetermination and send to the members via mail.
redetermination
Notice
notification.

388
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
send a notification to
the client of a
redetermination .
Redetermination The proposed NextGen solution comes with a framework
The notification may
--- CM 1.3.2 --- that allows for triggering and generating notices using HP
FR- include, but is not Case Appendix
Preliminary Configur Release Exstream. The configuration activities that remain would be
CM- limited to: Maintena H 3, Section
Eligibility ation 1 1. Build the Tennessee specific notices and look and feel for
041 nce 1.4.5
Redetermination redetermination and , 2. the integration with HP Exstream to
i. Proposed
Notice pass case/member specific details to support this notice.
Program(s)
ii. Request for
additional
information
The Solution shall
have the ability to
generate a
Redetermination
prepopulated
--- CM 1.3.2 --- As defined in requirement FR-CM-040 our solution has the
FR- redetermination/cha Case Appendix
Pre-populated Out of Release capability to generate an auto populated redetermination
CM- nge of Maintena H 3, Section
Eligibility the Box 1 form and the change notices using our batch processes and
042 circumstances nce 1.4.5
Redetermination send the forms to the members by mail.
application form, as
Notice
defined by the State,
based upon batch
process trigger.

TennCa
re
The Solution shall Case Standar
have the ability to Maintenance --- d
Our NextGen solution includes pre-configured batch
FR- perform age CM 1.4 --- Age- Case TennCa Appendix
Multipl 015.060 Out of Release processes to monitor household circumstances and triggers
CM- out/postpartum/eligib Out/Postpartum/ Maintena H re 3, Section
e 017.005 the Box 1 workflows to re-evaluate eligibility for the household
044 ility grouping Eligibility nce Standar 1.4.6
members.
assessment batch Grouping d
processes. Assessment Medical
Eligibilit
y

The Solution shall

periodically assess
Age-
for other applicable
Out/Postpartum/
aid category Our solution includes daily batch processes that process
Eligibility
groupings that are active cases and trigger time based events including age
FR- Grouping Case Appendix
time-based Out of Release changes and end of pregnancy. The batch processes
CM- Assessment --- Maintena H 3, Section
triggering events the Box 1 creates mass update triggers and the triggers are
045 CM 1.4.1 --- nce 1.4.6
such as a birthday automatically evaluated and processed without any worker
Assess for
(age changes intervention
Potential
including 1, 6, 19),
Eligibility Group
or end of pregnancy
period.

389
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
have the ability to
Age-
generate a Request
Out/Postpartum/
for Information
Eligibility
notice, which has Our solution also has the capability to generate a verification
FR- Grouping Case Appendix
specific content Out of Release notice to the members while processing the age-postpartum
CM- Assessment --- Maintena H 3, Section
pertaining to the the Box 1 triggers. This notice is sent if the eligibility needs more
046 CM 1.4.2 --- nce 1.4.6
Age- information from the member for determination.
Request for
Out/Postpartum/Eligi
Information
bility Grouping
Notice
Assessment
process.
Age-
Out/Postpartum/
After successful completion of automatic trigger based
The Solution shall Eligibility
events, our solution generates necessary correspondence
FR- generate mass Grouping Case Appendix
Configur Release to notify the members of any change in benefits after
CM- mailings as defined Assessment --- Maintena H 3, Section
ation 1 eligibility reevaluation. Our solution also provides the
047 and scheduled by CM 1.4.2 --- nce 1.4.6
capability to generate Manual Mass notices using our Mass
the State. Request for
Mailing Request screen.
Information
Notice

Our NextGen solution provides configurable dynamic

workflows that allow users with State defined roles to
The Solution shall process the entire appeals lifecycle from referral to final
implement an hearing outcome.
FR- Appendix
appeals-related Appeals --- AP 200.05 Configur Release In particular, users with appropriate roles can review
AP- Appeals H Appeals 3, Section
workflow to address 1.1 --- Review 5 ation 2 submitted appeals, and review information including
1 1.5.12
the review of appellant's SSN, appellant's name, appellant's address,
submitted appeals. type of hearing, hearing schedule date and referral sources.
We will configure our workflow to include the appeals review
process for all new appeals request.

390
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

Our NextGen solution supports appeals interactions with

internal and external users through the following channels:

Phone Inbound: Allows contact center users to enter

The Solution shall appeals information using the worker portal screens when
support appeals members use the phone access channel.
interactions with Phone Outbound : Our solution has the capability to send
FR- internal and external Review --- AP Appendix text messages to members enrolled for receiving electronic
200.05 Out of Release
AP- users through the 1.1.1 --- Appeals Appeals H Appeals 3, Section notifications, when an appeals notice is generated for
5 the Box 2
2 following channels: Intake 1.5.9 members.
phone (inbound and Mail, Fax and Email : Our solution provides the IBM
outbound), mail, fax, Datacap solution that allows users to scan appeal
email). documents received by mail, fax and email resulting in tasks
being created to appeals user profiles and queues. Our
solution also provides the capability to generate notices to
clients based on hearing processes and outcomes along
with email notifications.

Our NextGen solution enables multiple document types

The Solution shall
including request forms, legal documents, correspondence
have the ability to
generated from our solution, medical records and
store and process
verification documents to be associated to an appeal case.
appeals-related
Some of those documents can be generated within the
documentation,
Appeals Intake -- solution, while others can be scanned and associated to an
FR- including but not Appendix
- AP 1.1.1.2 --- 200.05 Out of Release appeals case. Both ways, all documentation can be stored
AP- limited to: request Appeals H Appeals 3, Section
Receive Appeal 5 the Box 2 and processed within the solution, tied to an appeal case,
4 forms, legal 1.5.7
Information and accessed at any time by State-defined user roles
documents,
through the Document Management tab on the left
correspondence,
Navigation and accessing the Electronic Case File (ECF).
medical records and
Our solution also provides the ability to process the
verification
documentation scanned and create tasks based on our
documents.
dynamic workflow rules engine.

391
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

The Solution shall Our NextGen solution provides workflows that allow users
have a dynamic with State defined roles to process the entire appeals
Appeals Intake --
FR- user-interface and Appendix lifecycle from referral to final hearing outcome. Our solution
- AP 1.1.1.3 --- Configur Release
AP- workflow for appeals Appeals H 3, Section also provides a dynamic user interface that allows appeals
Appeals Request ation 2
5 intake based on 1.5.1 workers to enter information specific to a client or a case.
Data Entry
information provided Our solution provides the capability to configure the
by the user. workflows to capture appeals intake data.

The Solution shall Our solution integrates with the state's Electronic Content
have the ability to Appeals Intake -- Management system and provides the capability to
FR- Appendix
automatically - AP 1.1.1.3 --- Out of Release automatically date and timestamp an appeals request when
AP- Appeals H 3, Section
date/time-stamp Appeals Request the Box 2 a request for appeals form is scanned by authorized users.
6 1.5.3
upon receipt of an Data Entry Our appeals module also allows workers to enter the date
appeals request. and time for requests that come via the telephone.

392
 The Solution shall
be able to record
appeals request
data including, but
not limited to: 1.
Appellant
name
2. Appellant
current mailing
address
3. Appellant
current phone
4. Appellant
authorized
representative
and/or conservator

5. Appellant's
relationship to
applicant
6. Appellant
primary language
7. Appellant
attorney name &
contact info
8. Applicant name
Once an Appeal is created into our NextGen solution, a
9. Applicant date
unique tracking number is assigned to the newly created
of birth Appeals Intake --
FR- Appendix Appeals Case. When applicable, the unique Appeal Case
10. Applicant date - AP 1.1.1.3 --- Configur Release
AP- Appeals H 3, Section number created is then associated to the Eligibility Case for
of death (for Appeals Request ation 2
7 1.5.2 which the Appeal is requested. Our NextGen solution will be
deceased applicant) Data Entry
configured to capture appeal information and records a
11. Applicant's
number of detail that includes all 25 items listed in FR-AP-7.
mother's enrollment
status at applicant
birth (for newborns)
12. Applicant SSN
13. Applicant phone
number, alternate
phone number and
preferred callback
time of day
14. Intake notes
15. Application ID (if
appealing
application
submitted to FFM)
16. Application date
17. Application
intake channel/form
18. Other appellants
from same
application
19. Case numbers
of prior appeal(s) for
same problem
20. Alleged
incorrect treatment
or eligibility decision

393
21. Expected action
from State if appeal
is granted/upheld
22. Election of
benefits continuation
23. Additional
information
regarding appeal
24. Appeals type
25. Program
(Category of Aid)
being appealed

394
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
have the ability to
store the reason for
the appeal request,
including but not
limited to:
i. Denial of eligibility
ii. Incorrect effective
Our NextGen solution captures on the Add/Maintain Case
start date
Appeals Intake -- screen the action the hearing is being filed against. Those
FR- iii. Benefits Appendix
- AP 1.1.1.3 --- 200.05 Configur Release actions can be configured to include all of the reasons for
AP- suspension or Appeals H Appeals 3, Section
Appeals Request 5 ation 2 appeal request listed in FR-AP-8. Our solution's reference
8 termination 1.5.2
Data Entry table module allows the configuration of the values defined
iv. Failure to provide
in the requirement.
timely eligibility
determination
v. Discriminatory
treatment/practice
vi. Incorrect co-pay
amount
vii. Incorrect aid
category/program.
The Solution shall Out of
enable automatically the Box
starting a When an Appeal Request is entered into our NextGen
configurable Appeal solution, the solution automatically time-stamps the Appeal
Process Clock (day request received, and sets the Process Clock to “No
count) for appeals Appeals Intake -- Continuance”. If a continuance is later requested by the
FR- Appendix
requests, when an - AP 1.1.1.4 --- Release Tennessean client, and approved by the Judge, the Process
AP- Appeals H 3, Section
appeals request is Scan, Index, and 2 Clock is set to “Continuance”. The NextGen Process Clock
10 1.5.3
received. Assign Type is automatically engaged once the Appeal process is
i. When started, the started. Engaging the Process Clock allows the system to
Process Clock shall automatically populate certain dates onscreen, and to set
have the attribute deadlines for completing certain actions.
'No Continuance'.

395
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

The Solution shall

enable multiple
document types to
be associated to an
appeal, including but
not limited to:
i. Correspondences Our NextGen solution enables multiple document types to
Appeals Intake --
ii. Medical records be associated to an appeal. Those documents can be
- AP 1.1.1.7 ---
FR- iii. Lab records Appendix categorized for easier retrieval from our Electronic
Link to an 200.05 Out of Release
AP- iv. Medical bills Appeals H Appeals 3, Section Document Management system. Our NextGen solution
Appeals Case 5 the Box 2
13 v. Testimony 1.5.7 allows all of the document types listed in FR-AP-13 to be
and Assign
vi. Appeal request associated to an appeals case. All the documents types are
Workflow
form configurable values that are maintained in a reference table.
vii. Healthcare
application form
viii. LTSS application
form
ix. MSP application
form.

Appeals Intake -- Our NextGen solution allows for the creation of several
The Solution shall
- AP 1.1.1.7 --- Appeals for a given individual, or a given Eligibility Case, at
FR- have the ability to Appendix
Link to an Out of Release the same time, without restrictions. Multiple appeals can be
AP- associate multiple Appeals H 3, Section
Appeals Case the Box 2 associated with a single application. Our solution also
14 appeal cases with a 1.5.1
and Assign provides validation on appeals types and status to prevent
single application.
Workflow users from creating duplicate appeals.

Our NextGen solution allows for the creation of several

The Solution shall
Appeals Intake -- Appeals for a given individual, or a given Eligibility Case, at
allow multiple
FR- - AP 1.1.1.9 --- Appendix the same time, without restrictions. Our solution also has the
appeals to be open Configur Release
AP- Tag for Intake Appeals H 3, Section capability to add restrictions to the user to not allow multiple
for an individual or ation 2
16 Resolution 1.5.1 appeals of the same type to be open. This can be used to
case at the same
Workflow prevent duplicate appeals cases from being created in our
time.
system.

The Solution shall Our NextGen solution allows authorized users to associate
enable identification Appeals Intake -- an appeals case to an eligibility case. For appeal requests
FR- of intake items which - AP 1.1.1.9 --- Appendix and documents that cannot be associated to an eligibility
Custom - Release
AP- cannot be Tag for Intake Appeals H 3, Section case, we will customize our workflow rules engine to create
Easy 2
17 associated to any Resolution 1.5.1 a task in the Appeals Intake Resolution Queue. This will
open appeals case Workflow allow authorized users to review the request and take the
(orphan). necessary action.

396
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
Custom -
Difficult

The Solution shall We will customize our NextGen solution by adding new
implement an screens and workflow rules to establish the QIC process.
appeals-related This will allow authorized users to review the appeals
workflow to address Review --- AP request that fail the pre-process checks. The following
FR- the Quality 1.1.2 --- Quality Appendix workflows will be customized as part of the QIC process.
Release
AP- Improvement and Improvement and Appeals H 3, Section
2
18 Compliance Review Compliance 1.5.12 1. Workflow to address pre-processing of appeals request
process. See Review 2. Workflow Implement QIC review
related Workflow 3. Workflows to address the error log generation and
Management distribution to TNHC
Requirement #36. 4. Workflows to correct errors.

The Solution shall

Our NextGen solution allows for interactions through the use
enable workflow Quality
of task assignments, and alerts. As part of the appeals
management of an Improvement and
request management workflow, we will configure up to five
appeals request, Compliance
FR- Appendix new automated assignment of appeal tasks to process an
including ability to Review --- AP 200.05 Configur Release
AP- Appeals H Appeals 3, Section appeal request. The solution out of the box provides the
assign a task owner 1.1.2.1 --- 5 ation 2
19 1.5.9 ability for authorized users to create tasks manually and
and automatic Confirm
assign them to other users. In addition we will configure one
review routing with Appropriate
new rule to generate an email to the assignee for reviewing
email alert to Workflow
the appeal request.
assignee.
The Solution shall
enable workflow Quality
management of a Improvement and Our NextGen solution allows for interactions through the use
request to withdraw Compliance of task assignments, and alerts. In particular, for any appeal
FR- Appendix
an appeal, including Review --- AP 200.05 Configur Release request, or request to withdraw an appeal, the solution can
AP- Appeals H Appeals 3, Section
ability to assign a 1.1.2.1 --- 5 ation 2 be configured to allow users to capture the client's
20 1.5.9
task owner and Confirm withdrawal using appeals screen and also create tasks and
automatic review Appropriate email alerts to the assignee.
routing with email Workflow
alert to assignee.
The Solution shall
Quality
enable workflow
Improvement and
management of a Our solution provides the capability to create tasks to
Compliance
FR- submitted Appendix workers when members submit their documents. Our
Review --- AP 200.05 Out of Release
AP- document/informatio Appeals H Appeals 3, Section dynamic workflow has the capability to route the documents
1.1.2.1 --- 5 the Box 2
21 n for an appeal, 1.5.7 to the appropriate queue based on the status of the appeals
Confirm
including ability to case.
Appropriate
assign a task owner
Workflow
and automatic

397
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
review routing with
email alert to
assignee.

The Solution shall

have the ability to
automatically
indicate that Quality Our NextGen solution provides the capability to
recoupment is due Improvement and automatically calculate the recoupment amount and create a
FR- Appendix
when a final hearing Compliance 200.05 Configur Release claim for members , when the outcome of the appeals
AP- Appeals H Appeals 3, Section
outcome is Review --- AP 5 ation 2 hearing results in ineligibility. Our solution has the capability
22 1.5.9
ineligibility and an 1.1.2.2 --- Open to generate tasks or alerts to the eligibility case workers if
appellant has Appeal Case needed for such actions.
elected benefits
continuance within
the appeals process.

Quality As defined in requirement FR-AP-14, Our NextGen solution

The Solution shall Improvement and offers a dynamic user interface that provides authorized
FR- Appendix
enable Compliance 200.05 Out of Release users the ability to record appeal request information. When
AP- Appeals H Appeals 3, Section
creating/opening an Review --- AP 5 the Box 2 users cannot associate intake information with an existing
23 1.5.1
appeals case. 1.1.2.2 --- Open Appeals Case, that is if an Appeal case does not already
Appeal Case exist, they can create/open a new Appeals case.

Quality
Once an Appeal is created in our NextGen solution, the
The Solution shall Improvement and
FR- Appendix solution generates a unique tracking number for the newly
assign a unique Compliance Out of Release
AP- Appeals H 3, Section created Appeals Case. When applicable, the unique Appeal
tracking number for Review --- AP the Box 2
24 1.5.2 Case number created is then associated to the Eligibility
the appeals case. 1.1.2.2 --- Open
Case for which the Appeal is requested.
Appeal Case

The Solution shall

have the ability to Our NextGen solution can be configured so that, when an
automatically add an Appeals Case is recorded, it automatically adds an Eligibility
Quality
eligibility case note, Case note, including Appeal filing date, and a “has open
Improvement and
FR- including appeal Appendix appeal” status flag, to the related Eligibility Case. The case
Compliance Configur Release
AP- filing date, and an Appeals H 3, Section notes are added to the member associated with the appeals
Review --- AP ation 2
25 'has open appeal' 1.5.10 and can be viewed in all cases the member is part of. The
1.1.2.2 --- Open
status flag, to the case notes are added for the specific member for whom the
Appeal Case
related eligibility appeals case is created and can be viewed on the individual
case upon creation summary screen in the Data Collection module.
of an appeals case.

398
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

Quality When a link can be established between an Appeals Case

The Solution shall
Improvement and and an existing Eligibility Case, our NextGen solution allows
FR- provide the ability to Appendix
Compliance 200.05 Out of Release select users to associate the newly created Appeal Case to
AP- associate the appeal Appeals H Appeals 3, Section
Review --- AP 5 the Box 2 a specific application within the selected Eligibility Case, and
26 request to an 1.5.1
1.1.2.2 --- Open document whether the appellant is requesting continuation
eligibility case.
Appeal Case of benefits on that application, for what month.

The solution shall

allow user roles, as
defined by the State,
the ability to
associate an appeal
to a specific
application within an
When a link can be established between an Appeals Case
eligibility case Quality
and an existing Eligibility Case, our NextGen solution allows
(linking data from Improvement and
FR- Appendix authorized users to associate the newly created Appeal
the application into Compliance Configur Release
AP- Appeals H 3, Section Case to a specific application within the selected Eligibility
the appeal). Review --- AP ation 2
27 1.5.1 Case. The solution will allow require that the authorized user
Association of an 1.1.2.2 --- Open
creating the appeal to associate the appeal case with an
appeal to an Appeal Case
individual before the case can be created.
application is not
mandatory.
Association of an
appeal to an
individual
(applicant/member)
is mandatory.
The Solution shall Quality
enable automatic Improvement and Our solution can be customized to automatically pre‐
FR- pre-processing of Compliance Appendix processes the data entry for the members that we already
Custom - Release
AP- the data entry for an Review --- AP Appeals H 3, Section have information for. Our solution can also be customized to
Easy 2
28 appeals request, in 1.1.2.3 --- Pre- 1.5.10 add business rules validation to validate the data needed for
accordance with Process Appeal pre-processing the appeals data.
State defined rules. Request
The Solution shall
have the ability to
generate a pre-
Quality
processing report in
Improvement and
accordance with Our solution provides the capability to display the status of
FR- Compliance Appendix
State-defined rules Custom - Release multiple check points during the lifecycle of an appeals
AP- Review --- AP Appeals H 3, Section
and template, that Easy 2 case. Our solution can be customized to display the current
29 1.1.2.3 --- Pre- 1.5.11
indicates the checkpoint of the appeal using our appeals screens.
Process Appeal
checkpoints
Request
evaluated and the
results for each
checkpoint.

399
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
allow user roles, as
defined by the State,
to have a 'split-
screen' concurrent
view of both the
Quality Our solution provides the capability for the users to view the
image of a scanned
Improvement and documents for a particular client or case through the
FR- item (verification Appendix
Compliance Out of Release Document management system. Our solution currently
AP- document, medical Appeals H 3, Section
Review --- AP the Box 2 allows dual monitor capabilities which users can view the
30 record, 1.5.7
1.1.2.4 --- QIC document in one monitor and then update the metadata
correspondence)
Review information on the other.
and the meta-data
index of the item,
such as item
description, with
appropriate meta-
data fields editable.
The Solution shall
Quality
have the ability to
Improvement and
FR- prohibit user roles, Appendix Our NextGen solution prevents select users, based on role
Compliance Configur Release
AP- as defined by the Appeals H 3, Section and privileges, from modifying pre-populated appeal request
Review --- AP ation 2
31 State, from editing 1.5.4 information as part of the QIC process.
1.1.2.4 --- QIC
auto-populated data
Review
fields.

The Solution shall The NextGen Process Clock is automatically engaged once
have the ability to the Appeal process is started. Engaging the Process Clock
Quality
enable specific user allows the system to automatically populate due dates and
Improvement and
FR- roles to 'pause' the Appendix to set deadlines for completing certain actions. Authorized
Compliance Custom - Release
AP- Appeals Process Appeals H 3, Section users with specified privileges may request extensions, or
Review --- AP Easy 2
32 Clock, while still 1.5.3 put the clock on hold in specific scenarios, configured in the
1.1.2.4 --- QIC
protecting the auto- rules engine. In particular, we will customize our solution to
Review
populated field from enable specific user roles to 'pause' the Appeals Process
being edited. Clock, while preventing updates to auto‐populated fields.

The Solution shall

have the ability to
automatically Quality
generate and Improvement and
Our NextGen solution will be customized to automatically
FR- distribute, on a Compliance Appendix
Custom - Release generate and distribute a batch log containing data entry
AP- configurable Review --- AP Appeals H 3, Section
Easy 2 errors from the QIC process requiring resolution based on a
33 frequency defined by 1.1.2.5 --- Send 1.5.10
configurable batch schedule.
the State, a batch Error Log to
log containing data TNHC
entry errors requiring
resolution.

400
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall Quality
allow user roles, as Improvement and
FR- Appendix Our NextGen solution allows authorized users, based on
defined by the State, Compliance Configur Release
AP- Appeals H 3, Section role and privileges, to edit and update Appeals Request
to edit/update the Review --- AP ation 2
34 1.5.4 data or access specific screens.
appeals request 1.1.2.6 ---
data entry. Correct Errors
The Solution shall Quality
automatically Improvement and
Our NextGen solution can be customized to trigger the pre-
FR- transmit updated Compliance Appendix
Custom - Release processing of an appeal request after a user closes his/her
AP- appeals requests Review --- AP Appeals H 3, Section
Easy 2 task associated with resolving errors identified from the QIC
35 into the pre- 1.1.2.7 --- Send 1.5.11
review.
processing Updated Appeal
checkpoint. Request

The Solution shall Our NextGen solution presents users with a dynamic
implement an Review --- AP appeals-related workflow to address the Hearing process,
FR- appeals-related 1.1.3 --- ART/AIR Appendix from the Appeal Request to the Resolution/Order
Custom - Release
AP- workflow to address Research and Appeals H 3, Section Implementation process through the Hearing Preparation
Moderate 2
36 the ART/AIR Attempt to 1.5.11 process. In particular, our solution can be customized to
Research and Resolve implement an appeals-related workflow to address the
Resolution process. ART/AIR Research and Resolution process.

The Solution shall Configur

allow user roles, as ation
defined by the State,
to enter a decision
regarding whether or
not an appeal
request was
received within the
appropriate time
Review --- AP Our NextGen solution allows authorized users, based on
limit, by providing
FR- 1.1.3 --- ART/AIR Appendix role and privileges, to enter a timeliness decision. The
the user with a Release
AP- Research and Appeals H 3, Section system automatically provides those users with a
recommendation 2
37 Attempt to 1.5.4 recommendation regarding timeliness, based upon State
regarding timeliness,
Resolve defined timeliness rules.
based upon State
defined timeliness
rules. (Note that the
timeliness rules for
an appeal request
are different then the
timeliness rules for
continuation of
benefits.)

401
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
allow user roles, as
defined by the State, Review --- AP
Our solution can be customized to include screens for the
FR- to enter a decision 1.1.3 --- ART/AIR Appendix
Custom - Release ART/AIR resolution process. The screen will also allow
AP- regarding whether or Research and Appeals H 3, Section
Easy 2 appeals worker to enter data regarding the decision of the
38 not the appeal can Attempt to 1.5.4
ART/AIR resolution process.
be resolved through Resolve
research (ART/AIR
resolution).
The Solution shall
have the ability to
automatically and
Through NextGen' s Generate Manual Correspondence
manually generate a
screen, authorized users have the ability to manually
draft Appeal
generate notices and forms according to the State-defined
Information Packet,
templates. Users will be able to select specific documents to
which includes all
generate a draft Appeal Information Packet. We will also
supporting evidence ART/AIR --- AP
FR- Appendix customize our NextGen solution to automatically generate a
within TEDS that is 1.1.3.1 --- 200.05 Custom - Release
AP- Appeals H Appeals 3, Section draft Appeal Information Packet to include supporting
relevant to the Generate Draft 5 Moderate 2
39 1.5.6 evidence within TEDS that is relevant to the associated
associated Appeals Packet
application, in accordance with business rules for each
application, in
"benefit program type" or other criteria, as defined by the
accordance with
State. Our solution provides the capability to store the
business rules for
documents into the state's Electronic Content Management
each 'benefit
system.
program type' or
other criteria, as
defined by State.
The Solution shall
have the ability to Through NextGen' s Generate Manual Correspondence
manually re- screen, authorized users have the ability to manually re-
generate the Appeal generate an Appeals Information Packet. Authorized users
Information Packet ( will search for Appeals Information Packet for a given
ART/AIR --- AP
FR- with version control), Appendix appeal case and request reprinting of the packet. Our
1.1.3.1 --- 200.05 Custom - Release
AP- which will Appeals H Appeals 3, Section NextGen solution includes functionality to capture each
Generate Draft 5 Easy 2
40 incorporate into a 1.5.6 instance that a correspondence or form is
Appeals Packet
State-defined printed/generated. If the user needs to make changes to the
template (print appeal packet by removing documents or adding
layout) the documents, the system will store the updated packet as a
changes/edits made new version.
to the draft.

402
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

Whether generated within our NextGen solution or scanned

and imported to it, all documentation can be stored and
The Solution shall processed within the solution, tied to an appeal case, and
enable 'user drag accessed at any time by State-defined user roles through
ART/AIR --- AP the Document Management module on the left Navigation
and drop' capability
FR- 1.1.3.2 --- Appendix and accessing the Electronic Case File (ECF). Our
to associate a Custom - Release
AP- Review TEDS Appeals H 3, Section Electronic Case File screen comes up with an appeals tab
selected individual's Easy 2
41 Appeals 1.5.7 that specifically displays appeals related documents to the
existing linked
Information user. Our solution can be customized to add capability for
documents into an
appeals case folder. the users to move documents using multi select check
boxes and 'Move' button capabilities.

The Solution shall

enable 'user
ART/AIR --- AP
selection' capability As defined in the requirement FR-AP-41 Our solution can be
FR- 1.1.3.2 --- Appendix
to associate a Custom - Release customized to allow the workers to move a document into
AP- Review TEDS Appeals H 3, Section
selected individual's Easy 2 the appeals case folder. In that same screen we will also
42 Appeals 1.5.7
application provide the users a capability to select the documents.
Information
information into an
appeals case folder.
The Solution shall
allow user roles, as
defined by the State, ART/AIR --- AP
FR- to view specific 1.1.3.2 --- Appendix Our NextGen solution allows authorized users, based on
Out of Release
AP- appeals-related data Review TEDS Appeals H 3, Section roles and privileges, the ability to view specific appeals-
the Box 2
43 fields, or groups of Appeals 1.5.4 related data fields and/or screens.
specific data fields Information
(i.e. 'screens' or
'pages' ) of data.
The Solution shall Out of
allow user roles, as the Box
As defined in requirement FR-AP-39, our solution provides
defined by the State,
ART/AIR --- AP the capability to edit/update a Draft Information Packet. Not
FR- to edit/update a Appendix
1.1.3.5 --- Edit / Release all data fields or screens of our NextGen solution are
AP- Draft Information Appeals H 3, Section
Update Draft 2 available for all users to see, hence effectively prohibiting
46 Packet, while 1.5.4
Packet certain sets of users from accessing specific data but still
protecting
allowing authorized users to update the information.
appropriate fields
from being changed.

403
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
have the ability to
generate an
appeals-related We will customize our solution to generate a verification
Request for ART/AIR --- AP notice for members if the users cannot verify data using
FR- Additional 1.1.3.6 --- Appendix external systems. By adding new elements to the appeals
200.05 Out of Release
AP- Information notice. Request for Appeals H Appeals 3, Section review screen, our solution will provider the user the ability
5 the Box 2
47 (The content and Additional 1.5.6 to record the verification data. When a user records the data
layout of this notice Information as unverified, our solution will automatically generate a
is different from an notice to the member.
application-related
verification request
for information.)

The Solution shall As defined in the requirement FR-AP-47 our solution will be
allow user roles, as customized to generate an automatic request for information
defined by the State, notice. Additionally Our NextGen solution provides
to generate a ART/AIR --- AP authorized users, based on roles and privileges, with the
FR- Request for 1.1.3.6 --- Appendix ability to manually generate the Request for Additional
Custom - Release
AP- Information, pre- Request for Appeals H 3, Section Information notice. Users will navigate to the Generate
Easy 2
48 populated with Additional 1.5.6 Manual Correspondence screen and select the Request for
values, in Information Additional Information Notice. The user will then search by
accordance with either an Eligibility Case number or an Appeal Case number
State-defined and select the correct individual from the returned results to
template. generate the notice.

The Solution shall

store applicant
information and
In our NextGen solution, the information captured through
verifications ART/AIR --- AP
FR- Appendix the Appeals Intake screens is stored separately from the
received as part of 1.1.3.9 --- Store Out of Release
AP- Appeals H 3, Section regular Eligibility Case information. In particular, verifications
an appeals case Provided the Box 2
51 1.5.4 received are stored under a separate folder of the Electronic
separately from the Information
Case File.
verifications stored
for the eligibility case
information.
The Solution shall
have the ability to
generate a Request ART/AIR --- AP
Our solution has the capability to mail different types of
to Withdraw Appeal 1.1.3.10 --- Send
FR- Appendix documents together in single packet. We will configure our
Form, pre-populated Resolution Custom - Release
AP- Appeals H 3, Section solution to generate a pre-populated withdrawal appeal
with appropriate Information and Easy 2
52 1.5.6 form, containing information stored in TEDS from the appeal
information, and Form to
case, when the system sends a resolution notice packet.
merged into a Withdraw
resolution notice
packet.

404
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
allow user roles, as
FR- defined by the State, Review --- AP Appendix As defined in requirement FR-AP-37 our solution will be
Custom - Release
AP- to enter a decision 1.1.4 --- VFD Appeals H 3, Section customized to allow user roles as defined by the State, to
Easy 2
54 regarding whether or Review 1.5.4 enter a decision on the factual Dispute review of appeals.
not the appeal is a
valid factual dispute.
The Solution shall Custom -
provide the ability to Easy
associate multiple
applicants to a
single appeal Our solution provides the capability to associate multiple
request, and to applicants to an appeals case. We will customize our
status an applicant's solution to remove an applicant from the appeal by adding a
FR- Review --- AP Appendix
appeal as 200.05 Release new status as dismissed, if decided by authorized users
AP- 1.1.4 --- VFD Appeals H Appeals 3, Section
'dismissed', when 5 2 circumstances. Our solution will also be customized to allow
55 Review 1.5.12
the appeals review authorized users capture a reason for the circumstance
process decides that including the applicants not being in the same application or
certain applicants eligibility case.
are not all on the
same eligibility case
and same
application.
The Solution shall
allow user roles, as
defined by the State,
to generate a
Our solution can be customized to allow authorized users,
FR- Confirmation of Review --- AP Appendix
Custom - Release based on roles and privileges, with the ability to generate a
AP- Withdrawal, pre- 1.1.5 --- Closure Appeals H 3, Section
Easy 2 Confirmation of Withdrawal, pre-populate with appeals case
56 populated with Notice 1.5.6
information from TEDS.
values, in
accordance with
State-defined
template.

405
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

Appeals --- AP
We will customize our NextGen solution to build the
1.2 ---
following workflows to address the hearing process. Our
HearingHearing -
dynamic workflow provides the capability to identify the next
-- AP 1.2.6 ---
steps and owners based on the outcome of the previous
The Solution shall Review
one.1. Workflow to receive the Notice of Hearing from
FR- implement an Continuance Workflow Appendix
200.05 Configur Release member.2. Workflows to accept and reject continuation of
AP- appeals-related RequestHearing Manage H Appeals 3, Section
5 ation 2 benefits from the members.3. Issue Continuance and Denial
57 workflow to address --- AP 1.2.12 --- ment 1.5.11
orders based on the Pre Hearing Continuance.4. Workflows
the Hearing process. Order
to conduct the Hearing process.5. Workflows to perform
Implementation
post hearing.We will also be customize our screens to
Unit (OIU)
capture the necessary data elements required for the above
Preliminary
workflows.
Review

The Solution shall As defined in requirement FR-AP-57, our solution will

implement an customize dynamic workflows to address the hearing
FR- Hearing --- AP Appendix
appeals-related 200.05 Configur Release process including the Hearing preparation workflow. The
AP- 1.2.1 --- Hearing Appeals H Appeals 3, Section
workflow to address 5 ation 2 Hearing preparation workflow includes generation of Notice
58 Prep 1.5.11
the Hearing of Hearing (NOH), Attorney Reviews and the distribution of
Preparation process. the NOH.

406
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
allow user roles, as
defined by the State,
to view a case
summary of appeal
information,
including but not
limited to:
i. Appellant
name/birthdate/maili
ng address
ii. Application date of
associated
application
iii. Benefits effective
date
iv. Application intake
channel
v. H15 application
date for FFM
Transfers, as
defined by State Once users have identified the Appeals Case of interest, our
vi. Appeal reason NextGen solution allows them to view a case summary of
FR- category Hearing --- AP Appendix appeal information on the Add/Maintain Appeals Case
Configur Release
AP- vii. Current status in 1.2.1 --- Hearing Appeals H 3, Section screen, as well as to review the address on the subsequent
ation 2
59 the workflow Prep 1.5.12 screen, Case Address. Our solution will be customized to
viii. Currently display all of the case summary of appeal information listed
assigned owner of in FR-AP-59.
the appeals task
ix. Due date for
current task
x. Days overdue,
days since appeal
was filed
xi. Date appeal filed
xii. Flag indicator for
election of benefits
continuation
xiii. End date of
coverage
xiv. Date eligibility
notice was sent
xv. Last activity case
note
xvi. Process Clock
value and clock
attribute value
(Continuance or No
Continuance).

407
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
allow user roles, as
defined by the State,
the ability to search
Our NextGen solution provides authorized users with the
FR- for appeal Hearing --- AP Appendix
Out of Release ability to search for appeal information by eligibility case,
AP- information, based 1.2.1 --- Hearing Appeals H 3, Section
the Box 2 appeal case, appellant SSN, Client Index Number and
60 upon State-defined Prep 1.5.12
Appellant Name.
criteria including but
not limited to:
i. Appellant's SSN
ii. Appellant's name.
The Solution shall
enable automatically
Our NextGen solution will be customized to cancel the
cancelling an Hearing Prep ---
FR- Appendix appeal hearing when an appeal withdrawal has been
appeals hearing, AP 1.2.1.1 --- 200.05 Custom - Release
AP- Appeals H Appeals 3, Section recorded for the given appeal. Our solution provides the
based upon appeal Schedule 5 Easy 2
61 1.5.13 ability for a user to capture the withdrawal on the appeals
being withdrawn Hearing Docket
intake screen.
before the NOH was
sent to appellant.
The Solution shall Custom -
enable automatic Difficult
prompts to aid user
re-scheduling an
appeal hearing,
through State-
defined rules
including but not
Our NextGen solution leverages employees’ calendars and
limited to: 'soonest
availability module and is customizable to enable automatic
resource available
prompts to aid user schedule and reschedule hearings. Our
date for specific
Hearing Prep --- scheduling module and business rules is customizable to
FR- resource', 'soonest Appendix
AP 1.2.1.1 --- Release aid the appeals work schedule the appointment based on
AP- team available date' Appeals H 3, Section
Schedule 2 soonest resource and team availability. Our solution's
62 and/or 'case weight'. 1.5.13
Hearing Docket employee calendar module can be leveraged to build
Resources are
schedule for multiple concerned parties of the hearing
based upon the
including the Administrative Judge, Resolution Specialist
availability calendar
and Litigation Attorney.
for each member of
a team for each
event (including but
not limited to: an
Administrative
Judge, a Resolution
Specialist, and a
Litigation Attorney).

408
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
enable automatic
docket scheduling
Our NextGen solution provides the capability for appeals
based upon the Hearing Prep ---
FR- Appendix users to enter their schedule using the employee calendar.
availability calendars AP 1.2.1.1 --- Custom - Release
AP- Appeals H 3, Section While scheduling a hearing appointment , our solution will
of resources Schedule Easy 2
63 1.5.13 be customized to display the available workers based on the
selected for the Hearing Docket
hearing date.
specific hearing
event and case
weight.
The Solution shall Out of
enable manual the Box
scheduling and
manual over-ride of
the docket based on
state defined roles,
Hearing Prep ---
FR- including ability to Appendix Our solution provides the capability for appeals user to
AP 1.2.1.1 --- Release
AP- manually book Appeals H 3, Section manually schedule an appointment and also to reschedule
Schedule 2
64 resources, including 1.5.13 the appointments using the Schedule Appointment module.
Hearing Docket
persons and rooms,
for the same time
slot, or to add/delete
resources for a
specific hearing
event.
The Solution shall Out of
enable appropriate the Box
roles to have the
ability to assign the
same person for Hearing Prep --- AS defined in requirement FR-AP-62, our solution can be
FR- Appendix
multiple AP 1.2.1.1 --- Release customized to allow users to schedule the same person for
AP- Appeals H 3, Section
simultaneous Schedule 2 multiple hearing conferences based on the employee
65 1.5.13
hearings/conference Hearing Docket calendar and schedule appointment screens.
s and multiple
hearings/conference
s for the same
room/venue.

409
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
enable sending
appointment alerts
via email and any
other channels
defined by State, to
notify individuals and
resource pools, as
defined by State.
Alert information will
include, but is not
limited to:
i. Type of Alert:
1-Appeals
Our solution provides the capability to send notices for
Hearing Scheduled
hearings to all the concerned parties including appellant,
2-Resource
judge, resolution specialist and litigation attorney The notice
Availability Hearing Prep ---
FR- Appendix includes information including date and time, hearing type
Changed; Hearing AP 1.2.1.1 --- 200.05 Configur Release
AP- Appeals H Appeals 3, Section and other details listed in the requirement. We will
Reschedule Schedule 5 ation 2
66 1.5.9 customize our solution to alert the concerned parties by
Required Hearing Docket
email. Our screens will also be customized to capture
3-Appeals
information including the preference of communication and
Hearing Updated
the details related to it.
(date, room or team
change)
4-Appeals
Hearing Cancelled
ii. Hearing type
(phone/in person)
location,
iii. Hearing
date/time,
iv. Interpreter
Needed/Not needed,
v. Appellant
representation, and
vi. Appeal issue type
The Solution shall Out of
enable associating the Box
docket schedule of
hearings to specific
Our solution's scheduling module provides the functionality
appeal cases, and Hearing Prep ---
FR- Appendix for users to associate a docket to an appeals case. Our
link appeal cases to AP 1.2.1.1 --- Release
AP- Appeals H 3, Section solution also provides the ability to schedule group
docket schedule. Schedule 2
67 1.5.13 appointments thereby allowing multiple appealing
This includes the Hearing Docket
individuals within the same docket.
ability to consolidate
'linked appeals'
(multiple appealing
individuals within a

410
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
single household)
into a single hearing.

The Solution shall As defined in requirement FR-AP-39, our solution provides

Hearing Prep ---
have the ability to re- the capability to edit/update a Draft Information Packet. Not
FR- AP 1.2.1.2 --- Appendix
generate the Draft Custom - Release all data fields or screens of our NextGen solution are
AP- Edit/Update Draft Appeals H 3, Section
Information Packet if Easy 2 available for all users to see, hence effectively prohibiting
68 Information 1.5.6
information has certain sets of users from accessing specific data but still
Packet
been edited. allowing authorized users to update the information.

The Solution shall

enable selecting
As defined in requirement FR-AP-41 and FR-AP-42 our
specific linked Hearing Prep ---
solution will be customized to provide the user the capability
FR- documents (not all AP 1.2.1.3 --- Appendix
Custom - Release to link documents to an appeals case folder using drag and
AP- documents within Assemble Appeals H 3, Section
Easy 2 drop functionalities. Our solution will also be customized to
69 appeals case) to be Information 1.5.8
include the documents in the folder to be part of the
included as part of Packet
Information packet.
the Information
Packet.
The Solution shall
allow user roles, as
defined by the State, Hearing Prep --- Our solution can be customized to allow authorized users to
FR- to enter a decision AP 1.2.1.4 --- Appendix enter a decision on the distribution of appeals information
Custom - Release
AP- regarding whether or Review Appeals H 3, Section packet. Additionally our solution is customizable to allow
Easy 2
70 not an Appeals Information 1.5.4 workflow rules engine to route the packets and alerts the
Information Packet Packet concerned parties via notices or emails.
is approved for
internal distribution.
The Solution shall
allow user roles, as
defined by the State,
to enter a decision
Our workflow rules engine can be customized to route the
regarding whether or Hearing Prep ---
appeals information packet to Attorney review based on the
FR- not the Appeals AP 1.2.1.4 --- Appendix
Custom - Release decision entered by the appeals worker using our module.
AP- Information Packet Review Appeals H 3, Section
Easy 2 Additionally our solution is customizable to capture the
71 is authorized to Information 1.5.4
communication preferences of the attorney and also alert
proceed for attorney Packet
them based on the same.
review, or else
identify the issues
that need to be
resolved before

411
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
submitting for a
team hearing prep
review.

The Solution shall

enable access to
appeals case
information on State Hearing Prep --- Our solution provides the ability for users to search for
FR- defined rules, AP 1.2.1.4 --- Appendix appeals related information using our appeals inquiry
Custom - Release
AP- including a Review Appeals H 3, Section module. Our solution will also be customized to enforce a
Easy 2
72 combination of user Information 1.5.12 business rule that will allow the workers the access to an
roles and a Packet appeals case based on a configurable timeframe
configurable value
for days prior to
scheduled hearing.
The Solution shall
enable organization
of documents,
records, etc. that are
linked to the appeals
case using State
defined rules,
including but not
limited to:
-folder or tree
hierarchy by user-
Our NextGen solution provides the users the capability to
role (including but Hearing Prep ---
view documents using the Document Inquiry and Electronic
FR- not limited to user - AP 1.2.1.4 --- Appendix
Custom - Release Case File (ECF) Management screen. The ECF module
AP- role folders for Review Appeals H 3, Section
Easy 2 displays all appeals related documents in a separate
73 Admin Judge, Information 1.5.7
appeals folder and our solution will be customized to provide
Attorney, and Packet
users to define default sort views.
Appeals Specialist)
-default sorted list
view by criteria such
as document date
and document
description
-ability for user to
define personal
default sort view
-ability for user to
sort document list

412
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
have the ability to
Our NextGen solution has the capability to automatically
generate a Draft
Hearing Prep --- generate a notice of hearing correspondence, pre-populated
FR- Notice of Hearing, Appendix
AP 1.2.1.5 --- 200.05 Configur Release with appeals information contained in TEDS, when the
AP- automatically Appeals H Appeals 3, Section
Generate Draft 5 ation 2 appeals worker completes entering the required data
74 populating values, in 1.5.6
Notice of Hearing needed for processing. We will configure as per the state
accordance with
defined templates.
State defined
templates.
The Solution shall
allow user roles, as
defined by the State,
to enter a decision
regarding whether or
not the Appeals
As defined in requirement FR-AP-71 our workflow rules
Information Packet
engine is customizable to route the appeals information
FR- has completed the Hearing Prep --- Appendix
Custom - Release packet to appellant based on the Attorney review. Our
AP- attorney review and AP 1.2.1.6 --- Appeals H 3, Section
Easy 2 solution can be customized to capture the communication
75 is ready for Attorney Review 1.5.4
preferences of the appellant and also alert them based on
distribution to an
the same.
appellant, or else
identify the issues
that need to be
resolved before
submitting for an
attorney review.
The Solution shall
automatically
generate appeals/ Our solution provides the capability to automatically send
FR- Hearing Prep --- Appendix
fair hearing Configur Release notices to all concerned parties. Out solution also can be
AP- AP 1.2.1.7 --- Appeals H 3, Section
correspondence to ation 2 configured to send the alerts to appellants and their
76 Distribute NOH 1.5.8
all appropriate authorized representatives.
recipients, per state
policy.
The Solution shall
enable automatic
generation of a
Notice of Hearing
per State-defined
template, that
Our NextGen solution can be customized to generate a
FR- includes populating Hearing Prep --- Appendix
Configur Release notice of hearing automatically with the information currently
AP- values for, but is not AP 1.2.1.7 --- Appeals H 3, Section
ation 2 generated by the TEAMS system including the elements
77 limited to: Distribute NOH 1.5.6
mentioned in requirement FR-AP-77
i. Hearing
date/time/location
ii. Assigned
Administrative Judge
iii. Assigned
Attorney

413
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
iv. Whether or not
appellant has
elected for benefits
to continue during
appeal period.

The Solution shall

allow user roles, as
defined by the State,
to access appeals Our solution can be customized to automatically release
Hearing Prep ---
information and access to the Appeals Case information to the assigned
AP 1.2.1.8 ---
FR- automatically Appendix Administrative Law Judge (ALJ) based upon a configurable
Release Case Custom - Release
AP- release access to Appeals H 3, Section value of days preceding a scheduled hearing. We will
Information to Easy 2
78 the assigned 1.5.12 customize our solution to generate a task to the ALJ based
Administrative
Administrative Judge on a configurable number of days driven out of our
Judge for Review
based upon an a reference table.
configurable value of
'x days prior to a
scheduled hearing'.
The Solution shall
have the ability to
automatically send
the same
Information Packet
to the appellant's Hearing Prep ---
Our NextGen solution will automatically send the Appeal
FR- authorized AP 1.2.1.9 --- Appendix
Out of Release Information Packet to the appellant's authorized
AP- representative, NOH and Appeals H 3, Section
the Box 2 representative, guardian and/or attorney when the packet is
79 guardian and/or Information 1.5.8
sent to the appellant.
attorney, if Packet
applicable for the
appellant, in addition
to the packet that is
sent for the
appellant.

414
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
allow user roles, as
defined by the State,
Our solution provides authorized users, based on roles and
to generate a Notice Hearing Prep ---
privileges, with the ability to manually generate a Notice of
FR- of Hearing and AP 1.2.1.9 --- Appendix
Out of Release Hearing and Orders by selecting the correspondence type
AP- Orders, pre- NOH and Appeals H 3, Section
the Box 2 and the individuals to whom the NOH and Orders should be
80 populated with Information 1.5.6
sent. The system will pre-populate the NOH and Orders with
values, in Packet
appeal case information contained within TEDS.
accordance with
State-defined
template.
The Solution shall
enable ability of
Our NextGen solution provides authorized users, based on
users (based upon Hearing Prep ---
FR- Appendix roles and privileges, with the ability to access and review
roles) to view case AP 1.2.1.10 --- Out of Release
AP- Appeals H 3, Section appeals case information. The system also restricts or
information, and to Review Case the Box 2
81 1.5.12 grants access to update appeal case information and appeal
enter Info
case comments according to the user's roles and privileges.
comments/update
appeals case notes.
The Solution shall
have the ability to
generate an Issue
Our NextGen solution provides the ability to generate an
Continuance Order,
Issue Continuance Order, pre-populated with appropriate
pre-populated with Hearing --- AP
FR- Appendix appeals information, when a judge indicates that review has
appropriate appeals 1.2.7 --- Issue 200.05 Custom - Release
AP- Appeals H Appeals 3, Section been completed and decision is to approve the request. Our
information, when a Continuance 5 Easy 2
87 1.5.6 solution can be customized to design the notices and the
Judge indicates that Order
static and dynamic fields of the notices as per state defined
review has been
templates.
completed and
decision is to
approve the request.

415
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
have the ability, at
Administrative
Judge's option, to
either: 1. Generate
an Issue
Continuance Order,
pre-populated with
appropriate appeals
information, or2.
As defined in requirement FR-AP-87, our NextGen solution
Edit Continuance
allows an Administrative Judges to indicate that their review
Content, which will
has been completed and the decision has been entered
be merged into a Hearing --- AP
FR- Appendix approve the Continuance Request. Based on the choice
new Notice Of 1.2.7 --- Issue Custom - Release
AP- Appeals H 3, Section made by the Administrative Judges, our NextGen solution is
Hearing at a Continuance Moderate 2
88 1.5.6 customizable to automatically either generate an Issue
subsequent Order
Continuance Order, pre-populated with appropriate appeals
workflow step.The
information or to edit Continuance Content and generate a
choice for either
new Notice of Hearing.
option is triggered
per specific appeals
case when a Judge
indicates that his
review has been
completed and has
entered the decision
to approve the
Continuance
request.
The Solution shall
have the ability to
generate a Denied
Request for
Our NextGen solution provides the ability to generate an
Continuance
Denied Request for Continuance Request, pre-populated
Decision, pre- Hearing --- AP
FR- Appendix with appropriate appeals information, when a judge
populated with 1.2.8 --- Deny Custom - Release
AP- Appeals H 3, Section indicates that review has been completed and decision is to
appropriate appeals Continuance Easy 2
89 1.5.6 deny the request. Our solution can be customized to design
information, when a Order
the notices and the static and dynamic fields of the notices
Judge indicates that
as per state defined templates.
review has been
completed and
decision is to deny
the request.
The Solution shall
Our NextGen solution provides the ability to generate an
have the ability to
Hearing --- AP Post Hearing Initial Orders pre-populated with appropriate
FR- generate Post- Appendix
1.2.11 --- Post- 200.05 Custom - Release appeals information once the decision has been made. Our
AP- Hearing Initial Appeals H Appeals 3, Section
Hearing Initial 5 Easy 2 solution can be customized to design the notices and the
92 Orders, 1.5.6
Order static and dynamic fields of the notices as per state defined
automatically
templates.
populated with

416
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
values, in
accordance with
State-defined
template.

Our NextGen solution can be customized to build the

following workflows to address the petition process. Our
dynamic workflow provides the capability to identify the next
steps and owners based on the outcome of the previous
one. As part of the petition process we will customize the
The Solution shall following workflows
FR- implement an Appendix
Appeals --- AP 200.05 Custom - Release
AP- appeals-related Appeals H Appeals 3, Section 1. Workflow to intake the petition request.
1.3 --- Petition 5 Moderate 2
94 workflow to address 1.5.11 2. Workflow to address petition assignment
the Petition process. 3. Workflows to send petitions to County Directors
4. Workflows to review petitions
5. Workflows to create final orders

We will also be customize our screens to capture the

necessary data elements required for the above workflows.

The Solution shall

have the ability to
generate a Petition,
Our NextGen solution has the capability to automatically
automatically
FR- Petition --- AP Appendix generate notices and forms based on predefined sets of
populating values, in Custom - Release
AP- 1.3.1 --- Create Appeals H 3, Section rules and triggers. Our solution can be customized to
accordance with Easy 2
95 Petition 1.5.6 automatically generate a Petition, automatically populated
State defined
with values, in accordance with the State-defined template.
templates for
multiple petition
types.

417
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
allow user roles, as
defined by the State,
to generate various
petitions, (pre-
populated with
appropriate values), As defined in the requirement FR-AP_95 our solution will be
FR- Petition --- AP Appendix
including but not Custom - Release customized to generate notices for the petition process. We
AP- 1.3.1 --- Create Appeals H 3, Section
limited to: Easy 2 will also customize the types of petitions based on the input
96 Petition 1.5.6
i. Petition For provided by the appeals worker on our appeals screen.
Reconsideration
ii. Petition For
Appeal
iii. Petition for
Reconsideration of a
Final Order
The Solution shall
allow user roles, as
defined by the State,
Petition --- AP
to view the image of Our solution provides the capability for the workers to view
1.3.5 --- Review
a printed request for the documents for a particular client or case through the
FR- Petition Appendix
petition, while Out of Release state's Document management system. Our solution
AP- Petition --- AP Appeals H 3, Section
simultaneously the Box 2 currently allows dual monitor capabilities using which the
100 1.3.9 --- Review 1.5.7
viewing case users can view the document in one monitor and then view
Petition for
information, and to the case information on the other.
Appeal
enter
comments/update
appeals case notes.
The Solution shall
have the ability to
generate orders
Our NextGen solution has the capability to automatically
regarding petitions,
Petition --- AP generate notices and forms based on predefined sets of
FR- automatically Appendix
1.3.6 --- Create Custom - Release rules and triggers. Our solution can be customized to
AP- populating values, in Appeals H 3, Section
Order by Admin Easy 2 automatically generate orders regarding petitions,
101 accordance with 1.5.6
Judge automatically populated with values, in accordance with the
State defined
State-defined template.
templates for
multiple petition
types.
The Solution shall
have the ability to
Our NextGen solution has the capability to automatically
generate a
Petition --- AP generate notices and forms based on predefined sets of
FR- Commissioner's final Appendix
1.3.10 --- Create Custom - Release rules and triggers. Our solution can be customized to
AP- orders, automatically Appeals H 3, Section
Commissioner's Easy 2 automatically generate commissioners final order notices,
105 populating values, in 1.5.6
Final Order automatically populated with values, in accordance with the
accordance with
State-defined template.
State defined
template.

418
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

Our solution can be customized to build the following

workflows to address the Resolution/ Order Implementation
process. Our dynamic workflow provides the capability to
identify the next steps and owners based on the outcome of
the previous one. As part of the Resolution/ Order
The Solution shall
Implementation workflow we will customize the following
implement an
Appeals --- AP workflows.
FR- appeals-related Appendix
1.4 --- 200.05 Custom - Release
AP- workflow to address Appeals H Appeals 3, Section
Resolution/Order 5 Easy 2 1. Workflow to review the order
109 the Resolution/Order 1.5.11
Implementation 2. Workflow Implement the order
Implementation
3. Workflows to update the member eligibility and appeals
process.
case
4. Workflows trigger enrollment based on the outcome

Our screens can be customized to capture the necessary

data elements required for the above workflows.

The Solution shall Appeals --- AP

We will customize out solution to generate multiple orders
FR- enable multiple 1.4.1 --- Review Appendix
Configur Release based on the outcome of an appeals hearing. Our solution
AP- orders to be the Order and Appeals H 3, Section
ation 2 will also provide the capability to associate the multiple
110 associated to an Plan 1.5.11
orders to an appeals case.
appeal case. Implementation
The Solution shall Configur
Appeals Order
allow user roles, as ation
Implementation --
defined by the State, Our user based access functionality allows specific user
FR- - AP 1.4.2 --- Appendix
to edit appeal case Release roles defined by the State to access and edit appeal case
AP- Implement Appeals N/A 3, Section
notes. (Appeal case 2 notes. Our solution can be configured to maintain a
111 Orders or 1.5.7
notes are a separate separate case notes for the eligibility and the appeals case.
Resolution to
log from eligibility
Appeal Case
case notes log.)

419
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
have the ability for
appropriate roles, as
a user-selected
option for any
appeals case, to
either:
- Forward the
closed appeal to
Eligibility
Determination Our solution, based on user access will provide authorized
processes, for re- Appeals Order users to request eligibility determination for a case by
running the eligibility Implementation -- creating a manual task using our Reception Task
FR- Appendix
rules and sending an - AP 1.4.3 --- Custom - Release Management module. Our solution also provides role based
AP- Appeals H 3, Section
eligibility Update Member Easy 2 access to allow certain appeals users to run eligibility. Our
114 1.5.11
determination notice, Application / system can be configured to allow eligibility workers to
- Or, to run the Eligibility Case review and certify the results of eligibility for cases that were
same eligibility processed by appeals workers.
determination rules
engine in a one-off
calculation process
which informs the
Appeals Case
Worker of the
eligibility result
(without
implementing the
determination).
The Solution shall
allow user roles, as
Appeals Order
defined by the State, Our NextGen solution allows user roles, as defined by the
Implementation --
FR- to over-ride eligibility Appendix State, to over‐ride eligibility determination automated rules
- AP 1.4.3 --- Out of Release
AP- determination Appeals H 3, Section using our NextGen' s Eligibility Override screens. This
Update Member the Box 2
115 automated rules, 1.5.11 process creates triggers automatically to be sent to the
Application /
sending an input to MMIS vendors.
Eligibility Case
Enrollment/Disenroll
ment processes.
The Solution shall
have the ability to
Appeals Order When a final hearing outcome is available our NextGen
flag the
FR- Implementation -- Appendix solution automatically creates a reinstatement alert if the
reinstatement (or 200.05 Configur Release
AP- - AP 1.4.4 --- Appeals H Appeals 3, Section outcome is reinstatement. Our business rules engine can be
termination) of 5 ation 2
116 Update/Close 1.5.10 configured to reinstate the case when the eligibility is
benefits due to an
Appeal evaluated the next time.
appeal, (or the
denial of an appeal).

420
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
have the ability to
flag the change of Appeals Order
Our solution can be customized to identify the change of
FR- applicant information Implementation -- Appendix
Custom - Release client information as a result of the hearing outcome. The
AP- used to determine - AP 1.4.4 --- Appeals H 3, Section
Easy 2 information can be displayed on the appeals screen and can
117 eligibility aid Update/Close 1.5.10
be used by the workers while evaluating them for eligibility
category or eligibility Appeal
outcome (due to an
appeal).

The Solution shall Appeals Order When a final hearing outcome is available our NextGen
FR- have the ability to Implementation -- Appendix solution automatically creates a reinstatement alert if the
Custom - Release
AP- flag the change of - AP 1.4.4 --- Appeals H 3, Section outcome is change of effective date. Our business rules
Easy 2
118 effective date, due Update / Close 1.5.10 engine can be customized to reinstate the case when the
to an appeal. Appeal eligibility is evaluated the next time.

The Solution shall

have the ability to
automatically update
As defined in requirement FR-AP-25 our solution will be
the eligibility case Appeals Order
customized to flag an eligibility case with an open appeals
FR- 'has open appeal' Implementation -- Appendix
Custom - Release status when the eligibility case is associated with an appeals
AP- status flag (from - AP 1.4.4 --- Appeals H 3, Section
Easy 2 case. We will also customize our solution to remove the flag
119 'Yes' to 'No'), when Update / Close 1.5.10
when the appeals case is closed after taking the necessary
all appeals Appeal
actions.
associated with an
eligibility case are all
in 'closed' status.

421
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

Our NextGen solution can be customized to build the

following workflows to address the Continuation of Benefits
process. Our dynamic workflow provides the capability to
identify the next steps and owners based on the outcome of
The Solution shall
the previous one. As part of the Continuation of Benefits
implement an Appeals --- AP
FR- Appendix process flow we will customize the following workflows.
appeals-related 1.5 --- 200.05 Custom - Release
AP- Appeals H Appeals 3, Section
workflow to address Continuation of 5 Moderate 2
120 1.5.11 1. Workflow to review the Continuation of Benefits
the Continuation of Benefits
2. Workflow to Prevent Termination
Benefits process.
3. Workflows trigger enrollment based on the outcome

We will also be customize our screens to capture the

necessary data elements required for the above workflows.

The Solution shall

allow user roles, as
defined by the State,
to enter a decision
regarding whether or
not a request for
continuation of
benefits was
received within the
appropriate time Continuation of
FR- limit, by providing Benefits --- AP Appendix Our solution can be customized to allow authorized users to
Custom - Release
AP- the user with a 1.5.1 --- Review Appeals H 3, Section enter a decision on the request for continuance using the
Easy 2
122 recommendation for Continuation 1.5.5 appeals screen.
regarding timeliness, of Benefits
based upon State
defined timeliness
rules. (Note the
timeliness rules for a
continuation of
benefits request are
different then the
timeliness rules for
an appeals request.)

422
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
allow user roles, as
defined by the State,
to enter a decision Our solution can be customized to allow authorized users to
Continuation of
regarding whether or enter a decision on the present of good cause for not filing
FR- Benefits --- AP Appendix
not the appellant Custom - Release the request for continuance using the appeals screens.
AP- 1.5.1 --- Review Appeals H 3, Section
alleged good cause Easy 2
123 for Continuation 1.5.5
for not filing the
of Benefits
request for
continuation of
benefits in a timely
manner.
The Solution shall
allow user roles, as
defined by the State,
to enter a decision Our solution can be customized to allow authorized users to
Continuation of enter a decision on the present of good cause for electing to
FR- regarding whether or Appendix
Benefits --- AP Custom - Release file the request for continuance using the appeals screens.
AP- not an appellant had Appeals H 3, Section
1.5.2 --- Attorney Easy 2
125 good cause for 1.5.5
Review
electing benefits
continuation after
the allowable time
limit.
The Solution shall
enable updating an
eligibility record to
Continuation of
prevent termination Our solution can be customized to enables users, to
FR- Benefits --- AP Appendix
of benefits until after Custom - Release automatically update eligibility records to prevent the
AP- 1.5.3 --- Update Appeals H 3, Section
the hearing process Easy 2 termination of benefits until after the hearing process has
126 to Prevent 1.5.5
has completed, completed, including the implementation of orders.
Termination
including
implementation of
orders.
The Solution shall
provide a process to
Our proposed NextGen Solution allows users, with the
manually create,
FR- Appendix proper user roles, to manually create, assign, reassign,
assign, reassign, Out of Release
AL- Alerts H 3, Section update, and delete Alerts. Our solution provides the Manual
update, and delete the Box 1
001 1.6.1 Alert Generation screen that allows the users to perform
alerts based on user
these actions.
roles and program
rules.
The Solution shall
Our proposed NextGen Solution comes with a number of
generate alerts to
built-in Alerts which are generated based on a variety of
FR- notify user roles, as Appendix
Out of Release parameters. During design we will work with the state to
AL- defined by the State, Alerts H 3, Section
the Box 1 map the state's needs with the existing alert library and
002 when case/tasks are 1.6.1
develop a roadmap for addressing any additional alerts that
assigned based on
the state would require coming out of design.
work flow

423
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
parameters and
program rules.

The Solution shall

Our proposed NextGen Solution comes with a number of
be capable of
built-in Alerts which are generated based on a variety of
automatically
parameters. Certain configurable parameters, related to
FR- assigning and Appendix
Out of Release Alerts, are stored in a reference table format which reduces
AL- reassigning alerts Alerts H 3, Section
the Box 1 the effort to update some of the Alert generation
003 based on work flow 1.6.1
parameters. Our proposed solution provides the capability to
parameters, user
automatically and manually assign the alerts based on
roles, program rules
workflow parameters.
and business needs.

The Solution shall Our proposed NextGen Solution displays detailed

display alerts, via a information about Alerts in a variety of ways. A particular
FR- dashboard view, Appendix user can view a short list of his/her most recent set of Alerts
Out of Release
AL- based on work flow Alerts H 3, Section and the total number of outstanding Alerts (of which he/she
the Box 1
004 parameters, user 1.6.2 is a recipient) from many screens in the system. An
roles and program additional detailed view of Alerts is shown through the Alerts
rules. Search functionality.

Our proposed NextGen Solution displays detailed

information about Alerts in a variety of ways. A particular
The Solution shall
FR- Appendix user can view a short list of his/her most recent set of Alerts
display a detailed Out of Release
AL- Alerts H 3, Section and the total number of outstanding Alerts (of which he/she
alerts, via a the Box 1
005 1.6.2 is a recipient) from many screens in the system. An
dashboard view.
additional detailed view of Alerts is shown through the Alerts
Search functionality.

The Solution shall

able to identify, Our proposed NextGen Solution comes with a number of
generate, and built-in Alerts which are generated based on a variety of
display alerts, via a parameters. Certain configurable parameters, related to
FR- Appendix
dashboard view, for Out of Release Alerts, are stored in a reference table format which reduces
AL- Alerts H 3, Section
deadlines, pending the Box 1 the effort to update some of the Alert generation
006 1.6.2
tasks, overdue parameters. The alerts dashboard in our proposed solution
actions and other displays information of the alerts including due dates, status
information as and also highlights the overdue alerts in a red color.
defined by the State.

424
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
have the ability to
Our proposed NextGen Solution allows users to sort Alerts
FR- sort alerts and tasks, Appendix
Out of Release based on several parameters such as Due Date and Alert
AL- via a dashboard Alerts H 3, Section
the Box 1 Type. The dashboard view allows the users to sort the alerts
007 view, based on user 1.6.2
using the sort icons present on the results summary screen.
roles and program
rules.
The Solution shall
have the ability to
Our proposed NextGen Solution allows users to filter Alerts
FR- filter alerts and Appendix
Out of Release based on several parameters such as Due Date and Alert
AL- tasks, via a Alerts H 3, Section
the Box 1 Type. The dashboard view allows the users to filter the
008 dashboard view, 1.6.2
alerts by using the search parameters.
based on user roles
and program rules.
The Solution shall
Our solution provides batch processes that provides the
have the ability to
FR- Appendix capability to automatically close alerts based on the rules.
close/archive alerts Out of Release
AL- Alerts H 3, Section Our solution also provides the capability for users to
automatically when the Box 1
009 1.6.3 configure an alert to be closed by the system and also by
required action is
the user.
complete.
The Solution shall
alert users, via a
Our NextGen solution provides the users with an Alerts
dashboard view, that
dashboard capability that displays pending alerts that are
FR- pending Appendix
Out of Release overdue. Our Inbox dashboard also provides the capability
AL- applications, Alerts H 3, Section
the Box 1 for pending tasks and allows the worker to process pending
010 verifications, and 1.6.2
applications, verifications and tasks that have exceeded the
tasks have
specific time
exceeded specified
time limits.
The Solution shall
automatically
FR- Appendix Our NextGen solution provides the capability to
generate an alert Out of Release
AL- Alerts H 3, Section automatically generate alerts through our daily, weekly and
related to deadlines, the Box 1
011 1.6.1 monthly batch processes.
based on program
rules for timeliness.
The Solution shall
provide the Our NextGen solution provides the capability to specify the
FR- capability to specify Appendix timing and events for alert generation. For example our
Out of Release
AL- the timing and Alerts H 3, Section solution provides the capability to generate alerts to users
the Box 1
012 events that trigger 1.6.1 for cases that are due for redetermination and have not
automatically received information back from clients.
generated alerts.
The Solution shall
Our solution provides the users the capability to search for
FR- allow user roles, as Appendix
Out of Release alerts using our Search Alerts screen. The screen allows the
AL- defined by the State, Alerts H 3, Section
the Box 1 user to search based on alert types, person id, case number
013 to search for 1.6.2
and the alert received and due dates.
generated alerts.

425
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
FR- not satisfy Alert Appendix Our proposed NextGen Solution satisfies the Alert module
Out of Release
AL- requirements via Alerts H 3, Section requirements through the use of an Alerts module that
the Box 1
014 generation of 1.6 works independently of the Reporting functionality.
reports.

The Solution shall Our solution has the capability to generate the reports
FR- include all reports as Appendix specified in the RFP and repeated in our response Appendix
Out of Release
RE- required by State Reports H 3, Section 4. using our built in ClearLight reporting capabilities. During
the Box 1
001 and Federal law and 1.7 design we will work with the state to validate the out of box
regulations. reports and confirm that it aligns with the state requirement.

Our solution has the capability to generate the reports

The Solution shall
FR- Appendix specified in the RFP and repeated in our response Appendix
comply with federally Out of Release
RE- Reports H 3, Section 4 using our built in ClearLight reporting capabilities. During
mandated reporting the Box 1
002 1.7 design we will work with the state to validate the out of box
timelines.
reports and confirm that it aligns with the state requirement.

426
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
include standard
reports, as defined
by the State.
Standard reports
include, but are not
limited to the:
Active Individuals by
Program Report
Breast and Cervical
Cancer Treatment
Plan Report
Deceased Report
Daily Error Detail
Report
Daily Error Summary
Report
Pseudo SSN Report
Pending Re-
verification Report
QI Eligible
Individuals Report
Our solution has the capability to generate the reports
Application Aging
FR- Appendix specified in the RFP and repeated in our response Appendix
Report Configur Release
RE- Reports H 3, Section 4. using our built in ClearLight reporting capabilities. During
Low Income Subsidy ation 1
003 1.7 design we will work with the state to validate the out of box
(LIS) Report
reports and confirm that it aligns with the state requirement.
LTSS Recipients
With Trusts or
Annuities Report
Applications
Disposed with a
Time Frame Report
COLA Report
Applications Report
Denials Report
Redetermination
Report
MGMT 2050
Supervisory Report
DCS Foster Care
and Adoption
Assistance
Redetermination
Report
Foster Care and
Adoption Assistance
Pending
Applications Report

427
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
allow all user roles, Our proposed ClearLight platformsolution provides a special
FR- Appendix
as defined by the Out of Release user namely 'Report Publisher' the ability to create, edit or
RE- Reports H 3, Section
State, to create, the Box 1 delete the reports .We will provide specific state users the
004 1.7.4
update, and delete access of a Report Publisher.
report templates.
The Solution shall
have the capability
to generate and
display standard
reports that users
can view and export,
but not customize.

Standard reports Our solution has the capability to generate the reports
FR- may include but not Appendix specified in the RFP and repeated in our response Appendix
Out of Release
RE- limited to: Reports H 3, Section 4. using our built in ClearLight reporting capabilities. During
the Box 1
005 1.7 design we will work with the state to validate the out of box
i. Existing reports reports and confirm that it aligns with the state requirement.
that are currently
generated and
published

ii. Population centric

reports related to
member profiles
(demographics,
geography, etc.)
The Solution shall
display a list of
standard reports
available to the user.
The list shall include, Our ClearLight platformsolution provides the capability to
FR- but is not limited to: Appendix display a list of standard reports based on the user access.
Out of Release
RE- Reports H 3, Section Standard reporting parameters like Report Title, last
the Box 1
006 i. Report Title 1.7.1 updated date and the frequency of the report is also
displayed to the user
ii. Last Update Date

iii. Frequency of
Updates

428
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
allow users to
specify parameters
for the report.
Parameters may
include, but are not
limited to:

i. Reporting period
(last month, last
quarter, customized
date range, etc.)

ii. Population Our ClearLight solution allows users to specify parameters

characteristics (age for the report based on the report design. All our reports
FR- range, gender, Appendix have standard parameters like reporting period and also
Out of Release
RE- program Reports H 3, Section custom parameters like geography and population
the Box 1
007 participation, 1.7.5 characteristics. Our solution provides the users the
income, FPL, capability to specify parameters based on the requirement
eligibility category) of the report.

iii. Geography (zip

code, region, county,
census)

iv. Person-based
analyses

v. Threshold-based
and exception
reporting
vi. Percent change
reporting
The Solution shall
As defined in the previous requirement, our ClearLight
FR- allow users to Appendix
Out of Release solution allows users to specify parameters based on
RE- specify one or Reports H 3, Section
the Box 1 reports. Our solution also allows users to specify more than
008 multiple parameters 1.7.5
one parameter for the reports.
for reporting.

Our ClearLight solution integrates with the Tableau Server,

The Solution shall
and provides the capability for a user to easily interact with
provide the option of
FR- Appendix any visualization and save their own perspective of the data
saving the report Configur Release
RE- Reports M 3, Section using the ‘remember your changes’ feature. This will save a
parameters in order ation 1
009 1.7.5 custom view that includes all of the changes made including
to re-run it another
filters, parameters, selections, highlighting, groups, sorting,
time.
drill downs and selected tab.

429
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
Our solution has been architected in a manner that
FR- allow queuing of Appendix
Out of Release decouples the reporting solution from the source system.
RE- reports to limit Reports H 3, Section
the Box 1 This feature allows the generation of reports without
010 interruption of other 1.7.3
creating any limitations to other Solution processes.
Solution processes.

The data is extracted from the source system using a

The Solution shall change data capture tool which only captures the changes
allow reports to be since the last time the same process ran and checked for
FR- generated at any Appendix data changes. This approach minimizes the load on the
Out of Release
RE- time, without Reports H 3, Section source system. All the data changes are moved to a
the Box 1
011 interrupting 1.7.3 separate database which then becomes the source for all
expected business reporting needs. Once the data is extracted in to this
operations. database, the source system is freed up and there is no
impact or interruption to the business operations

The Solution shall

Our reporting parameter feature allows the users to select
have the ability to
FR- Appendix sample selection criteria from any given report. A user
identify sample Out of Release
RE- Reports H 3, Section would be able to select any random sample based upon
selection criteria and the Box 1
012 1.7.5 population characteristics, region and other parameter
pull random report
options.
samples.
The Solution shall
FR- Appendix Our ClearLight solution maintains versions for all new
include version Out of Release
RE- Reports H 3, Section reports created and modified and allows the users to view
control for all the Box 1
013 1.7.2 the version.
reports.
The Solution shall
provide the
FR- Appendix
capability to present Configur Release Our ClearLight platform Tableau visualization tool has the
RE- Reports M 3, Section
data in graphical ation 2 capability to present data in the graphical / GIS map format.
014 1.7.8
and/or GIS map
format.
The Solution shall
provide the
Our ClearLight platform Tableau visualization tool allows
FR- capability for reports Appendix
Out of Release users to subscribe to reports. It also has the capability to
RE- to be automatically Reports H 3, Section
the Box 1 send the users an email of the reports link once they are
015 generated and 1.7.6
generated.
distributed on a
periodic basis.

The Solution shall Our solution allows report to be configured with a variety of
FR- Appendix
allow the user to Out of Release preferences based on a user choice. It can also be delivered
RE- Reports H 3, Section
configure report the Box 1 over a variety of channel and platform like browser, mobile,
016 1.7.6
preferences. and printable document like pdf

430
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
Our ClearLight platform Tableau visualization tool allows
FR- allow users roles, as Appendix
Out of Release users to subscribe to reports. It also has the capability to
RE- defined by the State, Reports H 3, Section
the Box 1 send the users an email of the reports link once they are
017 to subscribe to 1.7.4
generated.
reports.
The Solution shall
allow the user to
Our solution provides the ability to retrieve the offline
export reports in a
version through ‘Download’ in the form of Image, Data,
FR- variety of formats, Appendix
Configur Release Crosstab (.CSV), PDF and Tableau workbook used in
RE- including but not Reports H 3, Section
ation 1 Desktop version. Further, exporting to image enables one to
018 limited to: 1.7.7
include it in MS Word or MS PowerPoint for easy porting of
i. PDF
reports.
ii. Microsoft Excel
iii. Microsoft Word
The Solution shall
Our ClearLight platform solution has the capability to
FR- provide a printer- Appendix
Out of Release provide the user a printer friendly version of the generated
RE- friendly version of Reports H 3, Section
the Box 1 reports with options including Layout, paper scaling and
019 the generated 1.7.7
paper size.
report.
The Solution shall
have the capability
FR- to generate a report Appendix The solution is capable of generating a report of all users
Out of Release
RE- of all users that Reports H 3, Section that access reports and also a report of which reports they
the Box 1
020 access reports and 1.7.1 have access to.
which reports they
access.
The Solution shall
FR- allow users to Appendix Our solution allows users to save the reports or views they
Configur Release
RE- specify "favorites" Reports M 3, Section frequently use as favorite also by clicking bookmark icon in
ation 1
021 and frequently used 1.7.1 our Tableau visualization tool.
reports.

Our solution allows embedding parameters in URLs to

The Solution shall preset, filter or sort the data in the published dashboard
FR- Appendix
allow for the user to Out of Release when sharing. Sorting capabilities are provided at multiple
RE- Reports H 3, Section
sort and filter report the Box 1 levels including sub-levels. Filtering capability can be
022 1.7.8
data. presented in a variety of ways such as drop down, selection
criteria, and slider.

The Solution shall

Our solution has the capability to generate a new report to
FR- provide the ability to Appendix
Out of Release compare reporting periods. This reports serve a summary
RE- compare the data Reports H 3, Section
the Box 1 report and allows users to compare data between specified
023 from one reporting 1.7.5
reporting periods.
period to another.

431
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
have the capability
Our solution provides State users the capability to generate
for user roles, as
FR- Appendix reports and user-defined queries that meet individual
defined by the State, Configur Release
RE- Reports H 3, Section information requirements and views easily on-demand so
to create user- ation 2
024 1.7.8 that end users can drill through report data for powerful
defined queries via
information analysis
an accessible user
interface.
The Solution shall
allow user roles, as The user-defined queries can be saved for further use or
FR- Appendix
defined by the State, Configur Release can be shared with other users so they can leverage the
RE- Reports H 3, Section
to save a user- ation 2 same query already defined eliminating the duplication of
025 1.7.8
defined queries for effort.
future use.
The Solution shall
allow user roles, as The user-defined queries can be saved for further use or
FR- Appendix
defined by the State, Configur Release can be shared with other users so they can leverage the
RE- Reports M 3, Section
to share user- ation 2 same query already defined eliminating the duplication of
026 1.7.8
defined queries with effort.
other users.
The Solution shall
allow the user to
view and select
available data
sources for use in a
query. Data sources
may include, but are
not limited to:

i. Data within the

Solution such as
FR- centralized data Appendix The ClearLight platform supports ODBC and JDBC
Configur Release
RE- stores Reports H 3, Section connection types through which data can be obtained from
ation 2
027 1.7 multiple sources in addition to the data from the data mart.
ii. Data within legacy
Solutions that are
connected to the
Solution and may be
queried from the
Solution

iii. Data from other

external sources that
may be imported for
use in the query.

432
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
provide the ability to
Our ClearLight solution provides not only standard reports
access reports via a
FR- Appendix but also interactive dashboards to users via zero-footprint
variety of delivery Out of Release
RE- Reports H 3, Section HTML and JavaScript (AJAX) in a web browser, or natively
channels (e.g. web, the Box 1
028 1.7.1 via a mobile app. Our solution supports Internet Explorer,
mobile) to meet the
Firefox, Chrome and Safari web browsers.
varying needs of
user roles.
The Solution shall
FR- have the ability to Appendix
Out of Release Our solution has the capability to schedule and run the
RE- run scheduled Reports H 3, Section
the Box 1 reports on a defined frequency.
029 reports on a set 1.7.6
frequency.
The Solution shall
allow user roles, as
FR- defined by the State, Appendix Our scheduling tools allows the users to define the
Out of Release
RE- to define the Reports H 3, Section frequency of the reports. Our Tableau platform allows the
the Box 1
030 frequency and 1.7.6 users to subscribe to the various methods of delivery.
method of report
delivery.

The Solution shall Our ClearLight platform integrated with the Tableau
FR- Appendix
have the ability to Out of Release visualization tool allows workers to subscribe for reports via
RE- Reports H 3, Section
distribute reports via the Box 1 email. Once a report is generated an email notification is
031 1.7.6
e-mail. sent to the user with the link of the reports.

The Solution shall

allow user roles, as
Our ClearLight platform allows the users to view a version of
FR- defined by the State, Appendix
Out of Release all reports using the web. The users have the capability to
RE- to view available Reports H 3, Section
the Box 1 view the historical reports by searching on the date
032 historical versions of 1.7.2
parameters.
the standard reports
online.
The Solution shall
generate error
reports from mass
change processing.
The error report for Our solution has the capability to generate the reports
FR- mass change Appendix specified in the RFP and repeated in our response Appendix
Out of Release
RE- processing shall Reports H 3, Section 4 using our built in ClearLight reporting capabilities. During
the Box 1
033 include, but is not 1.7 design we will work with the state to validate the out of box
limited to, cases that reports and confirm that it aligns with the state requirement.
could not be
updated as a result
of system wide mass
change processing.

433
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

The Solution shall Our solution has the capability to generate the reports
FR- provide the ability to Appendix specified in the RFP and repeated in our response Appendix
Out of Release
RE- report on the Reports H 3, Section 4 using our built in ClearLight reporting capabilities. During
the Box 1
034 number of active 1.7 design we will work with the state to validate the out of box
cases. report and confirm that it aligns with the state requirement.

The Solution shall

generate a report
Our solution has the capability to generate the reports
that details the
FR- Appendix specified in the RFP and repeated in our response Appendix
number of Out of Release
RE- Reports H 3, Section 4 using our built in ClearLight reporting capabilities. During
applications the Box 1
035 1.7 design we will work with the state to validate the out of box
processed during a
report and confirm that it aligns with the state requirement.
configurable
timeframe.
The Solution shall
generate
standardized
eligibility reports
including, not limited Our solution has the capability to generate the reports
FR- to, applications Appendix specified in the RFP and repeated in our response Appendix
Out of Release
RE- processed, Reports H 3, Section 4 using our built in ClearLight reporting capabilities. During
the Box 1
036 applications denied, 1.7 design we will work with the state to validate the out of box
applications reports and confirm that it aligns with the state requirement.
approved, members
terminated, applicant
demographics, and
program churning.
The Solution shall
have the ability to
Our solution has the capability to generate the reports
generate a report
FR- Appendix specified in the RFP and repeated in our response Appendix
that details Out of Release
RE- Reports H 3, Section 4 using our built in ClearLight rreporting capabilities. During
application status the Box 1
037 1.7 design we will work with the state to validate the out of box
and duration (time
report and confirm that it aligns with the state requirement.
spent in current
status).
The Solution shall
have the ability to Our solution has the capability to generate the reports
FR- generate a report on Appendix specified in the RFP and repeated in our response Appendix
Out of Release
RE- the number of Reports H 3, Section 4 using our built in ClearLight reporting capabilities. During
the Box 1
038 applications 1.7 design we will work with the state to validate the out of box
received through report and confirm that it aligns with the state requirement.
various channels.

434
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

The Solution shall Our solution has the capability to generate the reports
FR- provide the ability to Appendix specified in the RFP and repeated in our response Appendix
Out of Release
RE- report on cases that Reports H 3, Section 4 using our built in ClearLight reporting capabilities. During
the Box 1
039 are approaching 1.7 design we will work with the state to validate the out of box
timeliness deadlines. report and confirm that it aligns with the state requirement.

The Solution shall

produce a report on Our solution has the capability to generate the reports
FR- eligibility Appendix specified in the RFP and repeated in our response Appendix
Out of Release
RE- determinations and Reports H 3, Section 4 using our built in ClearLight reporting capabilities. During
the Box 1
040 redeterminations 1.7 design we will work with the state to validate the out of box
that are due or past report and confirm that it aligns with the state requirement.
due.
The Solution shall
provide the ability to
report on processing Our solution has the capability to generate the reports
FR- time, from the Appendix specified in the RFP and repeated in our response Appendix
Out of Release
RE- application date to Reports H 3, Section 4 using our built in ClearLight reporting capabilities. During
the Box 1
041 eligibility 1.7 design we will work with the state to validate the out of box
determination date / report and confirm that it aligns with the state requirement.
redetermination
date.
The Solution shall
provide the ability to
report on processing Our solution has the capability to generate the reports
FR- time, from the Appendix specified in the RFP and repeated in our response Appendix
Out of Release
RE- receipt date to Reports H 3, Section 4 using our built in ClearLight reporting capabilities. During
the Box 1
042 eligibility 1.7 design we will work with the state to validate the out of box
determination date / report and confirm that it aligns with the state requirement.
redetermination
date.
The Solution shall
generate a
caseload/task-based
Our solution has the capability to generate the reports
report to assist
FR- Appendix specified in the RFP and repeated in our response Appendix
management in Out of Release
RE- Reports M 3, Section 4 using our built in ClearLight reporting capabilities. During
analyzing worker the Box 1
043 1.7 design we will work with the state to validate the out of box
activities to establish
report and confirm that it aligns with the state requirement.
priorities, trends and
distribution of
caseloads.

435
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

The Solution shall

Our solution has the capability to generate the reports
provide the ability to
FR- Appendix specified in the RFP and repeated in our response Appendix
report on the amount Out of Release
RE- Reports H 3, Section 4 using our built in ClearLight reporting capabilities. During
of active cases/tasks the Box 1
044 1.7 design we will work with the state to validate the out of box
assigned to a unit,
report and confirm that it aligns with the state requirement.
and worker.

The
The Solution shall Contract
Our proposed solution has the capability and tools required
have the ability to or shall
to do analytical processing as part of the Deloitte ClearLight
provide users with provide
FR- Appendix platform which contains ETL capabilities provided by
access to a full set data Custom - Release
RE- Reports M 3, Section Informatica, analytical capabilities provided by Open R and
of complex query analytics Moderate 2
045 1.7.9 data visualization capabilities provided by Tableau. We will
Online Analytical tool with
work with the state to understand the specific requirements
Processing (OLAP) OLAP
around these capabilities.
capabilities. capabiliti
es.
Our proposed solution has the capability and tools integrate
The Solution shall
our Deloitte ClearLight platform with GIS based
have the capability
visualizations. The Deloitte ClearLight platform contains ETL
FR- to include advanced Appendix
Custom - Release capabilities provided by Informatica, analytical capabilities
RE- statistical Reports M 3, Section
Moderate 2 provided by Open R and data visualization capabilities
046 functionality and 1.7.9
provided by Tableau. We will work with the state to
sources such as GIS
understand the specific requirements around these
maps.
capabilities.

Our proposed solution has the capability and tools required

to do predictive analytics based processing as part of the
The Solution shall
FR- Appendix Deloitte ClearLight platform which contains ETL capabilities
provide predictive Custom - Release
RE- Reports M 3, Section provided by Informatica, analytical capabilities provided by
analysis tools for Moderate 2
047 1.7.9 Open R and data visualization capabilities provided by
modeling scenarios.
Tableau. We will work with the state to understand the
specific requirements around these capabilities.

Our proposed solution has the capability and tools required

The Solution shall to generate fraud, waste and abuse centric processing and
contain reports reporting as part of the Deloitte ClearLight platform which
FR- Appendix
targeted at Custom - Release contains ETL capabilities provided by Informatica, analytical
RE- Reports M 3, Section
identifying and Difficult 2 capabilities provided by Open R and data visualization
048 1.7.9
remediating fraud, capabilities provided by Tableau. We will work with the state
waste and abuse. to understand the specific requirements around these
capabilities.

436
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
provide the ability to Our solution has the capability to generate the reports
FR- produce reports to Appendix specified in the RFP and repeated in our response Appendix
Out of Release
RE- support accurate Reports M 3, Section 4 using our built in ClearLight reporting capabilities. During
the Box 2
049 forecasting of 1.7 design we will work with the state to validate the out of box
program reports and confirm that it aligns with the state requirement.
enrollments.
The Solution shall
generate an Appeal
activity report, as
defined by the State.
Criteria for this
report includes, but
is not limited to:
i. Summaries by
appeal type
ii. Appeal reason
category
iii. Appeal date
iv. Appeal workflow Our solution has the capability to generate the reports
FR- status Appendix specified in the RFP and repeated in our response Appendix
Out of Release
RE- v. Appeal's assigned Reports H 3, Section 4 using our built in ClearLight reporting capabilities. During
the Box 2
050 task owner 1.7 design we will work with the state to validate the out of box
vi. Appeal's reports and confirm that it aligns with the state requirement.
assigned judge
vii. Appellant's
county
viii. Appellant's
region
ix. Authorized
representative
x. Appellant's
attorney/advocacy
group
xi. Process Clock
Compliance status
The Solution shall
have the ability to
generate an appeals
summary report of Our solution has the capability to generate the reports
FR- basic appeals data, Appendix specified in the RFP and repeated in our response Appendix
Out of Release
RE- that does not include Reports H 3, Section 4 using our built in ClearLight reporting capabilities. During
the Box 2
051 any personal health 1.7 design we will work with the state to validate the out of box
information (PHI) or report and confirm that it aligns with the state requirement.
personally
identifiable
information (PII).

437
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

The Solution shall

Our solution has the capability to generate the reports
have the ability to
FR- Appendix specified in the RFP and repeated in our response Appendix
generate a report on Out of Release
RE- Reports H 3, Section 4 using our built in ClearLight reporting capabilities. During
State-defined Key the Box 1
052 1.7 design we will work with the state to validate the out of box
Performance
report and confirm that it aligns with the state requirement.
Indicators.

The Solution shall

have the ability to
generate Appeals
Hearing dockets
based upon State-
defined parameters,
generating reports
including but not
limited to:
i. All dockets for a
particular:
1-Room/Venue
2-Date
3-Resource or
4-Resource
Our solution has the capability to generate the reports
Team
FR- Appendix specified in the RFP and repeated in our response Appendix
5-Process Clock Out of Release
RE- Reports H 3, Section 4 using our built in ClearLight reporting capabilities. During
value the Box 2
053 1.7 design we will work with the state to validate the out of box
ii. Docket
reports and confirm that it aligns with the state requirement.
description details:
1- Location type
(phone/in person),
2- Hearing
date/time/location,
3- Interpreter
Needed/Not needed,
4-Appellant
representation or
None
5-Appeal issue
type
6-Hearing type
(Appeal,
Continuance)
The Solution shall
provide inquiry
Our solution has the capability to generate the reports
access to appeals or
FR- Appendix specified in the RFP and repeated in our response Appendix
hearings status for Out of Release
RE- Reports N/A 3, Section 4 using our built in ClearLight reporting capabilities. During
internal and external the Box 2
054 1.7 design we will work with the state to validate the out of box
customers based on
report and confirm that it aligns with the state requirement.
user roles and
program rules.

438
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
enable a dynamic
dashboard summary
view of appeals
activity, filtered by
user role, including
but not limited to:
summaries by
appeal type, appeal
reason category,
appeal date, appeal Our solution has the capability to generate the reports
FR- workflow status, Appendix specified in the RFP and repeated in our response Appendix
Out of Release
RE- appeal's assigned Reports N/A 3, Section 4 using our built in ClearLight reporting capabilities. During
the Box 2
055 task owner, appeal's 1.7 design we will work with the state to validate the out of box
assigned judge, report and confirm that it aligns with the state requirement.
appellant's county,
appellant's region,
authorized
representative, and
appellant's
attorney/advocacy
group. The
timeframe for the
report shall be
parameterized.
The Solution shall
allow a role-based
user to view and
update appeal case
information with the Our solution has the capability to generate the reports
FR- outcomes of Appendix specified in the RFP and repeated in our response Appendix
Out of Release
RE- reviews, including Reports N/A 3, Section 4 using our built in ClearLight reporting capabilities. During
the Box 2
056 but not limited to: 1.7 design we will work with the state to validate the out of box
status of the Valid report and confirm that it aligns with the state requirement.
Factual Dispute
review and status of
the Hearing
Preparation review.
The Solution shall
provide the ability to
view, search and ad-
hoc query for Our solution has the capability to generate the reports
FR- appeals information Appendix specified in the RFP and repeated in our response Appendix
Out of Release
RE- from current and Reports N/A 3, Section 4 using our built in ClearLight reporting capabilities. During
the Box 2
057 historical incidents, 1.7 design we will work with the state to validate the out of box
based State-defined report and confirm that it aligns with the state requirement.
criteria to include but
not limited to appeal
submitted date.

439
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
produce an appeals
summary report of
Our solution has the capability to generate the reports
basic appeals data
FR- Appendix specified in the RFP and repeated in our response Appendix
that does not include Out of Release
RE- Reports N/A 3, Section 4 using our built in ClearLight reporting capabilities. During
any personal health the Box 2
058 1.7 design we will work with the state to validate the out of box
information (PHI) or
report and confirm that it aligns with the state requirement.
personally
identifiable
information (PII).

The Solution shall

Our NextGen solution provides the State of Tennessee with
include a workflow
a rules based workflow engine in the generation of tasks to
engine that can be
the users. All documents that are either scanned or
FR- used to describe Workflow Appendix
Out of Release uploaded via the member/partner portal are processed via
WM multi-step workflows Manage H 3, Section
the Box 1 our workflow rules engine. The multistep workflow rules
-001 and can manage the ment 1.8.1
engine evaluates the documents based on document type
execution of those
and metadata parameters and creates the tasks in the
workflows and task
appropriate queues for the workers to process.
checklists.

The Solution shall

have the ability to
generate tasks and
route them to
individuals or groups
of individuals
(queues) for later
assignment. The
workflow
requirements are
described using the
following terms:
Our Workflow has a rules based workflow rules engine that
FR- i. Workflow - this Workflow Appendix
Out of Release determines the creation of a task to the worker. A task is
WM consists of one or Manage H 3, Section
the Box 1 also created internally by the system at the completion of
-002 more tasks. ment 1.8.1
one action to the user to start the next.
ii. Task - a discrete
step or process in a
workflow that may
be assigned to an
individual or may be
an automated
process.
iii. Workflow Engine
- the software
component that runs
and manages the
workflows and the

440
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
step by step
execution.

The Solution shall

provide an Our solution has the capability to escalate alerts to
escalation process supervisors when they become overdue. Our solution also
FR- Workflow Appendix
for tasks and alerts Out of Release provides dashboard capabilities for workers within the
WM Manage H 3, Section
based on work flow the Box 1 worker portal to identify tasks that are overdue. This
-003 ment 1.8.6
parameters, user functionality will enables the supervisors to take timely
roles and program actions on overdue tasks and alerts.
rules.

Our solution's workflow rules engine has the capability to

The Solution shall
integrate the state's IBM File Net Electronic Content
support workflows
Management system and create tasks for all scanned
that
FR- Workflow Appendix documents. As defined in requirement FR-WM-001 our rules
interact/integrate Out of Release
WM Manage H 3, Section based workflow engine created tasks for the workers in
with Electronic the Box 1
-004 ment 1.8.1 queues based on the document type and the metadata.
Content
Once the documents are scanned, the tasks are created
Management
real-time through our NextGen' s task management web
Systems.
services.

The Solution shall

include the capability Appeals Intake -- Our solution has the capability to create tasks to queues
FR- Workflow Appendix
to assign initial - AP 1.1.1.8 --- Configur Release based on user defined rules. Our solution also can be
WM Manage H 3, Section
tasks/cases to staff Assign to Initial ation 1 configured to assign those tasks to specific users based on
-005 ment 1.8.2
based on defined Appeal Workflow our Workflow Engine Case Assignment Criteria.
business rules.

The Solution shall

Our solution has the capability to assign new tasks and
include the capability
FR- Workflow Appendix cases to workers based on factors like worker schedules,
to route work to the Out of Release
WM Manage H 3, Section case weights, category of assistance and companion cases.
next person in a the Box 1
-006 ment 1.8.4 Based on the factors our workflow rules engine
workflow based on
automatically assigns the cases to the next person in queue.
process outcomes.

441
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
provide an
automated method
FR- Workflow Appendix As defined in requirement FR-WM-007, our solution's
to balance workload Out of Release
WM Manage H 3, Section workflow rules engine provides parameters to configure task
based on the Box 1
-007 ment 1.8.4 load balancing.
configurable
parameters defined
by the state.

Worker portal has a Task Assignment/Re-Assignment

The Solution shall
screen that allows users with access to transfer tasks from
FR- provide a method to Workflow Appendix
Out of Release one worker to another or from one office to another. While
WM manually reassign Manage H 3, Section
the Box 1 transferring cases from one office to another, our system
-008 workload based on ment 1.8.4
automatically transfers all the tasks associated with the
user input.
cases as well.

The Solution shall

Our solution provides a user interface for workers with
FR- support a Workflow Appendix
Out of Release access to update the driver flow for our screens. This
WM visual/modeling tool Manage M 3, Section
the Box 1 functionality can be used to define the business process
-009 to define business ment 1.8.7
flow of the data capture in our Data Collection module.
process flows.
The Solution shall
FR- Workflow Appendix As defined in the requirement FR-WM-010 our dynamic
support standard Out of Release
WM Manage H 3, Section drive rules engine framework can be used to support
business process the Box 1
-010 ment 1.8.7 business processes within our NextGen solution
definition languages.

The Solution shall Our solution's workflow functionality provides the capability
FR- provide the Workflow Appendix to link multiple workflows to one . For example our
Out of Release
WM capability to link a Manage H 3, Section application intake workflow can be split into further sub
the Box 1
-011 workflow to one or ment 1.8.7 workflows, that will route all Long term care applications into
more workflows. one of the sub workflows.

The Solution shall

allow user roles, as
defined by the State, Our solution's Inbox module serves as a single point for all
FR- Workflow Appendix
to have a Out of Release workers to start processing the tasks. The Inbox module
WM Manage H 3, Section
consolidated inbox the Box 1 allows the workers to view the tasks assigned to them and
-012 ment 1.8.3
where they can see also to start processing the same.
all of their assigned
tasks/cases.

442
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
For tasks that are not assigned to a worker, our solution
allow user roles, as
also provides the capability for the workers to start working
defined by the State,
FR- Workflow Appendix from a queue using the consolidated Inbox module. The
access to a work Out of Release
WM Manage H 3, Section Inbox module also provides a common Start Task
queue where the Box 1
-013 ment 1.8.3 functionality that will automatically assign tasks based on
tasks/cases can be
priority and also prevents two workers from working on the
pulled (self-
same tasks.
assigned).

Inbox module in NextGen provides the workers the

The Solution shall
FR- Workflow Appendix capability to search for tasks using parameters like case
provide Inbox lists to Out of Release
WM Manage H 3, Section number, client ID, first name, last name, and document type.
be sorted by criteria the Box 1
-014 ment 1.8.3 The results are displayed in a summary format that can be
defined by the state.
sorted based on criteria defined by the state.

The Solution shall

allow work groups to
be defined as Our solution has a configurable role based access that
FR- Workflow Appendix
collections of Out of Release allows a mapping of users to roles and roles to business
WM Manage H 3, Section
individuals and/or the Box 1 functions. More detailed description of the same can be
-015 ment 1.8.3
roles and/or other referenced in Appendix under Section 1.6.1.
work groups and/or
organizations.
The Solution shall
have allow user
roles the ability to
create a new
workflow or modify Our Solution's has a rules based workflow that controls the
FR- Workflow Appendix
an existing workflow, Configur Release creation and assignment of tasks. The business rules can
WM Manage H 3, Section
with limited technical ation 1 be modified by state workers with an understanding of our
-016 ment 1.8.3
knowledge, so that business rules engine using the rules designer.
different tasks are
created and
assigned using
different rules.

443
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
have allow user
roles the ability to
create a new task
type, with limited
technical knowledge,
and associated
criteria, as define by
Our solution stores the document types and criteria
the State.
FR- Workflow Appendix associated with them in a reference table. The reference
Associated criteria Configur Release
WM Manage H 3, Section table module in our solution provides an user interface for
includes, but is not ation 1
-017 ment 1.8.3 business users allowing them to modify and create tasks
limited to:
with minimal technical knowledge.
i. Initiation event/rule
ii. Notification
requirements
iii. Assignment or
queue rule
iv.
Disposition/deletion
event/rule

The Solution shall Inbox module in NextGen provides the capability for workers
FR- Workflow Appendix
allow tasks, based Out of Release to complete and dispose a task. Out solution also provides a
WM Manage H 3, Section
on task type, to be the Box 1 comment box for the workers to enter the reason for
-018 ment 1.8.4
manually completed. completion of task.

The Solution shall Our solution has the capability to automatically complete
FR- allow tasks to be Workflow Appendix tasks based on defined system actions. The tasks that that
Out of Release
WM automatically Manage H 3, Section can be automatically completed versus the ones that require
the Box 1
-019 completed by a ment 1.8.4 manual intervention will be discussed during our design
system action. sessions.

444
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
allow tasks to
track/include details
as defined by the
State. Task details
include, but are not
limited to:
i. Task start date
and time
FR- Workflow Appendix Task Inquiry Module in our NextGen solution displays
ii. Task end date and Out of Release
WM Manage H 3, Section detailed information of tasks. The screen allows workers to
time the Box 2
-020 ment 1.8.4 view the status of current and historical tasks.
iii. Priority history
iv. Original due date
v. Assignment
history
vii. Appeals Process
Clock value
viii. Appeals
Process Clock
compliance status
The Solution shall
FR- have the ability to Workflow Appendix Our workflow rules engine automatically calculates the due
Out of Release
WM automatically assign Manage H 3, Section date during the creation of tasks. The tasks are also sorted
the Box 1
-021 a due date to a ment 1.8.2 by the due date when they are displayed in the inbox.
task/case.

The Solution shall Our solution can be customized to add a functionality for the
allow user roles, as worker to manually assign due dates to task. This feature
FR- Workflow Appendix
defined by the State, Custom - Release will be added to the Inbox Details module of our solution and
WM Manage H 3, Section
to manually assign a Easy 1 our rules engine's validations can be enforced to prevent
-022 ment 1.8.2
due date to a workers from incorrectly assigning manual dates for such
task/case. tasks.

The Solution shall

The workflow rules engine in our NextGen module has the
allow have the ability
FR- Workflow Appendix capability to automatically assign priority to a task based on
to automatically Out of Release
WM Manage H 3, Section the document type and metadata information. The tasks are
assign a the Box 1
-023 ment 1.8.2 then sorted in the inbox based on the priority allowing the
priority/criticality to a
workers to process the most critical ones first.
task/case.

The Solution shall

allow user roles, as Our solution can be customized to allow the workers to
FR- Workflow Appendix
defined by the State, Custom - Release manually assign priority to the tasks. A new field will be
WM Manage H 3, Section
to manually assign a Easy 1 added to the Document Re-index screen that will also the
-024 ment 1.8.2
priority/criticality to a workers to assign priority/criticality to the tasks.
task/case.

445
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)

The Solution shall

Inbox module in our solution allows users to view tasks
allow user roles, as
FR- Workflow Appendix assigned to other users. Users can search by other users
defined by the State, Out of Release
WM Manage H 3, Section names and user id's. Our role based access can also be
to be able to see the the Box 1
-025 ment 1.8.2 used to provide access for users to search for other users
tasks assigned to
within an office, region and also statewide.
other users.

The Solution shall

allow tasks to be
escalated to a user
Our solution provides dashboards for the supervisors that
FR- role, as defined by Workflow Appendix
Out of Release will allow them to view the tasks that are past due by
WM the State, based on Manage H 3, Section
the Box 1 number of days. The users would be able to see tasks that
-026 configurable date ment 1.8.6
0-10 days old, 10-30 days old and more than 30 days old.
triggers for a type of
task, e.g., 1 day past
due.
The Solution shall
Our solution's Reception Log Management module allows
allow user roles, as
users to create manual/ad-hoc tasks. The reception log
FR- defined by the State, Workflow Appendix
Out of Release management screen replicates the document indexing
WM to create an ad-hoc Manage H 3, Section
the Box 1 screen allowing the workers to choose task types, priority
-027 task and assign it to ment 1.8.4
and other metadata information like case number , client Id
another user or
and appeals case number.
themselves.
The Solution shall
Inbox module in our solution allows supervisors and users
FR- allow user roles, as Workflow Appendix
Out of Release with access to assign a task for any of the queues. The
WM defined by the State, Manage H 3, Section
the Box 1 solution also provides users with access to assign tasks
-028 to reassign a task to ment 1.8.4
from one users to another.
another user.
Petition --- AP
1.3.4 --- Confirm
Petition
AssignmentPetiti
on --- AP 1.3.7 ---
Send Petition for
Appeal to
The Solution shall
CDPetition --- AP Our solution provides the capability to create tasks for two
allow user roles, as
FR- 1.3.8 --- Confirm Workflow Appendix groups based on defined rules. In case of appeals, our
defined by the State, Out of Release
WM Petition for Manage H 3, Section solution creates tasks to all concerned parties with respect
to forward a task to the Box 2
-029 AppealContinuati ment 1.8.4 to the appeals case, whenever a new document is scanned
another group or
on of Benefits --- for that specific appeals case.
work queue.
AP 1.5.1 ---
Review for
Continuation of
BenefitsContinua
tion of Benefits --
- AP 1.5.2 ---
Attorney Review

446
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall Our Task Inquiry module allows users to view the status of
FR- allow user roles, as Workflow Appendix tasks using standard search parameters. The results are
Out of Release
WM defined by the State, Manage H 3, Section sorted based on the state defined criteria. This module also
the Box 1
-030 to view and search ment 1.8.5 allows users to search for historical tasks by using date
their task history. parameters.
The Solution shall
allow user roles, as
As defined in the requirement FR-WM-031, out tasks inquiry
FR- defined by the State, Workflow Appendix
Out of Release module allows users to search and view history of tasks.
WM to view, search, and Manage H 3, Section
the Box 1 The screen also provides the capability to search based on
-031 report on the task ment 1.8.5
the office and region to which the users belong to.
history within their
organizations.
The Solution shall
Our solution member portal allows applicants to start an
allow external users
application and complete a redetermination. When a
(applicant/member)
FR- Workflow Appendix redetermination packet is generated for a client, a
to have tasks Out of Release
WM Manage M 3, Section notification is sent to the member using their preferred
assigned to them for the Box 1
-032 ment 1.8.2 method of communication. The clients can then log into their
completion of
member portal and complete the task of completing a
applications/redeter
redetermination online.
minations.

Our solution provides Splunk monitoring tool to monitor key

activities and generate alerts for any predefined events This
The Solution shall
tool can be configured based on our requirements to identify
enable BAM
FR- Workflow Appendix key monitoring events to create an alert based on a
(Business Activity Out of Release
WM Manage L 3, Section threshold set up for that activity. For example, if the average
Monitoring) and the Box 1
-033 ment 1.8.7 number of cases where eligibility is processed is more than
event-based
the threshold configure, the tool can generate an a
notifications.
notification to the subscribed users thereby allowing users to
take any preventive action if necessary.

The
Hearing --- AP State
1.2.6 --- Review shall plan
Continuance to re-use,
The Solution shall Request Electroni where Our solution maintains a status for all the scanned
FR- Appendix
have the ability to Hearing --- AP c Content possible, Out of Release documents and their associated tasks. The status will allows
WM H 3, Section
indicate document 1.2.12 --- Order Manage the the Box 1 the users and supervisors to indicate if the document has
-034 1.8.3
read/unread status. Implementation ment currently been worked upon or not.
Unit (OIU) utilized
Preliminary ECM
Review tool,
FileNET.

447
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
Our solution provides the capability to associate an existing
have the ability to
FR- Workflow Appendix eligibility case to an a new investigation case. Our Case
indicate the Configur Release
WM Manage H 3, Section Inquiry module can be configured to display a flag for all
existence of an ation 2
-035 ment 1.8.1 eligibility cases that have an open appeals associated with
appeal via a flag on
it.
an eligibility case.
Petition --- AP
1.3.4 --- Confirm
Petition
Assignment
Petition --- AP
1.3.7 --- Send
Petition for
Appeal to CD
Petition --- AP
1.3.8 --- Confirm
The
Petition for
State
Appeal
shall plan
The Solution shall Continuation of
to re-use,
have the ability to Benefits --- AP
Electroni where
FR- associate a specific 1.5.1 --- Review Appendix Our workflow rules engines creates a task for all the
c Content possible, Out of Release
WM document to a task, for Continuation H 3, Section documents scanned by the eligibility and appeals case
Manage the the Box 2
-036 and provide the of Benefits 1.8.1 workers.
ment currently
ability to review the Continuation of
utilized
document. Benefits --- AP
ECM
1.5.2 --- Attorney
tool,
Review
FileNET.
Hearing --- AP
1.2.6 --- Review
Continuance
Request
Hearing --- AP
1.2.12 --- Order
Implementation
Unit (OIU)
Preliminary
Review

448
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
have the ability to
calculate Appeals
Process Clocks
status:
1- Shall calculate 'In
Compliance' as:
a. For Process
Clocks with 'No
Continuance'
attribute, clock day
count value is less
than State-defined
FR- configurable Workflow Appendix Our solution will customize our appeals module to calculate
Custom - Release
WM maximum, default as Manage H 3, Section and display the appeals clock status for clients based on the
Easy 2
-037 90 days. ment 1.8.1 clients compliance status.
b. For Process
Clocks with 'Granted
Continuance'
attribute, clock day
count value is less
than State-defined
configurable
maximum, default as
120 days.
2- Shall calculate
'Out of Compliance'
for all other
conditions.
The Solution shall Once cases are selected for review and assigned, the
FR- support the State Quality Appendix module provides navigational tools to allow the designated
Out of Release reviewers to perform the case review, record findings, and
QM- and Federal Quality Manage H 3, Section
the Box 1 initiate the necessary follow-up with QA staff or the
001 Control Case ment 1.9
Review Process. participant

The NextGen Quality Assurance (QA) module provides

The Solution shall
FR- Quality Appendix automated and flexible workflows to build universes, identify
support the State's Out of Release
QM- Manage H 3, Section samples, schedule, assign, and conduct QA reviews, enable
quality assurance the Box 1
002 ment 1.9 supervisors to review Quality Control (QC) findings, and
process.
provide summary reports of finalized review.

The Solution shall

support the State's
FR- quality control Quality Appendix The NextGen solution's production-proven QA module is
Out of Release
QM- processing, Manage H 3, Section capable of meeting Tennessee’s commitment to quality as
the Box 1
003 including but not ment 1.9 well as federal requirements for MEQC, and PERM.
limited to:
i. Payment Error

449
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
Rate Measurement
(PERM)
ii. Medicaid Eligibility
Quality Control
(MEQC)

The Solution shall

FR- Quality Appendix Our solution supports the State's internal audit process by
support the State's Out of Release
QM- Manage H 3, Section automating case read results for accurate and streamlined
internal audit the Box 1
004 ment 1.9 reporting.
processes.
The Solution shall
maintain an audit log
of all additions,
changes and
deletions made to
data in the system.
This should be
readily searchable
by user ID or
member ID. This
must include but is
not limited to:- The
user ID of the
person who made
the change- The Our Worker Portal provides an Action History Module that
Appeals Order
date and time of the allows workers with access to search history on a specific
Implementation --
FR- change- The Appendix case within our system. The screen allows the workers to
- AP 1.4.3 --- Out of Release
AU- physical, Audit H 3, Section search for transactions using the below parameters-Case
Update Member the Box 1
001 software/hardware 1.10 Number- Page Name- User ID- Batch ID- Case Mode -
Application /
and/or network Transaction Start and End times- Details of the transaction (
Eligibility Case
location of the what data got changed)
person while making
the change- The
information that was
changed- The
outcome of the
event- The data
before and after it
was changed, and
which screens were
accessed and used-
The method in which
the change was
received (user /
batch process / etc.)

450
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
The Solution shall
maintain an audit log
that includes, but is
not limited to, the
following details:
i) date/time the
FR- Appendix The Action History Module in Worker Portal will provide the
change was made Out of Release
AU- Audit H 3, Section users to view this information as defined in the Notes
ii) the user that the Box 1
002 1.10 Column of requirement FR-AU-001
made the change
iii) the previous
value of the changed
field
iv) the new value of
the changed field

The Solution shall Our solution maintains a version control for all the changes
FR- Appendix
maintain an audit log Out of Release that were made on our business rules including information
AU- Audit H 3, Section
of changes to the Box 1 like the date the change was made, the reason for the
003 1.10
business rules. change and the user who made the change.

The Solution shall

FR- Appendix Our solution maintains an audit log of all the changes made
maintain an audit log Out of Release
AU- Audit H 3, Section on client notes including updates and deletion of client
of changes made to the Box 1
004 1.10 notes.
case/client notes.

The Solution shall Our solution maintains a version control for all the changes
FR- Appendix
maintain an audit log Out of Release that were made on our reports and notices including
AU- Audit H 3, Section
of changes made to the Box 1 information like the date the change was made, the reason
005 1.10
reports/notices. for the change and the user who made the change.

The Solution shall

allow user roles, as
defined by the State,
FR- Appendix Our solution's Action History module allows state defined
to view the contents Out of Release
AU- Audit H 3, Section users to view the audit trail including the date the change
of the audit trail, at a the Box 1
006 1.10 was made, the old and new values.
minimum by date
and field level, on-
line and via report.
FR- The Solution shall Appendix The Case Action history screen in out solution is a read-only
Out of Release
AU- prohibit alterations of Audit H 3, Section screen and prevents users from making any changes to the
the Box 1
007 the audit trail. 1.10 audit trails.
The Solution shall
allow user roles, as
defined by the State, Our solution has the capability to configure the auditable
FR- Appendix
to set the inclusion Out of Release events in our database. For example our solution can be
AU- Audit H 3, Section
or exclusion of the Box 1 configured to create an audit for specific elements in a table
008 1.10
auditable events versus others.
based on
organizational policy

451
 Associated Solution Notes
Process Flow (if Support
Bidder
applicable) for
Policy Response
RE (Process Flow Prior Policy Comme Require
Requirement Group Numb Release Narrative
Q ID Name - Process ity Title nts ment
er Section
Flow Activity ID
Reference
- Process Flow
Activity Name)
& operating
requirements/limits.

The Solution shall

maintain an audit log
FR- Appendix Action History screen in our solution allows users to view
for all pages and the Out of Release
AU- Audit H 3, Section the audit history of all pages where the user has created,
user ID of the user the Box 1
009 1.10 viewed, and updated data.
that has viewed the
page.

452
Non-Functional Requirements
This table is a copy of the non-functional requirements from the RFP response – C.19 Non-Functional Requirements
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS is based on Deloitte's

NextGen platform and is a configurable, non-proprietary solution
which includes two Web portals (Member/Partner Portal and
Worker Portal). The Member/Partner Portal will be internet-based,
The term "portals" refers to the different user
and the Worker Portal will be intranet-based. In addition to using
Applicati interfaces needed by the Eligibility System.
NFR- User their computers to access and update information,
on Web We specifically recognize the Member Portal,
AA- Channe Supported N/A Members/Partners will also be able to create user accounts, set
Architect Portal the Worker Portal and Partner Portals as
001 ls up alerts and reminders, report specific changes, upload
ure being the major user interfaces for the
documents, and check benefits using their mobile devices. In
Solution.
addition to completing typical day-to-day tasks via the Worker
Portal directly, workers will also have the ability to interact with the
Worker Portal via IBM Datacap when scanning and indexing
documents.

The Solution shall allow the user interface to

be optimized for 1024 pixel wide screens but Our proposed solution for the TEDS will work with 1024x768
shall still work with lower or higher resolution and will also work with other screen resolutions for
Applicati resolutions. The browser shall not display a Worker Portal and Member/Partner Portal. Our Member/Partner
NFR- User
on Web horizontal scroll bar when viewed with a Portal Web application supports phone, tablet, and desktop for
AA- Channe Supported N/A
Architect Portal screen resolution of 1024x768 - even when public features and tablet and desktop for partner features.
002 ls
ure there is a vertical scrollbar displayed. This Horizontal scroll bars are not displayed unless there is an explicit
screen width is a common minimum need from the State to package and layout data in a format that
specification and is also the common cannot be supported without it.
configuration for tablet interfaces.

Our proposed solution's Worker Portal is a browser-based

Applicati The Solution shall provide the capability for solution that is hosted on the State’s network. Remote access is
NFR- User
on Web remote access of the Worker Portal (all possible through the State’s VPN. We assume that the State's
AA- Channe Supported N/A
Architect Portal components) in compliance with HCFA policy VPN complies with HCFA policies and practices. Note that the
003 ls
ure and practice. Member/Partner Portal is internet accessible, however, it can also
be accessed via the State network as well as the State VPN.

Our proposed NextGen solution for the TEDS provide session

management capabilities that support user sessions and
coordinated back-end functionality. Deloitte will leverage the
Oracle Identity and Access Management (IAM) solution with
Applicati The Solution shall provide session
NFR- User Microsoft AD as LDAP for authentication tokens, enhanced further
on Web management capabilities to support user
AA- Channe Supported N/A by our NextGen Framework to manage user sessions. Our
Architect Portal sessions and coordinated back-end
004 ls Framework checks the validity of the session and accordingly
ure application functionality.
prompts for credentials or allows access to the solution. In the
case of the Member/Partner Portal, we will use a combination of
Oracle IAM, Microsoft LDS as our LDAP, and our NextGen
framework to manage the user session.

453
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed NextGen solution provides customization

capabilities by rendering portal contents based on user
preferences or by displaying the portal layout based on the user
The Solution shall provide portal
preferences. Our solution will dynamically queue only the screens
personalization and customization capabilities
necessary for a specific type of worker, based on the worker's
for user experience.
user role. For example, an inquiry user will see only inquiry
screens, while a data collection user will see the whole set of data
Examples of customization includes allowing
collection application screens. Our solution's intuitive user
users to explicitly specify what they want. E.g.
interfaces have been engineered with leading practices in User
Applicati choosing which information elements might
NFR- User Experience design to help streamline business processes and
on Web be presented on a home page, choosing fond Partially
AA- Channe N/A improve efficiencies. To provide a consistent look and feel across
Architect Portal size, display colors etc. Supported
005 ls users and to support accessibility standards, we do not allow UI
ure
personalization such as font size and display color. Our proposed
Personalization is the process of tailoring
solution does support high-contrast themes for accessibility, using
content to individual user's characteristics or
native browser access. For internet-facing applications such as
preference. E.g. display different landing
the Member/Partner Portal, where accessibility standards support
pages for EOG case workers, TNHC workers
becomes even more crucial, we do not allow users to personalize
and supervisors, different landing pages for
font, colors, or even home pages. This provides not only a
navigator and general member etc.
consistent look and feel for users, it also eliminates excess
Service Desk time that would be spent on addressing layout
issues vs. resolving important service issues.

Our proposed solution utilizes the free and open source

WordPress platform, licensed under GPL v2.0 or later, as the
Web Content Management solution for the TEDS. This platform
Applicati
NFR- User will be used for both Worker Portal and Member/Partner Portal
on Web The Solution should provide support for web Partially
AA- Channe N/A sites. The WordPress components will host the frequently
Architect Portal content management solution. Supported
006 ls published content that State administrative users can manage
ure
using native WordPress pages. The WordPress sites will have
links to the actual Web applications that are based on the
NextGen Framework.

Our proposed solution for the TEDS uses WordPress as the Web
Applicati
NFR- User The Solution shall provide time-based content Content Management platform which provides content expiration
on Web
AA- Channe expiration and version management Supported N/A and version management out-of-the-box. These capabilities are
Architect Portal
007 ls capabilities. configurable, using administrative screens within the WordPress
ure
platform.
Our proposed solution for the TEDS utilizes WordPress as the
Applicati
NFR- User Web Content Management system. WordPress has a built-in
on Web The Solution shall provide web content
AA- Channe Supported N/A component with workflows for authoring and publishing content to
Architect Portal related workflow management capabilities.
008 ls enable the State to reduce the complexity of Web Content
ure
Management.

454
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution uses WordPress to enable authorized

users to provide syndicated content, including creation and
subscription of RSS feeds. WordPress has native support for RSS
Applicati 1.0 (aka RDF), RSS 2.0, and ATOM specifications. It is easily
NFR- User The Solution shall provide syndicated content
on Web Partially configurable to enable a page within the platform for feed
AA- Channe capabilities including creation and N/A
Architect Portal Supported subscription. Using this feature, our proposed solution will provide
009 ls subscription to RSS feeds.
ure containers for content feed and subscription on the home pages
of the intranet and internet sites. State authors can choose to
configure WordPress for additional feeds using WordPress
authoring tools that are provided out-of-the-box with the platform.

Our proposed solution for the TEDS will use WordPress for Web
Content Management. However, to help the State achieve its
vision for easy content management as well as outreach, we can
Applicati
NFR- User embed YouTube-based audio/video and Google Picasa-based
on Web The Solution shall provide multimedia web Partially
AA- Channe N/A slide shows (for multimedia publishing on internet sites) within the
Architect Portal content management capabilities. Supported
010 ls WordPress pages. For intranet sites where the State may not
ure
wish to post those videos and images, WordPress pages can also
embed internally-hosted videos via an HTTP interface from a
State media server using oEmbed protocol.

Our proposed solution for the TEDS uses WordPress as the Web
Content Management solution that provides native taxonomy-
based cataloging of resources. We use out-of-the-box, time-based
parameters for organizing content by day, by month, year, author,
Applicati and category, with dynamically created, browsable archives,
NFR- User
on Web The Solution shall provide taxonomy-based which maintain content currency. WordPress is configurable to
AA- Channe Supported N/A
Architect Portal cataloging of portal resources. organize content using other parameters, however, the default
011 ls
ure options are optimized, based on what most large, popular sites
follow (driven by general usage trends observed over time). In
addition, NextGen solution provides taxonomy-based cataloging
of portal application resources. Our proposed solution provides
the taxonomy based on file extension type and business module.

Our proposed NextGen solution is built on n-tier architecture,

The Solution shall provide a portal UI
Applicati which separates the presentation layer from the business and
NFR- User framework that separates content from logic
on Web persistence layers. Additionally, our solution is built using JSP
AA- Channe and is robust, scalable and interoperable with Supported N/A
Architect Portal and HTML5 standards for scalability and interoperability, with
012 ls W3C web-based standards and
ure W3C Web-based standards and recommendations for Worker
recommendations.
Portal and Member/Partner Portal.

455
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for both the Worker Portal and the
Member/Partner Portal supports the use of a tablet interface via a
The Solution shall allow the user interface to
Applicati supported Web browser. The Worker Portal user interface is
NFR- User work on a touch-screen tablet interface for all
on Web focused on data entry and productivity. Therefore, while it may
AA- Channe defined channels, although it is not necessary Supported N/A
Architect Portal render in a tablet, a tablet may not be the most efficient
013 ls to specifically create a custom mobile user
ure mechanism for transactions requiring significant user input. A
interface for tablet computing.
traditional physical keyboard is typically a better choice for worker
efficiency.

Our proposed NextGen solution supports zoom-in and zoom-out

Applicati The Solution shall make it possible such that
NFR- User capabilities for the Worker Portal and Member/Partner Portal,
on Web when a person uses the browser to resize
AA- Channe Supported N/A using native browser controls. This feature is enabled using our
Architect Portal (zoom) a page the page shall behave
014 ls CSS and UI layout standards in addition to the parameters used
ure functionally.
for the JSP controls in our applications.

Our proposed solution for the TEDS classifies user types as

The Solution shall allow a user session to Workers, Members, and Partners. For workers who interact with
Applicati timeout after a specified period. The timeout the Worker Portal, we rely on the use of Oracle IAM with Microsoft
NFR- User
on Web period shall be configurable for different Partially AD to provide session timeout, which is integrated with session
AA- Channe N/A
Architect Portal classes of users and minimally allow different Supported management within the application. For the Member/Partner
015 ls
ure values for the public web site and the internal Portal, we rely on Oracle IAM with Microsoft LDS configurable
web site. session timeout in conjunction with the application's own
framework for session management.

Our proposed solution for the TEDS will display a warning

The Solution shall allow a user to see, prior to message when a session is about to timeout, based on a
Applicati
NFR- User session timeout, a message that warns them configurable property value that can be set to support Security
on Web Partially
AA- Channe of the imminent timeout (e.g., a 1 minute N/A regulations and State preference. This warning message will also
Architect Portal Supported
016 ls notice) and they shall be able to click this provide functionality that allows the user to continue the current
ure
message and keep their server session alive. session. This functionality will be enabled for both the Worker
Portal and the Member/Partner Portal.

Our proposed NextGen Solution for the TEDS has built-in perf
logs that reports statistics such as user, PAGE_ID, along with
Applicati The Solution shall collect and collate statistics response time to support reporting requirements. These serve as
NFR- User
on Web on web portal usage to support reporting inputs for continuous improvements in design and performance.
AA- Channe Supported N/A
Architect Portal requirements and continuous improvements WebSphere app server logs provide additional statistics, while
017 ls
ure in design. technical statistics, such as connections and database resource
consumption, are provided by the Oracle Database Enterprise
platform's diagnostics and tuning pack.

456
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed NextGen solution for the TEDS offers monitoring

and logging capabilities of application components such as
The Solution shall have web statistics that
application, security, framework, messages, services, rules, data
Applicati capture the entry screens, exit screens,
NFR- User access object, business objects, EJB, performance, presentation,
on Web application abandonment frequency/location,
AA- Channe Supported N/A and batch. Logging can be configured at various levels like
Architect Portal % of anonymous users who create accounts,
018 ls DEBUG, ERROR and WARNING etc., depending on how much
ure logon duration, session timeouts, time on
information logging is required. It is crucial that the State network
each page, keyword searches, etc.
and infrastructure do not suppress the end user IP for tracking
anonymous users.

Applicati Our proposed solution supports use of copyright meta tags, and
NFR- User The Solution shall ensure that each web
on Web Partially Deloitte will work with the State to gather the HCFA copyright
AA- Channe page contains a HCFA copyright statement in N/A
Architect Portal Supported statements that need to be added to all public-facing portal
019 ls the copyright meta tag.
ure resources.

Applicati Copyright comments can be added to our portal resources,

NFR- User The Solution shall ensure that JavaScript,
on Web Partially including JavaScript, CSS, HTML, and other ASCII text files.
AA- Channe CSS and other text files contain a HCFA N/A
Architect Portal Supported Deloitte will work with the State to identify the HCFA copyright
020 ls copyright statement as a comment.
ure statements to be added to these resources.

The Solution shall be able to post

Our proposed solution for the TEDS uses WordPress as the Web
Applicati announcements/messages that are displayed
NFR- User Content Management solution, which will have configurable
on Web on a user's home page. Different messages
AA- Channe Supported N/A Widgets on the home page to post announcements/messages.
Architect Portal shall be targeted for different user groups;
021 ls This functionality will be enabled for both the Worker Portal and
ure minimally internal (professional) users and
the Member/Partner Portal.
external (member/citizen) users.

The Solution shall allow the user interface for

public access ("Member Portal") to operate
Our proposed Worker Portal and Member/Partner Portal solution
across all mainstream browsers. Mainstream
for the TEDS can be accessed through a Web browser, supported
browsers are defined as any browser that has
by the mainstream browsers - Microsoft Internet Explorer 9,
greater than 3% of the US browser market or
Applicati Microsoft Internet Explorer 10, Microsoft Internet Explorer 11,
NFR- User greater than 3% of the US mobile-browser
on Web Microsoft Edge v13, Google Chrome v49, and Firefox v45. Per
AA- Channe market and all versions of that browser within Supported N/A
Architect Portal www.netmarketshare.com, the browsers with higher than three
022 ls the last 2 years and across all supported
ure percent usage as of June 2016 are IE, Chrome, Firefox, and
operating systems.
Microsoft Edge. Per the State’s Enterprise Technology
Architecture Web standards, the application needs to support IE 9
Refer to the State's "Enterprise Technology
or above. Our proposed solution meets this requirement.
Architecture" for web browser standard for
internal web portals.

The Solution shall, if the a browser is known

Applicati to not to be supported, allow the portal to Our proposed solution for the TEDS will be configured to perform
NFR- User
on Web present an information page to the user, i.e., Partially a browser compatibility check before loading the home page and
AA- Channe N/A
Architect Portal fail gracefully. Specifically if IE6 is known not Supported will display a graceful message to the user if a browser version is
023 ls
ure to function properly the system shall inform not compatible with the list of approved browsers for the solution.
the user accordingly.

457
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

As part of our proposed solution for the TEDS, we will create a

plan for White Hat SEO to address the following for
The Solution shall create a plan, and then Member/Partner Portal: 1) Indexing pages to incorporate search
Applicati
NFR- User execute the plan, for "white hat" Search engine optimization (SEO) techniques. 2) Providing well
on Web Partially
AA- Channe Engine Optimization (SEO) in order to N/A structured pages (with headers and sub headers etc.). 3) Using
Architect Portal Supported
024 ls encourage the indexing and discovery of the descriptive page titles and other page text and building descriptive
ure
Member Portal. inbound links. We will use native features within WordPress to
meet these controls where possible to minimize maintenance
overhead.

Applicati The Solution shall install sitemap files to Deloitte will work with the State to shortlist the important
NFR- User
on Web encourage the correct search engine indexing Partially Member/Partner Web pages and will map these pages to create
AA- Channe N/A
Architect Portal of important web pages for the Member Supported sitemap XML, based on our NextGen templates. The sitemap
025 ls
ure Portal. XML will then be used by the search engines to create site links.

Deloitte will work with the State to shortlist the important

Member/Partner Web pages and will map these pages to create
Applicati The contractor shall document a strategy to
NFR- User sitemap XML, based on our NextGen templates. The sitemap
on Web ensure that Google, and Bing present the Partially
AA- Channe N/A XML will then be used by the search engines to create site links.
Architect Portal Member Portal as "site links" in their search Supported
026 ls As part of the White Hat SEO artifact, we will document the
ure results.
strategy for site links search to align with Google and Bing search
result preferences.

The Solution shall allow the display text to be Our proposed solution's language is user intuitive, refined from
written in at a 6th grade reading level as our experiences with other states. We are confident that it meets
Applicati
NFR- User otherwise dictated by the State and Federal 6th grade reading level. Our proposed solution offers out-of-the
on Web
AA- Channe regulations. The Solution shall allow the user Supported N/A box framework services that support multi-languages, including
Architect Portal
027 ls interface to be multi-lingual and support both English and Spanish. If the State requires support for double byte
ure
single and double byte languages if the State languages in future, we will work with the State, using the change
expands the languages supported. control process, to identify impacts to the solution.

Applicati The Solution shall utilize the concepts and

NFR- User Our proposed solution for the TEDS aligns with IDEO UX2014
on Web design demonstrated in the UX 2014
AA- Channe Supported N/A design principles and concepts to provide a user-friendly
Architect Portal prototype to be leveraged wherever
028 ls experience.
ure applicable.
Our proposed solution's Member Portal has an out-of-the-box
Applicati
NFR- User The Solution shall allow a user to create a feature that allows a user to create a Member Portal account by
on Web
AA- Channe web profile and account at the time they first Supported N/A providing basic information such as username, name, account
Architect Portal
029 ls fill out an eligibility application. password, and contact information before initiating an eligibility
ure
application.
Applicati
NFR- User The Solution shall allow the account setup to Our proposed solution for the TEDS provides the capability to
on Web Partially
AA- Channe use the user's email address based on a N/A capture email addresses. This capability can be customized for
Architect Portal Supported
030 ls system policy configuration parameter. the State using a system policy configuration parameter.
ure

458
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS utilizes WordPress as the

Applicati Web Content Management platform, which has native capabilities
NFR- User The Solution shall provide links to the
on Web that allow external links to be added to the Member/Partner Portal
AA- Channe Healthcare.gov or other sites when specified Supported N/A
Architect Portal site. Deloitte will work with the State to identify links to other
031 ls by HCFA.
ure websites, such as Healthcare.gov, that need to be displayed in
the Member/Partner Portal.

Our proposed solution for the TEDS has capabilities such as

CSS-driven color scheme and branding, along with standardized
Applicati The Solution shall allow the branding across
NFR- User headers and footers to support different branding for
on Web the Member and Professional User Portals to Partially
AA- Channe N/A organizations. We will work with the State to confirm the
Architect Portal be unified and also complementary to existing Supported
032 ls Tennessee-specific CSS standards, banners and header/footer
ure State Web sites.
information that will be customized for the Worker Portal and
Member/Partner Portal to align with existing State websites.

Our proposed solution for the TEDS Member/Partner Portal uses

no pop-ups and will not experience loss of functionality due to
Applicati pop-up blockers. For the Worker Portal, we will work with the
NFR- User The Solution shall experience no loss in
on Web State to add the domain to the list of trusted sites for workers.
AA- Channe functionality due to pop-up blockers and other Supported N/A
Architect Portal (The Worker Portal design avoids pop-ups; however, in some
033 ls toolbars designed to block advertisements.
ure cases the nature of the business transaction makes it easier for
workers to have a small pop-up vs. utilizing other navigation
paradigms to support efficient data entry.)

Our proposed solution for the TEDS will provide access to

YouTube training videos for Member/Partner Portal users.
Applicati The Solution shall allow video tutorials to be YouTube supports various mainstream formats and standardizes
NFR- User
on Web displayed in any mainstream format(s) but them for display within websites across multiple platforms. For the
AA- Channe Supported N/A
Architect Portal shall be available across all supported Worker Portal, we will utilize the oEmbed library of WordPress to
034 ls
ure platforms. embed videos that are published from State Media servers for
intranet-only videos. We assume that the State media servers
utilize formats that are cross-platform compatible.

The Solution shall allow instructional help

support to generally be available for each
page and for the site as a whole. The design
Applicati shall consider the best way of embedding
NFR- User
on Web help support. This may mean including inline Our proposed solution for the TEDS provides users with Solution-
AA- Channe Supported N/A
Architect Portal text on some pages, embedding links to level help, Page-level help, and field-level help using hover text.
035 ls
ure supporting pages, embedding videos in a
page, providing context specific FAQs,
providing hover option over fields to generate
a description of the data element, etc.

459
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The Solution shall allow online help support

for the Worker Portal to be at a page level
and for the site as a whole. Training manuals,
procedure manuals, policy manuals,
overview presentations etc., shall be
Our proposed solution provides users access to several forms of
available online and accessible from the
Applicati help. Online Help guides, FAQs, and Context Sensitive Help
NFR- User banner menu or home page. The online help
on Web Partially provide users with both general and specific help for the
AA- Channe text shall include instructions on how to N/A
Architect Portal Supported processes, screens, and fields in our NextGen solution. Help
036 ls perform certain tasks (e.g., "How do I forward
ure content itself will require modification, based on State-specific
an Inbox alert to my supervisor", "How do we
terminology and policies.
handle the recent incarceration of a
household member?"). The Solution shall
provide hover option over HCFA defined
fields to generate a tool tip of the data
element.

Our proposed solution for Member/Partner Portal features a

The Solution shall directly support mobile
Applicati native application for member use only that supports IOS 9 and
NFR- User platforms (e.g. iOS, Android, Blackberry, etc.)
on Android 6.0 Marshmallow. (For mobile, the application will enable
AA- Channe Mobile for applicant/member use. This support shall Supported N/A
Architect members to create user accounts, setup alerts and reminders,
037 ls include a native application that is optimized
ure check benefits, report specific changes, and perform document
for a smartphone.
upload functions.)

Our proposed solution for the TEDS is built on Service Oriented

Architecture that supports integration with IVR systems, based on
Applicati
NFR- User The Solution shall interface with the TNHC's defined APIs such as REST- or SOAP-based services or file-
on Partially
AA- Channe IVR solutions to provide function proscribed by N/A based integration. Based on Tennessee-specific IVR systems, we
Architect Supported
038 ls HCFA. will work with the State to identify interface needs and develop
ure
interfaces for the system related to enabling IVR-driven Check My
Benefits functionality.

Our proposed solution for the TEDS uses the IBM WebSphere
Operational Decision Manager (ODM) rules engine that separates
Applicati The Solution shall comply with the
NFR- business rules from the application code and removes complex
on Rules recommendations in Affordable Care Act and
AA- - Supported N/A programming changes for rule changes. Business analysts can
Architect Engine shall externalize all the business rules from
039 make changes and can see the actual rules that will execute in
ure the application.
production using IBM ODM tools such as Rules Studio, Decision
Center, and Decision Server.

Our proposed business rules engine for the TEDS uses the native
Applicati
NFR- The Solution shall support cataloguing, capabilities of IBM ODM to catalog, design, and execute eligibility
on Rules
AA- - design and execution of eligibility rules and Supported N/A rules. It allows the use of IBM ODM Rules Studio for designing
Architect Engine
040 business rules. rules, IBM ODM Decision Center for cataloging rules, and IBM
ure
Decision Server for executing rules.

460
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS uses a Rules Authoring

design - from development through production - using effective
Applicati The Solution shall allow production rules to
NFR- dates. This allows for consistent testing of effective date-driven
on Rules be effective dated and so make it possible to
AA- - Supported N/A logic and rules execution. We utilize ODM Decision Center and
Architect Engine run eligibility on historical data using different
041 IBM ODM Rules Studio to design rules with effective dates that
ure historical rules.
are used not only by the rules engine, but also by the application
framework that invokes the rules engine.

Applicati Our Solution for the TEDS uses IBM ODM Decision Center to
NFR- The Solution shall provide a rules search
on Rules allow a user to search rules using keyword, data element, and
AA- - capability by keyword, data element or other Supported N/A
Architect Engine other criteria. This allows users to search for rules and policies
042 criteria.
ure with keywords across the rulesets.

Our proposed solution uses IBM WebSphere Operational

Decision Manager (ODM) rules engine that separates business
The Solution shall provide a rules engine to
rules from the application code and removes complex
offer a modular, flexible approach to systems
Applicati programming changes for rule changes. This aligns with the CMS
NFR- development that meets CMS seven
on Rules Seven Conditions and Standards for enhanced funding that focus
AA- - Conditions and Standards for enhanced Supported N/A
Architect Engine around a modular, flexible approach to systems development.
043 funding. The proposed rules engine shall
ure Deloitte has successfully implemented IBM ODM in seven states
have at least two successful implementations
(Alaska, Florida, Montana, Nevada, New Hampshire, North
in Medicaid Eligibility, HIX or IES systems.
Dakota, and Virginia) for converting eligibility rules in legacy code
into business rules.

Applicati Our proposed solution for the TEDS uses ODM as the rules
NFR-
on Rules The Solution shall provide a business rule engine. The business vocabulary is maintained as part of the
AA- - Supported N/A
Architect Engine vocabulary for the proposed rules engine. ODM Decision center, which generates runtime definitions for the
044
ure decision server components.

Applicati
NFR- The Solution shall define definitions of Our proposed solution for the TEDS will provide the business rule
on Rules
AA- - vocabulary items used by the proposed rules Supported N/A vocabulary and utilize the native IBM ODM's vocabulary definition
Architect Engine
045 engine. blocks.
ure

Applicati The Solution shall provide a rules engine Our proposed solution for the TEDS uses IBM ODM Decision
NFR-
on Rules which offers a report that identifies all the Center. Using ODM, individual rules and related business policies
AA- - Supported N/A
Architect Engine business policies in which an individual modeled after other rules or conditions are provided in a report
046
ure business rule trace back to. format, based on linkages within the rule sheet.

461
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution utilizes IBM ODM as its rules engine.

The Solution shall provide a decision report Within the rules engine, the design is sent back to the application
for each of the determinations, the Decision in the eligibility results summary that consists of the following:
Report should provide at least the following 1. Eligibility decision for each of the individuals in a household
information: based on financial and non-financial inputs
Applicati
NFR- i. Eligibility decision for each of individuals in 2. Programs the individual is eligible based on best benefit fit
on Rules
AA- - a household Supported N/A 3. Intermittent decision based on monthly income, residency
Architect Engine
047 ii. Programs the individual eligible for status, household size, immigration status and assets
ure
iii. Interim decisions e.g. monthly income, 4. Denial reasons along with specific codes and definitions of
residency status, household size, immigration those codes
status which support the final decision (The result summary from the rules engine is persisted in the
iv. Denial reasons transactional database, which serves as a historical reference
should the State have a need to go back and refer to them.)

The Solution shall provide a rules engine Our proposed solution for the TEDS uses IBM ODM Decision
Applicati
NFR- which contains a process for built-in rule Center’s rule authoring and publishing workflow capabilities for
on Rules
AA- - review and approval process that shall Supported N/A reviewing and approving rules. The tool has built-in checks that
Architect Engine
048 identify any conflicts in business rules as they identify conflicts as part of rule and condition validation utilities
ure
are being developed. during the development.

The Solution shall include a rules engine Our proposed solution for the TEDS utilizes the IBM ODM
Applicati
NFR- which provides a debugging process that Decision Center’s rule analysis processes that run in the
on Rules
AA- - automatically analyzes and identifies logical Supported N/A background while the rules are being developed and checks for
Architect Engine
049 errors (i.e. conflict, redundancy, and completeness and consistency of the rules. This includes conflict
ure
incompleteness) across business rules. checks, redundancy checks, and incompleteness checks.

Our proposed solution for the TEDS is the IBM ODM product, an
Applicati
NFR- The Solution shall include a rules engine industry-standard tool that provides capabilities for configurable
on Rules
AA- - which provides the flexibility to define Supported N/A complex rules, including calculations and the flexibility to define
Architect Engine
050 business rules by inclusion or exclusion. business rules by checking for an existing, defined set of values
ure
/parameters/rules or by checking for non-existence of the same.

Applicati Our proposed solution for the TEDS provides license-free access
NFR-
on Rules The Solution shall provide license-free to uncompiled rule set files. Our proposed solution's source code
AA- - Supported N/A
Architect Engine access to uncompiled rule set files. can be accessed through Bitbucket, which is hosted on our
051
ure proposed infrastructure for the TEDS.

462
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS evaluates eligibility

Applicati determination in near real-time. A user or system action
NFR-
on Rules The Solution shall have the ability to deliver requesting eligibility determination invokes technical services
AA- - Supported N/A
Architect Engine eligibility determination results in real-time. components (a service wrapper or an adapter), which in turn
052
ure invokes IBM ODM Business Rules Web services to evaluate
eligibility. Eligibility results are then returned to the user/system.

Our proposed solution for the TEDS will provide denial codes as
part of the eligibility determination process. For example, if an
Applicati
NFR- individual resides out-of-state, which makes the client ineligible for
on Rules The Solution shall have the ability to provide
AA- - Supported N/A a certain MAGI category, the ODM rules engine provides the
Architect Engine denial reason codes in case of denials.
053 appropriate denial reason. This denial reason is stored in our
ure
transactional database and can be displayed to the case worker
and printed on the member communication notice.

The Solution shall express business rules in

Applicati Our proposed solution for the TEDS expresses rules in natural
NFR- natural language corresponding with the core
on Rules language and populates the core data elements identified through
AA- - data elements identified through the National Supported N/A
Architect Engine the NIEM. This enriches the Account Transfer packets during the
054 Information Exchange Model (NIEM) as
ure FDSH validation process and interaction with FFM.
required for integration with external systems.

Our proposed solution for the TEDS uses the IBM ODM Decision
Center, which supports data verification and consistency checks
Applicati on individual rules and a set of rules. For individual rules,
NFR-
on Rules The Solution shall support data verification consistency checks include the following: Rules are never
AA- - Supported N/A
Architect Engine and consistency checks. selected, Rule never applies, Rule may cause domain violation.
055
ure For sets of rules, consistency checks include: Rules have
equivalent conditions, Rules are equivalent, Rule makes other
rule redundant, Rules are conflicting (or self-conflicting).

Our proposed solution for the TEDS provides the State with
reliability and the ability to configure complex rules, including
Applicati
NFR- computed values, and it allows the flexibility to define business
on Rules The Solution shall support computed values
AA- - Supported N/A rules by inclusion or exclusion. For example, the solution uses the
Architect Engine e.g. monthly income based on input data.
056 member-reported income and expenses and has the ability to
ure
apply standard disregards, as defined by the State, and budget
the monthly income used for eligibility determination.

Applicati Our proposed solution for the TEDS has the capability to expose
NFR- The Solution shall be interoperable with the
on Rules rulesets as Web services through IBM ODM Hosted Transparent
AA- - rest of proposed solution via technology Supported N/A
Architect Engine Decision Services (HTDS), which is interoperable with the other
057 neutral interfaces.
ure SOA-based NextGen architecture components.

463
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The Solution shall provide the ability to

Our proposed solution for the TEDS uses ODM Decision Center’s
Applicati maintain and display the history of each rule
NFR- rule repository versioning feature to maintain different versions of
on Rules change in the rules engine. This history will
AA- - Supported N/A business rules with precision and control. Historical references
Architect Engine show previous versions of the rule, a
058 are available for display and include information regarding created
ure timestamp of when the change was made
by, last changed by, created on, and last changed on.
and the ID of the user making the change.

Our proposed solution for the TEDS accesses table-driven

Applicati
NFR- The Solution shall provide the capability to variables, such as reference tables or key value pair tables, that
on Rules
AA- - add additional table-driven variables to Supported N/A accelerate the development of complex rules. Reference table
Architect Engine
059 support new regulations using a rules engine. values can be modified using administrative screens in the
ure
Worker Portal.

Applicati Our proposed solution's workflow management function will

NFR- The Solution shall have the ability to create
on queue activities needed for an interview, based on defined rule
AA- Change - customizable web-based, interview sessions Supported N/A
Architect sets. Deloitte will work with the State to configure the workflow for
060 based on defined rule sets.
ure capturing interview information.

The Solution shall facilitate the creation and Our proposed rules engine for the TEDS is IBM ODM that has out
Applicati
NFR- maintenance of rules referencing complex of box capabilities for object entity relationship mapping within its
on Rules
AA- - data relationships this will include, but not be Supported N/A vocabulary management that is maintained within the Decision
Architect Engine
061 limited to, rules referencing complex many-to- Center. This includes allowing many to many vs. one to many
ure
many relationships between entity types. type relationships.
The contractor shall provide documentation
Deloitte, as part of the transition activities will provide the
Applicati for assisting rule authors and administrators
NFR- documentation to assist the rule authors and administrators. This
on Rules with best practices for rule repository creation
AA- - Supported N/A documentation will include best practices for rule repository
Architect Engine and maintenance, repository check-
062 creation, maintenance, check-in /checkout, and promotion to
ure in/checkout, repository promotion across
higher environments.
environments.

The contractor shall partner with the HCFA Our proposed solution for the TEDS has an out-of-box basic
Applicati management and business analysts to build, configuration for MAGI policy-based rules that are implemented
NFR-
on Rules implement, and maintain suitable policy with the rules engine. We will use this as the starting point and
AA- - Supported N/A
Architect Engine models for eligibility determination and other work with the State’s Subject Matter Experts (SMEs), to
063
ure rules to be automated using the proposed understand specific policies and additional business rules
Rules Management System. required for Tennessee.

Our proposed solution for the TEDS includes a copy of the ruleset
Applicati for each of the environments. Program rules are created and
NFR- The contractor shall create the program rules
on Rules deployed in the development environment and are tested using
AA- - in the proposed rules management system Supported N/A
Architect Engine the application. This cycle of testing process is repeated in each
064 and test them in a test environment.
ure of the test environments, e.g., Integration, SIT, UAT, before the
rule set is deployed in production.

464
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

As part of transition services, Deloitte will provide knowledge,

The contractor rules management team will lessons learned, and best practices for the following:
work with and advise HCFA staff Rule 1) Use of Medicaid and MAGI rules as compared to the policy
Author(s) in the best practices of: itself, serving as an example of how to perform conversion of
Applicati i. Converting rules from federal or legislative rules from Federal or legislative documents into structured rules
NFR-
on Rules documents into properly structured rules that that can be consumed by a Rules Management system, while
AA- - Supported N/A
Architect Engine can be consumed by the proposed Rules using configurable parameters and reference tables to make them
065
ure Management System and writing future rules manageable.
in such a way that eases the transition 2) Using the structured metadata maintained in the Decision
ii. Capturing meta-data about each of the Center, as an example of the level of detail required for
rules sets and how they function vocabulary, and other metadata for rules engine execution and
maintenance.

The contractor shall provide knowledge As part of transition services, Deloitte will provide knowledge,
HCFA staff on but not limited to: lessons learned and best practices for
i. How best to store and look up the meta- 1) Meta-data storage and look up using Decision Center.
Applicati data 2) Setting effective dates and tracking versions using Decision
NFR-
on Rules ii. Defining the lifecycle of rule sets Center and ODM Studio
AA- - Supported N/A
Architect Engine iii. How to integrate rules 3) Invoking ODM rules from Worker Portal
066
ure iv. How to provide help or commentary on 4) Editing and maintaining vocabulary for providing help or
rules commentary on rules
v. General use of the proposed rules 5) Administrative console walk through of ODM along with rules
management system migration procedures

As part of transition services, Deloitte will provide knowledge,

lessons learned and best practices for the following:
The contractor shall provide selected HCFA
1) Provide a list of training on the IBM ODM that the HCFA staff
staff with holistic knowledge transfer on the
can use to gain basic understanding of the rules management
proposed rules management system that
system, and also provide a walk-through of how the rules are
includes but is not limited to:
Applicati invoked from the Worker Portal.
NFR- i. Knowledge about how the proposed rules
on Rules 2) Use of Medicaid and MAGI rules as compared to the policy
AA- - management system works Supported N/A
Architect Engine itself, serving as an example of how to convert rules from Federal
067 ii. Knowledge about how to structure the rule
ure or legislative documents into structured rules that can be
sets to meet the agency goals
consumed by a Rules Management system, while using
iii. Knowledge about how to create, maintain
configurable parameters and reference tables to make them
and update rules in the proposed rules
manageable.
management system
3) Provide a walk-through describing how to create, maintain, and
update rules in IBM ODM Studio and IBM ODM Decision Center.

465
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

1) Our the TEDS business intelligence capabilities are enabled

using HHS Interactive, which is built on the Deloitte ClearLight
platform. As part of the Deloitte ClearLight platform, there are
native capabilities of the underlying RDBMS management console
to enable workload prioritization and monitoring. Additionally,
priorities can be set within the data visualization tools and ETL
processing tools utilized by the platform that align with quality of
service measures such as Report/ETL Job priority, and query
response time. This is accomplished by the design of the data
mart model that supports priority-driven data processing queues
and by dimension design that enables discrete priorities to be
assigned, based on the schedule required to generate reports.

2) As part of the ClearLight platform, the RDBMS management

tools provide out-of-the-box partitioning capabilities that are driven
based on use of business indexes used for reporting and ETL
The Business Intelligence Solution shall queries. Tables and indexes within the data mart can be
provide the ability to: partitioned with no changes to the reports, processes, or
Applicati Busines
NFR- i. Prioritize workload executions and ensure visualization applications that access the data. Our data mart
on s
AA- - quality-of-service; Supported N/A design is driven by parameter based index partitioning of tables
Architect Intellige
068 ii. Partition indexing and aggregate for efficient retrieval of data for ETL processes and online data
ure nce
management via parameters and tools; visualization tools. Furthermore, we also utilize query parameters
iii. Simulate the various workloads and mixes within our BI Tool Tableau to meet additional data aggregation
needs. Our ETL tool Informatica PowerCenter also provides
aggregate management capabilities with detailed data heuristics
available both at design time and runtime via the Informatica
PowerCenter monitoring tool.

(iii) As part of our testing activities, we utilize multiple test

environments including those for the BI solution. Depending on
the nature of testing, our proposed solution will utilize either data
mart schemas or entire data mart instances to support the
database layer for simulating different workloads. Additionally,
Deloitte ClearLight platform also has workload repositories within
the RDBMS platform that can provide insights to technical staff
monitoring the tools for tweaking the parameters to support
multiple types of workload simulations. Informatica PowerCenter,
OpenR and Tableau also have similar capabilities to segregate
workloads across test environments to meet simulation needs.

466
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

ClearLight platform provides workflow automation capabilities to

Applicati Busines automate the day to day DBA tasks generally encountered such
NFR- The Business Intelligence Solution shall
on s as the creation of indexes, the free space reclamation and block
AA- - provide workflow and collaboration support Supported N/A
Architect Intellige reorganization. The ETL and data visualization administration
069 for administrator tasks.
ure nce modules also enables the admins to collaboratively monitor data,
track user activities, allocate resources and plan upgrades.

Our Deloitte ClearLight platform is hosted on highly available

physical infrastructure with hypervisor enabled automated virtual
server failovers. For the data mart, our RDBMS utilizes out-of-the-
Applicati Busines The Business Intelligence Solution shall be
NFR- box database replication. For Informatica PowerCenter ETL and
on s highly available via various mechanisms, e.g.
AA- - Supported N/A OpenR, we utilize virtual server level failover and for Tableau data
Architect Intellige data marts, data replication, clustering and
070 visualization we use load balancers to maintain high availability
ure nce backup configuration.
for end users. Deloitte ClearLight components also utilize backup
configurations in addition to these measures to maintain high
availability of the platform.

Deloitte’s ClearLight platform is a private cloud platform with the

ability to scale and grow and that enables flexibility, scalability,
Applicati Busines The Business Intelligence Solution shall
NFR- and accuracy across critical data assets. The underlying RDBMS
on s provide flexibility in using public/private cloud
AA- - Supported N/A platform has the capability to be deployed in a public cloud
Architect Intellige versions of the DBMS as an option to provide
071 environment as well; however, the State would require additional
ure nce cost-effective scalability as needed.
controls and measures to support that pattern to align with NIST
800-53 and other State security requirements.

Our proposed solution for the TEDS BI is HHS Interactive built on

Deloitte's ClearLight platform. This solution provides the flexibility
to add data storage and computing power to support payloads
The Business Intelligence Solution shall
Applicati Busines that are driven by usage. In the event of an increased volume in
NFR- provide for expansion of data storage as
on s demand for usage of the platform, Deloitte will work with the State
AA- - needed to accommodate increased volume of Supported N/A
Architect Intellige to assess the impacts and make capacity recommendations,
072 data based on approved capacity plans by
ure nce including increases in licenses required to support the new
HCFA.
workloads. The Deloitte ClearLight platform is vertically and
horizontally scalable. However, license costs are driven by usage
of the platform.

The Business Intelligence Solution shall have Our proposed BI solution for the TEDS is our HHS Interactive
Applicati Busines
NFR- built-in utilities to the DBMS to automate the solution, built on the Deloitte ClearLight platform. Our Deloitte
on s Partially
AA- - normal day-to-day DBA operations (e.g., N/A ClearLight platform has a built-in, enterprise-scale RDBMS with
Architect Intellige Supported
073 automated index rebuilding, free space automated index rebuilding, free space reclamation, and block
ure nce
reclamation and block reorganization). reorganization.

467
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed RDBMS solution for the TEDS supports two spatial
Applicati Busines
NFR- types - geometry and geography types. The geometry type
on s The Business Intelligence Solution shall
AA- - Supported N/A represents data in a Euclidean (flat) coordinate system, and the
Architect Intellige support native geo-spatial data types.
074 geography type represents data in a round-earth coordinate
ure nce
system.

Our proposed BI solution for the TEDS includes a locally hosted

Applicati Busines ETL, Informatica PowerCenter node, which supports various
NFR- The Business Intelligence Solution shall
on s database connectivity protocols, including JDBC and ODBC. Our
AA- - support various database connectivity Supported N/A
Architect Intellige Deloitte ClearLight platform also includes Tableau and OpenR,
075 protocols (e.g. ODBC, JDBC, etc.)
ure nce which have native support for JDBC and ODBC database
connectivity.

Our proposed BI solution for the TEDS is based on Deloitte

Applicati Busines The Business Intelligence Solution shall ClearLight platform, using an operational data store and data
NFR-
on s make an underlying DBMS available as a marts within the platform to support the State’s reporting needs
AA- - Supported N/A
Architect Intellige data warehouse appliance so it is also and to keep reporting functions from impacting normal,
076
ure nce available as a standalone query-able DBMS. operational system functions. Data marts can be made available
as a queryable DBMS for agreed-upon users.

The Deloitte ClearLight platform is a flexible and extensible

solution that allows for future expansion as technology evolves.
Our data architecture uses Oracle GoldenGate to replicate on-
premise transactional data onto an on-premise Operational Data
Store. This Data Store is then extracted for reporting data using
Applicati Busines
NFR- The Solution shall be extensible and have a Informatica PowerCenter and sent to the Deloitte ClearLight
on s
AA- - extensible data architecture incorporating Supported N/A platform-based BI solution. Within the BI solution, the extracts are
Architect Intellige
077 state and external data. transformed into a multi-tenant, cloud-based RDBMS using
ure nce
Informatica PowerCenter. For statistical analysis, our solution
uses OpenR. For data visualization, our solution uses Tableau.
This data architecture lends itself to consolidating state and
external data for BI purposes using an efficient data delivery
system that reduces maintenance.

Our BI solution for the TEDS is built on the Deloitte ClearLight

Applicati Busines platform, which is a managed analytics platform that provides BI,
NFR- The Solution shall provide the ability for
on s data mart, data integration, data visualization, and advanced
AA- - authorized users to create and customize Supported N/A
Architect Intellige analytics and modeling capabilities. This platform can be
078 reports, queries, and dashboards.
ure nce assessed by authorized users to create and customize reports,
queries, and dashboards.

468
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed BI solution for the TEDS does not impose additional
limits to indexes, database-level objects, size of tables. Data mart
is housed in an RDBMS that has partitioning, index management
and relational object design that impose standard constraints true
to a standard RDBMS. Our proposed solution utilizes database
The Solution shall have no limits on the size partitioning to manage large data volumes. Generally, State and
of tables, indexes and other database-level Federal requirements for archival and purge tend to be case
Applicati Busines
NFR- objects that are less than that of the centric. Based on this and advances in modern database
on s
AA- - manufacturer-known and published limits of Supported N/A infrastructure, we only recommend purging of selective tables that
Architect Intellige
079 the underlying DBMS. The Solution shall are not impacting case history. These generally are limited to
ure nce
retain records as required by applicable laws triggers, transactional audit logs for security and other log tables.
and regulations. When it comes to BI and reporting, the data correlates to
case/business data typically. With retrieval technologies for data
being harder to maintain consistently, our proposed solution
implements deletion of raw extracts and only utilizing database
partitioning for the other reports until a regulatory need occurs
mandating deletion.

Our proposed BI solution for the TEDS is built on our Deloitte

The Solution's business intelligence
ClearLight platform, which is a private cloud platform with the
capabilities must be scalable to
Applicati Busines ability to scale and grow. Our platform allows flexibility, scalability,
NFR- accommodate changes in solution scale
on s and accuracy across critical data assets. As the user population,
AA- - including changes in user population, Supported N/A
Architect Intellige transaction volume, throughput, and geographical distribution
080 transaction volume, throughput and
ure nce changes, the Deloitte ClearLight platform scales vertically and
geographical distribution while maintaining
horizontally to maintain the agreed-upon service levels. However,
the agreed service levels.
license costs are driven by usage of the platform.

The Solution shall provide the ability to

Applicati Busines
NFR- impose graduated access to reports based on Our proposed BI solution for the TEDS provides integration
on s
AA- - user role and agency Supported N/A between the reporting module and our security framework, which
Architect Intellige
081 requirements/permissions to better analyze defines report viewing capabilities based on user roles.
ure nce
program data.

Our proposed BI solution for the TEDS is designed to keep

Applicati Busines reporting functions from impacting normal, operational system
NFR- The Solution shall provide a reporting
on s functions by using an Operational Data Store(ODS) that is
AA- - database or data warehouse separated from Supported N/A
Architect Intellige separate from OLTP. Data mart is in the Deloitte ClearLight
082 OLTP database.
ure nce platform, which is an extract from ODS that enables the desired
functionality.

469
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The State’s content management solution, FileNet, will be used

The Solution shall support the upload of
for content management. Our member/Partner Portal document
Enterpri supporting documents in a variety of
Applicati upload supports JPG, PDF, TIFF, TXT, DOC, DOCX, XLS, and
NFR- se mainstream formats include but not limited
on XLSX. We assume that the current implementation of FileNet
AA- Content - to:, e.g., JPG, PDF, TIFF, TXT, DOC, DOCX, Supported N/A
Architect supports these file types. Our proposed solution has workflow
083 Manag XLS, XLSX. Store documents in a repository
ure steps to create tasks when a document is either scanned and
ement and link the workflow step to the documents.
indexed from the Worker Portal or uploaded from the Member
Initiate alerts and workflow as necessary.
Portal.

Our proposed solution for the TEDS integrates with the State's
IBM Datacap Taskmaster Capture solution for scanning and
Enterpri The Solution shall integrate with the TNHC's
Applicati indexing the document. As part of indexing the documents, the
NFR- se document imaging solution to associate
on document type is identified (individual, case and application),
AA- Content - documents submitted by member/application Supported N/A
Architect which has an associated workflow to associate to the
084 Manag with an application, case or a contact in the
ure corresponding case/ application and create respective tasks for
ement eligibility system.
the case workers. This scanned document will also be available in
the Electronic Case File for future reference.

Our proposed solution for the TEDS uses SOA principles to

Enterpri The Solution shall provide technology neutral
Applicati connect to the State's existing FileNet using our IBM IIB based
NFR- se interfaces for document management e.g.
on ESB. Using the ESB creates interoperability, as various functions
AA- Content - search, upload, and retrieval to ensure Supported N/A
Architect (e.g., search, re-index, upload, and retrieve) can be performed
085 Manag interoperability between multiple system
ure through the same Web services, irrespective of the user channel
ement components e.g. web portal, mobile etc.
from which it is accessed.

Enterpri
Applicati
NFR- se The Solution shall be able to display and print Our proposed solution for the TEDS will retrieve the document
on
AA- Content - content that was captured or uploaded in Supported N/A from FileNet and will use file stream methods to display the
Architect
086 Manag native format. content to the case worker.
ure
ement

Enterpri Our proposed solution for the TEDS uses HP Exstream to print
Applicati
NFR- se The Solution shall have the functionality to notices/forms with barcodes that contain case information and
on
AA- Content - print barcodes, as required, on system- Supported N/A information for the central printing system. Our proposed solution
Architect
087 Manag generated documents. will add barcodes that are used to indicate set start, page
ure
ement sequence, sheet counts, inserts, and set end.

470
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed Document Scanning solution for the TEDS has the
capability to scan the barcode and automatically index the
Enterpri
Applicati document based on the information available in the barcode. This
NFR- se The Solution shall have the ability to scan this
on information includes meta data information (e.g., case number
AA- Content - barcode and associate the document to the Supported N/A
Architect and individual ID). The Datacap workflow allows this document to
088 Manag appropriate case and/or contact.
ure be stored in FileNet and triggers task management work flow,
ement
which in turn generates notifications/tasks to the case worker and
associates the document to the appropriate case/application.

Enterpri The solution shall support an enterprise

Applicati Our proposed solution for the TEDS integrates with the State's
NFR- se content management system that has the
on existing FileNet solution, which we assume is capable of
AA- Content - capability to capture, store, search, retrieve, Supported N/A
Architect capturing, storing, and providing version control for documents.
089 Manag annotate, and provide version control for
ure Datacap will be used for initial annotation of documents.
ement documents.

Our proposed solution for the TEDS enables tasks and

Enterpri
Applicati notifications created in the Worker Portal to be purged according
NFR- se The solution shall provide the ability to
on to the retention and purging process defined by the State. We will
AA- Content - configure the document retention and purging Supported N/A
Architect work with the State to identify the associated GUIDS, so the Sate
090 Manag processes as per state and federal policies.
ure can implement the archival/purge of corresponding documents
ement
from the FileNet system, based on the State and federal policies.

The Solution shall allow correspondence

(letters, forms, notices, etc.) that are
Our proposed solution for the TEDS provides a "View Pending
Applicati Custom generated by programs to be held in queues
NFR- Correspondence" function that allows case workers to review all
on er that can be reviewed by case workers before
AA- - Supported N/A notices and forms triggered during online transactions before they
Architect Commu sending for printing. The Solution shall allow
091 are sent for printing. Our proposed solution provides the capability
ure nication the notices to be grouped by notice type and
to group notices by type or case.
support workflows to review, prioritize and
release to printing.

Our proposed solution for the TEDS uses HP Exstream, which

The Solution shall add a unique number to
Applicati Custom has the capability to print a unique number along with a barcode
NFR- each page of the notice along with the
on er on each page wherever applicable. This information can be used
AA- - equivalent barcode. It shall be possible to use Supported N/A
Architect Commu for identifying meta data information (e.g., case number, individual
092 this number / barcode to determine the client
ure nication client ID, document type) when the form is returned by the client
and the document type.
and scanned.

Our proposed solution for the TEDS provides the capability to

Applicati Custom The Solution shall allow for a notice to be
NFR- redact confidential data. Deloitte will work with the State during
on er printed locally with the sensitive PII and
AA- - Supported N/A the Joint Application Design (JAD) sessions to gather specific
Architect Commu health data redacted, e.g., redact all but the
093 data elements to be redacted and will implement the functionality
ure nication last 4 digits of the SSN.
using HP Exstream.

471
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS uses HP Exstream Designer

Applicati Custom and Design Manager’s capabilities to provide an easy-to-use,
NFR- The Solution shall utilize an enterprise notice
on er intuitive graphical interface to create and manage correspondence
AA- - application for creating, modifying, directing, Supported N/A
Architect Commu document design templates. Once generated, notices are stored
094 and archiving all correspondence.
ure nication in FileNet and will follow the archiving rules and process that is
defined for documents in FileNet.

The Solution shall present output in a manner

Applicati Custom that is consistent with large volume bulk print
NFR- Our proposed solution for the TEDS uses the HP Exstream High
on er processes. The contractor shall employ
AA- - Supported N/A Volume Output delivery module in conjunction with our print
Architect Commu technology that is widely adopted,
095 vendor's output processes to meet this requirement
ure nication commercially availability, and considered best
of breed.

The Solution shall provide an enterprise

scheduling product. The enterprise
scheduling product provided should be an
industry-standard product that is widely
adopted, commercially availability, and
Our proposed batch scheduler for the TEDS, CA Workload
Applicati considered best of breed. The scheduler shall
NFR- Batch Automation AE tool, is an industry-standard workload automation
on provide support for the ability to setup batch
AA- Frame - Supported N/A tool that supports batch job scheduling by time of day, by date, by
Architect job execution based on:
096 work processing cycle (daily, weekly, monthly, yearly, quarterly), and
ure i. Time of day
upon request/arrival of the file.
ii. Date
iii. Processing cycle (daily, weekly, Monthly,
Yearly, Quarterly.)
iv. Upon request
v. Arriving of a file

The job scheduler shall provide support for

the ability to setup batch job execution based Our proposed batch scheduler for the TEDS, CA Workload
on: Automation Tool, provides an intuitive user interface to set up
Applicati
NFR- Batch i. Time of day batch execution. Batch jobs can be set up to run by time of day,
on
AA- Frame - ii. Date Supported N/A by date, by processing cycle (daily, weekly, monthly, yearly,
Architect
097 work iii. Processing cycle (daily, weekly, Monthly, quarterly) and upon request/arrival of the file. Jobs can also be
ure
Yearly, Quarterly.) force-started using either JIL or CA WCC for unplanned, ad hoc
iv. Upon request requests.
v. Arriving of a file

The Solution shall allow the individual batch

Applicati Our proposed solution's batch framework for the TEDS produces
NFR- Batch jobs to produce an output log that records
on a summary report for batch jobs. Certain batch jobs are identified
AA- Frame - HCFA specified critical processing statistics Supported N/A
Architect for reporting summaries, which include records processed,
098 work such as records read, records written,
ure records failed, and records updated.
records failed, etc.

472
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Applicati Our proposed solution's batch framework has the capability to

NFR- Batch
on The Solution shall allow output and error logs produce exception reports with exception detail if the record is not
AA- Frame - Supported N/A
Architect to be viewable online for designated users. successfully processed in batch. This detail is available to
099 work
ure designated users via the Worker Portal application.

Our proposed solution for the TEDS allows batch jobs to be

Applicati scheduled by supporting concurrent operations between batch
NFR- Batch
on The Solution shall allow online and batch and online. Operationally, the State may prefer to run certain
AA- Frame - Supported N/A
Architect functions to be able to run concurrently. activities in batch only after all worker activities for the day are
100 work
ure complete. However, our framework does not restrict concurrent
online and batch operations.

Our proposed solution for the TEDS batch scheduler, CA

The contractor will provide an enterprise
Applicati Workload Automation AE, can be used to set prerequisites for a
NFR- Batch scheduling product capable of automating
on job and therefore can be used to set dependencies based on the
AA- Frame - and managing batch processes with Supported N/A
Architect status of other job runs. For example, we have the ability to set
101 work prerequisites and dependencies from several
ure our eligibility batch to complete before our file transfer to the
disparate systems and schedulers.
MMIS system.

Our proposed solution for the TEDS batch scheduler, CA

The scheduler shall be capable of Workload Automation AE, can be used to set dependencies for a
Applicati
NFR- Batch recognizing and managing dependencies of job based on the last run status of another job. For example, our
on
AA- Frame - batch processes (e.g. sequencing multiple Supported N/A proposed solution is configured to run batch eligibility
Architect
102 work jobs) based on outcome of each successive determinations based on the successful processing of the SDX
ure
job. file. Solution scheduling capabilities, coupled with batch
operations, will effectively manage batch processes for the TEDS.

Applicati Custom Our proposed solution for the TEDS is built using HP Exstream,
NFR- The Solution shall produce output in standard
on er which has the ability to output a variety of standard file types,
AA- - file formats that are supported by multiple Supported N/A
Architect Commu including PDF, which are supported by most print contractor
103 contractor solutions.
ure nication solutions.

The State
Applicati The contractor will operate, maintain, and currently
NFR- Batch Deloitte will operate, maintain, and manage CA Workload
on manage the enterprise scheduling software utilizes
AA- Frame - Supported N/A Automation for batch jobs that are developed by Deloitte, until the
Architect and hardware until the termination of the Workload
104 work termination of the contract.
ure contract. Automation
solution.

473
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The contractor shall be responsible for Our proposed solution for the TEDS generates a report that
managing quality, tracking, reconciliation all displays when a notice was sent to the print services, when it was
Applicati Custom print output delivery and processes printed, and when it was mailed out. We will work with our print
NFR-
on er regardless of any / all 3rd party HCFA service partners to receive the file containing the information
AA- - Supported N/A
Architect Commu partners involved in producing print into the required to generate this report. With this report, Deloitte will
105
ure nication mail-stream. Any 3rd party printing an mailing manage the quality, track, and reconcile the print output. Deloitte
vendor employed by the contractor must be will work with the State to identify the print and mailing vendors
approved by HCFA. and obtain approval from HCFA as required.

The Solution shall not restrict the design of

templates of correspondences. The printing Our proposed solution for the TEDS uses HP Exstream, which
Applicati Custom and mailing solution shall not restrict HCFA's does not place restrictions on creating templates. Our solution is
NFR-
on er ability to design correspondences including: designed to handle the generation and processing of large
AA- - Supported N/A
Architect Commu i. Size of files transmitted volumes of correspondence and will not restrict HCFA's ability to
106
ure nication ii. Pages in a correspondence create the design templates based on the size, number of pages,
iii. Types of correspondence type, or graphics in the correspondence.
iv. Graphics in correspondence

Our proposed solution for the TEDS batch scheduler, CA

Workload Automation AE, can alert the user about late jobs by
defining the “must start time” and “must complete time” for a job. If
Applicati The scheduler should alert late, missing, and a job fails, CA Workload Automation AE restarts the job based on
NFR- Batch
on allow for automatic restart of abnormal restart conditions. The solution also allows the user to set the
AA- Frame - Supported N/A
Architect conditions that may occur in the batch maximum number of times the scheduler should try to restart the
107 work
ure process. job. Most of the jobs in our proposed solution support automated
restart. For those that are not configured for automated restart, we
have defined a batch operations process that illustrates how to
handle abnormal conditions.

Deloitte will work with the State to provide ongoing support for the
Applicati Custom The contractor shall provide on-going Output Management Solution. By utilizing separate servers for
NFR-
on er support, testing, and maintenance of the testing, new notices or changes to notices can be tested for
AA- Supported N/A
Architect Commu Output Management Solution for print, quality and conformance to requirements prior to deployment to
108
ure nication notices, letters, and templates. production. Deloitte will also provide maintenance for the solution
and will support any upgrades required for the solution.

Applicati Custom
NFR- Our proposed solution for the TEDS allows a worker to reprint a
on er The contractor shall regenerated of print
AA- Supported N/A correspondence by navigating to the “View History
Architect Commu output as requested.
109 Correspondence” module of the Worker Portal.
ure nication

474
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS will produce reports on the
Applicati Custom The contractor shall produce and reconcile
NFR- print counts and obtain information from our print facility for
on er final counts of each print, notice and letter Partially
AA- N/A physical mailing, including letter type and postage charge for each
Architect Commu type to validate postage charges and send Supported
110 notice type. The reports can be run when required or can be
ure nication final report to HCFA IS daily.
scheduled to run on a daily basis.

Our proposed solution for the TEDS stores the information

Applicati Custom
NFR- The contractor shall design, develop, and required to be printed on the notices in the State's FileNet
on er Partially
AA- implement a business continuity / disaster N/A infrastructure. We will leverage the State’s FileNet disaster
Architect Commu Supported
111 recovery plan for letter and notice processing. recovery process to retrieve any notices. Our print facility will have
ure nication
a disaster recovery site for notice processing.

Our proposed solution for the TEDS includes multiple

environments. A Production Staging environment will have copy
The Solution shall provide a rules engine of production, refreshed on a periodic basis in maintenance. This
Applicati which allows for the rules to be tested against will be used for data fixes and break fixes. However, it will also
NFR-
on Rules (de-identified) production data (e.g. serve as a source for copying data to lower environments, which
AA- Supported N/A
Architect Engine application data through the FFM account will require the data to be de-identified using either Oracle Data
112
ure transfer process) in a non-production Masking for a repository level masking or Case Copy and Case
environment prior to deployment of the rules. Clone-based de-identification. The rules engine in each test
environment will execute rules against data that is either synthetic
or de-identified production data.

Enterpri Our proposed solution for the TEDS leverages State of

Integrati The Solution shall include an Enterprise
NFR- se Tennessee’s existing assets, IBM Integration Bus (IIB) Enterprise
on Service Bus (ESB) that has a solid reputation
INTA- Service - Supported N/A Service Bus (ESB) for data exchanges with external and internal
Architect and a viable market share as recognized by
001 Bus systems. Gartner has named IBM as leader in On-Premise
ure the State.
(ESB) Application Integration Suites.

Our proposed solution for the TEDS leverages the State's existing
IBM Integration Bus. Deloitte has successfully implemented the
IBM Integration Bus enterprise solution with DataPower as the
Enterpri
Integrati The contractor proposed ESB, at a minimum, exchange gateway in the States of Michigan and Florida. In
NFR- se
on must have been implemented and used in Michigan, Deloitte has implemented IIB with DataPower as the
INTA- Service - Supported N/A
Architect two successful Health Insurance Exchange or Enterprise HUB, which connects with six disparate portals,
002 Bus
ure Medicaid Eligibility System implementations. including the Eligibility Determination system, MMIS, and FFM. In
(ESB)
addition, Michigan's FDSH verifications are processed through the
HUB. (Deloitte completed a similar implementation in the State of
Florida.)

475
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Enterpri Our proposed solution for the TEDS uses IBM Integration Bus for
Integrati The Solution shall use the ESB for all real-
NFR- se real-time interactions where applicable for both internal and
on time interactions with systems/servers hosted
INTA- Service - Supported N/A external systems to State network. For example, Our proposed
Architect on the State network and/or used in the State
003 Bus solution uses ESB for interactions with FFM, FDSH services,
ure infrastructure.
(ESB) interface with MMIS system.
Enterpri Our proposed solution's ESB for the TEDS will be used in
Integrati The Solution shall use the ESB in conjunction
NFR- se conjunction with IBM DataPower Gateway appliance which is the
on with the State designated secure XML
INTA- Service - Supported N/A State designated XML gateway for all real-time interactions with
Architect gateway for all real-time interactions with
004 Bus systems hosted on the State network and/or outside the State
ure systems external to the State network.
(ESB) network.

The Solution shall provide functionality that

provides reliability for applications, services
Our proposed solution for the TEDS leverages the State's existing
or message flows including but is not limited
ESB, IBM Integration Bus, which reliably supports the services
to:
and message flows listed as follows:
1) Synchronous workflow and API invocations along with support
i. Synchronous and asynchronous
for asynchronous messaging using JMS compliant message
messaging
oriented middleware (MOM), such as JBoss HornetQ.
ii. High availability
2) High Availability, Fault Tolerance, and Failover, based on use
iii. Fault tolerance
Enterpri of native IIB clustering.
Integrati iv. Failover
NFR- se 3) In-Order Delivery, Transaction Support, Execution
on v. In-order delivery
INTA- Service - Supported N/A Prioritization, Message Prioritization, Downstream Throttling,
Architect vi. Transaction support
005 Bus Guaranteed Message Delivery, Once-Only Message Delivery,
ure vii. Execution prioritization
(ESB) Externalized Control of Message Delivery Retry Frequency and
viii. Message prioritization
Attempt Limit, and Failed Message/Dead Letter capability are all
ix. Downstream throttling
out-of-the-box capabilities using IIB in conjunction with JBoss
x. Guaranteed message delivery
HornetQ.
xi. Once only message delivery
4) Load balancing is implemented for HTTP and HTTPS traffic
xii. Externalized control of message delivery
using F5 LTM.
retry frequency and attempt limit
5) Scalable base on the IIB infrastructure, which is based on the
xiii. Failed message / dead letter capability
WebSphere platform.
xv. Load balancing
xvi. Scalable

476
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed ESB solution for the TEDS is IIB, which provides
functionality that supports service- and message-based data
exchange functions, including transformation, orchestration,
routing, transaction management, and API management.
Interaction styles include the following: 1) Store and Forward -
The Solution shall have the ability to apply
During this interaction, the message payload is stored in a
logic to the routing of messages, including but
persistent store-like database and forwards (store and forward)
not limited to support for the following file
the message payload to a data source, such as a message
interaction styles:
queue, for further processing internally or by an external system.
Once the response is received, the ESB responds to the calling
i. Store and forward: Ability to persist a
system with the response by setting the same “Correlation ID” as
message and then send it to destinations.
Enterpri received in the request. 2) Publish/Subscribe - If the same
Integrati ii. Publish/subscribe: Ability to distribute a
NFR- se message must be consumed by multiple systems, an integration
on message to multiple destinations based on a
INTA- Service - Supported N/A component called topic is used. All the consumers are subscribed
Architect message attribute usually described as the
006 Bus to this topic and read the messages being placed in the topic. The
ure subject area of the message.
(ESB) ESB places a message in the topic to be consumed by all the
iii. Request/reply: Ability to correlate
consumers subscribed to the topic. 3) Request/Reply - In the
asynchronous messages so that the target's
Request/Reply integration pattern, a request is made by the
response is associated with the appropriate
calling system and it receives an immediate acknowledgement
request made by the source.
receipt of the request from the service as a reply. The request
iv. Content-based: The ability to route a
contains a “Correlation ID” key, which is used to link the request
message based on a value or values within a
and the response. For example, the Minimum Essential coverage
message.
service allows FFM to verify if an applicant is already receiving
benefits and enrolled in State Medicaid. 4) Content-based -
Canonical message format- and content-based routing is used
where a number of message consumers require similar
information with minor variations.

Our proposed solution for the TEDS, IIB provides capability to

configure message flow to emit event messages that can be used
to support transaction monitoring and auditing and also business
Enterpri The Solution shall have the ability to track a
Integrati process monitoring. The events published by ESB can be written
NFR- se message from its origin to its destination
on to a transaction repository, creating an audit trail of the
INTA- Service - (inside a firewall), log on the status of that Supported N/A
Architect transactions that are processed by a broker. A transaction
007 Bus message and alert for attention to address
ure repository can be used for monitoring, auditing, and replay of
(ESB) exceptions.
transactions. Important fields in the message payload can be
added to the events emitted by message flows, allowing them to
be monitored.

477
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed logging framework for the TEDS provides a

Enterpri
Integrati mechanism to configure the audit listener to log events and store
NFR- se
on The Solution shall record traceable, auditable Partially them in the transactional database without interrupting the main
INTA- Service - N/A
Architect events as defined by the State security office. Supported process flow. Deloitte will work with the State to define the audit
008 Bus
ure events that are required by the State Security office and store
(ESB)
them in a transactional database.

Our proposed solution for the TEDS, IIB, supports a wide variety
of standards-based integration/communications protocols and
The Solution shall include but not limited to:
standards such as WSDL, SOAP, XML, XSD, NIEM, HL7, ANSI
i. Protocols: The ability to use standards-
X12, NHIN, JMS, TCP/IP, MOM, IIOP, .NET Remoting, TDE,
based communication protocols, such as
SSL, TLS, WS-RM, FTP/SFTP, HTTP, HTTPS, MQ, SMTP. The
TCP/IP, HTTP, HTTP/S, MQ and SMTP.
Enterpri IIB ESB supports protocol bridging to enable communications
Integrati ii. Protocol bridging: The ability to convert
NFR- se between different protocols by dynamically converting one
on between the protocol native to the messaging
INTA- Service - Supported N/A protocol to other. (For example, in some states, our solution
Architect platform and other protocols, such as Remote
009 Bus needed to convert the inbound SOAP/HTTPs protocol to
ure Method Invocation (RMI), SOAP over MQ
(ESB) outbound MQ for asynchronous communication.) IIB is also
and.NET remoting.
extensible with standard adapters, such as IBM WebSphere MQ,
iii - The ESB should be extensible using
JMQ Adapter, ODBC, JDBC, Web Service (WS-*, REST,
standard adapters that can be purchased on
ODATA), MS SQL, Oracle, FTPS, SFTP, HTTPS, LDAP
the open market.
Connector, SAP Connector, Splunk Connector, SMTP
Connector, RMI Connector, .NET Connector, and File Listeners.

Our proposed solution for the TEDS has in-flight message

manipulation, transformation, and intelligent routing features. For
example, during one of our ESB implementations, the account
Enterpri transfer was manipulated and transformed in-flight from v2.3.2
Integrati The Solution shall have features that enable
NFR- se compatibility to v2.0, because the disparate systems consuming
on in-flight message manipulation, such as
INTA- Service - Supported N/A the account transfer were not ready for the version upgrade yet.
Architect transformation (typically XML-based),
010 Bus Also, during the implementation of Passive Renewal process in
ure intelligent routing, naming and addressing.
(ESB) one of our previous implementations, ESB had to intelligently
route the messages to either AHI service from FDSH or RRV
service, depending on whether the transaction was for
renewal/redetermination or new application.

478
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS has the capability to

implement Synchronous Messaging using the IBM Integration
Bus SOAP Input Node to produce a SOAP- based Web service
for real-time integration to accept SOAP/HTTPS requests and
respond with a SOAP Reply message. For example, when an
individual applies for Medicaid on the Federally Facilitated
Marketplace (FFM), FFM performs Medicaid verification to check
The Solution shall implement synchronous
if the individual is already receiving Medicaid from the applied
and asynchronous system-to-system
State. A synchronous, real-time Web service is hosted on ESB for
Enterpri communication, moving messages between
Integrati FFM integration for Medicaid check.
NFR- se service consumer modules and service
on Our proposed solution for the TEDS has the capability to
INTA- Service - provider modules at runtime. The ESB Supported N/A
Architect implement Asynchronous Messaging using different connectors
011 Bus component may also monitor for file creations
ure such as JMS connector, JBoss HornetQ Connector for
(ESB) that trigger processing, manipulate files in
asynchronous communication between applications/systems.
response to trigger or time based schedule
Additionally, our proposed solution also monitors for file creation.
events, and access / update database rows.
For example, When an ESB receives an SDX file from SSA, the
file is securely ftp'd to a location on the State network. This
location then acts as the file end point that triggers the message
flow for further file processing. Trigger or time based schedule
events can also be configured in ESB. For example, our proposed
solution provides the capability to provide information on count of
FFM applications received during the day and can be scheduled.

Enterpri The Solution shall have the capability to bind Our proposed solution for the TEDS has the capability to support
Integrati
NFR- se services and other environment components UDDI-compatibility registry, interoperability repository, and URL
on
INTA- Service - through standard external environment Supported N/A resolution services. Additionally, our proposed solution for the
Architect
012 Bus controls such as UDDI or other URL TEDS supports reliable synchronous and asynchronous
ure
(ESB) resolution services. message-oriented communication.

Our proposed solution for the TEDS supports industry-standard

The Solution shall support industry-standards Health and Human Services domain exchange messaging
Health and Human Services domain standards, which can be tweaked by interface. Specifically we
Enterpri exchange messaging standards including, but support:
Integrati
NFR- se not limited to: 1) NIEM for Account Transfer, FDSH and communications with
on Partially
INTA- Service - N/A FFM
Architect Supported
013 Bus i. National Information Exchange Model 2) 270 for Health Care Eligibility/Benefit Inquiry, 271 for Health
ure
(ESB) (NIEM) Care Eligibility/Benefit Information, 834 for Benefit Enrollment and
ii. ANSI X12 EDI (270, 271, 834,...) Maintenance
iii. Health Level Seven (HL7) 3) HL7 for the exchange, integration, sharing, and retrieval of
electronic health information.

479
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS supports varying message

The Solution shall have the ability to support payloads ranging from individual transactions to large files. Our
varying message payloads, ranging from proposed solution supports Message Transmission Optimization
individual transactions to large files (more Mechanism (MTOM)-based integration to handle very large
than 1GB) containing multiple transactions. payloads. • Alternatively, if the file size is large (more than 1 GB),
Enterpri ESB has the capability to split the file and process smaller chunks
Integrati Where multiple transactions are embedded in
NFR- se by storing data into a database. This data will be used for further
on file, the system should have the capability to
INTA- Service - Supported N/A business processing by transforming and routing the data.IBM
Architect manage the individual transactions in such a
014 Bus Integration Bus provides a File Input node component for file
ure way that if the process is interrupted, it can
(ESB) exchange with external systems using the SFTP protocol. Should
be restarted without processing a record a
second time or skipping records. This failures occur during batch processing of an input file, our solution
capability is commonly known as a follows a checkpoint restart approach so the individual records in
checkpoint restart. the file need not be reprocessed when the process is restarted.

The Solution shall provide the functionality Our proposed solution for the TEDS includes IBM Integration Bus
used to monitor the operation of the overall management console (IMC). IMC is an enterprise management
system (services, applications, processes and monitoring tool designed specifically for IBM ESB instances
and application infrastructure), and to collect (servers, applications and processes running on the ESB). IMC
event logs and usage information aimed at provides:
Enterpri populating technical KPIs of the deliverables 1) Functionality to monitor messaging traffic flow through various
Integrati
NFR- se supported by the SOA backplane and of the nodes of the message flows.
on
INTA- Service - SOA backplane components by monitoring Supported N/A 2)Functionality to monitor current state of different processes at
Architect
015 Bus and collecting metrics including but not point in time and as transactions in flight
ure
(ESB) limited to: 3)Functionality to manage and monitor IBM ESB instances, ESB
clusters, applications within Integration server instances, and the
i. Messaging traffic flows within the applications. Functionality to monitor specific
ii. Process state and behavior transactions through pre-defined business events
iii. Application and service parameters and
behavior for all nodes

480
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS includes IBM Integration Bus
management console (IMC).The management console can be
configured to alert a certain set of users via email using SMTP
The Solution shall provide for any
when certain events thresholds are exceeded. Our proposed
combination of alert destinations such as
solution's management console provides a dashboard that
Enterpri Email, JMS, SNMP, reporting services, and
Integrati displays the Web services and applications status and behavior
NFR- se server logs. The alerts shall be configurable
on on all the ESB nodes (whether the service is up and running,
INTA- Service - with respect to the frequency of the alert, the Supported N/A
Architect response times, etc.). The management console can be
016 Bus ability to enable/disable an alert, rule
ure configured to alert configured set of users via email using SMTP
(ESB) expiration dates, starting and ending times for
when certain events thresholds are exceeded. Customizable
an alert, and customizable conditions for an
properties (e.g. Frequency of the alert, expiration dates, start time
alert.
of the alert, end time for an alert, enable/disable alert) can be set.
Our proposed solution's ESB can be configured to support JMS,
SNMP, and server logs where applicable.

Our proposed ESB solution for the TEDS provides:

1) Authentication, Authorization and Credential Mapping - The
DataPower security appliance is used to interpret the incoming
The Solution shall provide the tools and message payload, parses WSSE Security from the SOAP
technologies required to implement the Header, retrieves username and password token (credential
necessary control access to the services and mapping) to validate against an Active Directory (AD), and
the connected resources (for example, other authenticates the request. The IBM DataPower security appliance
Enterpri services and databases), as well as the SOA validates the SSL certificate from the incoming request and
Integrati
NFR- se backplane functionality capabilities including authorizes the request only if the SSL handshake is successful.
on
INTA- Service - but not limited to: Supported N/A 2)Encryption /decryption: Our proposed solution uses TLS
Architect
017 Bus (Transport Layer Security) 1.2 protocol for providing secure
ure
(ESB) i. Authentication communication of data over network.
ii. Authorization 3) Digital Signatures: Our proposed solution provides capability to
iii. Encryption/decryption provide digital signature. For example: During our previous
iv. Digital signatures implementation of 1095-B functionality, our proposed solution's
v. Credential mapping ESB Digital Signature security component is used to digitally sign
the message payload before routing it to the IRS 1095-B Web
service.
4)Credential Mapping

481
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The Solution shall provide the service

Our proposed solution for the TEDS uses IBM WebSphere
lifecycle management capability such as the
Registry and Repository (WSSR), the State’s existing registry, as
following: Examples include:
a system for storing, accessing, and managing information,
commonly referred as service metadata. It is specifically used to
i. Online catalog of services and associated
Manage Service Metadata: To create or re-use service
artifacts such as WSDL files, XSDs, BPEL
descriptions, taxonomies, XML Schemas and other service
Enterpri files
Integrati metadata artifacts like WSDL, BPEL files.
NFR- se ii. A single point of controlled access for
on Enable SOA Governance: To manage overall SOA infrastructure
INTA- Service - cataloging, promoting, publishing and Supported N/A
Architect and asset types.
018 Bus searching for information about managed
ure Publish and find a Service: Publish service descriptions and
(ESB) assets
locate services for reuse and enable the composition of new
iii. Metadata that enables an Enterprise
composite applications from existing services.
Service Bus (ESB) to find, bind to and invoke
Facilitate Service Interaction: To access service metadata and
the execution of a service implementation
endpoint information as well as capture service metrics key to
iv. Support for extending existing asset types
assess key performance indicators against the business and
and defining and populating custom asset
operational objectives.
types

Our proposed solution for the TEDS supports theses

requirements. Transport Security - Our proposed solution uses
TLS (Transport Layer Security) 1.2 protocol for providing secure
communication of data over network. Message Security - Our
proposed solution supports message security when exchanging
messages between different systems by using parameters like
The Solution shall support Transport Security,
Identification, Authorization and Authentication, Auditing,
Message Security, WS-Security, SAML
Enterpri Confidentiality, and Cryptographic Security Protocols.
Integrati architecture, and WS-Policy. In addition, the
NFR- se WS-Security - Our proposed solution supports WSSE Security by
on Solution shall also implement the ability to
INTA- Service - Supported N/A getting the username and password token (credential mapping)
Architect externalize security by using a third-party
019 Bus from SOAP Header to validate against an Active Directory (AD)
ure security infrastructure whereby the ESB's
(ESB) and authenticate the request. SAML architecture - Our proposed
proxy action calls a third-party for user/role
solution can support SAML for Web services authentication using
information.
the native IIB platform. WS-Policy - Our proposed solution
provides the capability to enable WS-Security configured via WS-
Policy for end-to-end encryption between the sender and recipient
of the message by encrypting the message body. Our proposed
solution has the capability to integrate with the enterprise's data
exchange gateway, DataPower.

482
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed ESB solution for the TEDS is IIB that enables
Enterpri delegated administration across a wide variety of administration
Integrati
NFR- se The Solution must incorporate role/group- and API management. These roles allow to align with operation
on
INTA- Service - based rights for the management of the Supported N/A and administration organizational structures across multiple
Architect
020 Bus Service Bus across the environments. environments. These administration activities are allocated across
ure
(ESB) roles such as Integration Administrator, API Administrator, API
Developer (API Publisher),API Product Manager.

Service Our proposed solution for the TEDS uses IBM WebSphere
Integrati Oriente The Solution shall provide the ability to Registry and Repository (WSSR), the State’s existing registry, as
NFR-
on d publish services and related data elements to a system for storing, accessing, and managing information,
INTA- - Supported N/A
Architect Archite be used by different types and classes of commonly referred as service metadata. WSSR is used to publish
021
ure cture service consumers. service descriptions and locate services for reuse and enable the
(SOA) composition of new composite applications from existing services.

Our proposed solution for the TEDS relies on a variety of internal

The Solution's Interface architecture for
Service Application to Application (A2A) integrations. To validate that this
internal A2A (Application to Application)
Integrati Oriente integration does not have a negative impact on the user
NFR- integration shall not have a negative impact
on d experience and expectations for application performance, we
INTA- - on the user experience and expectation for Supported N/A
Architect Archite consider a variety of factors in our architecture, such as message
022 application performance. All points of
ure cture prioritization, urgency of data, and orchestration. Points of contact
contacts for A2A communications shall be
(SOA) for A2A communications are documented and used as part of our
documented.
escalation process.

The Solution shall provide assistance for

deploying applications with SOA and event-
driven architecture in a manner that supports
Our proposed solution for the TEDS provides assistance for
the following implementation strategies:
deploying applications with SOA and event-driven architecture,
based on our experience in implementing SOA-based
Service i. Web Services: Web Services
architectures. We have developed assets such as optimal
Integrati Oriente Interoperability (WS-I) Organization-compliant
NFR- resource configuration settings, messaging queue configurations,
on d implementation of basic Web services
INTA- - Supported N/A environment variables configuration, connector configuration,
Architect Archite standards, including SOAP, WSDL and
023 database configurations, SSL configuration, and adaptor
ure cture Universal Description, Discovery and
configurations that jumpstart the configuration of the system. This
(SOA) Integration (UDDI), as well as higher-level
provides assistance in deploying WS-I organization-compliant
Web services standards, such as WS-
Web services, including SOAP (WSDL) based, UDDI, and REST-
Security.
based services, which support JSON, XML, HTTP and XHTML.
ii. Representational State Transfer (REST):
Support for XML-based message processing
a well as HTTP, and XHTML.

483
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed SOA solution for the TEDS includes a defined SOA
The contractor shall define SOA governance governance process. State agencies are rapidly adopting Service
processes for the following domains but not Oriented Architecture (SOA). Its layered and modular design and
limited to: loosely coupled approach to application integration make SOA
ideal for large-scale enterprise architectures, and the Enterprise
Service
i. Service Portfolio Management Service Bus (ESB) is a critical technical component to enable
Integrati Oriente
NFR- SOA ii. Services Technical Architecture SOA. SOA governance refers to the processes used to oversee
on d
INTA- Governa iii. Service Design & Development Supported N/A and control the adoption and implementation of Service Oriented
Architect Archite
024 nce iv. Configuration & Release Management Architecture (SOA) in accordance with recognized practices. Our
ure cture
v. Contract Management governance processes define Service Portfolio Management,
(SOA)
vi. Service Monitoring & Control Services Technical Architecture, Service Design and
vii. Incident Management Development, Configuration and Release Management, Contract
viii. Change Management Management, Service Monitoring and Control, Incident
ix. Role based access controls Management, Change Management, and role-based access
controls.

Our proposed solution for the TEDS recommends the use of pre-
defined configuration parameters from our experiences with IIB in
Service The contractor shall be responsible for
other states for configuration after the initial assembly. Our
Integrati Oriente building and supporting frameworks and
NFR- SOA proposed solution uses IBM Integration Toolkit to enable design
on d extensible tools that enable the design,
INTA- Governa Supported N/A and development. Developed code is compiled to a broker archive
Architect Archite configuration, assembly, deployment,
025 nce (BAR) file and is deployed on to the server using Apache Ant
ure cture monitoring, and management of software
scripts. Monitoring is done with IBM Integration Bus management
(SOA) designed around an SOA.
console (IMC). Management of software is accomplished using
the Atlassian Insight tool.

Service
Integrati Oriente
NFR- SOA The Solution shall integrate with a service Our proposed solution for the TEDS uses State's existing IBM
on d
INTA- Governa registry and repository to serves as an Supported N/A WebSphere Registry and Repository (WSSR), and it serves as an
Architect Archite
026 nce integration point for runtime tooling. integration point for runtime.
ure cture
(SOA)

Service
The security policy manager for web services Our proposed solution for the TEDS uses WSSR in conjunction
Integrati Oriente
NFR- SOA shall allow for centrally defined security with IBM DataPower Gateway appliance to centralize the security
on d
INTA- Governa policies that govern web services operations Supported N/A policies for the enterprise. The security policies, crypto profiles,
Architect Archite
027 nce (such as access policy, logging policy, and AAA policies are centrally defined in the DataPower
ure cture
confidentiality, integrity, and availability) appliance and govern the Web service operations.
(SOA)

484
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS provides out-of-the box

Service The Solution shall incorporate a reference
integration to various interfaces such as SSA and other
Integrati Oriente information model allowing for interoperability
NFR- State/federal agencies, and the interfaces will comply with the
on d and integration across the HCFA?s portfolio
INTA- - Supported N/A NIEM, HL7 standards. Our proposed solution can support NIEM-
Architect Archite of systems. The reference information model
028 conformant messages and expose any ruleset as a Web service
ure cture shall be National Information Exchange
that is easily accessible (callable) by any other component of the
(SOA) Model (NIEM) and MITA conformant.
system. Our proposed solution is MITA-conformant.

The Solution's interfaces shall employ NIST

Our proposed solution for the TEDS uses industry-standard best
Integrati and industry-standard best practices to
NFR- practices to secure and protect the data by using the following
on secure and protect the data and the
INTA- - - Supported N/A mechanisms where applicable:
Architect associated infrastructure from a
029 SSL Handshake, HTTPS, data encryption, Use of DataPower,
ure confidentiality, integrity, and availability
and high availability mechanisms such as clustering and fail over.
perspective.

The Solution shall have the capability to log

Our proposed solution for the TEDS management console,
and notify the system administrators/system
Integration Management Console, provides a dashboard that
Integrati support staff if an interface is not available for
NFR- displays Web service and application status and behavior on all
on any particular reason. The notification and
INTA- - - Supported N/A the ESB nodes (whether the service is up and running). The
Architect issue(s) shall be invisible to the
030 management console can be configured to alert a configured set
ure applicant/beneficiary/client. Specifics of
of users via email using SMTP when certain event thresholds are
notification to be determined in design
exceeded.
sessions.

Our proposed solution for the TEDS provides the capability to

Integrati The Solution shall provide the capability to monitor and detect batch processing or real-time processing
NFR-
on detect and remediate errors caused by batch errors in a persistent store-like database. Alternate flows can be
INTA- - - Supported N/A
Architect processing and real-time processing via user designed to process these using user defined rules. For example,
031
ure defined rules. if a Federal Data Services Hub (FDSH) service is down, the
system will detect it and retry after a configurable time.

Our proposed solution for the TEDS has the capability to accept
different sets of data from external sources. The solution has the
Integrati The Solution shall provide the capability to
NFR- capability to poll an input file, read the file, check for the size of
on perform source to destination file integrity
INTA- - - Supported N/A file, and validate the format. If the file format is wrong, or data
Architect checks for exchange data and log, notify, and
032 integrity check fails, the solution has the ability to log all such
ure alert appropriate parties with issues.
errors in a persistent store-like database and alert the batch
operators via email using SMTP.

485
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed interface management approach and methodology

used for the solution is a six-stage approach:
Integrati 1) Interface/Integration Management approach Planning
NFR- The contractor shall describe the interface
on 2) Interface Requirements and Design Documentation
INTA- - - management approach and methodology Supported C.9
Architect 3) Interfaces and Integration Development
033 used for the solution project.
ure 4) Interfaces and Integration Testing
5) Interfaces and Integration Deployment
6) Interfaces and Integration Maintenance and Operations

486
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS includes a Management Plan

and documents the following:
1) Maintenance Roadmap, Project Plan, and Stakeholder
Communication Plan, which will document our approach to
The contractor shall incorporate an interface developing and managing internal and external interfaces.
management approach into a comprehensive 2) Deloitte will use the IBM Integration Bus, CA API Gateway for
Interface Management Plan for all interface REST services, and Informatica PowerCenter configured as part
mechanisms used for the Solution (e.g. of the NextGen solution toolset for performing ETL activities and
batch, ESB/web services). The Interface resolving errors.
Management Plan will be used by HCFA to 3) Deloitte’s NextGen solution utilizes SOA architecture and IBM’s
document the plan for integrating the Solution Integration Bus ESB. The ESB and SOA are designed for a loose
with all systems internal and external to the coupling that encapsulates business functions and will enable the
HCFA. The Interface Management Plan shall, State to re-use legacy system interfaces. This will include
at a minimum, document the following areas: scenarios for integration of State systems.
4) Tasks, deliverables, and resources are identified in the
i. The approach to developing and managing interfaces sub-WBS of the project plan. This includes trading
internal and external interfaces. partners' tasks to facilitate communication and coordination
ii. Technical tools that will be used for data across entities.
transformation, transport and error recovery. 5) Master Test Plan that incorporates best-practices learned from
iii. A description of how the SI's development previous projects for interface testing. For example, we have a
standards will be reconciled, to reflect use of pre-built test deck and an iterative approach that starts simple
ESB and web services as wrappers to legacy with increasing complexity, building on the success of prior
Integrati
NFR- systems. The contractor should produce iterations. The Test Management plan will also include automated
on
INTA- - - example scenarios for integration reflecting Supported C.9.1.1 testing for volume-based use cases, performance, and scalability
Architect
034 their infrastructure components and toolset. testing that decreases risk and optimizes the time of trading
ure
iv. Tasks, deliverables and resources partners and State staff.
necessary to complete interface development 6) Interface management protocol that includes governance for
and implementation. coordinated management of the services registry, specifications,
v. Description of how the solution WSDL, schedule, security standards, and escalation protocol,
development and test systems will work with among others. This strict governance structure offers
the external interfaces. transparency and clarity for trading partners contributing to joint
vi. Descriptions of the process for managing success.
changes to the interfaces, both in the 7) Interface/Integration Management Plan for the TEDS that
production and non-production environments. includes tasks and templates to define services, specifications,
vii. List of solution interfaces, data format, transport methods (e.g., SOAP XML, REST XML, and fixed length
frequency of updates and expected data file), cycle schedule, method/protocol, expected volume, and
volume. escalation process.
viii. Process for interfacing and collaborating 8) Deloitte will identify key stakeholders including identifying their
with interface partners, including roles, roles, responsibilities, deliverables, priority, timeline, and points-
responsibilities, deliverables and timelines. of-contact (POCs) in collaboration with State staff. This includes
ix. How the State development and test specification templates, communication plans for interface
systems shall work with the external non- partners, and a project timeline to be elaborated on in advance of
production interfaces. each subsequent phase of the project.
9) The approach to environment provisioning, maintenance,
connection, and sharing concerning production and non-
production environments will be documented in the Planning
phase. This includes proposed volumes for trading partner tests.

487
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS includes a testing strategy

Integrati The contractor shall validate that each that incorporates thorough functional and performance testing to
NFR-
on interface is working correctly. The contractor validate that the interfaces are working correctly. Should any
INTA- - - Supported N/A
Architect will repair all interface-related problems issues be identified during the testing phase, the Release Process
035
ure caused by SI-developed interfaces. Management process will be followed prioritize and fix interface
related problems during the development life cycle.

Integrati
NFR- The contractor shall assist HCFA in
on Deloitte will assist the State in identifying root causes for other
INTA- - - identifying root causes for all Solution Supported N/A
Architect solution interface related problems.
036 interface related problems.
ure
During the interface development process, the Deloitte team
Integrati The contractor shall document all interfaces
NFR- works with the State and trading partners to document the
on with an Interface Control Document (ICD) as
INTA- - - Supported N/A Interface Control Document (ICD) that specifies the interface
Architect required by the State using a State approved
037 components between the systems by using the State-approved
ure template.
template.

Our proposed solution for the TEDS is built on n-tier architecture

Integrati
NFR- The Solution shall employ an integration layer which separates the integration layer from the presentation,
on
INTA- - - based on open standards for external Supported N/A business, and persistence layers. Our integration layer is built on
Architect
038 messaging and service interaction. Open Standard SOA principles to achieve interoperability for
ure
interacting with external systems.

Our proposed solution for the TEDS uses IIB as ESB and
Integrati The Solution shall meet the MITA conforms to MITA standards. Our proposed solution is designed
NFR-
on requirements for a modular design and the to deliver improved services for the State in a cost-effective
INTA- - - Supported N/A
Architect use of Service Oriented Architecture (SOA) manner. Deloitte’s compliance with MITA has been demonstrated
039
ure and Enterprise Service Bus (ESB). in Ohio, Massachusetts, Pennsylvania, Texas, Wisconsin and
Maine.

Our proposed solution for the TEDS relies on a variety of internal

Application to Application (A2A) integrations. To validate that
integration has no negative impact on either the user experience
or the required application performance, we consider a variety of
Integrati The Solution shall ensure interface pathways
NFR- factors in our architecture. These factors include message
on do not be adversely affect other activities,
INTA- - - Supported N/A prioritization, urgency of data, and orchestration. Our proposed
Architect such as regular operations, other jobs,
040 solution's Test Management Plan also includes load testing to
ure reporting, queries, analytics, and ETL.
validate that the backend interface communication and
Application to Application Integration do not affect other activities
such as user activities, case worker application, any reporting
processes, or ETL processing.

488
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS will reuse existing

Integrati The Solution shall reuse existing (legacy) connectivity and specifications wherever appropriate. For
NFR-
on interface connectivity and specifications (e.g. example, if the State has FDSH services connectivity already
INTA- - - Supported N/A
Architect file layout, web service specification etc.) established, we will reuse those interface specification and
041
ure where appropriate and required by the State connectivity. We propose to use the State's existing IIB and
WSSR and reuse existing connections where applicable.

489
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS provides data audit controls
for each of the listed operations. Some key auditing features are
as listed below.
1) A Caseworker is viewing demographic information of an
applicant on a page or updating income of an applicant. These
actions are logged.
2) A record is deleted from the database. A record is created in
the audit trail of this deletion and associated timestamp.
3) The field length of a database column is changed by the DBA.
This action is logged and the previous and new values of the
length are stored along with the associated timestamp.
The Solution shall provide audit controls 4) A column in a DB table is re-defined. The table that contains
including and not limited to the following: the metadata is stored in the audit logs so that the previous
definition of the column is available.
i. User interfaces 5) A new user is provided read/update access to the system. The
ii. Operation of the DBMS time of transaction and new user details are logged.
Audit
NFR- Data iii. Database administration 6) A system backup is performed as part of scheduled operation.
and
DA- Architect - v. Data definition and documentation Supported N/A The details about the backup and status
Compli
001 ure ix. Security and access. Organizational (successful/unsuccessful) are logged.
ance
policies and priorities 7) The database is not available due to scheduled performance
x. Backup and recovery testing. The downtime will be logged.
xi. Business continuity 8) The database will align with the standards. For example, FTI
xii. Compliance with standards and data storage will follow the data encryption including data in
requirements motion and data-at-rest security measures. Changes in the
security settings are logged.

Our solution safely secures customer information and grants

access only to authorized personnel. Additionally, the enhanced
persistence layer allows audit history for records in the database
to track specific transactions performed by a user. It also provides
audit logging capabilities that span the User Interface Layer,
Business Logic Layer. and Database Layer of the application.
Whenever data enters or exits the System, either the events,
summary, or the data content is logged in the audit trail,
depending on the type of transaction and data.

490
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS includes a View Action

History screen through which audit trails of online transactions
Audit The Solution shall produce an accessible
NFR- Data performed by users can be viewed in a legible manner. The View
and transaction and audit trails that is human
DA- Architect - Supported N/A Action History screen is available to authorized users in the
Compli readable and meet standards outlined in the
002 ure application flow of the Worker Portal. Our audit trails align with
ance State and Federal guidance.
State and federal requirements based on audit controls specified
in NIST 800-53.

Our proposed solution for the TEDS has the capability to track
historical information and transaction auditing. For example, if a
citizen has moved across multiple addresses while receiving
Audit
NFR- Data The Solution shall use history tracking within assistance, the various historical addresses can be tracked and
and
DA- Architect - the database and logging options (e.g., Supported N/A viewed by the case workers. Similarly, if the client reports a
Compli
003 ure transaction auditing) change in last name, original record is moved to the auditing table
ance
and be retrieved for future reference. In addition our proposed
solution also leverages Oracle's native Auditing capabilities for
database level changes including DDL and DML changes.

Audit The Solution shall where possible employ a Our proposed solution for the TEDS employs Oracle Database
NFR- Data
and software agent that run the data server, Vault that integrates with Oracle Cloud Control, enabling policy-
DA- Architect - Supported N/A
Compli enabling a policy-based data access based access to compliance and monitoring for deviations from
004 ure
ance compliance and monitoring. policy design.

Our proposed solution's technical design for the TEDS includes

audit logging and compliance as a core aspect during the design
of each module. We are aware of NIST 800-53 playing a key role
in the architecture for the TEDS, and will align with it to meet audit
Audit The Solution shall ensure all modules have
NFR- Data and compliance requirements that can be configured in our
and plans and procedures in place to meet audit Partially
DA- Architect - N/A proposed solution as part of the enabling events at platform
Compli and compliance requirements for the Supported
005 ure product levels as well as enabling pages within the Worker Portal
ance Eligibility System
and Member/Partner Portal applications. We will review these with
the State during JAD sessions and derive settings to implement
for the solution for development, testing and production
environments.

491
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS uses public identifiers. We

The Solution shall allow for a unique public leverage our experience to allocate sufficient length for public
identifiers for key data records that are identifiers so that the system does not run out of identifiers. For
NFR- Data consistent and of sufficient length to allow for example, 11 digits is be used to identify an individual in the
DA- Architect - - unique values throughout the life of the Supported N/A system and first 10 digits when run through an algorithm should
006 ure Solution. The Solution shall allow for a always result in the 11th digit. The 11th digit is then used as the
generation of a check digit to be appended to check digit in the system. This validates that each individual in the
the public identifiers. system is identified uniquely and the use of check digits leads to
less data errors.

Our proposed solution's user interface for the TEDS facilitate data
The Solution shall allow public identifiers to entry in an intuitive manner. For example, While entering the SSN
be displayed on screens and in the user will be presented with 3 set of text boxes to enter the
NFR- Data
correspondence with a reader friendly format number and validate that the lengths are 3,2 and 4 respectively. If
DA- Architect - - Supported N/A
mask / template (e.g., 123-12-3232-8, 123- a person enters 111-11-3333 for a phone number in these three
007 ure
122-123-A) but stored in the database without text boxes, phone number will be stored as 111113333 in the
formatting characters or check digit. transactional database where as while displaying on screen it
would be 111-11-3333.

Our proposed solution's user interface for the TEDS facilitate data
The Solution shall allow screen input fields to entry in an intuitive manner. For example, While entering the SSN
accept public identifiers, with or without the user will be presented with 3 set of text boxes to enter the
NFR- Data
format mask characters, and the logic shall number and validate that the lengths are 3,2 and 4 respectively. If
DA- Architect - - Supported N/A
be smart enough to strip out any formatting a person enters 111-11-3333 for a phone number in these three
008 ure
characters prior to performing database text boxes, phone number will be stored as 111113333 in the
actions. transactional database where as while displaying on screen it
would be 111-11-3333.

The Solution shall allow public identifiers to Our proposed solution for the TEDS provides the ability to merge
be immutable (cannot be changed) but if client IDs if two IDs in the system are representing the same
record instances are merged, for example, client. After the IDs are merged, one of the ID's will be marked as
then it is possible that a given entity instance secondary and will not be used for future association purposes.
NFR- Data will have multiple identifiers. When an entity However, the information listed on the secondary individual ID,
Partially
DA- Architect - - has multiple identifiers, one identifier shall be N/A such as DOB, can still be searched on the client inquiry screen.
Supported
009 ure considered the prime (master) identifier and This logic does have dependencies on integration points with
used in ongoing correspondence, etc. State-existing MPI, therefore, we believe there may be
However, all identifiers remain valid (just no customization necessary, based on the existing governance rules
longer "published") and can be used in within State MPI, leading to achieving the same functionality with
search screens to find entity occurrences. a slightly different technical approach to enable it.

492
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution's data model for the TEDS follows

consistent and logical naming standards. Each of our database
NFR- Data The Solution shall allow the data model to
changes are reviewed and verified by our team before
DA- Architect - - follow consistent and logical naming Supported N/A
implementation. As part of this process, our team validated the
010 ure standards.
naming standards for consistency and will validate for business-
oriented description of the column names and tables.

Our proposed solution's data architecture for the TEDS provides

the capability to capture create user id, create id, update user id,
update id where applicable. The ability to capture this information
is built-in as part of our NextGen framework and does not have
The Solution shall allow for the tracking of all
any additional impact to the system performance. This information
NFR- Data last-accessed-by and all last-accessed
can be used as a criteria for record retention and archival. Note
DA- Architect - - timestamp for record retention and archiving Supported N/A
that archival out of the system requires compliance with federal
011 ure in a way that minimally impact to the system
rules that are case and individual centric. Hence, we find that for
performance.
case centric data use of database partitioning tends to lend itself
as a better strategy and only rely on purge of trigger tables, audit
logs and trading partner files based on a time driven parameter of
7 years or more dependent on the State audit retention policies.

Our proposed solution's data architecture for the TEDS provides

NFR- Data The Solution shall allow data elements the
the capability to capture create user id, create id, update user id,
DA- Architect - - track the created-by, creation timestamp, last- Supported N/A
update id where applicable. The ability to capture this information
012 ure updated-by and last-updated timestamp.
is built-in as part of our NextGen framework.

Our proposed solution for the TEDS is based on a mature

established production proven data model. For the TEDS we will
add database tables and elements to it, however since it is an
established model we will provide a detailed data dictionary that
has business name for tables and columns in addition to the
physical names. This when combined with Erwin provides more
The contractor shall provide the Conceptual, than required detail that a Conceptual and Logical data model
NFR- Data
Logical and Physical models for the solution Partially would capture. For brand new systems starting from scratch, the
DA- Architect - - N/A
in source format and other formats Supported LDM and Conceptual Data Models are used to drive the PDM and
013 ure
designated by State. after majority of the PDM is established industry practice is to
maintain the data dictionary with business context but directly
model within the PDM since the constraints of the PDM lead to
more realistic design of the application. Based on that we will
produce the PDM and Data Dictionary and maintain it during the
project. Erwin will be the PDM tool and Excel format will be used
for Data Dictionary.

493
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution's information model for the TEDS aligns

The Solution shall comply with Information with consistent data format and content standards and consistent
Model data standards, including but are not definition across all data stores. For example, client ID is stored in
NFR- Data
limited to: indv_id column across all data stores. Our proposed solution
DA- Architect - - Supported N/A
i. Data format and content standards comes with a production-proven, mature data model tailored to
014 ure
ii. Consistent definition of data elements in all meet the TEDS solution requirements. A detailed approach is
data stores followed by our team to keep the Data format and content
standards consistent for all new development as well.

The contractor shall provide to the State data Our proposed solution for the TEDS provides data flow diagrams
flow diagrams including but not limited to the as part of interface specifications and storyboard specifications
following: that include:
1) Node to Node traffic. For example in the case of State receiving
i. Node to node traffic (from data source to FFM applications, our dataflow diagrams include data objects
NFR- Data
data destination) including all data from HUB, FDSH calls, Rules Engine, Eligibility System,
DA- Architect - - Supported N/A
repositories and pass-through systems Customer Communication, interface to MMIS.
015 ure
involved 2) Between various logical elements of a particular unique
ii. Between various logical elements of a application. For example in the case of a case worker registering
particular unique solution or application (e.g.. a new application, our data flow includes the data flow between
link between front-end and back-end presentation layer to the framework layer, business layer and the
elements) actual OLTP database.

Data classification will be maintained in the data dictionary

according to categories for PHI, PII and FTI classification. Tables
NFR- Data marked for FTI data will reside in their own Tablespace. Additional
The contractor shall provide a data
DA- Architect - - Supported C.14.6 tablespace division will be done based on a combination of
classification plan/document to the State.
016 ure performance and business needs. Note that Transparent Data
Encryption is enabled for tablespaces using Oracle Advanced
security.

Our proposed solution's DBA team for the TEDS will create an
NFR- Data The contractor shall provide data model Entity Relationship diagram using Erwin data modeler to provide
DA- Architect - - diagrams i.e. Entity Relationship diagram to Supported N/A the State with a Physical Data Model. This data model will be
017 ure the State. maintained as part of the project lifecycle and updated based on
design changes in DDI and O&M.

Our proposed solution for the TEDS has the ability to perform
NFR- Data Data The Solution shall have the capability to Web service based or file based data exchanges with other
DA- Architect Exchan - provide data and access to other Solutions Supported N/A solutions that are part of the enterprise service. For example, our
018 ure ges that are part of the enterprise service. proposed solution exchanges data with the MMIS system to
exchange data.

494
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution's File Transfer Protocol for the TEDS will
accommodate the following:
The Solution shall have the ability to use 1)Privacy of the communicating applications and users will be
secure File Transfer Protocol (FTP) to factored into the design so that data theft due to eavesdropping
accommodate file transfers including but not can be prevented. Industry standards such as TLS will be the
NFR- Data Data baseline for such a design.
limited to the following:
DA- Architect Exchan - Supported N/A 2)Security of financial transactions including tax related
019 ure ges information, by use of Digital certificates and Digital Signatures in
i. Transport Layer Security (TLS)
ii. Secure Electronic Transaction (SET) compliance with SET.
iii. Secure Copy (SCP) 3)Preventing the confidentiality and authenticity of the files being
transferred by adhering to Secure Copy Protocol.

Our proposed solution for the TEDS has the ability to export or
The Solution shall provide the ability to import data in a manner that is in-line with the industry standards.
NFR- Data Data
import/export data. (e.g. Open Data Base The files produced by the proposed solution will be compliant to
DA- Architect Exchan - Supported N/A
Connectivity [ODBC]-compliant and/or other ODBC and JDBC and the solution is able to import data using
020 ure ges
generally accepted formats.) ODBC and JDBC connectivity based on native capability of the
Oracle Database platform.

The Solution shall provide the ability to

leverage the Federal Data Services
Hub(FDSH) to provide verification from
NFR- Data Data federal agencies such as the Internal Our proposed solution for the TEDS leverages existing FDSH
DA- Architect Exchan - Revenue Service, Department of Health and Supported N/A services for verification of SSN, Lawful Presence, Income and
021 ure ges Human Services, and Department of Citizenship information of the client.
Homeland Security to eliminate the
independent establishment of those
interfaces and connections at the State level.

495
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS has the capability to request,
access, and store data from the following:
1) Federal Data Services Hub (FDSH) - For verifying client's SSN,
The Solution shall have the ability to request Citizenship, Lawful Presence, Annual Household Income.
(retrieve), access and store data from the 2) Department of Homeland Security (DHS) -To access and
following sources including but not limited to: retrieve the immigration status of the client.
3)Internal Revenue Service (IRS)- To access and retrieve the tax
i. Federal Data Services Hub (FDSH) information of the client.
ii. Department of Homeland Security (DHS) 4)Medicaid Management Information System (MMIS) – To send
iii. Internal Revenue Service (IRS) Medicaid eligibility information and access Information about
NFR- Data Data
iv. Medicaid Management Information Medical Benefits of the client.
DA- Architect Exchan - Supported N/A
System (MMIS) 5) TN Department of Labor and Workforce – Information about
022 ure ges
v. TN Department of Labor and Workforce different jobs held by the client
vi. TN Benefits and Administration 6) TN Benefits and Administration – Information about state
vii. National Institutes of Health (NHI) provided insurance benefits
viii. National Association for Public Health 7)National Institutes of Health (NHI) – National Health Information
Statistics and Information Services? (for informational purposes)
(NAPHSIS) 8) National Association for Public Health Statistics and
x. TN Department of Corrections Information Services (NAPHSIS) – Information about Public
Health (for informational purposes)
9) TN Department of Corrections – Information about record in
correctional facilities/prison by applicants

Deloitte will share a data dictionary that outlines the types of data
and corresponding sensitive data elements including the
NFR- Data Data corresponding security classification for each sensitive data type.
The contractor shall provide a data dictionary
DA- Architect Exchan - Supported N/A The data dictionary will list the source of the sensitive data type,
and data schemas to the State.
023 ure ges its storage location, and retention period. Additionally, data
schemas will be published after the data base design is finalized
and reviewed.

Our proposed solution for the TEDS through its operations will
NFR- Data Data The Solution shall allow for files received
allow only authorized personnel to have access to the files
DA- Architect Exchan - through secure FTP to be stored in a secure Supported N/A
received from the secure FTP. Access to these files can be
024 ure ges file repository where access can be audited.
reviewed and audited.

496
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS leverages State's existing

The Solution shall provide the ability to
NFR- Data Data enterprise QAS address validation software to validate the
perform real-time electronic address
DA- Architect Manag - Supported N/A accuracy and completeness of client addresses and provide the
verification and address validation against
025 ure ement ability for case workers to take necessary corrective actions
addresses in US postal database.
where appropriate.

Deloitte will work with the State to develop and execute a record
retention schedule in accordance with Federal and State
The contractor shall develop and execute a requirements. After the plan is developed, it will be reviewed and
NFR- Data Data Data record retention schedule in accordance with approved with HCFA. Using our experience of doing archiving and
DA- Architect Manag Retentio federal and state regulations as approved by Supported N/A purging on similar implementations, we classify these operations
026 ure ement n HCFA and with minimal impact to system in to those which can run during our batch operations and the
performance and availability. others which can be run during our maintenance windows. This is
done to have a minimal impact to the system performance and
availability.

The Solution shall maintain records and Our proposed solution for the TEDS provides the capability to
NFR- Data Data Data
supporting documentation under audit or Partially retain the records that are flagged for audit or involved in litigation.
DA- Architect Manag Retentio N/A
involved in litigation for a length for time as Supported Deloitte will work with the State during the requirements phase of
027 ure ement n
determined by the State. the project to document the guidelines for record keeping.

Our proposed solution for the TEDS provides the ability to insert
case records through break fixes in the unlikely event of the State
having to bring them back to the OLTP. It is our understanding
that the State will maintain the data that is archived on the tapes
and will work with the State to establish a process for unarchiving
NFR- Data Data Data
The Solution shall have the ability to re- Partially the data necessary to create a case record. Note that archival out
DA- Architect Manag Retentio N/A
establish an aged record (unarchive). Supported of the system requires compliance with federal rules that are case
028 ure ement n
and individual centric. Hence, we find that for case centric data
use of database partitioning tends to lend itself as a better
strategy and only rely on purge of trigger tables, audit logs and
trading partner files based on a time driven parameter of 7 years
or more dependent on the State audit retention policies.

Our proposed solution for the TEDS aligns to the established

security and audit controls for storage, backup, retrieval and
The Solution shall adhere to security and
viewing of archive data records. We will work with the State to
audit controls applying to storage, backup,
NFR- Data Data Data define the process and appropriate access levels using State
retrieval, and viewing of archive data records
DA- Architect Manag Retentio Supported N/A existing tools. Our proposed stack for database is made up of
including to not limited to secure and
029 ure ement n Oracle Database products that lend themselves quite well to
encrypted storage, encrypted backups, and
integrating with state existing tools such as standard backup
audit trail.
appliances such as Netback-up, etc. using patterns driven by
Oracle RMAN and Advanced compression.

497
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS, produces a report of the

purge/archives that will be done and will be reviewed with the
State before archival/purge. All purge activities that are performed
and either tracked in JIRA or done as part of the scheduled
The Solution shall include the ability to list an
maintenance events which are tracked in our proposed solution's
NFR- Data Data Data inventory of records included in purge /
batch. Note that archival out of the system requires compliance
DA- Architect Manag Retentio archive as a report. Where applicable, the Supported N/A
with federal rules that are case and individual centric. Hence, we
030 ure ement n purge process shall executed in a way the
find that for case centric data use of database partitioning tends to
enables the audit trail to capture the event.
lend itself as a better strategy and only rely on purge of trigger
tables, audit logs and trading partner files based on a time driven
parameter of 7 years or more dependent on the State audit
retention policies.

Our proposed solution for the TEDS provides controlled logging

capabilities so that each log files maximum storage size is
The Solution shall maintain an archival
specified. Once the maximum storage is reached for a log file, it
NFR- Data Data Data process so that accumulated historical
will be moved automatically to a historical log file. Our proposed
DA- Architect Manag Retentio records and log files do not consume large Supported N/A
solution comes with a pre configured number of historical files and
031 ure ement n amounts of disk space and adheres to tiered
a recommended size limit for each type of log file. These limits
data storage.
can be configured for Tennessee and will adhere to the State's
tiered data storage.

Our proposed solution for the TEDS provides controlled logging

capabilities so that each log files maximum storage size is
The Solution shall provide an auto
specified. Once the maximum storage is reached for a log file, it
NFR- Data Data archive/purge of the log files to prevent
will be moved automatically to a historical log file. Our proposed
DA- Architect Wareho - uncontrolled growth of the log and historical Supported N/A
solution comes with a pre configured number of historical files and
032 ure use records storage using administrator-set
a recommended size limit for each type of log file. These limits
parameters.
can be configured for Tennessee and will adhere to the State's
tiered data storage.

Our proposed solution for the TEDS has OLTP database for
transactional data and an ODS (Operational Data Store) that is
The Solution is envisioned as having an
NFR- Data Data replicated from the OLTP using Oracle Golden Gate. ETL
OLTP database, and data warehouse. The
DA- Architect Wareho - Supported N/A operations are run on ODS, so that there is no performance
contractor shall develop a business
033 ure use impact when the data is being extracted for the proposed BI
intelligence data warehouse or data mart.
solution, HHS Interactive on Deloitte ClearLight platform and data
mart.

498
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The Solution shall populate the data

Our proposed BI solution for the TEDS, HHS interactive built on
warehouse so that it minimally includes data
Deloitte ClearLight platform provides the ability to populate data
from:
NFR- Data Data mart from
i. The OLTP database
DA- Architect Wareho - Supported N/A 1)ODS, operational data store that gets data from the OLTP
ii. Data from any ancillary databases, e.g.,
034 ure use database
any decoupled CRM system.
2)Data ancillary databases like CRM.
iii. Operational data from inbound document
3)Operational data from FileNet.
processing

Our Proposed solution for the TEDS has an operational data store
NFR- Data The Solution shall include a data warehouse
that is populated in near real-time, using Oracle GoldenGate and
DA- Architect DBMS - that is no more than 24 hours behind the Supported N/A
a data mart on our Deloitte ClearLight Platform that is scheduled
035 ure main OLTP database.
to sync on a nightly basis.

The Solution shall use a Relational Database Our proposed solution uses oracle 12c as OLTP, batch
NFR- Data
Management System (RDBMS) to support processing, mixed workloads. Business intelligence will be
DA- Architect DBMS - Supported N/A
OLTP, batch processing,mixed workloads provided through our Deloitte ClearLight platform which uses
036 ure
and business intelligence. RDBMS as well.

The Solution shall allow referential integrity Our proposed physical data model is normalized or de-normalized
NFR- Data
enforcement to be enabled in the OLTP to optimize for the TEDS. Additionally, database constraints such
DA- Architect DBMS - Supported N/A
database unless there is an exception as referential integrity constraints, indices, sequences are
037 ure
scenario that is approved by HCFA. reviewed and updated.

Our proposed solution provides the ability for concurrent users to

NFR- Data The Solution shall provide the ability for simultaneously view the same record, documentation and/or
DA- Architect DBMS - concurrent users to simultaneously view the Supported N/A template. For example an inquiry user, supervisor and the case
038 ure same record, documentation and/or template. worker can simultaneously view case comments, case information
and client information using the corresponding inquiry screens.

Our proposed solution includes Oracle database which uses

The Solution shall implement optimistic optimistic locking by default. This feature allows the rows to be not
NFR- Data locking or a similar protection to maintain the locked when they are read. In certain specific instances where
DA- Architect DBMS - integrity of data during concurrent access Supported N/A pessimistic locking is necessary, we will work with the State to
039 ure where one user may update may overlay document the exceptions. This architecture leads to supporting
another update. concurrent access of data without sacrificing update integrity from
a user standpoint.

499
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Database structure modifications are identified early in the SDLC

process during requirements and design and will be part of an
schedule release plan. Usually, database structure modifications
NFR- Data The Solution shall support online
are associated with corresponding application code changes that
DA- Architect DBMS - modifications to database structures with Supported N/A
are deployed during the scheduled maintenance window. In the
040 ure minimal system downtime.
unlikely event of having to modify just a database structure, our
proposed solution provides the ability to do a database only build
with a minimal downtime.

Our proposed solution will use Oracle Active Guard to replicate

The Solution shall allow for data and
the data from the primary site to secondary site. Our proposed
transaction replication including, but not
solution also uses Oracle Golden Gate to replicate the data from
NFR- Data limited to, copying an instance of any
OLTP to ODS. This will provide the capability to support high
DA- Architect DBMS - database to specified locations (e.g. SAN, Supported N/A
availability and meet the RTO and RPO timelines as agreed upon
041 ure Multi-site implementations to support high
with the State. For the core high availability needs, Oracle will be
availability and recovery point and time
deployed in RAC configuration itself to support active-active
objectives) and resolve replication issues.
pattern.

Our proposed solution contains Oracle Exadata, which is a

combined compute and storage system optimized for running
NFR- Data The Solution shall provide standard data
Oracle Database software. This provides the capability of
DA- Architect DBMS - extraction APIs and utilities to allow secure Supported N/A
standard data extraction APIs and utilities to allow secure and
042 ure and efficient import and export of data.
efficient import and export of data that are native to Oracle
Database platform.

Deloitte will work with the State to address the following

The Contractor shall provide a Data deliverables with respect to data configuration:-
NFR- Data Management Plan that includes, but is not • Provide configuration and operations documentation including,
Partially
DA- Architect DBMS - limited to, optimum database configuration N/A but not limited to optimum database configuration settings,
Supported
043 ure settings, patching procedures, client patching procedures, client maintenance, and change control
maintenance, and change control. • Provide a capacity plan that addresses sizing for data
configuration.

500
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution will be hosted on a virtual, converged

infrastructure platform in the HCFA data center, sized to
accommodate the required environments and recommended
sizing from the various product vendors. For database
components, the hardware platform will be Oracle Exadata. These
NFR- Data The Solution shall handle load balancing, platforms provide the elastic capacity, fault tolerance, and
DA- Architect DBMS - failover and/or clustering ability for extended Supported N/A redundant components for high availability infrastructure. In
044 ure scalability and performance. addition at the software layer, we will utilize Oracle RAC that will
provide active-active, load-balanced, high availability for the
transactional database. For our BI solution, Deloitte ClearLight
uses a failover-based pattern for the Data Mart, with replication
that provides high performance and scalability as part of the
platform.

Deloitte will work with the State to provide a capacity plan that
NFR- Data
The contractor shall provide a capacity plan addresses sizing by estimating the space use of the table and
DA- Architect DBMS - Supported N/A
that addresses sizing for data configuration. obtaining the object growth trends using out of box Oracle Cloud
045 ure
Control reports.

The Solution shall support advanced

NFR- Data Our proposed solution does cache of reference table data. Master
configurations for data caching (e.g., support
DA- Architect DBMS - Supported N/A Reference Schema like user access, authorization levels, etc. are
of client/application caching, support of server
046 ure supported with advanced caching options.
caching, etc.)
The Solution shall be fully ACID (Atomicity,
NFR- Data Consistency, Isolation, Durability)- compliant The Oracle DB for the proposed solution aligns with ACID.
DA- Architect DBMS - so as to ensure it handles transaction Supported N/A Additionally our NextGen solutions transaction attributes
047 ure rollbacks, validity and referential integrity complements the ACID for each transaction.
checks, etc.

Our proposed solution's data model comes with pre configured

The Solution shall support indexing
NFR- Data indexes to support performance. Additionally, Indexing technology
technology (multiple types of Indexing shall
DA- Architect DBMS - Supported N/A will also be incorporated to tune performance of SQL statements
be available to tune performance of SQL
048 ure based on AWR reports from Oracle Cloud Control and other
statements).
performance monitoring tools that can provide tuning insight.

Our proposed solution for the TEDS uses Oracle database

NFR- Data indexing technology that is incorporated to tune performance of
The Solution shall be able to manage multiple
DA- Architect DBMS - Supported N/A SQL statements. Oracle database has native query queue
query queue entries in parallel.
049 ure features to support multiple query queues including parallel hint
based queues.
Our proposed solution's DBMS for the TEDS, Oracle 12c utilizes
The Solution shall offer tools to manage and
NFR- Data database indexes that improve the speed of operation in the
control disparate mixed workloads in a
DA- Architect DBMS - Supported N/A database. This allows our proposed solution to manage and
Database Management Solution (DBMS)
050 ure control disparate mixed workloads in a Database Management
environment.
Solution (DBMS) environment.

501
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS uses Oracle Database

The Solution must have the ability to provide
platform that enables use of Oracle Advanced Security and
for a capability for a "Separation of Duties "
Oracle Audit Vault that lend themselves out-of-the-box to
NFR- Data between the database administrator and the
separation of duties between DBAs and Security Administrators.
DA- Architect DBMS - security administrator such that database Supported N/A
State designated individuals can be configured in these tools to
051 ure security controls and audit logs may not be
have access setup where the DBAs cannot disable security
altered or disabled without the collusion of the
controls and audit logs by themselves without involving a security
two administrator roles.
administrator.

The Solution shall have full, incremental and

Our proposed solution for the TEDS contains Oracle RMAN, an
transaction log backup and recovery
NFR- Data essential component for protecting the content of Oracle
capabilities on both a regular schedule and
DA- Architect DBMS - Supported N/A database. Oracle RMAN can be used to create backup sets,
an ad hoc basis, including but not limited to
052 ure image copies, and incrementally updated backups of Oracle
redundant incremental off-site backups and a
Exadata content.
monthly demonstration of back-up capabilities

Our proposed solution's daily full database backups occur in a

way that enables the database to remain fully-functional during
NFR- Data The Solution shall provide the capability to
that time. This includes incremental and full backups. The RMAN
DA- Architect DBMS - remain fully-functional during database Supported N/A
utilities in Oracle database are configured for these specific
053 ure backup windows.
settings to allow backups to not disrupt database functional
access.

The Solution shall store appropriate data in Our proposed solution for the TEDS uses a relational database
NFR- Data
an industry-standard commercially available that supports referential integrity so that data cannot be updated
DA- Architect DBMS - Supported N/A
relational database that supports referential in a manner that makes related data inconsistent and allows for
054 ure
integrity rules. online and batch processing.

Our proposed solution for the TEDS is Oracle Database that has
SQL capabilities for standard queries. It also provides the ability to
NFR- Data The Solution shall provide Standard Query
restrict access to certain database schemas/tables to specific
DA- Architect DBMS - Language (SQL) capabilities for database Supported N/A
security role based on the established protocols. For example, FTI
055 ure queries based on security role and protocols.
data is encrypted before storing in the system and can only be
accessed by state approved authorized personnel.

Deloitte monitors database performance regularly using Oracle

NFR- Data The contractor shall provide DBMS Cloud Control based alerts and dashboards, allowing us to detect
DA- Architect DBMS - performance and benchmark stats based on Supported N/A and resolve problems in a timely manner. We will provide DBMS
056 ure the purposed DBMS OS. performance and benchmark stats that come from Oracle Cloud
Control to the State.
Extract, The Solution shall provide database tools that
Our proposed solution for the TEDS provides monitoring and SQL
NFR- Data Transfo include, but are not limited to: SQL
analysis tools such as Oracle Diagnostics Pack and Oracle
DA- Architect rm, - performance logging and monitoring; SQL Supported N/A
Tuning pack which will monitor SQLs real-time and automate the
057 ure Load access path analysis with tuning advisory
SQL tuning process.
(ETL) capabilities.

502
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS has the necessary business
Extract, logic to manipulate the data values and the representation of
NFR- Data Transfo The Solution shall have the ability to convert those values for transport or conversion purposes. For example, if
DA- Architect rm, - message formats and translate coded data Supported N/A the legacy system has two income fields which by design need to
058 ure Load within messages. be converted into one field in the new system, our proposed
(ETL) solution will identify the cross mapping and translate the coded
data as part of the conversion process.

Extract,
NFR- Data Transfo The Solution shall provide support for a Our proposed solution for the TEDS has the capability to support
DA- Architect rm, - metadata repository for data and message Supported N/A the metadata repository to convert and transform data from legacy
059 ure Load conversion and transformations. to the TEDS.
(ETL)

Our proposed solution for the TEDS has the necessary business
The Solution shall provide the technology to logic to manipulate the data values and the representation of
implement processing logic that can those values for transport or conversion purposes. For example, if
Extract,
manipulates data values, and the the legacy system has income stored in two data sources and
NFR- Data Transfo
representation of those values for transport or need to be consolidated during conversion, our proposed solution
DA- Architect rm, - Supported N/A
conversion purposes. This processing logic is has the ability to federate the data and store in the TEDS.
060 ure Load
used to establish a common meaning of data, Additionally, our proposed solution also has the capability to
(ETL)
improve data quality or federate data from address data quality issues like duplicate entries, inconsistent
multiple sources. addresses, null values, data entry errors and incorrect data types
(alpha characters where numeric is expected).

The Solution shall provide tools for data

source and target connectivity: Adapters for a
Our proposed solution for the TEDS proposes Informatica
range of source types beyond Relational
Extract, PowerCenter for data source and target connectivity. Our
Database Management Solutions (RDBMS's) The State will
NFR- Data Transfo proposed solution also has the ability to accept and process XML
and legacy databases (access to data stored provide data
DA- Architect rm, - Supported N/A files, flat file. Informatica PowerCenter also supports adapters for
in non-relational structures - for example, models as
061 ure Load legacy databases and other formats including packaged
VSAM files and IMS databases), including applicable.
(ETL) applications and Web services that require additional licensing
packaged applications and Web services,
based on adapter type and source system type.
and the ability to interpret (as a source and a
target) XML structures, and flat files.

503
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The Solution shall provide tools to support the

Extract-Transform-Load (ETL) process that
includes but is not limited to the following the
following:

i. Extracting data from data sources. Our proposed solution for the TEDS uses Informatica
ii. Transforming it to fit business needs (which PowerCenter for ETL and has the capability to support the listed
can include quality levels). functions as follows:
iii Data validation and verification check prior 1. Extracting data from data sources (RDBMS, Flat Files, XML
to target data store. files)
iv. Loading it into the target data store. 2. Transforming using standard ETL expression, lookup, rank and
v. Caching: The ability to cache federation aggregation transformations to support business needs including
results and various subsets of the source imposing data quality constraints
data to improve performance in situations 3. Loading using tool based and database aware load for target
Extract,
where source data volumes are large; data stores
NFR- Data Transfo
therefore, retrieving all data required for 4. Utilizing both database cache and internal Informatica
DA- Architect rm, - Supported N/A
integration directly from the source is not PowerCenter cache for managing federation results and large
062 ure Load
feasible. volumes of data to handle performance concerns
(ETL)
vi. Verbose ETL process logging to allow for 5. Native logging and monitoring of ETL processes including
ease of support and debugging. support for verbose logging
vi. Multi-threaded parallel operations to 6. SQL Merge equivalent support to perform insert and update
support high volume throughput processing including incremental loads with checkpoint/restart
vii. Support for SQL Merge or equivalent capabilities that do not require a full back out in the event of a
construct to enable efficient Insert, Update midstream load failure
processing for incremental loads to target 7. Checkpoint restart for ETL workflows and mapping executions
database and enable restart with backing out 8. Supports data quality features and reporting on business
changes in the event a load fails mid-stream metrics that serve as ETL key performance indicators
vii. Smart / checkpoint restart to enable
complex jobs to restart at point of failure and
resume where they left off
viii. Support Data Quality functionalilty and
key performance indicators

504
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS uses Informatica

The Solution shall have the ability to load
PowerCenter for ETL and supports:-
data and quality check data in a variety of
Bulk data extraction and loading: - For extracting large batches of
approaches including but not limited to the
data from the source table and load into destination table.
Extract, following:
Granular trickle-feed acquisition and delivery: - This is used in
NFR- Data Transfo i. Bulk data extraction and loading
instances where we need to define source will be defined as the
DA- Architect rm, - ii. Granular trickle-feed acquisition and Supported N/A
trickle feed from which data will be flowing in to the system
063 ure Load delivery
Changed-data capture:- This is used when by creating a trigger
(ETL) iii. Changed-data capture (ability to identify
on the source upon data change and the trigger is processed.
and extract modified data)
Event-based acquisition:- This is used when an event like an
iv. Event-based acquisition (time-based or
address update occurs on the source system, a trigger is created
data-value-based)
for the ETL process

The Solution shall include but not limited to

the following types of transformation:

i. Simple transformations such as data-type

conversions, string manipulations and Simple
Our proposed ETL for the TEDS uses Informatica PowerCenter
calculations
that allows transformations for
ii. Moderate-complexity transformations, such
1) Simple transformations such as converting from date to
Extract, as lookup and replace operations,
timestamp using expression transformations.
NFR- Data Transfo aggregations, summarizations, deterministic
2) Moderate-Complexity such as aggregating monthly income
DA- Architect rm, - matching and management of slowly Supported N/A
from various frequency of incomes.
064 ure Load changing dimensions
3) Higher-order transformations such as parsing a address line in
(ETL) iii. Higher-order transformations, such as
to street #, street type, street name.
sophisticated parsing operations on free-form
4) Facilities for developing custom transformations and extending
text and rich media Facilities for developing
packaged transformations.
custom transformations and extending
packaged transformations
iv. Facilities for developing custom
transformations and extending packaged
transformations

505
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS provides the ability to convert
active cases and associated historical cases determined to be
Master The Solution shall adhere to all ETL operationally necessary to support the day-to-day case worker
NFR- Data
Data requirements for historical data conversions activities and denial/closure appeals. In most circumstances,
DA- Architect - Supported N/A
Manag from the legacy system to the proposed new converting the most current snapshot of the case record will be
065 ure
ement system. sufficient to continue business operations. In certain situations
where relevant historical records are required to support open and
pending case business flows, data will be converted.

Our proposed solution for the TEDS supports the identification of

unique person using State's existing MPI. When more than one
Master The Solution shall support identification of a match is found, then the solution will present an option for the
NFR- Data
Data unique person, where multiple records can Partially case worker to pick the best fit match along with a suggested
DA- Architect - N/A
Manag exist using the matching service provided by Supported score for matching. When a client is added as a member to a
066 ure
ement Master Person Index (MPI). case and identified as a known individual, the member is linked to
the existing member record within the Master Person Index and
the unique identifier previously established is reused

Our proposed solution for the TEDS uses State existing MPI.
When the case worker adds an individual or updates certain
specific demographic information in the TEDS, then this
Master The Solution shall be configured in such a information is updated in MPI through a Web service call. We will
NFR- Data
Data way that changes applicant information that Partially use the State's existing alerting mechanisms to have this
DA- Architect - N/A
Manag are shared with the MPI, MMIS, and other Supported information sent out to other partner systems that use the same
067 ure
ement partner systems remain in synchronization. MPI. This information is also sent as part of the demographic
updates in the night batch process to MMIS system.

The Solution shall be able to submit new

member/applicant records to the MPI. The
Our proposed solution for the TEDS will submit new
member/applicant record may include but not
member/applicant records to the State existing MPI as soon as
NFR- Data Data Metadata limited to:
Partially the applicant is added to the TEDS. This is done through a Web
DA- Architect Manag Manage N/A
Supported service call to IBM initiate. We assume that the existing service
068 ure ement ment i. Identification
has the capability to take Identification Id, demographic
ii. Demographics
information, contact information and relationships to the member.
iii. Contact information
iv. Relationships to the member

506
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The Solution shall create and document a Our proposed solution for the TEDS creates a consistent XML
consistent XML taxonomy that uses the same taxonomy based on National Information Exchange Model
XML tags and attributes for the same data (NIEM). We assume that the State existing MPI solution is based
elements and concepts. The taxonomy on NIEM so that integrations with it would also follow the same
NFR- Data Data Metadata should be based on National Information NIEM alignment. Deloitte will work with the State to identify all the
Partially
DA- Architect Manag Manage Exchange Model(NIEM). The taxonomy shall N/A areas and data points that will be required to be compliant with
Supported
069 ure ement ment be used to in define data exchanges but there the National Information Exchange Model (NIEM). Along with this
shall be an English language overview of the assessment Deloitte will verify that all the classified and critical
approach, organization, standards, key data adheres to NIEM Standards and policies while at rest and in
elements, naming patterns, abbreviations, transit, as identified during the finalization of project requirements
etc. during the initial weeks of the project.

The Solution shall provide comprehensive

metadata management from source to target
in a single metadata repository. The
Our proposed solution for the TEDS provides a single repository
NFR- Data Data Metadata metadata repository shall include but not be
of metadata in a single metadata repository including mappings,
DA- Architect Manag Manage limited to the following information: mappings Supported N/A
business glossary and data elements that are used for reporting
070 ure ement ment of business concepts to underlying data
and ETL using Informatica PowerCenter repository.
structures, business glossary, data lineage,
reference data, and objects (e.g. view, table,
join) and reports from source to target.

Our proposed solution's data dictionary for the TEDS provides

The Solution shall allow the physical
semantic information for the tables and columns along with the
NFR- Data database to be described in a data dictionary
business usage. This is produced and maintained in an excel
DA- Architect DBMS with the usage, associated business rule and Supported N/A
format since it is different than the metadata repository used for
071 ure semantic information for the tables and
ETL and reporting where the metadata tier has a different level of
columns
semantic context than transactional data dictionary use.

Our proposed solution's uses Oracle Database for OLTP Query

Performance Tuning which is executed in conjunction with SQL
procedure reviews so that interactions between the system and
NFR- Data The Solution shall provide performance, the database are efficient and align to industry standards. We also
DA- Architect DBMS tuning and reporting capabilities in order to Supported N/A follow similar procedures to assess our batch queries, and help
072 ure monitor application interfaces using SQL. reduce operational costs. Indexing technology might also be
incorporated to tune performance of SQL statements as needed.
The proposed solution’s oracle database has advanced querying
features.

507
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Infrastru The Solution shall be hosted at HCFA data Our proposed solution for the TEDS will be hosted on a virtual
NFR-
cture Data centers managed by STS. The equipment Partially infrastructure platform in the HCFA data centers. Deloitte will
INFA- - C.3.3
Architect Centers cost, including the disaster recovery site, Supported provide equipment cost including licensing needed for the DR site
001
ure shall be included in the SI's proposal. as part of the contract.

508
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The contractor shall submit to HCFA as part

of their proposal, specifications for all
necessary hardware, software and tools for
the project. In addition to systems monitoring
and management, development support
tooling, and project management tooling
environments the contractor shall propose
application environments for a minimum of
the environments listed below. For the
Development and Testing environments the
vendor should include environments to
support two concurrent releases in
development plus a regular maintenance
release for a total of three sets of
Development and Testing environments. The
contractor may propose to share
environments for multiple purposes and to
share components such as Address
Verification across multiple environments.
Each environment will include three web
portals: Worker; Partner; and Member. The Our proposed solution for the TEDS infrastructure includes
contractor may also propose additional hardware, software, and tools that are required for the project.
application environments based on their Our proposed hardware, software and tools for the TEDS will
Infrastru development methodology and the support the system monitoring, management, development, and
NFR- Hosting
cture understanding of the project roadmap. The project management across the multiple environments
INFA- Environ - Supported C.3.3
Architect minimum environment set (a total of 41 (Production, Staging, Technical Sandbox, Development, Unit
002 ment
ure environments) the contractor shall submit Test, System Integration Test (SIT), User Acceptance Test (UAT),
specifications for are as follows: Performance Test, Regression Test, Conversion, Training, and
Disaster Recovery) and multiple parallel releases as requested by
i. Production (1) the State.
ii. Staging / Penetration Testing (1)
iii. Technical Sandbox (1)
iv. Development (4 of each of the following)
- Development
- Interface Development
- Unit / Automated test
- Component Integration Test
- Data Conversion Development
v. Test (4 of each of the following)
- System Integration Test
- Functional Test
- Automated Regression Test / QA
- Interface Test
- Performance / Stress Test
- Data Conversion Test
- User Acceptance Test
vi. Training (1)
vii. Disaster Recovery (1)

509
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS will be hosted in the HCFA
Environments that contain production data
data centers. Our Deloitte ClearLight reporting and business
Infrastru shall be hosted at the State data center
NFR- Hosting intelligence component is hosted in the cloud which is approved
cture managed by the State Strategic Technology
INFA- Environ - Supported C.3.3 for storing PHI /PII data. This hosting approach for Deloitte
Architect Solutions group. The contractor may propose
003 ment ClearLight is cost-effective and provide additional features like
ure to host other environments, subject to the
data visualization etc. for the State, but can also be configured on-
approval of HCFA.
premise within the State data center if the State choses to do so.

The Solution shall provide tools to automate

the migration of code, configuration, security
Infrastru Our proposed solution for the TEDS leverages open source ALM
NFR- Hosting roles, and data between environments
cture stack (JIRA, JAMA, Tasktop Sync, Bitbucket) along with Atlassian
INFA- Environ - including but not limited to: Supported C.3.3
Architect Fisheye and Crucible provides abilities for code review, migration,
004 ment i. Conversion Testing Environment
ure data migration etc., across and into the required environments.
ii. Performance Testing Environment
iii. UAT Environment

The Solution shall include an infrastructure

management module to allow system
administrators to perform tasks such as but Our proposed solution for the TEDS will be hosted on a virtual,
not limited to: converged infrastructure platform in the HCFA data centers. Using
Infrastru
NFR- Hosting i. Creating application server domains the VCE VxBlock VCenter and VSphere management consoles,
cture
INFA- Environ - ii. Deploying applications or components Supported C.3.3 virtual servers can be created, deployed, migrated across
Architect
005 ment iii. Migrating domains from development domains, monitored, and configured. Additionally, these consoles
ure
environments to production environments provide a location to begin the diagnostics and trouble shooting of
iv. Monitoring and configuring the issues as they arise.
performance of the application server domain
v. Diagnosing and troubleshooting problems

As part of our proposed solution for the TEDS, Deloitte's technical

and architecture will implement and manage the initial installation
The contractor is responsible for
Infrastru and set-up of the TEDS solution software and tools. Additionally,
NFR- Hosting implementing, managing, and the operations
cture the Deloitte team will be responsible for the operations and
INFA- Environ - and maintenance of the software solution and Supported C.3.3
Architect maintenance of the TEDS solution software and tools. The
006 ment tools purchased under the contract in the
ure Deloitte team will request the proper server configurations and
data center(s) as defined by HCFA.
operating system set-up, from the State, to serve as a base for
these installations and operations.

Infrastru The contractor is responsible for maintaining As part of our proposed solution for the TEDS Deloitte will
NFR- Hosting
cture all DDI environments, software, and tools maintains all DDI environments. Additionally, Deloitte will maintain
INFA- Environ - Supported C.3.3,C3.4
Architect purchased under the contract for all software, and tools purchased under the contract for all
007 ment
ure environments. environments.

510
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS is based on an n-tier JEE

architecture that partitions application components into
The Solution's application server design shall
independent tiers for separation of concerns. Our proposed
Infrastru provide scalability and reliability for
NFR- Hosting architecture supports both horizontal and vertical scaling and
cture applications by distributing the work load
INFA- Environ - Supported C.3.3,C3.4 clustering. Administrators can add more resources without
Architect among multiple instances of the server for
008 ment bringing the system down or modifying application code to support
ure each of the critical components in the solution
load. Database connections can be pooled using WebSphere
design.
Connection pooling, which allows efficient reuse of database
connection objects.

511
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The contractor shall develop a technical

infrastructure document which describes all of
the hardware, system software and tools
necessary for each of the environments
proposed, which shall include but not limited
to:

i. A comprehensive system assets inventory

(hardware, software, services, processes,
configuration, etc.) preferably maintained and
managed through a centralized Configuration
Management Database (CMDB).
ii. A detailed product currency and license
inventory preferably maintained and
managed through a centralized Configuration
Management Database (CMDB).
a. List of all software licenses, current
installations version, latest version (for each
particular product), and next target installation
version (e.g.. we recently upgraded Oracle to
11.2.0.4 version although the latest version is
12.c)
b. Software end-of-life Deloitte will submit documentation detailing hardware, software,
c. Software end-of-support and configuration specifications outlined in the requirement for the
Infrastru iii. Network connectivity diagrams A CMDB environments constructed as per deliverable 47 (Infrastructure,
NFR- Hosting
cture a. Entire network diagram representing does not Partially System Source Code and Documentation). Since State has
INFA- Environ - C.3.3
Architect physical and logical links between nodes currently Supported significant infrastructure compute, storage and network
009 ment
ure (e.g.. servers, load balancers, firewalls, etc.) exist. provisioning responsibilities we would work with the State to work
b. Secure boundary representation diagrams collaboratively to gather and document the information required
iv. Network configuration inventory, preferably for the deliverable and the items listed in the requirement.
maintained and managed through a
centralized Configuration Management
Database (CMDB).
a. IP management (subnets, VLANs, IP
assignment inventory, etc.)
b. Network ports in use
c. Network protocols in use
d. Secure tunnels
e. Certificates
V. Data flow diagrams
a. Node to node traffic (from data source to
data destination) including all data
repositories and pass-through systems
involved
b. Between various logical elements of a
particular unique solution or application (e.g..
link between front-end and back-end
elements)

512
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Infrastru
NFR- Hosting The contractor shall utilize STS procedures It is our understanding that the State operates the Production and
cture
INFA- Environ - and services to establish offsite Disaster Supported C.3.3 Disaster Recovery sites and we will utilize the existing procedures
Architect
010 ment Recovery capabilities. for assisting with establishment of Disaster Recovery capabilities
ure

The Solution shall provide for a monitoring

Infrastru
NFR- Hosting and diagnostic service that creates, collects, Our proposed solution for the TEDS provides monitoring and
cture
INFA- Environ - analyzes, archives, and accesses diagnostic Supported C.3.3 diagnostic services for collecting, analyzing, archiving and
Architect
011 ment data generated by a running server and its accessing diagnostic data through VCE's VCenter console.
ure
deployed applications.

Our proposed solution for the TEDS is built upon standard

commercial off-the-shelf (COTS) software, and standardized
Infrastru frameworks. These allow for user analytics to be captured and
NFR- Hosting
cture The Solution must allow for user analytics to reported for server usage from an infrastructure user standpoint.
INFA- Environ - Supported C.3.3
Architect be captured and reported. The data is available at the VMWare console as well as within
012 ment
ure Windows Event viewers that can be mined by monitoring utilities
in our proposed solution like Tripwire for tracking secure access
and proper use of the server in terms of SCM controls.

Deloitte's approach to refreshing the infrastructure is based on a

The contractor shall provide detailed phased refresh of each environment after year 4 based on the
Infrastru
NFR- Hosting processes to refresh each environment to state’s business needs at that time. We will identify specific
cture Partially
INFA- Environ - support the recreation of the environments C.3.3 refresh requirements, along with supporting diagnostics and
Architect Supported
013 ment and to support diagnostics and problem problem resolution as necessary. Migration activities requiring
ure
resolution as necessary. significant change to network topologies would required TARB
and CCB approvals.

Deloitte provides a Contingency and Disaster Recovery Plan

The contractor shall provide HCFA with the
Infrastru Disaste (CDRP) – as per “Deliverable 10 – Business Continuity and
NFR- following documentation:
cture r Disaster Recovery Plan”, that includes the disaster recovery plan,
INFA- - i. Integrated business continuity plan Supported C.3.3
Architect Recove business continuity plan and contingency plan focused on making
014 ii. Disaster recovery plan
ure ry available, critical processes and resources required for the TEDS’
iii. Contingency plan in the event of a disaster
operations.

513
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deloitte provides a Contingency and Disaster Recovery Plan

(CDRP) – as per “Deliverable 10 – Business Continuity and
Disaster Recovery Plan.” This deliverable includes specifics on
recovery of business processes and system recovery procedures.
This includes the steps required to recover the application, the
The contractor shall provide specifics on order of these steps, and the verification of the recovery
recovery of business processes and system processes. Additionally, Deloitte will participate in post-Disaster
recovery procedures whose topics include but Recovery testing activities, where the Disaster Recovery test
are not limited to: steps required to recover results are reviewed; observations and recommendations of our
Infrastru Disaste the application and its; the order of recovery proposed solution for the TEDS disaster readiness are
NFR-
cture r steps; and verification processes. The documented; and the achievement or RTO and RPO are certified.
INFA- - Supported C.3.3
Architect Recove contractor shall participate in post Disaster
015
ure ry Recovery testing activities and provide Deloitte works with the State to perform initial testing of the
reports certifying the achievement of RTO Disaster Recovery Plan after statewide implementation. To test
and RPO objectives as well as readiness of our Disaster Recovery Plan’s effectiveness, the Deloitte team
the DR system to support business works with the State to perform a disaster simulation exercise and
operations. confirm that the recovery processes meet the State’s expectations
during operational readiness testing.
Inclusive in this validation process, we verify the database backup
and recovery strategy. This includes confirming the ability to
switch from the primary to the backup location and to successfully
bring up the TEDS solution.

Our proposed solution for the TEDS solution is built upon two
VxBlocks leveraging VMware virtualization platform and Oracles
Exadata. One of the VxBlocks will host the Production
environment, and the other will host the Non-Production
The Solution shall leverage virtualization to environments. Each of the two VxBlocks will be hosted in a
Infrastru Disaste
NFR- expedite disaster recovery by enabling different one of the State's data centers, allowing for the Non-
cture r
INFA- - system owners to quickly reconfigure system Supported C.3.3 Production VxBlock to server as the disaster recovery solution.
Architect Recove
016 platforms without having to acquire additional For the TEDS data, the non-production Exadata server will host
ure ry
hardware. the disaster recovery database, which will be replicated from the
production database in near real-time using Oracle's GoldenGate
technology. In the event of a disaster, this configuration allows the
State to quickly switch to the disaster recover environment,
without having to acquire additional hardware.

514
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS is designed for High

Availability. To meet HCFA's defined SLAs, RTO, and RPO, we
will develop a High Availability and Disaster Recovery plan, which
outlines our approach along with the parties responsiblities to
meeting these for the TEDS components managed by Deloitte.
The contractor shall develop a High
Deloitte has proposed in the BOM an architecture for TEDS that
Infrastru Disaste Availability & Disaster Recovery Plan for the
NFR- utilizes VMWare Site Recovery Manager, EMC RecoverPoint and
cture r entire solution driven by HCFA's defined
INFA- - Supported C.3.3 Oracle Active DataGuard to support state RPO and RTO. While
Architect Recove Service Level Agreement (SLA), Recovery
017 the architecture is truly high available with replication for meeting
ure ry Time Objective (RTO), and Recovery Point
the RPOs and RTOs, it relies on State's existing data center
Objective (RPO).
network equipment's automated failover across data centers and
the availability of a high bandwidth low latency network pipe for
DR between the primary and DR sites. The RTO also relies on
availability of state resources, various site level coordination and
external system dependency for key data exchanges and
interfaces

The Solution shall use offsite storage to

enable a full recovery of the application and
its data in the event of a disaster that Our proposed solution for the TEDS will host the production and
Infrastru Disaste
NFR- destroys the primary data center. Data non-production Exadata servers in different data centers. The
cture r
INFA- - backup files and transaction logs shall be Supported C.3.3 non-production Exadata server will host the disaster recovery
Architect Recove
018 stored offsite in the event of a physical database, which will be replicated from the production database in
ure ry
disaster. The frequency of the transmission of near real-time using Oracle's GoldenGate technology.
backup files and transaction logs shall be
sufficient to meet the system RPO.

The proposed solution for the TEDS is designed around a

Infrastru Disaste The Solution shall have the ability to support
NFR- production and hot (real-time replication) disaster recovery
cture r either a production and hot (real-time
INFA- - Supported C.3.3 design. However our proposed solution for the TEDS is capable of
Architect Recove replication) disaster recovery design or a
019 supporting or a multi host site production design, assuming the
ure ry multi host site production design.
latency between sites is low enough to support it.

Infrastru Disaste The contractor shall conduct an semi-annual Deloitte will conduct a semi-annual review and update of the
NFR-
cture r review (or on schedule determined by HCFA) Disaster Recovery Plan throughout the life of the contract. Should
INFA- - Supported C.3.3
Architect Recove and update of the Disaster Recovery Plan a different schedule be required, we will work with HCFA to
020
ure ry throughout the life of the contract. determine it.

Infrastru Disaste The contractor shall participate in regularly

NFR-
cture r scheduled (as scheduled by HCFA ) disaster Deloitte will participate in regularly scheduled HCFA disaster
INFA- - Supported C.3.3
Architect Recove recovery exercise and meeting throughout recovery exercises.
021
ure ry the life of the contract.

515
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS implements a zoned

architecture, with application functionality is often organized in a
multi-tier network configuration:
1. Internet user Zone - Provides the web interface to the system.
User traffic from various devices (workstations, mobile devices,
etc.) enters the system through this tier
2. Intranet user Zone - Provides the web interface to the system.
User traffic from various devices (workstations, mobile devices,
etc.) enters the system through this tier
3. De-Militarized Zone - Provides the separation for secure in-
Infrastru The Solution shall align with the "Zoned
NFR- bound traffic to come in to the datacenter. Typically reverse proxy
cture Architecture" defined in CMS Exchange
INFA- - - Supported C.3.3 and internet facing servers such as specific web servers or IBM
Architect Reference Architecture: Foundation
022 DataPower appliances would reside here.
ure Guidance.
4. Trusted Application Zone - Hosts the applications implementing
the business logic for the system. This tier implements the
business components, business services, business rules, and
application integration for the system
4. Protected Data Zone - Hosts the information systems including
the database and legacy application systems accessed by the
applications
In accordance with CMS Exchange Reference Architecture:
Foundation Guidance, these zones are protected by firewalls and
intrusion detection devices, as appropriate.

The contractor shall coordinate and is

responsible for working with the State and During the Strategy and Planning phase, through coordination
NFR- Data Other State Contractors to develop a data with the State and Other State Contractors, Deloitte develops the
DC- Convers - - migration and conversion plan describing the Supported C.11.3.1 Data Conversion and Synchronization Plan which describes our
001 ion approach, strategy, constraints, assumptions approach, strategy, constraints, assumptions, and specifications
and specification for converting and migrating for converting and migrating from the current legacy sources.
from current legacy sources.

516
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The contractor shall provide a data

conversion strategy and data conversion plan
that will include but is not limited to the
following:
i. Identify source and target
systems/environments
ii. Identify locations involved in the conversion
effort
Provide for a non-disruptive conversion
(no or minimal down-time)
iii. Describe any automated method of
conversion that require limited intervening by
the State
iv. Describe and addresses security
measures that will enforce referential integrity
of all data
v. Implement a mechanism for identifying and
reporting conversion errors
vi. Implement a mechanism for error
resolution
vii. Implement a method to reconcile data and
differentiate between converted data versus
new system data.
viii. Provide a capability of automatically During the Strategy and Planning phase, through coordination
NFR- Data reverse or undo a conversion with the State and Other State Contractors, Deloitte will develop a
DC- Convers - - ix. Identify conversion verification procedures Supported C.11.3.1 data conversion strategy and Data Conversion and
002 ion and activities required for system testing. Synchronization Plan that meets the State's requested
Identify the testing of tools and scripts, and requirements
the validation and verification of resulting test
data, in preparation for data loading.
x. Provide a mapping of the source to
destination, considering intermediate
processing requirements.
xi. Data Cleansing process
xii. Frequency of data conversion in all
environments such CIT/SIT, UAT and
Production
xiii. Sequencing of data loads
xiv. Data Conversion Schedule
xv. Role and Responsibilities
xvi. Identify if parallel runs of the old and new
systems will be necessary during the
conversion process, or if there will be a one-
time cut-over to the new system.
xvii. Identify criteria for a Go/No-Go decision.
xviii. Assumptions
xix. Risks
List of tools needed to execute the
conversion
Strategy for data quality assurance and
control

517
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Strategy for populating data not

contained in legacy system(s) / sources
Approach for converting and migrating
scanned documents/images from legacy
systems

518
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

During the Design phase of the project, the Deloitte team

The contractor shall assist at the direction of evaluates the legacy data sources and potential data universe to
the State in the development of manual determine what data can be converted via an automated manner
NFR- Data
conversion procedures for loading data that and what data would require manual intervention. Clear
DC- Convers - - Supported C.11.2
can not load to the target new system explanations will be documented on why the fields cannot be
003 ion
environment using an automated conversion converted automatically in the conversion plan and/or conversion
process. mapping documents. Also a method to manually enter legacy
cases in the TEDS will be designed.

NFR- Data The contractor shall provide a detailed data

Deloitte’s custom data mapping tool will be used to provide the
DC- Convers - - element mapping crosswalk between the data Supported C.11.3.2
crosswalk between source and target data elements.
004 ion source and the data target.

The contractor shall produce a before and

after conversion report to the State which will
include but is not limited to the following: Deloitte will provide before and after conversion reports to the
State which include:
NFR- Data i. Conversion count i. Conversion count
DC- Convers - - ii. Conversion errors Supported C.11.1.5 ii. Conversion errors
005 ion iii. Error rate iii. Error rate
v. Data type conversion source type to native v. Data type conversion source type to native type failures
type failures vi. Validation and completeness for conversion
vi. Validation and completeness for
conversion

Deloitte will work with the State to execute multiple mock runs
The contractor shall complete a number of
NFR- Data prior to each production conversion run. Sufficient time will be
error free data conversions, as determined by
DC- Convers - - Supported C.11.3.6 provided for manual and automated cleanup of data in the legacy
the State, in the production environment prior
006 ion systems after each mock run. This process will focus on
to go live
continuous improvement to achieve the highest conversion rate.

NFR- Data Deloitte will provide error reports and reconciliation reports after
The contractor shall reconcile any errors
DC- Convers - - Supported C.11.1.5 each conversion run to reconcile any errors produced from that
produced from any data conversion run
007 ion run.
The contractor shall ensure that the results of
NFR- Data the data conversion process is that any given Deloitte will use the Benefit Matching process as a part of
DC- Convers - - member Medicaid healthcare coverage will Supported C.11.1.4 conversion to confirm that any eligible member maintains
008 ion remain in place before and after the coverage after conversion.
production data conversion

519
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deloitte has methodologies in place to minimize and log contact

with PII or PHI data based on minimal essential access roles
The contractor shall ensure that converted
definition using security best practices. Environments with PII or
data following the protect and privacy
PHI are safeguarded through industry-standard safeguard
NFR- Data protocols established by the SSP and
mechanisms including MARS-E requirements for server level
DC- Convers - - security control outlined by the State and Supported C.11.3.4
hardening, database level encryption, data masking and firewall
009 ion security compliance regulations. Security
protection. PII and PHI data usage will be agreed upon between
measures should be enforced regarding data
the State and Deloitte and will follow the protection and privacy
sensitivity issues.
protocols established by the SSP and security control outlined by
the State and security compliance regulations.

Deloitte will identify the data cleansing, validating, and initiating

requirements for the data conversion activities. After each
conversion round, reports will be used to highlight data
discrepancies that need to be addressed prior to the next
conversion run. Some examples of data quality issues include
duplicate entries, inconsistent addresses, null values, data entry
errors and incorrect data types (alpha characters where numeric
The contractor shall identify the data
NFR- Data is expected). The data discrepancies should be addressed as part
cleansing, validating, and initiating
DC- Convers - - Supported C.11.3.5 of the automated cleanup in the conversion process or via a
requirements for the data conversion
010 ion manual cleanup effort by authorized users directly within the
activities.
legacy system or by legacy technical staff using automated data
cleanup scripts executed directly in the source systems. Priority of
these items will be determined based on the severity of the
impact, the number of impacted records, and complexity. The
priority will determine the order in which the issues are resolved.
Where possible, data is automatically cleansed in the conversion
process based on the rules defined in the Design phase.

The Data Conversion and Synchronization Plan will provide HCFA

staff a data conversion workflow, which will include information on
NFR- Data The contractor shall provide a data how the workers should use the conversion reports and benefit
DC- Convers - - conversion workflow allowing for HCFA Staff Supported C.11.3.1 match information to process the converted cases in the TEDS.
011 ion to continue normal busniess operations. The primary objective of providing this information is to make sure
that business continuity is not lost and there is no impact to
members' healthcare coverage as a result of conversion.

The contractor shall provide a project plan

NFR- Data The Data Conversion and Synchronization Plan will provide a
that describes the timeline of activities of the
DC- Convers - - Supported C.11.3.1 schedule for all the conversion activities including but not limited
contractor and the State to complete
012 ion to mock runs, data cleansing and production runs.
conversion at implementation.

520
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The contractor shall provide to the State a list

of data conversion tools and scripts to Deloitte uses a data mapping tool to document all conversion
perform data conversion, intermediate data rules and the ETL tool, Informatica PowerCenter, allows
NFR- Data
processing and loading cleansed data into conversion scripts to be exported and shared with the State. In
DC- Convers - - Supported C.11.3.1
the destination (target) data repository. This addition, the Data Conversion and Synchronization Plan will
013 ion
would include both automated conversion provide information on data cleansing and manual conversion
program and manual procedures (data entry procedure.
procedures).
The contractor shall provide the capability to
The Data Conversion and Synchronization Plan will include
NFR- Data automatically reverse or undo a conversion
Contingency/Rollback plans for all data conversion runs including
DC- Convers - - by conversion group e.g., entity Case and Supported C.11.3.1
details on how to rollback a conversion run either completely or to
014 ion associated database entities as defined by
one of the interim backup points.
the State.

After completion of the data transformation and load,

The contractor shall provide a method to reconciliation process will be used to compare the counts of
NFR- Data
reconcile converted data and differentiate source and target rows to validate that no records were skipped
DC- Convers - - Supported C.11.1.3
between converted data versus the target during the conversion process. Additionally, converted records will
015 ion
system data be specifically marked as part of the audit trail functionality to
differentiate source system and existing target system data.

The contractor shall provide a schedule of

conversion activities to be accomplished in
accordance with the Data Conversion Plan
The Data Conversion and Synchronization Plan will provide a
and approved the data including but not
NFR- Data schedule for all the conversion activities during the production
limited to the following:
DC- Convers - - Supported C.11.3.1 runs. This will be further refined during the mock runs when an
016 ion accurate estimate of time required to perform each step of the
i. Time allotted/allowed to complete the
conversion is available.
conversion process in each environment.
ii. Time allowed to Normalized the data from
the source (legacy) to the target.

The Contractor shall be responsible for

coordinating, addressing and reconciling with
the State any data quality assurance and
control issues prior to a given data
conversion cycle. In addition, the Contractor
Deloitte will work with the State to identify types of data quality
shall be responsible for identifying types of
problems that may occur. Based on this, data validation rules will
NFR- Data data quality problems that may occur,
be applied during the conversion process and tracked with
DC- Convers - - including but not limited to the following Supported C.11.1.2
Conversion Validation reports. These reports will be shared with
017 ion considerations:
the State and used to drive data cleanup efforts in the source
system before the go-live.
i. Invalid Content
ii. Data Type re-definitions (e.g., alphas in
dates and numbers data field)
iii. Incomplete Content (e.g., un-initialized
data)

521
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deloitte performs a minimum of 3 mock runs prior to Go-Live that

achieve a 100 percent pass rate. These mock runs simulate the
The contractor shall be responsible for
go-live and use production data volumes. The pass rate is
running a sufficient number of mock data
NFR- Data determined by the accumulative average of all records
conversions in production achieving a 100%
DC- Convers - - Supported C.11.3.6 correctly converted in every field, in every extract file, coming from
pass rate for each data conversion run. Each
018 ion the data
mock conversion should simulate the real go-
sources based on the mapping requirements documented in the
live process with actual data volumes.
Data Conversion and Synchronization Plan and Deloitte's data
mapping tool.

Custom programs will be developed to migrate scanned

The contractor shall provide the capability to
documentation such as Notices, Pay Stubs, Case Notes and
conversion data from several source(s) e.g.,
NFR- Data Verification paper documents from the existing legacy system to
scanned documentation such as Notices, Pay
DC- Convers - - Supported C.11.3.3 the new proposed system. In order to perform the document
Stubs, Case Notes and Verification paper
019 ion migration, the legacy staff will be asked to provide a file containing
documents for the existing legacy system
metadata required to index the document to a case or client within
(FileNET) to the new proposed system.
the TEDS.

In situations where certain data elements are required in the

TEDS system but not available for a case in legacy, Deloitte will
The contractor shall not use synthetic data or
NFR- Data work with the State to determine the best approach to convert
use estimated data in production for missing
DC- Convers - - Supported C.11.1.3 those data elements. Deloitte will not use defaults unless the
data e.g., baby SSN, birth date without
020 ion State provides approval. After design discussions, these rules will
written approval by the State.
be clearly documented in the data mapping tool and will be
provided to state for review and written approval.

The data conversion for the TEDS will be performed in three

NFR- Data releases - MAGI Medicaid case conversion, Non-MAGI Medicaid
The contractor shall provide a phase
DC- Convers - - Supported C.11 case conversion and Appeals conversion. Further, each release
approach to a data conversion solution.
021 ion will include conversion in three phases - big-bang production
conversion, catch-up conversion(s) and manual conversions.

The contractor shall be responsible for

Deloitte’s conversion specialists will collaborate with legacy SMEs
identifying and describing the boundaries and
to review legacy data that is available for extraction and assist in
scope of the data conversion. Including but
NFR- Data establishing the desired format of extract files and selection
not limited to specific system functions, and
DC- Convers - - Supported C.11.3.1 criteria.
ad hoc user access database(s) and
022 ion
providing a high-level mapping of the data
The mapping of legacy data elements to the TEDS data elements
and data types to be converted or migrated to
will be performed using a custom data mapping tool.
the new system

522
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS is compliant with the W3C
Web Content Accessibility Guidelines Priority 1 Checkpoints. This
The Solution shall satisfy the Priority 1
compliance is validated and tested using standard tools like
Checkpoints from the current Web Content
JAWS (Job Access with Speech) reader for priority 1 checkpoints
NFR- Accessibility Guideline developed by the
Accessi in WCAG. These are met based on the following:
AS- - - World Wide Web Consortium (W3C), as Supported N/A
bility 1. Visual magnification using native browser and Adobe Reader
001 detailed at:
capabilities
http://www.w3c.org/TR/WCAG10/full-
2. Screen Reader compatibility using native browser capabilities
checklist.html
3. High contrast mode using native Windows Desktop Operating
System capabilities

Our proposed solution for the TEDS will achieve compliance with
the Americans with Disabilities Act (ADA). These are met based
on the following:
NFR-
Accessi The Solution shall be compliant with the 1. Visual magnification using native browser and Adobe Reader
AS- - - Supported N/A
bility Americans with Disabilities Act (ADA) capabilities
002
2. Screen Reader compatibility using native browser capabilities
3. High contrast mode using native Windows Desktop Operating
System capabilities

Our proposed solution for the TEDS will be assessed for

The Solution shall be compliant with the compliance through testing for Section 508 compliance
NFR-
Accessi Section 508 amendment to the 1973 throughout the system development life cycle. We use
AS- - - Supported N/A
bility Rehabilitation Act where as all web content Compliance Sheriff to test accessibility and Section 508
003
be accessible to people with disabilities. compliance to produce the report and will indicate false positives
in the report as part of sharing it with the state.

Our proposed solution for the TEDS will be assessed for

The Solution shall have an accessibility compliance through testing for assistive technologies compliance
NFR-
Accessi testing solution that incorporates the use of throughout the system development life cycle. We use
AS- - - Supported N/A
bility assistive technologies. The contractor shall Compliance Sheriff to test accessibility and Section 508
004
provide an ADA compliance report. compliance to produce the report and will indicate false positives
in the report as part of sharing it with the state.

Our proposed Member/Partner Portal solution for the TEDS can

be accessed through a Web browser without additional software.
NFR- User The Solution's public web portal shall provide
Accessi Web Our proposed solution for the TEDS supports the mainstream
AS- Channe web-based access that requires only web Supported N/A
bility Portal browsers - Microsoft Internet Explorer 9, Microsoft Internet
005 ls browsers.
Explorer 10, Microsoft Internet Explorer 11, Microsoft Edge v13,
Google Chrome v49, and Firefox v45.

523
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

NFR- Manage The contractor shall propose one or more

MA- ability Commercial Off the Shelf (COTS) monitoring
001 tools to proactively monitor the performance, Our proposed solution for the TEDS provides three categories of
track progress and facilitate decision making monitoring, using COTS products; Security, Application, and
of key application components and services Infrastructure. For each of the categories of monitoring, we use
of the proposed solution. The State of the following COTS products:
Tennessee and HCFA have not identified a Security (IBM Security QRadar, Nessus Vulnerability Scanner,
- - preference for a performance management Supported N/A Tripwire Security Configuration Management Suite)
toolset. Application (HP SiteScope, Oracle Cloud Control, Splunk
Enterprise, Syslog Server)
Infrastructure (VMWare VCenter, Cisco UCS Manager, EMC
Unisphere: Unified Storage Monitoring, Cisco Prime Network,
Oracle Enterprise Manager (OEM), F5 Monitoring Pack)

NFR- Manage The contractor shall provide, configure and

MA- ability operate COTS tool(s) (The COTS tool(s)
002 should be generally available and have Our proposed solution for the TEDS provides three categories of
adopters to various vender products) to monitoring, using COTS products; Security, Application, and
detect errors related to components including Infrastructure. For each of the categories of monitoring, we use
but not limited to network connectivity the following COTS products:
interruptions, a database server going off line, Security (IBM Security QRadar, Nessus Vulnerability Scanner,
- - or web service connectivity etc. Supported N/A Tripwire Security Configuration Management Suite)
Application (HP SiteScope, Oracle Cloud Control, Splunk
Enterprise, Syslog Server)
Infrastructure (VMWare VCenter, Cisco UCS Manager, EMC
Unisphere: Unified Storage Monitoring, Cisco Prime Network,
Oracle Enterprise Manager (OEM), F5 Monitoring Pack)

NFR- Manage The Solution shall have safeguards designed

MA- ability to ensure that configuration variables Our proposed solution for the TEDS will use Tripwire Security
003 affecting applications and the back end Configuration Management Suite that does configuration
resources remain at some predetermined compliance checks and can be scheduled to run at regular
- - Supported N/A
configuration settings. The configuration shall intervals to detect and log any malicious configuration changes
not be mixed with application data. and therefore, can be used to check unauthorized configuration
and properties file changes

NFR- Manage The Solution shall provide, configure and

MA- ability operate third party COTS tool(s) to detect Our proposed solution for the TEDS will use HP SiteScope and
004 application performance issues, such as Oracle Cloud Control to monitor the application’s service health
degraded servlet, database or other back end and to monitor the database. These tools provide provides timely
resource response times and alert system alerts about performance and availability issues. To prevent
- - Supported N/A
administrators. system performance degradation, our approach includes using
the proposed monitoring tools to proactively identify potential
issues, and address them before they impact the overall system
performance.

524
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

NFR- Manage The Solution shall provide, configure and

MA- ability operate COTS tool(s) to monitor key Our proposed solution for the TEDS will use HP SiteScope that
005 performance indicators (KPIs) metrics such provides real-time visibility of application’s service health and
as but not limited to response time, resource provides timely alerts about performance like CPU Utilization,
- - availability, CPU utilization, and memory Supported N/A response times, memory utilizations and availability issues. HP
utilization reaches thresholds etc. SiteScope provides templates for the most important key
performance indicators and comes with a best practices guide
that outlines steps to troubleshoot common issues.

NFR- Manage The Solution shall send alerts based on the

MA- ability monitored attributes. These can be escalated Our proposed monitoring solutions for the TEDS can be
006 through E-Mail / SMS etc. configured to escalation alerts via emails and SMS messages.
- - Supported N/A
These alerts can be escalated to an email or phone number (via
SMS), when certain events occur or thresholds are met.

NFR- Manage The Solution shall provide diagnostic

MA- ability information on performance and availability The proposed monitoring tools for the TEDS will capture and store
007 issues identified through performance a variety of metrics and statistics. These metrics combined with
monitoring. our teams extensive experience in supporting large systems, is
- - Supported N/A
then used by the team to diagnose and further research
performance and availability issues that may be identified through
performance monitoring.

NFR- Manage The Solution shall provide a performance

MA- ability dashboard(s) of a wide range of application
008 services and network services providing the Our proposed application for the TEDS monitoring tool Splunk
ability to drill down to a level where the provides a performance dashboard based on the current data as
observations provide useful information and well as a snap shot view of past data. Additionally, Splunk
both real-time and snapshot views. displays trends which can be monitored to foresee any potential
- - Supported N/A
risks. This performance data can be used to detect performance
issues in application as well as backend systems. Splunk can be
easily integrated with other solution components to gather logs
and to be displayed on the dashboard.

NFR- Manage The Solution's performance dashboard(s)

MA- ability shall allow the HCFA personnel to perform Our proposed solution for the TEDS will utilize Splunk to create
009 monitoring and administrative activities performance dashboards. Splunk’s customizable performance
- - through graphical user interfaces. The Supported N/A management dashboard provide a graphical view of monitoring
solution shall have the capability to create and administrative activities, and additionally allows users to
custom dashboards to empower the users. create custom dashboards to monitor specific information.

NFR- Manage The Solution's management module shall

MA- ability support role based access to allow for
010 different roles for users including operators, Our proposed solution for the TEDS, implements security at a role
administrators, and managers etc. level in Splunk. The role‐based access control configurations
The Solution management module shall have Partially allow for the restriction of access to a certain monitoring
- - N/A
the capability of configuration role-based Supported capabilities (e.g. access to network traffic monitoring data) or
access control including but limited to access administrative functions (e.g. configuration changes) the to a
to network traffic monitoring data or making a defined set of roles/users.
configuration change by Administrator role

525
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

NFR- Manage The Solution shall allow for report generation

MA- ability and analysis for application troubleshooting Our proposed solution for the TEDS relies on Splunk for the
011 and capacity planning. generation of reports and presentation of data for analysis and
- - Supported N/A application troubleshooting and capacity planning. Additionally,
our other proposed monitoring products for the TEDS can be
configured to produce reports, if in the future a need arises.

NFR- Manage The Solution shall provide configurable

MA- ability logging levels, filtering and reporting options Our proposed solution for the TEDS has logging levels built into
012 for errors and exceptions. the application framework, includes error logging at presentation,
- - Supported N/A business and persistence layer. For example, as application
errors are log, they are assigned a severity, which can then be
used to filter/sort/triage the errors.

NFR-
MA-
013 Our proposed solution for the TEDS includes error logging at
various points within the application (e.g., rules engine logs,
The Solution shall provide the ability for a
application logs, batch logs). These log files are each created and
centralized log of prescribed system events
Manage stored as independent files, to facilitate the management and
- - and provide correlated logs if the logs are Supported N/A
ability search ability of the files. Splunk then serves as our log
produced by multiple system components in
aggregator, gathering the various logs, parsing them for common
the Solution.
identifiers (e.g. time stamps or case numbers), and allowing them
to be searchable and presentable in a single location.

NFR- The Solution shall ensure system error

MA- Our proposed solution for the TEDS stores error messages in a
messages appear in a consistent format for
014 Manage single location for both online and batch processing. This provides
- - both batch and on-line processing. Supported N/A
ability a consistent format, text, and code for a single error regardless of
Specifically, error messages have like codes
where it occurs in the solution.
and texts.
NFR- Our proposed solution for the TEDS presents error messages to
MA- users in easily understood language, written in language that
015 Manage The Solution shall provide descriptive error
- - Supported N/A makes sense to business users. If applicable, the error also
ability messages.
includes next steps or instructions to get help with unique error
identifiers.
NFR- Our proposed solution for the TEDS also includes a built in
MA- component that captures application errors along with the point of
016 Manage The Solution shall produce error statistics by
- - Supported N/A failure, error trace and supporting information, and persists them
ability module, transaction and source.
into a database table. Statistics can be gathered using these
database tables.
NFR-
MA- Our proposed solution for the TEDS also includes a built in
017 The Solution shall capture rejected or un- component that captures application errors along with the point of
Manage
- - posted transactions for administrative user Supported N/A failure, error trace and supporting information, and persists them
ability
resolution. into a database table. Using these tables, the administrator can
identify the cases with problems and take it up for resolution.

526
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS provides high availability for
all production system components. High availability is
The Solution shall provide high availability for implemented through horizontal scaling, the virtualization of
NFR-
Reliabilit the all system components that meets servers, and proactive monitoring. Even with a 24x7 operational
RE- - - Supported N/A
y HCFA's specified operations periods on a model, scheduled maintenance windows may still be needed to
001
24x7 basis. perform certain tasks (major software upgrades, major
builds/deployments, etc.), for which a mutually agreed upon
window will be determined.

Our proposed solution for the TEDS provides users access to

near real-time information during times which the system is
NFR- The Solution shall provide real-time or near
Reliabilit accessible. Our proposed solution can be available at all times
RE- - - real-time availability of information across all Supported N/A
y except during standard maintenance windows), however
002 systems dictated by HCFA
operationally the business may prefer to limit access to some
systems at various points in time.

Our proposed solution for the TEDS uses application clustering to

balance the load across servers in conjunction with the F5 LTM
load balancer, and transfer the load when a server or application
NFR- The Solution shall use server clustering to
Reliabilit goes down. For applications or products which are hosted in web
RE- - - allow transfer of load when a server or Supported N/A
y containers (such as WebSphere), each of the application
003 application goes down.
instances for a particular application or product are clustered
together. For the database, we user Oracle's Real Application
Cluster (RAC)

Our proposed solution for the TEDS will mitigate single points of
failure by implementing an architecture that has a duplicate/fail-
over component for each system. For the hardware, we leverage
The Solution shall be architected with no VCE's converged infrastructure, a VxBlock, which in the case of a
single point of failure, supporting fault hardware failure (CPU, Memory, hard disk) will automatically fail
NFR-
Reliabilit tolerance and failover of web, application, over to another piece of hardware. For servers such as
RE- - - Supported N/A
y database servers, storage devices, and application and DB servers, this will result in distributing the load
004
secondary devices such as load balancers, across multiple servers, and confirming that there is ample
and supporting a high-availability enterprise. capacity to handle the failure of some of the components. For
software this duplication results in hosting and running products
across multiple servers/instances to allowing for a fail-over from
one to the other.

NFR- Our proposed solution for the TEDS runs on IBM's WebSphere
Reliabilit The Solution shall support session replication
RE- - - Supported N/A Application Server which supports session replication and
y and transparent failover in a server cluster.
005 transparent failover in a cluster setting.

527
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The Solution's Recovery Time Objective Our proposed solution for the TEDS does not have any
NFR- (RTO) shall be within 4 hours. In case of a architectural or solution specific dependencies that will prevent us
Reliabilit
RE- - - disaster that affects the system operations, Supported N/A from meeting the four hour RTO as long as the external data
y
006 the entire service shall be restored within 4 center dependencies are resolved by STS, specifically around
hours. network and bandwidth for cross datacenter replication.

Our proposed solution for the TEDS leverages Oracle Active Data
Guard, the most comprehensive solution available to eliminate
The Solution's Recovery Point Objective
single points of failure for mission critical Oracle Databases.
(RPO) shall be no more than 1hr of data loss.
NFR- Active Data Guard’s deep integration with Oracle Database and
Reliabilit In case of a disaster that affects the system
RE- - - Supported N/A complete focus on real-time data protection and availability avoids
y operations, 1hr of data inputs to the system
007 compromises found in storage remote mirroring or other host
(but no more) may be lost and need to be re-
based replication solutions, allowing us to achieve the RPO of no
entered.
more than 1hr of data loss provided the network bandwidth across
datacenters support high bandwidth interactions.

Our proposed solution for the TEDS supports redundancy and

NFR- fault tolerance. The system architecture is designed and deployed
Reliabilit The Solution shall use fully redundant
RE- - - Supported N/A on a virtualized environment that has redundancy in place at
y network, hardware and storage.
008 physical components (network, hardware, storage) which are
implemented at part of the TEDS solution.

Our proposed solution for the TEDS architecture is built on a

The Solution shall use virtualization where virtual, converged infrastructure platform, VCE's VxBlock, and
NFR- possible in their design and be prepared to Oracle Exadata. Both the VxBlock and Exadata support a high
Reliabilit
RE- - - create virtualized secured environments, that Supported N/A level of virtualization, allowing CPU, RAM, and storage to be
y
009 are highly available, sustainable, extendible, allocated and managed through the vCenter console in real time;
and portable. this solution provides a platform that is highly available,
sustainable, expandable, and portable.

The Solution shall minimally display a well

formatted informational message, complete
Our proposed solution for the TEDS provides a well-formatted
NFR- with the portal's normal branding,that asks
Reliabilit informational message that is displayed to the user whenever the
RE- - - the user to return at a later point in time when Supported N/A
y user faces a runtime error or when the system is unavailable for
010 the public facing system is unavailable, for
planned maintenance activities.
planned maintenance or because of a
runtime issue.

528
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS components and system will
The Solution component and system shall be be considered as unavailable if the online response time is a
NFR-
Reliabilit considered as unavailable if the online factor of three (3) greater than specified in the requirements and
RE- - - Supported N/A
y response time is a factor of three (3) greater the transactions in question do not invoke any external
011
than specified in the requirements. transactions or consist of complex composite transactions that in
turn perform multiple automations behind the scenes.

The Solution shall continue to operate when a

user action results in communications with Our proposed solution for the TEDS allows the ability to continue
other systems (e.g., the federal hub or the to operate even when a user action results in communication with
NFR- HIX) regardless of the availability of the other systems, regardless of the availability of the external
Reliabilit
RE- - - external system. For example, if the federal Supported N/A system. In the event of an external service being unavailable, e.g.
y
012 hub was unavailable then the citizenship and if a Federal Data Services Hub is not available, the requests are
income verification would be deferred and the put into a durable messaging queue which is persisted and sent to
user would be notified of their possible the Hub when the service becomes available.
options.

Our proposed solution for the TEDS is based on an n-tier JEE

The Solution shall be scalable and adaptable architecture that partitions application components into
to meet future growth and independent tiers for separation of business concerns. The
NFR-
Scalabili expansion/contraction needs such that the partitioning enables flexible deployment of the application tiers
SC- - - Supported N/A
ty Solution can be expanded on demand and providing higher scalability and improved quality of service.
001
be able to retain its performance levels when Additionally, it enables flexible deployment of the application tiers
adding additional users, functions, and data. in ways that support evolving needs for additional users,
functions, and data, while maintaining performance levels.

Our proposed solution for software and hardware upgrades

includes qualifying the needs, performing impact analysis,
develop and test proof of concept, develop a Release Plan,
provide development support, and test and apply the upgrade.
The Solution shall have software and
NFR- During the impact analysis phase of the upgrade process, we
Scalabili hardware that is upgradeable and preserves
SC- - - Supported N/A determine whether am application customized solution needs to
ty solution customizations, or provide a State-
002 be updated or not. For example, an upgrade to F5 switch may not
approved updgrade path.
impact the application code, while an upgrade to QAS address
validation may impact the application software - depending on
whether the upgrade is backward compatible and if the output is
changed or not.

Our proposed solution is configured to perform at optimal levels

NFR- The Solution shall perform consistently and
Scalabili under normal and peak loads. We will work with the State to
SC- - - efficiently under normal and peak loads as Supported N/A
ty define load condition response time expectations for processes
003 defined by HCFA.
that involve getting information from multiple external systems.

529
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution's architecture supports both horizontal and

NFR- The components in the Solution should be
Scalabili vertical cloning and clustering. Administrators can add more
SC- - - scalable both horizontally and vertically Supported N/A
ty resources without bringing the system down or modifying
004 independently.
application code to support load.

Our proposed solution's navigational transactions are under 2

seconds 95 percent of the time with common user action pages
performing under 2 seconds for 99 percent of the time with the
following exceptions:
1. Transactions that invoke services from external systems are
excluded from the response time SLOs. This includes interfaces
to MPI, FileNet, HP Exstream, QAS, state trading
partners/agencies and Federal trading partners.
The Solution shall allow the submit and
2. Adding new User
redisplay, or navigation, of a web page to
3.Any pages that interact with external systems
NFR- take less than two (2) seconds 95% of the
Scalabili Perform 4. EDBC is excluded since it actually performs multiple
SC- - time. For the most common user actions this Supported N/A
ty ance transactions per one user action behind the scenes which is
005 shall be honored 99% of the time. No action
driven by number of people, number of months and number of
or page shall take more than three (3)
programs.
seconds.
5. Notices will vary based on number of pages which is dependent
on type of notice, number of individuals and network latency.
Therefore, the PDF generation request is part of SLO exclusions.
6. Notices will vary based on number of pages which is dependent
on type of notice, number of individuals and network latency. This
makes it a transaction that is extremely dependent on payload
complexity and hence difficult to conform to a standard response
time metric as other standard transactional page actions.

Our proposed solution's Eligibility Determination module for the

The Solution shall allow eligibility rules
TEDS houses workflows to determine eligibility for the State’s
processing (Medicaid, CHIP etc.) to take less
Medicaid programs. This in turn invokes the Business Rules
than 0.5 seconds for a household of five (5)
NFR- Engine. We will work with the State during performance testing to
Scalabili Perform people and less than 0.1 seconds for a Partially
SC- - N/A optimize and tune eligibility to mutually set expectations based on
ty ance single-person household. This performance Supported
006 complexity of rules and set performance targets for production. A
shall include any time needed to fetch
key input into this would be the eligibility runtimes from other
supporting data from the database and the
states using the same architecture that Deloitte can share based
round trip messaging to the rules engine.
on our implementation experience in those states.

530
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS leverages IIB for integration
services with other internal and external systems, providing
The Solution shall be designed to the features like fault-tolerant architecture, asynchronous processing,
greatest extent possible so that the priority queue messaging and high performance regardless of
performance/latency of the connectivity to performance/latency of the connectivity to external system(s). It is
NFR-
Scalabili Perform external system(s) does not adversely affect crucial to note that these architecture patterns are driven more by
SC- - Supported N/A
ty ance the required performance, e.g., asynchronous business need for transactional processing, specifically when it
007
and background messaging when a user comes to synchronous vs. asynchronous. Business users for
action results in communications with other these systems due to the transaction's sensitive business nature
systems (e.g., the federal hub). tend to go more with synchronous patterns since often times their
business need is driven by federal trading partners data
interaction patterns.

531
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution’s design for reports is based on Deloitte

ClearLight platform. This architecture includes categorizing the
reports into those which are rendered at run time vs. more
paginated on-demand vs. filter driven. Tableau, our virtualization
tool, will be used to render reports. Reporting response times will
be determined based on the following:
1. 5 seconds or less for 95 percent of the search and lookup
queries that meet the following criterion:
a. Excludes ad hoc queries and analytics
b. Search and look ups are done based on enough filtered values
and parameters that restrict the data set to under a 500 rows with
20 columns which in turn are displayed using a pagination setting
that only displays 50 rows at a time.
c. Queried columns cannot include any Long Objects in the
database (Character LOBs or Binary LOBs or XML types)
d. Joins used by the underlying query cannot exceed more than 5
tables
e. Query response time will be strictly measured based on the
database processing time for the query
The Solution shall allow pre-generated
2. Static Standard report within 5 seconds or less, 95 percent of
reports to be designed so that they can be
NFR- the time that meet the following criterion:
Scalabili Perform rendered online in under 5 seconds, i.e., very
SC- - Supported N/A a. Queries that generate the static report do not read more than
ty ance large reports shall be broken into pages that
008 100 rows with 20 columns
allow incremental drill down and navigation
b. Queried columns cannot include any Long Objects in the
and so do not adversely affect the network.
database (Character LOBs or Binary LOBs or XML types)
c. Joins used by the underlying query cannot exceed more than
five tables
d. Query response time will be strictly measured based on the
database processing time for the query
e. This response time is not applicable to export functions from
the tool for printing to PDF, CSV and excel.
3. Dashboard report within 5 seconds or less, 95 percent of the
time that meet the following criterion:
a. Queries that generate the dashboard report do not read more
than 100 rows with 20 columns for the entire page
b. Queried columns cannot include any Long Objects in the
database (Character LOBs or Binary LOBs or XML types)
c. Joins used by the underlying query cannot exceed more than 5
tables
d. Query response time will be strictly measured based on the
database processing time for the query.
e. This response time is not applicable to export functions from
the tool for printing to PDF, CSV and excel.

532
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution's proposed capacity is sized to support

2000 concurrent users. Our Worker Portal application assumes
supporting 37 concurrent users/core for WAS under peak stress
The Solution shall be able to support 2,000 and Member/Partner Portal at 100 concurrent users/core. Based
NFR-
Scalabili Throug concurrent internal users at the prescribed on these estimates we have sized production. Should this
SC- - Supported N/A
ty hput performance levels. This is an initial estimate estimate change, a capacity change may be necessary to support
009
that may be adjusted. additional concurrent users leading to provisioning of new WAS
instances along with analysis of other transactional use of COTS
and database as part of the Change Control Board driven impact
analysis.

The contractor shall ensure each of the

Our approach for the TEDS solution is to perform regular updates
COTS products in the Solution remain to be
to the proposed COTS products to a more recent, stable version
supported by COTS vendors at least six(6)
using a TARB- and CCB-approved System Upgrade and patch
years after planned go-live date.
NFR- process. For major upgrades, impact analysis will be conducted
Sustaina
SU- - - Supported N/A and presented to the CCB for approval. For ongoing patches, a
bility The contractor shall ensure each of the
001 CCB- approved approach for minor patches and security will be
COTS products incorporated as part of the
used to maintain the environments for COTS products. This
overall Solution will remain viable at least six
approach will enable us to keep the solution supported by COTS
years after the go live date, or provide State-
vendors for six years after the planned go-live date.
approved updgrade path.

Our approach for the TEDS solution is to perform regular updates

to the proposed COTS products to a more recent stable version
using a TARB and CCB approved System Upgrade and patch
NFR- The contractor shall ensure all the COTS process. For major upgrades, impact analysis will be conducted
Sustaina
SU- - - components in the Solution to maintain Supported N/A and presented to the CCB for approval. For ongoing patches, a
bility
002 compatibility at supported release levels. CCB approved approach for minor patches and security will be
utilized to maintain the environments for COTS products. This
approach will enable us to get the necessary support from the
COTS vendors.

Our proposed solution for the TEDS uses IBM WODM Rules
The Solution shall be adequately flexible to
Engine and our NextGen based Driver flow for Workflow engine,
NFR- keep up with ever changing technology and
Sustaina Extensi which separates business rules from the application code and
SU- - regulatory changes. This shall be Supported N/A
bility bility workflows, and isolates programming needs for rules change. Our
003 accomplished by separating workflow and
solution is agnostic to the tools that it is hosted upon and
business rules into their own separate tiers.
segregated into its own tier of uncoupled services.

The Solution shall be designed for ease of

maintenance and readily allow future
NFR- functional enhancements as indicated by Our proposed solution for the TEDS is aligned with the CMS
Sustaina Modula
SU- - CMS Seven Conditions and Standards. This Supported N/A Seven Conditions and Standards. Our proposed solution is SOA
bility rity
004 shall be accomplished through use of modern based which allows for modularity, abstraction and loose coupling.
design principles for Service Oriented
Architecture, applying principles of

533
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

modularity, interface abstraction, and loose

coupling.

The Solution shall take into account for

availability of development resources. The Our proposed solution's resource information and skillset for
Develo contractor shall provide a skill inventory for development resources of the project will be detailed in our
NFR-
Sustaina pment development resources in all project phases. staffing plan. We will have the necessary development resources
SU- - Supported N/A
bility Resour The contractor shall ensure and will be available on the project. We have a large pool of resources within
005
ces responsible for supplying a skill inventory of our firm as well as within our network of staff augmentation
development resources for all phases of the vendors to meet these requirements.
project.

Our proposed solution for the TEDS has configurable field labels
The Solution's screens shall be highly re-
and data fields, along with the ability to remove/turn off reference
configurable, providing ability to reposition
NFR- code values and allows maintenance of reference data by
Sustaina Maintai and rename field labels / data fields, remove
SU- - Supported N/A authorized system administrators. Our proposed solution has
bility nability or ?turn-off? unused fields, maintain data,
006 templates that allows for custom-defined fields with minimum
sort lists and allow addition of custom-defined
effort. UI layout is supported using visual re-alignment in a
fields with minimum effort.
WYSWYG IDE within Eclipse.

The Solution shall have "stacked "screens for

data collection and maintenance of Our proposed solution for the TEDS supports an intuitive driver
client/case data. Entering data on one screen mechanism to direct user to the next workflow step. Workflows
should logically enable or disable other represent logical groupings of related functional screens that are
screens for other clients in the same stacked to process cases. Additionally, our solution supports
NFR-
household. In addition screens may require condition-based navigation, e.g., collecting additional pregnancy
US- Usability - - Supported N/A
data to be re-edited or changed if the screen information such as due date, number of births expected if the
001
was left as incomplete or as a result of the individual has attested to being pregnant. The navigation pattern
change of data on another screen, e.g., for tab-based browsing and enabling/disabling individual-centric
changing an accommodation address may information on a case is part of our UI layout and design within the
require the collection/update of utility expense Worker Portal and the Member/Partner Portal.
information.

NFR- Our proposed solution for the TEDS Data Collection module
The Solution shall provide visual cues for
US- Usability - - Supported N/A provides visual identification for enabled vs disabled screens by
which screens are enabled or disabled.
002 greying out the disabled screens.

Our proposed solution for the TEDS has a built-in data lookup
The Solution shall display lookup data in drop functionality, also known as Reference Tables, used to display
NFR- lists on screens where it is needed. Lookup drop down lists. There is a code with a description for every
US- Usability - - data is simple data that can have a code Supported N/A reference table. Additional configurable information such as field-
003 and/or a sequence number identifier and a level security, filtering parameters, effective begin and end dates
longer textual description. are also available, associated with reference tables where
appropriate.

534
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution's lookup data for the TEDS provides list of
NFR- The Solution shall allow data in drop lists to
values (data) in alphanumeric sort order. Additionally, our solution
US- Usability - - typically be displayed on a screen sorted Supported N/A
provides a feature to configure custom sorts for specific business
004 alphanumerically (in the chosen language).
functions.

Our proposed solution for the TEDS provides dropdown lists that
NFR- The Solution shall allow the alphanumerical
can be customized to override the order of data values. For
US- Usability - - sort order to be overridable, e.g., force USA Supported N/A
example, on the address screen when capturing the State, the
005 to the top of a list of countries.
order can be forced to list "TN - Tennessee" at the top.

Our proposed solution for the TEDS allows lookup data to be

added with the field level security which enables only certain
The Solution shall allow the lookup data to users to select specific drop down values based on their user
NFR-
indicate whether a user is able to select a roles. Additionally, our system is configurable to prevent users
US- Usability - - Supported N/A
particular value or whether it is only from selecting system process values. For example if a
006
selectable by a system process. verification source for a record is "Conversion" (a system process)
our proposed solution provides the ability to have necessary edits
for the regular case workers to not select this value.

The Solution shall allow the lookup data to be

Our proposed solution's reference table framework (used for look
NFR- logically deletable or end-datable so that a
up values) for the TEDS has a versioning feature. This allows
US- Usability - - value no longer appears as an option in a Supported N/A
either addition, change, removal of look up values effective a
007 drop list except if that value was previously
certain date.
selected on an existing data element.

The Solution shall provide a user interface Our proposed solution for the TEDS provides a simple and
NFR-
that shall be user friendly and consistent consistent user interface throughout the application. Our proposed
US- Usability - - Supported N/A
throughout all areas and functions of the solution utilizes development templates to maintain consistency in
008
Solution. the development of solution components.

Our proposed solution's navigational flow for public portal users

navigates the users to the next logical steps. For example, if the
The Solution shall use a Graphical User client indicated that he has a job, an income screen is queued to
Interface (GUI) to help the public portal users capture the additional information like type of the job, frequency.
navigate to the next logical step in the In our Worker Portal, workers have the flexibility to navigate and
NFR-
workflows. The Solutions shall all the workers jump to any screen depending on the type of action the worker is
US- Usability - - Supported N/A
(on the Worker Portal) to freely navigate to performing. For example, if the case worker is acting on a change
009
other parts of the solution functionality, and that is reported, they have the ability to perform multiple changes
then allow the user to return to complete the like address and income without having to navigate through a
in-process task. controlled flow. During the registration of a new application, our
proposed solution presents the next logical steps to the case
worker.

535
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS supports an intuitive driver

The Solution shall preserve context by design
NFR- mechanism to direct user to the next workflow step. Workflows
screens in logical sequence in order to
US- Usability - - Supported N/A represent logical groupings of related functional screens to
maximize and enhance the user experience
010 process cases. The driver flows are organized in the solution
and solution usability.
using navigation menus.
The Solution shall display the users' Our proposed solution for the TEDS contains business centric
NFR- language, with words, phrases and concepts language, driven by user terms and processes, rather than
US- Usability - - familiar to the targeted user groups as Supported N/A solution-oriented terms. During requirements and validation
011 defined by HCFA, rather than solution- phase, we will work with HCFA to update Tennessee specific
oriented terms. language where appropriate.

The Solution shall allow the users to easily

Our proposed solution for the TEDS comes built with eight
navigate to a variety of functions available to
NFR- preconfigured, pre-built case action workflows. These workflows
them without having to move sequentially
US- Usability - - Supported N/A are designed to guide workers through the recommended set of
through excessive menus and screens
012 screens to complete a specific, common action on a case, while
following industry standards described in UX
allowing the user to jump around within the specific workflows.
2014.

The Solution shall support undo and redo, or Our proposed solution for the TEDS comes with out-of-the-box
NFR- provide onscreen confirmation/acceptance to features such undo and cancel which provide users the option to
US- Usability - - the user to confirm a change that is Supported N/A confirm before proceeding with actions that are permanent. Our
013 permanent and cannot be "undone" where proposed solution provide the users with an onscreen
appropriate. confirmation/acceptance to the user, on select screens.

The Solution shall provide users with a clearly Our proposed solution for the TEDS has screens that contain
NFR- marked "escape" for the instances when a cancel, next, previous buttons. The cancel button can be used to
US- Usability - - user mistakenly chooses a function and such Supported N/A escape out of the logical unit of work that the case worker is
014 "escape" must be simple with minimal working on. Additionally, a logout button and a browser close
dialogue. button is available for the worker to escape out of the solution.

The Solution shall follow consistent Our proposed solution for the TEDS follows standard and
NFR-
conventions as determined by HCFA and limit consistent conventions, using direct and easy to understand
US- Usability - - Supported N/A
the use of words, situations, or actions that terminology and will not propose actions that have multiple
015
have multiple meanings. meanings
Our proposed solution for the TEDS is able to detect common
error conditions or check for them and present users with a
The Solution shall detect common error confirmation option before they commit to the action. For
NFR-
conditions or check for them and present example, if a case worker has chosen a minor child as the Head
US- Usability - - Supported N/A
users with a confirmation option before they of Household, our proposed solution checks for that and shows a
016
commit to the action. warning message to the case worker. Additionally, our client side
validations framework also checks for validity and completeness
of information on the screen.

NFR- The Solution shall minimize the user's

Our proposed solution for the TEDS uses a clear structure,
US- Usability - - memory load by making objects, actions, and Supported N/A
Implicit help, Visual aids to minimize the memory load.
017 options visible where appropriate.

536
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS offers pre-configured field

The Solution shall provide the option to have
NFR- based contextual help by double clicking the field name. For new
rollover / tooltip help or context messages Partially
US- Usability - - N/A fields that are added or modified, we will work with the State to
and provide the option to turn off this option in Supported
018 capture help text. This feature is configurable and can be turned
the user preferences profile.
on and off.
The Solution shall provide all user
NFR- Our proposed solution for the TEDS adopts UX2014
instructions in a visible or easily retrievable
US- Usability - - Supported N/A specifications in areas such as tutorials, user guides, and context
location (e.g. the help drawer in UX 2014
019 sensitive help that are easily accessible to end users.
specification), when appropriate.

Our proposed solution for the TEDS uses wizards to provide step-
The Solution shall cater to both inexperienced by-step instructions for performing the most common and critical
NFR- and experienced users and shall provide application tasks. While our proposed solution provides the
US- Usability - - accelerators (e.g. onscreen short cuts, hot- Supported N/A capability for following a controlled navigational flow for
020 keys, alternate workflows etc.) to speed up inexperienced users and also provides the capability to directly
the interaction for the expert user. use the left navigation and make the necessary updates as an
alternate work flow for experienced users.

The Solution's error messages shall be

NFR- Our proposed solution for the TEDS displays error messages that
expressed in plain language, precisely
US- Usability - - Supported N/A expressed in plain language and provide precise description of
indicate the problem, and constructively
021 the problem, along with necessary user action.
suggest a solution.
The Solution shall provide the option to use Our proposed solution for the TEDS uses Cascading Style Sheets
NFR- colors to enhance user experience and (CSS) and other W3C aligned standards. These stylesheets are
US- Usability - - solution usability while complying with all Supported N/A easily editable for our templates and all our screens inherit the
022 disability requirements notated elsewhere in default template/design for consistency, ease-of-use, and aligning
these requirements. with guidelines.

Our proposed solution's landing page allows users to navigate to

NFR- The Solution shall allow the user to navigate
functions based on their security and access profile. Upon
US- Usability - - to any functional component from a landing Supported N/A
selection of those functions, the solution directs the user to either
023 page.
a fixed navigational flow or a user-driven navigational flow.

Our proposed solution's member/Partner Portal directs the users

to the required next steps. For example after the application is
NFR-
The Solution shall alert the user with submitted on our Member Portal, it provides the list of potential
US- Usability - - Supported N/A
information relevant to required next steps. verifications that may be needed to fasten the application
024
processing. Additionally provides an option to continue and
upload documents.

Our proposed solution for the TEDS contains a simple and

The Solution shall accommodate point and
intuitive Graphical User Interface (GUI) which displays the
click selection and check box entry for all
NFR- relevant and necessary information to the user, at the appropriate
relevant data entries where appropriate to
US- Usability - - Supported N/A time. For fields which have a standard set of responses, our
ensure that the user does not have to enter
025 proposed solution utilizes menu options such as drop-downs and
textual data that may already be available to
check-boxes, so the user can view all options and select the
the system.
relevant option.

537
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution's security framework for the TEDS is

based on role-based access control. Our proposed solution
NFR- The Solution shall provide the ability to make provides field level security: which allows fields to be
US- Usability - - fields enabled/disabled depending on Supported N/A enabled/disabled based on user roles, page level security: which
026 parameters, user rights, and access controls. allows the whole page to be editable/read only based on user
roles. Additionally our custom tag functionality allows the fields to
be enabled or disabled based on certain business logic if needed.

The Solution shall not show fields not Our proposed solution for the TEDS has navigational flow that
NFR-
accessible to a given user based on access Partially allows the users to navigate only the required set of screens,
US- Usability - - N/A
rights, nor shall the Solution show fields not in Supported based user profile and security privileges. This access is provided
027
use. at a screen level.

Our proposed solution for the TEDS provides the capability to

perform business rule validations. For example if an individual is
NFR- requesting retro assistance for a month during which the client is
The Solution shall provide validation checks
US- Usability - - Supported N/A already receiving full Medicaid, solution has a configurable
by methods described in business rules.
028 business validation which alerts the case worker at the request
screen as opposed to continuing and finding that at the end of
Eligibility determination.

Our proposed solution for the TEDS has a built-in client-side

NFR- validation framework to validate entries as immediately as
The Solution shall identify invalid entries to
US- Usability - - Supported N/A possible. For example, if a case worker enters only an eight digit
the user as immediately as possible.
029 SSN, our solution immediately notifies the user of the invalid
entry.

Our proposed solution for the TEDS, provides the capability to

update entries automatically to comply with data entry standards
The Solution shall provide the ability to
NFR- where appropriate (for example address standardization).
suggest or automatically format entries (e.g.
US- Usability - - Supported N/A Additionally our proposed solution's user interface provides
telephone number, address etc.) that do not
030 standard format for the users to enter fields like SSN, DOB and
conform to data entry standards.
telephone numbers which also has a key up feature for easier
data entry.

Our proposed solution for the TEDS has a navigational flow

The Solution shall be designed to include
confirming that users are only navigated to required set of
NFR- only the necessary information and
screens, based on applied programs and security privileges. This
US- Usability - - functionality on screens for public and Worker Supported N/A
allows each user to be assigned specific role(s), which then
031 Portal and shall be based on the user's
allows them to only perform specific functions and only view
access level and the user's configuration.
specific fields, for which they have been granted access.

538
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our proposed solution for the TEDS clearly identifies mandatory

NFR- The Solution shall provide screens for data
and optional data fields, which the user is required to enter. If data
US- Usability - - entry with identified mandatory and optional Supported N/A
is not entered in one or more mandatory fields, a validation edit
032 data fields.
will be displayed and the corresponding fields will be highlighted.

Our proposed solution for the TEDS groups related

information/screens into Logical Unit of Work (LUW) for data
NFR- The Solution shall allow incomplete data sets
entry. Data entries persist once the user completes the LUW. The
US- Usability - - to be saved for completion of the workflow at Supported N/A
system retains the data including free form text or other
033 a later time.
documentation and tracks task completion so that progress is not
lost if the user’s session is interrupted.

The Solution shall notify the user when a Our proposed solution's monitoring and operating procedures
NFR- source system is unavailable / inoperable and helps certain authorized users within the organization receive
US- Usability - - notify user that any available information Supported N/A alerts when the system is unavailable or is down for maintenance.
034 about the subject being viewed is as of Member/Partner Portal users will see this information on the home
certain time and date. screen with an ETA of when the system will be back up.

Our proposed solution for the TEDS provides the capability of a

The Solution shall enable central workflow
NFR- centralized pending work queue. Separate work queues can be
alerts and transactional status. The Solution
US- Usability - - Supported N/A configured for each type of worker action such as new
shall centralize pending work items for the
035 applications, changes, redetermination. Access to these queues
user as in a "work queue"
can be configured in the employee profiles.

Our proposed solution for the TEDS has the capability to

The Solution shall have the capability to push
NFR- automatically push alerts to certain workers based on their roles
messages to the intended workers without
US- Usability - - Supported N/A and office association. These alerts can either be tasks/reminders
requiring them to specifically inquire for the
036 at the case and member level for items such as upcoming
data.
deadlines, pending tasks and overdue actions.

The Solution shall ensure that the use of Our proposed solution's usage of acronyms for the TEDS is
NFR-
acronyms and codes are consistent with consistent with windows, reports, database or data dictionary. For
US- Usability - - Supported N/A
windows, screens, reports and databases or example, our proposed solution uses MA as an acronym to
037
data dictionary. represent Medicaid and is documented in the data dictionary.

Our proposed inquiry solution for the TEDS provides the capability
The Solution shall present searches that
NFR- to do wild card search and the results are displayed in a
result in multiple pages of data in small
US- Usability - - Supported N/A paginated manner for easy navigation and viewing of data. Each
groups of data with Next/Back paging
038 page has a previous/next link for the user to easily navigate
capability
across multiple pages of results.
NFR- The Solution shall allow the web site Our proposed solution for the TEDS shows progress bars with
US- Usability - - wherever appropriate to show progress via Supported N/A respect to the application status on member/ partner and Worker
039 the use of Progress Bars. Portal.

539
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The solution shall utilize the concepts and

NFR- Our proposed solution for the TEDS adopts UX2014
design specifications demonstrated in the UX
US- Usability - - Supported N/A specifications in areas such as tutorials, user guides, and context
2014 prototype to be leveraged where
040 sensitive help that are easily accessible to end users.
applicable.
The contractor shall, according to Federal
and State regulations and policies in
accordance with the guidance defined in
MARS-E standard, design, document,
Data C.14.6, Deloitte will classify the data in the TEDS system and apply
NFR- develop, implement, operate, and maintain
Protecti C.14.7, required access controls to address applicable State and Federal
SP- Security - security controls over access to the sensitive Supported
on and and regulations. Please see RFQ response sections C.14.3, C.14.6,
001 data (e.g. PII, PHI, FTI, etc. from various
Privacy C.14.8 C.14.7, and C.14.8 for more details.
sources that may include, but not limited to
IRS and SSA) as defined the State and
Federal policies and regulations (e.g. NIST-
800 series and IRS-1075)

The Solution shall be governed by HCFA's

implementation of the CMS Information
Technology Enterprise Lifecycle (IT ELC)
Gate Review process. The contractor shall
be responsible for preparing all the artifacts
required by HCFA at each gate review and
Regulat shall provide the HCFA all support necessary Deloitte is very familiar with the CMS review process having
NFR-
ory to represent the Solution at each gate review assisted over 22 States with CMS reviews. Deloitte will be
SP- Security - Supported C.14.9
Compli with CMS. responsible for developing the artifacts necessary for the gate
002
ance reviews. Please see RFQ response C.14.9 for more details.
The gate reviews and the artifacts required
are governed by a Project Process
Agreement (PPA). The contractor shall
reference the Baseline PPA Document to the
external reference documents.

The State of Tennessee Strategic

Technology Solutions (STS) group within the
Department of Finance and Administration
will provide secure hosting facilities and
Deloitte will monitor and assess compliance with security and
Regulat services for the Solution. The SI, under the
NFR- C.14.13 privacy policies, processes, procedures and documentation for
ory oversight of HCFA, shall be responsible for
SP- Security - Supported and users of the TEDS solution, including third-party vendors, based
Compli coordinating, implementing, executing, and
003 C.14.12 on our continuous monitoring approach outlined in section
ance monitoring security related activities that
C.14.12.
involves a third-party vendor such as but not
limited to STS and AHS. HCFA employees
shall be involved in all communications with
third-party vendors.

540
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The contractor shall employ a risk

management framework to ensure business
and system requirements with State and
Federal security requirements. The contractor
Regulat shall demonstrate in their proposal the C.14.1, Deloitte's demonstrated Security and Privacy Risk Framework will
NFR-
ory framework, its processes, how the contractor C.14.4, be used to assist the State in addressing applicable federal and
SP- Security - Supported
Compli will implement and manage it as well as how and State security and privacy requirements. Please see RFQ
004
ance it will integrate with state business, C.14.14 response sections C.14.1, C.14.4, and C.14.14 for more details.
organizational and technology goals and
objectives. The contractor shall integrate this
with their proposed approach to project
governance and management.
The Solution shall implement a security
Regulat Deloitte will deploy a role based access control (RBAC) model,
NFR- architecture based on current Medicaid
ory based on a tiered Services Oriented Architecture (SOA) in
SP- Security - Information Technology Architecture (MITA) Supported C.14.8
Compli accordance with MITA 3.0 standards. Please see RFQ response
005 Security and Privacy model and other
ance C.14.8 for more details.
applicable architecture documents.

541
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The contractor shall utilize the guidance

provided in MARS-E 2.0 and shall be
responsible for ensuring that the Solution
meets all Industry, State, and Federal
Security standards. At a minimum, the
contractor shall ensure the Security of the
Solution follows the following Federal
regulations and publications:
i. 45 CFR Part 95.621(f) ADP System
Security Requirements and Review Process
ii. Standards defined in Federal Information
Processing Standards (FIPS) issued by the
National Institute of Standards and
Technology (NIST)
iii. National Institute of Standards and
Technology (NIST) Special Publication 800-
111 Storage Encryption Technologies for End
User Devices
iv. NIST 800 Series
v. NIST Cryptographic Module Validation List
(http://csrc.nist.gov/groups/STM/cmvp/validati
on.html)
Deloitte will leverage its Risk Framework to develop security
Regulat vi. FIPS PUB 112 Password Usage
NFR- C.14.1 requirements and associated design elements for the TEDS
ory Procedure
SP- Security - Supported and solution to address applicable federal and State regulatory
Compli vii. FIPS PUB 186-3 Digital Signature
006 C.14.7 requirements. Please refer to RFQ response sections C.14.1 and
ance Standard June 2009
C.14.7 for more details.
viii. Records Usage, Duplication, Retention,
Re-disclosure and Timely Destruction
Procedures/Restrictions 5 U.S.C. 552a
(o)(1)(F), (H) and (I)
ix. IRS Pub 1075
x. Federal Records Retention Schedule 44
U.S.C. 3303a
xi. Privacy Act of 1974 at 5 U.S.C. 552a
xii. Computer Matching and Privacy
Protection Act of 1988 (CMPPA)
xiii. Federal Information Security
Management (FISMA)
xiv. SSA Information System Security
Guidelines for Federal, State, and Local
Agencies
xv. Child Online Privacy Protection Act
xvi. Title XIX Confidentiality Rules
xvii. HIPAA
xviii. Title XXI
xix. Federal security and privacy standards
adopted by the U.S. Department of Health
and Human Services for Exchanges

542
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The Solution services and infrastructure shall

adhere to best practices and use open
security standards and frameworks, as
appropriate, such as but not limited to:
i. Policy: WS-Policy, WS-Trust, WS-Privacy,
Security Assertion Markup Language
Securit (SAML), Enterprise Privacy Authorization
NFR-
y Language (EPAL) Partially Deloitte's solution supports most open security standards and
SP- Security - C.14.8
Control ii. Federation: WS-Secure Conversation, WS- Supported frameworks. Please see RFQ section C.14.8 for additional details.
007
s Federation, WS-Authorization, XML Key
Management (XKMS)
iii. Mechanism: Extensible Access Control
Markup Language (XACML), XML
Encryption, XML-Digital Signatures,
Extensible rights Markup Language (XrML),
X.509 certificates
The Solution shall use an Identity and Access
Management (IDAM) solution for user
authentication and authorization as well as
the secure management of credentials. The
IDAM solution shall be in compliance with
Deloitte's solution will integrate with HCFA's Oracle Identity and
NFR- Director relevant security controls defined in MARS-E
Access Management (IDAM) suite for user authentication,
SP- Security y - standard. While the contractor may propose Supported C.14.8
authorization, and secure management of credentials. Please
008 Service an IDAM solution, the Oracle Identity Access
refer to RFQ response section C.14.8 for additional details.
Management Suite has been selected by
HCFA as its long-term IDAM solution. HCFA
encourages the contractor to utilize this
product in alignment with HCFA's strategic
direction.
In the event the SI's Solution is strongly tied
to a particular Identity and Access
Management (IDAM) product, HCFA will give
serious consideration to approving the use of Deloitte's solution will integrate with HCFA's Oracle Identity and
NFR-
that product. However, Oracle's Identity Access Management (IDAM) suite for user authentication,
SP- - Supported C.14.8
Access Management Suite has been selected authorization, and secure management of credentials. Please
009
and by HCFA as its long-term IDAM solution refer to RFQ response section C.14.8 for additional details.
and HCFA strongly encourages the
contractor to utilize this product in alignment
with HCFA's strategic direction.

Identity
and The Solution shall allow password reset
NFR- Deloitte will integrate with HCFA's current Oracle IDAM solution
Access capabilities in accordance with best practices
SP- Security - Supported C.14.8 and will address MARS-E 2.0 guidelines for password
Manag and MARSE guidelines. Preference is given
010 management and password reset capabilities.
ement for web based methods.
(IdAM)

543
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Identity
and The contractor shall design and enable
NFR- Deloitte will work with the State to design and establish workflows
Access workflows for managing internal user
SP- Security - Supported C.14.8 for managing internal user accounts. The workflows will be
Manag accounts including but not limited to requests,
011 documented as part of the overall Operations document.
ement approvals, role assignments etc.
(IdAM)

The Solution shall utilize dynamic Knowledge

Based Authentication (KBA) to be used
during a consumer's account setup process.
This identity process shall ask a minimum of
three (3) "out of wallet" questions to perform
a KBA process. If one question is answered
incorrectly the solution shall ask two (2)
supplemental questions. If more than one
question is answered incorrectly then the
email address and SSN shall be
Identity
"quarantined" (i.e., no one can apply using
and Deloitte's solution will leverage Oracle's Adaptive Access
NFR- these details) and the applicant shall enter a C.14.2
Access Manager (OAAM) to address the KBA requirement. The solution
SP- Security - person-to-person process to free the Supported and
Manag will also leverage the Federal Data Services Hub (FDSH) Remote
012 application from quarantine and setup their C.14.8
ement Identity Proofing service (RIDP) to perform Identity proofing.
account.
(IdAM)
The Dynamic KBAs shall use external
services to verify the individual KBA
responses. Many Medicaid clients may have
little financial history and so a service that
does not rely purely on credit is preferred or
a service that can leverage other government
data sources (e.g. Federal Data Services Hub
(FDSH) Remote Identity Proofing (RIDP)
service).

Securit Deloitte will integrate with HCFA's current Oracle IDAM solution
NFR- The Solution shall display an informational
y and will address MARS-E guidelines to the solution including
SP- Security - message with contact information on whom to Supported C.14.8
Control displaying an informational message with contact information on
013 contact when access is denied.
s whom to contact when access is denied.

Securit
Deloitte's solution is capable of creating the required audit reports
y Event The contractor shall provide audit reports for
as requested by HCFA. Reports from QRadar and Oracle Audit
NFR- and tracking users, associated security groups, C.14.4
Vault will track user and identity management and access events,
SP- Security Incident - roles, settings, passwords and duplicate IDs. Supported and
and role, group, and password management events. Deloitte will
014 Manag The frequency and content of security audit C.14.8
work with HCFA to determine the frequency and content of
ement reports will be determined by the HCFA.
reports, their content, and the frequency of the review.
(SEIM)

544
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The contractor shall provide certifications of

Regulat the completion for audit review of security
NFR- Deloitte's security officer will maintain the certification of training
ory and privacy related training for project staff as
SP- Security - Supported C.14.4.2 as well as signed acknowledgements for Deloitte's project staff
Compli well as signed acknowledgements of security
015 and will provide it to HCFA upon request.
ance and privacy obligations as requested by
HCFA.

Identity
and The Solution shall provide accessibility to the
NFR- Deloitte's solution is capable of integrating with the State's Active
Access Worker Portal via a single sign-on adhering to
SP- Security - Supported C.14.8 Directory environment to provide single sign on capabilities for the
Manag standards of security technologies such as
016 Worker Portal.
ement but not limited to SAML.
(IdAM)

Physica
NFR- The contractor shall develop and provide
l Deloitte will develop a Security Management Plan (SMP) that
SP- Security - HCFA a System Security Plan that addresses Supported C.14.8
Securit addresses contractor physical security processes.
017 the contractor physical security processes.
y
The contractor shall protect all contractor
facilities against intrusion, during working and
Physica
NFR- non-working hours, with an appropriate C.14.8 Deloitte will protect all contractor facilities against intrusion by
l
SP- Security - surveillance alarm/system extended to a Supported and using a combination of cameras and badge access to protect the
Securit
018 manned monitoring center, and adhere to IRS C.14.11 location.
y
SCSEM, CMS MARSE, and general best
practices..
The contractor shall produce a Data
Classification Document that defines the data
elements related to the security and privacy
Securit
controls in the Solution. The Data
y Event
Classification Document is a key factor in
NFR- and Deloitte will produce a data classification document that defines
determining the artifact requirements
SP- Security Incident - Supported C.14.6 the data elements related to security and privacy controls. Please
applicable for the project and detailed in the
019 Manag see RFP response C.14.6 for more details.
PPA. The Data Classification Document shall
ement
track and monitor changes from input and
(SEIM)
output sources.
**reconcile with data architecture
requirement**
Securit
y Event
NFR- and C.14.4 Deloitte 's proposed solution will integrate with HCFA's QRadar
The Solution shall integrate with HCFA's
SP- Security Incident - Supported and SIEM solution. We have integrated QRadar with our NextGen
SIEM solution (currently IBM QRadar).
020 Manag C.14.8 solution for other States.
ement
(SEIM)

545
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Securit
y Event
NFR- and The contractor shall be responsible for C.14.4
Deloitte will integrate Oracle Audit Vault with the TEDS solution to
SP- Security Incident - integrating and providing configuration for Supported and
provide database auditing and monitoring solution.
021 Manag database audit solution C.14.8
ement
(SEIM)
The contractor shall not use copies of
production data in non-production
environments. Synthetic test data (totally
NFR- secure, realistic, meaningful sets of data)
Deloitte will not use copies of production data in non-production
SP- Security - shall be used in non-production activities. The Supported C.14.4.3
environments.
022 IRS considers masked, derived, obfuscated,
and de-identified data based from FTI to still
be FTI. FTI in non-production environments
must pass IRS approval process.
The contractor shall be responsible for
Data C.14.6,
NFR- identifying and notifying HCFA security of any Deloitte will identity and classify sensitive data, monitor access to
Protecti C.14.10,
SP- Security - sensitive data being stored processed, Supported it using QRadar and Oracle Audit Vault, and notify HCFA of any
on and and
023 viewed or otherwise used by its staff that potential security or privacy concerns from data usage by it's staff.
Privacy C.14.11
would concern HCFA security and privacy.
The contractor shall ensure all appropriate
measures are in place for minimal use and
Deloitte will use Role Based Access Control (RBAC) based on the
protection per applicable regulations for the C.14.1,
Regulat principle of least privilege, to facilitate that sensitive data is
NFR- data types and classifications. Policies, C.14.4,
ory protected against unauthorized access. Deloitte develops a
SP- Security - procedure and related controls around the Supported C.14.6
Compli Confidential Information Management Plan (CIMP) that outlines
024 use of sensitive data and segregation of and
ance policies and procedures for the handling of sensitive data. This
duties may be required and reasonable made C.14.8
will be available to HCFA for review.
available for review by HCFA security or audit
staff.

Identity
The contractor shall provide ability to have
and
NFR- different access levels based on user group. C.14.4 Deloitte's the TEDS solution uses a Role Based Access Control
Access
SP- Security - The access levels shall be configurable Supported and (RBAC) that includes group memberships, to provide the ability to
Manag
025 based on actions that can be taken on the C.14.8 have different access levels based on user groups.
ement
application.
(IdAM)

Identity
The Solution shall be configurable to add
and Deloitte's the TEDS solution allows for users to be assigned to
NFR- users to multiple user groups. If conflicting C.14.4
Access multiple groups. Deloitte will work with State to create an RBAC
SP- Security - access level occur due to a user being in Supported and
Manag model based on least privilege and to address separation of
026 multiple user groups, the lowest access level C.14.8
ement duties rules.
will take precedence for a particular action.
(IdAM)

546
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The contractor shall include, consult, and

Organiz
work directly with assigned project The Deloitte OCMT team becomes contributing members to the
ational C.4.2.4
NFR- Organizational Change Management & overall OCMT team to support all OCMT related activities. This
Change OCMT
OCM OCM General Training (OCMT) personnel for any and all Supported includes active participation in all meetings related to process,
Manage Team
-001 process, systems, and/or operating model system, operating model planning and design that impact the
ment Approach
planning, analysis, and/or design efforts, success of the TEDS solution implementation.
(OCM)
workshops, and/or other meetings

Our approach utilizes existing materials from our successful

eligibility determinations to accelerate the development activities
C.4.2.1
so that we spend more time working with the State tailoring
The contractor shall work directly with Organizati
Organiz stakeholder, communication and training materials, rather than
assigned project Organizational Change onal
ational creating content from scratch. This approach includes lessons
NFR- Management & Training (OCMT) Team Change
Change learned from states that successfully made the transition from
OCM OCM General Members for any identified OCM, Supported Managem
Manage multiple legacy systems.
-002 Stakeholder, or Communication needs, as ent and
ment To create a climate for change in the State, it is essential to
required by the State to ensure adherence Training
(OCM) manage stakeholder relationships and engage with all
with State-approved OCMT methodology (OCMT)
stakeholders early and often. This type of regular communication
Approach
and interaction guides the project and ultimately empowers these
stakeholders to own and sustain the changes.

Driving a large-scale change such as the EMP requires alignment

among high influence and high impact stakeholders to create
powerful guiding teams. In addition to the State, external
stakeholders and community leadership groups such as
community partners must be included to represent all levels and
C.4.1
Organiz The contractor shall assist the OCMT Team perspectives of the stakeholder population. Internal and external
Stakehold
ational in assessing the change magnitude for the stakeholders at all levels must personally own, lead, and be
NFR- Resourc er
Change project in question to initially define and/or committed to the project, promoting positive reinforcement of the
OCM OCM es and Supported Analysis
Manage refine OCMT scope and overall approach as change program across different constituencies. An early
-003 Support and
ment inputs for the development of any stakeholder responsibility of the OCMT team is to define and refine the OCMT
Managem
(OCM) engagement plans scope to establish the appropriate stakeholder engagement plans.
ent
In the initial phase of the project Deloitte performs a Stakeholder
Assessment and ultimately builds a Stakeholder and
Communication Management Plan that drives the understanding
and execution of all impacted stakeholders and their
communication needs.

547
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Organiz
ational The contractor shall provide the project plan
NFR- C.4.2.5 The Deloitte OCMT team actively engages with the functional
Change and validate major milestones and timing to
OCM OCM General Supported Project Deloitte and State team to align Stakeholder Management and
Manage ensure alignment with Stakeholder and/or
-004 Plan OCMT activities to the appropriate project timeline
ment OCMT activities across the project lifecycle
(OCM)

C.4.1
Organiz
The contractor shall work with the OCMT Stakehold
ational The State and Deloitte Project teams are defined as a key
NFR- Resourc Team to identify appropriate stakeholders er
Change stakeholder group to facilitate engagement throughout the System
OCM OCM es and and messaging for project-related Supported Analysis
Manage Development Life Cycle, supporting a team to develop a solution
-005 Support communication and stakeholder engagement and
ment that takes all end users into account
needs Managem
(OCM)
ent
C.4.1
Organiz The contractor shall adhere to the OCMT With such a large-scale change, it is important to take a
Stakehold
ational Stakehol MMP Stakeholder Management Plan(s) and purposeful approach to drive the change across impacted staff.
NFR- er
Change der follow relationship/interaction mapping Deloitte leverages and respects the existing relationships
OCM OCM Supported Analysis
Manage Manage requirements when identifying and/or established and works to align the stakeholder engagement
-006 and
ment ment engaging stakeholders for the purpose of approach to the existing OCMT MMP Stakeholder Management
Managem
(OCM) data and information collection Plan
ent
C.4.1
Organiz
Stakehold
ational Stakehol The contractor shall coordinate and The OCMT Stakeholder Register Manager becomes a resource in
NFR- er
Change der communicate stakeholder engagement needs validating the stakeholder assessment results and is consulted
OCM OCM Supported Analysis
Manage Manage and results to the designated OCMT throughout the implementation of the Stakeholder Management
-007 and
ment ment Stakeholder Register manager Plan
Managem
(OCM)
ent
The contractor shall coordinate with the
C.4.1
Organiz project manager in compliance with
Stakehold
ational communication plan(s) on all identified The Stakeholder and Communication Management Plan remains
NFR- er
Change Commun communication needs to ensure any a living document that is updated as needed based on the State
OCM OCM Supported Analysis
Manage ications communication needs are in alignment with, Project Director’s guidance to align communication needs and
-008 and
ment and/or added to, approved project-specific messages to the appropriate tone of the project
Managem
(OCM) communication plan(s) as defined by the
ent
project team

C.4.1
Organiz The contractor shall provide access to key The Deloitte OCMT team works with identified State leadership
Stakehold
ational documentation and subject matter experts in during the analysis phase to define the organizational impact as a
NFR- er
Change Docume any quantity and quality as the State might component of the Stakeholder Management Plan. The Deloitte
OCM OCM Supported Analysis
Manage ntation deem reasonable to support assessing functional team and subject matter experts work hand and hand
-009 and
ment organizational impact and other OCMT Plan with the OCMT team to provide all system documentation
Managem
(OCM) activities as needed required to define system user roles
ent

548
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The contractor shall provide resources

sufficient in any quantity and capability as
deemed reasonable by the State to support
the following OCMT Plan activities, including
but not limited to:
1. All the activities defined to support the
various phases of the State-approved
approach as defined in the OCMT Plan (i.e.,
Analysis, Design, Development,
Implementation, and Evaluate) and/or State-
approved Stakeholder Analysis and
We bring a stakeholder management and OCMT team of experts
Management Plan. (See the Organizational
with years of experience in Medicaid system implementations to
Change Management & Training Plan
C.4.1 Tennessee. Through the Stakeholder and Communication
Organiz framework for more information on the State-
Stakehold Management Plan Deloitte identifies all impacted stakeholders
ational approved OCMT Approach)
NFR- Resourc er and their engagement needs, organizational areas of impact, and
Change 2. Proactively identifying or assisting in the
OCM OCM es and Supported Analysis identified change impacts to develop an implementation approach
Manage identifying of areas of impact and the
-010 Support and that supports all stakeholders with the transition to the TEDS
ment potential resolution to areas of impact as they
Managem solution. A key component of our Stakeholder Management Plan
(OCM) pertain to organizational design requirements
ent and OCMT Approach is providing Tennessee with the right
and applicable stakeholder engagement
experts to drive true engagement and ownership of the impacted
plans
system and process changes to all identified stakeholders.
3. Providing input into the Change
Magnitude Assessment tool
4. Supporting the identification of key
stakeholders
5. Validating identified change impacts
(both system and process related)
6. Providing subject matter experts in
specific work areas, processes, applications,
etc. to support awareness building sessions
and/or other stakeholder engagement
activities

In the early phase of the project, Deloitte provides end to end

Organiz The contractor shall provide process flows
process flows to enable the OCMT team to define communication
ational (end-to-end processes), including application
NFR- C.4.2.6 and training approach to the areas of impact to each stakeholder
Change Trainin Docume process steps and systems documentation
OCM Supported Process group. Communication and training needs to be customized by
Manage g ntation (including screen shots) to OCMT Training
-011 Flows the level of impact to each stakeholder group. This level of impact
ment team that can be utilized as the foundation to
is derived from the change in processes for users based on the
(OCM) build MMP related trainings
new process flows.

549
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The contractor shall provide resources

sufficient in any quantity and capability as
deemed reasonable by the State to support
the following training activities, including but
not limited to:
1. All those activities defined to support
the various phases of the Training Approach
(Analysis, Design, Development,
Implementation, and Evaluate) that are
included in subsequent sections of this
document (See the Organizational Change
Management & Training Plan framework for
more information on the State-approved
Training Approach)
2. Defining user roles Deloitte brings to Tennessee a team with over 30 combined years
3. Supporting the identification of of training design and delivery in integrated eligibility systems.
appropriate curriculum and delivery models The Deloitte OCMT team works to support all the required training
Organiz 4. Participating and providing information C.4.2.7 activities as outlined in requirement A.20.7. This section outlines
ational during Training Development Knowledge OCMT Deloitte’s methodology for meeting the learning needs of the end
NFR-
Change Trainin Share Sessions Team users using the industry-standard ADDIE approach: Analyze,
OCM General Supported
Manage g 5. Validating and approving training Training Design, Develop, Implement, and Evaluate. This proven
-012
ment materials related to the technical solution Responsib methodology promotes the right training method and materials
(OCM) 6. Building and maintaining the training ilities reaching the right end users at the right time. Deloitte’s training
environments methodology is designed to support incorporating business
7. Creation of user profiles and log-in processes into system training. We have experience applying this
credentials in quantity as requested by the approach to numerous statewide system implementations.
State to allow trainers and end users
appropriate access to the training
environments
8. Providing subject matter experts in
specific work areas, processes, applications,
etc. to support classroom learning and Train-
the-Trainer programs (supplying at least 1
SME in each discreet classroom training
event)
9. Providing a plan and active support of Post
Go-Live training events that encompass prior
training support activities delivered or
supported by the contractor for a period of
time as deemed reasonable by the State

550
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The contractor will support the Training

Analysis phase (or process) by providing and
collaborating with the Training team on an
ongoing basis in the following ways, including
but not limited to:
1. Providing insight into role definition and
Training Needs Analysis serves to gain an understanding of who
Organiz assignments required to operate and/or C.4.2.7
needs to be training to us Tennessee Medicaid and the functions
ational support future-state applications and OCMT
NFR- Resourc for which they require training, to determine appropriate methods
Change Trainin processes Team
OCM es and Supported for training Tennessee Medicaid users, and to identify objectives
Manage g 2. Providing insight into standard training Training
-013 Support for training objectives. The Needs Assessment identifies the
ment curriculum requirements required to support Responsib
Tennessee Medicaid audiences. The Training Plan offered
(OCM) future-state applications and processes ilities
outlines the curriculums based on functionality for each end user.
3. Providing insights into the training
delivery framework required to support future-
state applications and processes
4. Actively collaborating with training team
to determine best of breed training
approaches for the State end user population

A fundamental component of our training program is the ability to

allow key staff to become familiar with the TennCare Solution
through extensive hands-on practice exercises, system
simulations and walk-throughs of realistic business scenarios.
The contractor shall build and maintain 2 fully
Deloitte develops and maintains two Training Environments that
functional training environments
are used during classroom and virtual training that mirrors the
representative of the final-state operational
final production environment. Our experience has shown us that
Organiz system (e.g., final user interface/GUI) that are
the more time key staff spends practicing in a new system
ational dedicated to supporting training activities. C.4.2.9
NFR- environment, the better prepared they are to deliver effective
Change Trainin Environ The 2 separate environments must clearly Training
OCM Supported training to State staff and troubleshoot issues and answer
Manage g ments and accurately reflect upcoming software Environme
-014 questions that arise during training. Deloitte agrees to develop two
ment versions and closely align with the software nts
training environments to support OCMT training activities at least
(OCM) release schedule. The environments will be
three months prior to go-live of each phase. Our experience in
used for the purpose of:
delivering similar systems and training does recommend delaying
· Training Development
the release of the OCMT training environment to closer to go-live
· Training Delivery
and leveraging a testing environment for training material
development. Deloitte plans to actively work with the OCMT team
to best define the appropriate timelines in the planning phase of
the project.

551
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Training Development and Training Delivery

environments should include the following, at
a minimum & not limited to: Deloitte develops and maintains two training environments to
1. Transactional data (masked according support the OCMT team’s development and delivery of training
to the security and/or confidentiality activities. At a minimum the training environments have the
guidelines provided by the State) following capabilities and features:
2. Training Development Environment to • Transactional data (masked according to the security and/or
stage scenarios, get screen shots, etc., to confidentiality guidelines provided by the State)
support the defined training schedule • Stage scenarios, get screen shots, etc., to support the defined
3. Identification and provision of training training schedule
environment data in order to provide for • Identification and provision of training environment data to
Organiz scenario based training C.4.2.9 provide for scenario based training
ational 4. Specific trainer profiles & credentials Training • Specific trainer profiles and credentials that provide fully
NFR-
Change Trainin Environ that provide fully functional capabilities within Environme functional capabilities within both the development and delivery
OCM Supported
Manage g ments both the development and delivery nt environments
-015
ment environments Requirem • Sufficient user profiles respective of future state roles within the
(OCM) 5. Sufficient user profiles respective of ents State to perform and execute any and all potential concurrent
future state roles within HCFA to perform and classes as defined by the training schedule and/or the State
execute any and all potential concurrent • Associated log in credentials to support user profiles
classes as defined by the training schedule • Established and access granted to the OCMT Team no fewer
and/or the State than seven (7) months prior to Go-Live of each release to allow
6. Associated log in credentials to support the development of all requisite training materials.
user profiles o Note: Given our system implementation experience Deloitte
7. Training Environment must be established recommends this timeline be evaluated at the start of the project
and access granted to the OCMT Team no • Established and access granted to end-users no fewer than
fewer than seven (7) months prior to “go-live” three (3) months prior to Go-Live of each release.
such that the development of all requisite
training materials may begin in earnest

552
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The contractor will support the Training

Design and Development phases (or
process) by providing and collaborating with
the Training team on an ongoing basis in the
following ways, including but not limited to:
1. Aligning project plan(s) and validating
major milestones to support training timelines
2. Providing existing and historical
baseline training materials (in digital or print
format as required by the State) such as but
not limited to training manuals, quick
reference guides, PowerPoints, simulations,
etc.
3. Actively participate and provide
information during Training Development
Knowledge Share Sessions
The first step in the ADDIE methodology is to Analyze/Design the
4. Training and supporting the OCMT
best strategy for a successful training plan. In this phase a training
Training personnel on any an all system
strategy is confirmed and documented in the Master Training
specific work areas, processes, applications, C.4.2.10
Plan. A thorough, well-thought training strategy is essential to
etc. as deemed appropriate by the State for Supporting
Organiz define the understanding of training needs, and critical success
the purposes of executing a system-based the
ational factors, assumptions, and to confirm the recommended training
NFR- Resourc scenario training program to all impacted Training
Change Trainin approach.
OCM es and State personnel Supported Design
Manage g The second step in the ADDIE methodology is to Develop high
-016 Support 5. Providing, as requested, validation of and
ment quality materials required to deliver training.
future-state process information and Developm
(OCM) The curriculum is based on the identified processes and
documentation ent
corresponding system changes all end user groups nee to
6. Providing or cooperating in the Phases
perform the daily activities identified in the Training Needs
identification of realistic, representative
Analysis. Deloitte develops materials and identifies optimal
business scenarios to be used for training
mediums for dispersing materials in collaboration with the State.
development and delivery purposes as
defined by the State
7. Providing access to the training
development environment at the outset of the
Training Development Phase
8. Coordinate and support the development
and maintenance of hardware requirements
(for example, but not limited to, classroom
computers or laptops, independent servers
that might be required to house training
development tools and associated content,
etc.) with the State for training delivery
purposes
9. Adhering to the KPMG TN TAS and/or
OCMT QM process as they have been
approved by the State

553
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The contractor will support the Training

Implementation phase (or process) by
providing and collaborating with the Training
team on an ongoing basis in the following
ways, including but not limited to:
1. Delivering (or supporting the delivery of)
and actively participating in training and/or
classroom sessions and activities as needed The third step in the ADDIE methodology is to Implement by
and defined by the State in order to provide effectively delivering training to users. Deloitte has extensive
subject matter expertise in specific work experience in development of Train-the-Trainer (TTT) curriculum
areas, processes, applications, etc. for both our own and our clients’ training staff, and our team is
(supplying at least 1 SME in each discreet well-prepared to develop this training for the State’s identified key
classroom training event) staff. Leveraging the best practices learned we design our TTT
2. Providing feedback on training program training approach with a single objective in mind: the State OCMT
C.4.2.11
Organiz for continuous improvement efforts Team becomes proficient in the system’s business functions to
Supporting
ational 3. Providing necessary support for the effectively deliver end user training on the system. Our training
NFR- Resourc the
Change Trainin appropriate maintenance of the training team works closely with the State throughout all TTT training-
OCM es and Supported Training
Manage g environment (e.g., making updates to related planning and delivery activity. Deloitte’s extensive library
-017 Support Implement
ment scenarios or transactional data to support of training tools and documentation includes proper presentation
ation
(OCM) continuous improvement) and techniques to engage varying types of adult learners who are
Phase
4. Providing necessary resources to learning to navigate and use the new system. Our training
execute and maintain an active training materials and teaching approach accommodates all adult learning
environment refresh schedule based on styles - including hands-on exercises based on real-life business
scheduled training events to support any and scenarios, demonstrations, simulations, and online courses that
all potential concurrent classes as defined by are flexible and convenient based on the trainee's schedule. All
the training schedule TTT training materials, including manuals, are reviewed and
5. Actively participate in any and all approved by the State prior to the delivery of training.
necessary hardware and other training
infrastructure support activities to ensure
smooth and consistent training delivery
6. Training Delivery to begin no fewer than
two (2) months prior to “go-live” and remain
open for no fewer than one (1) month after
“go-live,” as required by the State

554
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The fourth step in the ADDIE methodology is to Evaluate the

effectiveness of end user training from the implementation phase.
Deloitte uses the Kirkpatrick Evaluation Model, the long
recognized standard for training evaluation, as the basic method
to collect information from trainees and evaluate the effectiveness
The contractor will support the Training
of the end user training. The Kirkpatrick model provides the
Evaluation phase (or process) by providing
following measurements:
and collaborating with the Training team in
• Provide for continual quality assurance of the training program
the following ways, including but not limited
Organiz C.4.2.12 • Validate that the training curriculum and delivery effectively
to:
ational Supporting prepared end users to integrate the new systems into their daily
NFR- Resourc 1. Developing a Knowledge Transition Plan
Change Trainin the business routines
OCM es and that encompasses prior training support Supported
Manage g Training • Serve as continuous input for ongoing training material
-018 Support activities delivered or supported by the SI
ment Evaluation enhancement
2. Providing a plan and active support of Post
(OCM) Phase • Assess the impact training has on the business goals of the VTR
Go-Live training events that encompasses
and DL systems modernization project, including reducing the
prior training support activities delivered or
administrative workload in local offices, streamlined services, and
supported by the contractor for a period of
improved process efficiencies
time as deemed reasonable by the State
We leverage technology to the greatest extent possible
throughout the evaluation process so that results can quickly be
compiled, analyzed, and acted upon. Results are compiled for
review so that the training materials and delivery methods can be
modified as needed.

Organiz
C.4.2.14
ational The contractor shall support any and all other
NFR- Resourc Supporting
Change Trainin training activities to ensure an effective, The Deloitte OCMT team members fully support additional
OCM es and Supported Other
Manage g positive learning experience as required by training activities to foster a positive learning experience.
-019 Support Training
ment the State.
Activities
(OCM)

The contractor shall provide a full-time,

Organiz dedicated OCMT counterpart with appropriate C.4.2.15
Deloitte delivers a full-time OCMT counterpart to support the
ational OCMT background, to be approved by the Full-Time
NFR- Resourc overall OCMT team throughout the lifecycle of all OCMT activities.
Change Trainin State, whose responsibilities will include, at a Dedicated
OCM es and Supported This dedicated team member brings over five years of experience
Manage g minimum, the effective and timely execution OCMT
-020 Support in implementing OCMT projects for four different system
ment of any and all OCMT activities throughout the Counterpa
implementations of similar size and scope.
(OCM) duration of all relevant Program project rt
lifecycles

555
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deloitte's O&M team assembled for TEDS comes to the State

The contractor shall perform formal maturity
with broad experience in assessing the maturity of business
assessments and service reviews against
processes in similar State systems. We perform routine formal
each capability. Assessments shall be
Continu assessments using our assessment tool on a quarterly cadence,
conducted at least once a quarter, in order to
Operatio ous Define at a minimum, which are based on operational reports for KPIs,
NFR- highlight areas of improvement or concern.
ns and Improv Areas of interviews with key stakeholders, as well as an independent
OM- The findings of the maturity assessments and Supported C.12.2
Mainten ement Improve review of project outcomes to proactively highlight areas of
001 the service reviews shall be published to
ance Proces ment improvement and risks before they have an impact on the system.
HCFA. The effectiveness of the CIP shall be
s Findings of assessments will be published and reviewed with the
demonstrated through these assessments
State to prioritize system enhancements, process changes, or
over time, and shall be presented to HCFA in
mitigation plans. We also affirm that the CIP is to be reviewed with
an annual review.
the State for effectiveness on an annual basis.

Deloitte will work proactively and collaboratively with the State to

Continu develop quarterly and annual improvement roadmaps detailing
The contractor shall be pro-active in its
Operatio ous Define initiatives on a three year cycle. These roadmaps act as a vision
NFR- approach, developing quarterly and annual
ns and Improv Areas of for incrementally enhancing TEDS components or processes and
OM- improvement roadmaps detailing initiatives on Supported C.12.2
Mainten ement Improve provide reference against which to prioritize initiatives.
002 a three year cycle and set target maturity
ance Proces ment Target maturity levels will be reviewed and reassessed
levels to measure success of the CIP.
s periodically to measure as well as improve the success and
effectiveness of the CIP.

Continu
The contractor shall be responsible for
Operatio ous Gather
NFR- gathering and rationalizing the supporting Deloitte will constantly gather supporting data on KPIs that we
ns and Improv and
OM- data for each defined KPI, and making it Supported C.12.2 mutually identify and agree upon. This data is rationalized in a
Mainten ement Process
003 consistent to identify any potential gaps in the consistent manner to identify potential gaps.
ance Proces the Data
data.
s
The contractor shall develop reports and
Continu
dashboards to support the CIP and make
Operatio ous Gather Reports and dashboards to support the CIP will be made
NFR- them available to HCFA on a monthly basis.
ns and Improv and available to the State on a monthly basis. These reports and
OM- Reports and dashboards and the underlying Supported C.12.2
Mainten ement Process dashboards will be reviewed with the State and modified to
004 KPIs will be continuously reviewed and
ance Proces the Data mature the CIP to achieve the best results.
modified in order to mature the CIP and
s
produce the best results.

556
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deloitte will continuously monitor and analyze data in a proactive

Continu manner and formal reports of our analysis will be presented and
Operatio ous The contractor shall perform data analysis for reviewed with the State at least once a quarter. During the review
NFR-
ns and Improv Analyze all relevant services as defined within the sessions, Deloitte will present analysis to accurately represent
OM- Supported C.12.2.3
Mainten ement Data CIP. Data analysis shall be performed at least performance against delivered services and KPIs. These reports
005
ance Proces once per quarter. will be presented in a manner to give an accurate insight into the
s health of the system and to help the State identify gaps and, in
turn, make effective decisions to improve the system.

The contractor shall produce data analysis

Innovation is embedded within our methodology so that the
report and shall publish the report to the
Continu enterprise evolves to meet the ever-changing demands of the
various HCFA stakeholders. The data
Operatio ous domain. Effective application governance helps the State identify
NFR- analysis report shall present accurate picture
ns and Improv Analyze and understand changes in policy and proactively deliver
OM- of the results of each service performance Supported C.12.2
Mainten ement Data application advancement. Simple disposition strategies rationalize
006 against the defined KPIs (referenced at each
ance Proces and prioritize innovation options for release management. Clear
capability section), allowing HCFA’s
s yet flexible action plans allow the organization to achieve results
stakeholders maximum visibility to enhance
more efficiently.
effective managerial decision making.

Continu
Impleme The contractor shall develop Corrective
Operatio ous
NFR- nt Action Plans (CAP) for each of the issues
ns and Improv We agree as requested by the State. Deloitte will develop a CAP
OM- Correctiv identified. The CAP must be published to Supported C.12.2
Mainten ement to address identified issues.
007 e Action HCFA for approval. All CAP plans must
ance Proces
Plans consider cross functional dependencies.
s

We agree that the CAP submitted by Deloitte will go through a

review process. The CAP can be changed by request by the
State. Upon formal approval of the CAP by the RPC, Deloitte will
Continu
Impleme implement the CAP. We also agree that the State may request
Operatio ous
NFR- nt The contractor shall develop and manage a additional changes to an approved CAP. As with any other defect
ns and Improv
OM- Correctiv procedure for tracking and validating the Supported C.12.2 fix or change being implemented, Deloitte will follow the same
Mainten ement
008 e Action implementation of the CAP. testing and validation approach to help ensure the stability of
ance Proces
Plans TEDS. Once implemented, the CAP will be validated and the
s
results will be reviewed with the State. The CAP will be
considered closed upon written communication from the State of
satisfactory results.

557
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The contractor shall track and monitor metrics Our analysis and assessments include operational reports for
through reports on a frequency agreed upon KPIs related to the solution (e.g., system availability, page load
with the State for: times) and the business (error rates, application processing time,
– % of success of regular audits of the ITSC etc.). This data and our analysis will be used to proactively
plans to ensure that, at all times, the agreed highlight areas of improvement as well as developing plans to
recovery requirements of the business can be react accordingly. We will work with the State to include the
achieved following metrics:
– % overall risk and impact of possible failure • Percent of success of regular audits of the ITSC plans to ensure
Continu
Key of IT services that, at all times, the agreed recovery requirements of the
Operatio ous
NFR- Performa – % of business processes which are covered business can be achieved
ns and Improv
OM- nce by explicit service continuity targets Supported C.12.2 • Percent overall risk and impact of possible failure of IT services
Mainten ement
009 Indicator – Disaster preparedness gaps • Percent of business processes which are covered by explicit
ance Proces
s – Duration from the identification of a service continuity targets
s
disaster-related risk to the implementation of • Disaster preparedness gaps
a suitable continuity mechanism • Duration from the identification of a disaster-related risk to the
– Number of disaster practices carried out implementation of a suitable continuity mechanism
– Number of identified deficiencies during • Number of disaster practices carried out
disaster tests, practices, and exercises • Number of identified deficiencies during disaster tests, practices,
– Number of errors found in an audit of the and exercises
information in lists of key people, their • Number of errors found in an audit of the information in lists of
responsibilities and contact details key people, their responsibilities, and contact details.

Deloitte approach to service level management is an iterative

process that aligns with our fundamental drive for continuous
Define The contractor shall assist HCFA in defining improvement. As depicted in figure C.12-3. -Service Level
Operatio Service
NFR- Service new SLAs for services which were not Management Process, it starts with the establishment of a Service
ns and Level
OM- Level defined within the original RFQ, or revising Supported C.12.3 Level Agreement (SLA) and objectives, as agreed upon between
Mainten Manag
010 Require defined SLAs to the appropriate level to meet the State and Deloitte. Once agreed upon SLAs have been
ance ement
ments service requirements. established, Deloitte will manage and be accountable for the
SLAs and will diligently monitor and accurately report to the State
on those service levels

558
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deloitte approach to service level management is an iterative

process that aligns with our fundamental drive for continuous
Create improvement. As depicted in figure C.12-3. -Service Level
Operatio Service The contractor shall be responsible for
NFR- SLAs/ Management Process, it starts with the establishment of a Service
ns and Level agreeing to / negotiating service level
OM- OLAs/ Supported C.12.3 Level Agreement (SLA) and objectives, as agreed upon between
Mainten Manag agreements and developing and/or revising
011 Contract the State and Deloitte. Once agreed upon SLAs have been
ance ement service levels for future service.
s established, Deloitte will manage and be accountable for the
SLAs and will diligently monitor and accurately report to the State
on those service levels

As part of the reviews, Deloitte will help the State identify areas of
Create The contractor shall formally agree to all
Operatio Service improvement and provide recommendations on improving service
NFR- SLAs/ Service Levels defined within the TEDS RFQ,
ns and Level levels. We will collaborate with the State to continuously revise
OM- OLAs/ in the event that the contractor does not Supported C.12.3
Mainten Manag the service levels based on the anticipated growth and changes to
012 Contract agree, HCFA and the contractor shall
ance ement the system. We also agree that SLAs may be modified solely at
s negotiate the SLA to a mutual agreement.
the State’s discretion.

Formal Process for SLA Management - Deloitte has proven

Monitor
The contractor shall produce and manage a experience in managing mature service level processes in other
Operatio Service and
NFR- formal process for ongoing review and public sector projects. Within 30 calendar days of contract start,
ns and Level Report
OM- revision of the service levels between the Supported C.12.3 we will provide a detailed formal process for ongoing review and
Mainten Manag on
013 State, contractor and TAS. The process shall revision of the SLAs between the State, Deloitte and other State
ance ement Service
be submitted to HCFA for approval. Contractors. The formal process will include timelines for reporting
Levels
data to the State and periodic reviews.

Formal Process for SLA Management. Deloitte has proven

Monitor The contractor shall monitor performance
experience in managing mature service level processes in other
Operatio Service and against SLAs approved by HCFA. Reporting
NFR- public sector projects. Within 30 calendar days of contract start,
ns and Level Report and monitoring of SLAs must be accurate and
OM- Supported C.12.3 we will provide a detailed formal process for ongoing review and
Mainten Manag on provide data that provides HCFA a complete
014 revision of the SLAs between the State, Deloitte and other State
ance ement Service view of the performance for each service.
contractors. The formal process will include timelines for reporting
Levels Reports must be published to HCFA.
data to the State and periodic reviews.

559
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Monitor and Report on SLAs. As part of the formal process

approved by the State, Deloitte will monitor the system’s
The contractor shall perform periodic reviews, performance against the established SLAs. We will timely and
Operatio Service Perform on a cadence defined by HCFA, of SLAs and accurately report data in a manner that gives the State a complete
NFR-
ns and Level Service performance against them to ensure HCFA is view of the system’s performance against each service.
OM- Supported C.12.3
Mainten Manag Level satisfied with the level of performance. The Periodic Review of SLAs. On the schedule approved by the State,
015
ance ement Reviews contractor must produce and publish to HCFA Deloitte will participate and assist the State in periodic reviews of
formal reports of the periodic review findings. the SLAs based on the formal reports we produce. We will provide
a formal report of findings and recommendations to help ensure
the agreed upon level of performance is achieved and sustained.

The contractor shall track and monitor metrics

through reports on a frequency agreed upon
As part of the reviews, Deloitte will help the State identify areas of
Key with the State for:
Operatio Service improvement and provide recommendations on improving service
NFR- Performa – # and severity of SLA breaches
ns and Level levels. We will collaborate with the State to continuously revise
OM- nce – Percentage in SLA targets threatened Supported C.12.3
Mainten Manag the service levels based on the anticipated growth and changes to
016 Indicator – Percentage in SLA breaches caused
ance ement the system. We also agree that SLAs may be modified solely at
s because of third-parties
the State’s discretion.
– Percentage in SLA breaches caused
because of internal OLAs

Service Deloitte will provide the necessary support for integrating TEDS
Portfolio related services into the State’s existing Service Portfolio and
Service
and Service Catalog. Our services portfolio and catalog is designed in
Portfoli If and when HCFA develops a Service
Operatio Service a way that is easy to use and leverage for integrating with a
NFR- o and Portfolio and Service Catalogue capability,
ns and Catalogu broader portfolio and catalog.
OM- Service the contractor shall provide the relevant input Supported C.12.4
Mainten e From our widespread and in-depth experience and knowledge
017 Catalog to HCFA and other third party service
ance Complia with implementing and maintaining systems of such scale, we will
Manag providers on an as-needed basis.
nce and also provide our inputs to the State and other State contractor
ement
Alignmen service providers as needed for service portfolio and catalog
t management.

560
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The contractor shall track and monitor metrics

through reports on a frequency agreed upon
with the State for:
As required by State, Deloitte will track and monitor metrics
– Current capacity consumption against plan
through reports on an agreed upon frequency. These status
– Projected capacity needs moving forward
reports will be maintained in an easily accessible place and will
– # of capacity related alerts received by
cover the following metrics:
service desk
• Current capacity consumption against plan
– # of capacity related incidents identified and
Service • Projected capacity needs moving forward
resolved before any production impact
Portfoli Key • Number of capacity related alerts received by service desk
Operatio – # of applications supported
NFR- o and Performa • Number of capacity related incidents identified and resolved
ns and – # of CI’s under-utilized divided by total
OM- Service nce Supported C.12.4 before any production impact
Mainten number of CI’s supported
018 Catalog Indicator • Number of applications supported
ance – % of SLA breaches due to either poor
Manag s • Number of CI’s under-utilized divided by total number of CI’s
service performance or poor component
ement supported • Percent of SLA breaches due to either poor service
performance
performance or poor component performance
– Variance of actual vs. forecasted spend for
• Variance of actual vs. forecasted spend for each solution, with
each solution, with observations and
observations and justification regarding the variance
justification regarding the variance
• Number of capacity related adjustments due to demand
– # of capacity related adjustments due to
• Percent of components that are under capacity monitoring
demand
– % of components that are under capacity
monitoring

Deloitte’s approach to monitoring, tuning and implementing of

Technol
technology capacity and performance management is based on
ogy
Monitor, our EVD Methodology.
Operatio Capacit The contractor shall draft requirements for
NFR- Analyze, We use an iterative approach to capacity planning and the
ns and y and planning, managing, and reporting System
OM- Tune & Supported C.12.5 development of a capacity model where the first iteration
Mainten Perform Capacity in coordination with HCFA Business
019 Impleme establishes high level estimates based on the RFP and our past
ance ance and IS leadership.
nt experience, and each successive assessment builds upon the
Manag
previous one, to further refine and enhance the estimates
ement
including additional data points to the capacity model.

561
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deloitte calculates and develops the capacity model by collecting

Technol
a set of core statistics for each of the identified areas of capacity
ogy
Monitor, planning. The statistics for integrated eligibility business functions
Operatio Capacit The contractor shall develop a System
NFR- Analyze, include the approximate number of cases, sites, employees, etc.
ns and y and Capacity Plan which details the requirements
OM- Tune & Supported C.12.5 We integrate the eligibility data, test data, and information
Mainten Perform for planning, managing, and reporting System
020 Impleme gathered from discussions with the State to determine which
ance ance Capacity.
nt statistic(s) would create a capacity model. Once this model is
Manag
created, it is then reviewed with stakeholders for additional input
ement
and discussion.

Technol
ogy Deloitte's capacity model allows for dynamic recalculation of the
Monitor,
Operatio Capacit The contractor shall determine the estimates based on changing parameters. The model can also be
NFR- Analyze,
ns and y and performance drivers for performance used to modify parameters in order to predict the effects of
OM- Tune & Supported C.12.5
Mainten Perform management and their impacts on systems changes in the expected number of cases, offices, employees,
021 Impleme
ance ance developed. etc. The model gives immediate results concerning storage
nt
Manag requirements.
ement

Deloitte will work with State business and IS leadership to draft

Technol
requirements for planning, managing, and reporting system
ogy
Monitor, capacity and build that into the system Capacity Plan. We will also
Operatio Capacit
NFR- Analyze, The contractor shall agree with HCFA upon work with the State to draft component capacity expectations and
ns and y and
OM- Tune & minimum levels of capacity the system must Supported C.12.5 determine performance drivers for performance management and
Mainten Perform
022 Impleme provide, based on consumer demand. their system impacts, and estimate required number of resources
ance ance
nt to support change in existing and newly identified service levels.
Manag
System capacity levels needed will be agreed upon with the State
ement
and will be put forth for State approval.

562
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Our approach to monitoring and managing system response time,

processing time for each request, and processing throughput
includes the following activities:
• Monitor performance and availability of web service components
and applications, including dependencies among services
• Analyze and manage application volumes
• View and manage response times, call volumes, and errors in
Technol real time
ogy • Generate synthetic transactions to monitor performance around
Monitor, The contractor shall agree with HCFA on a
Operatio Capacit the clock and detect issues early
NFR- Analyze, maximum response time, maximum
ns and y and • Measure transaction response times across service nodes and
OM- Tune & processing time for each request, and Supported C.12.5
Mainten Perform manage bottlenecks
023 Impleme minimum number of requests that can be
ance ance • Identity and isolate problems to the service, application, or back-
nt processed in a given period of time.
Manag end
ement • Diagnose the root cause by viewing impact analysis data and
remediate issues
• Validate and manage transaction receipt and response
• Assess and proactively manage network latency
Deloitte will meet the State’s requirements for maximum response
time, maximum processing time for each request, and minimum
throughput for requests processed over time as set out in
Attachment 2.

Technol
ogy Deloitte's capacity model allows for dynamic recalculation of the
Monitor,
Operatio Capacit estimates based on changing parameters. The model can also be
NFR- Analyze,
ns and y and The contractor shall draft capacity used to modify parameters in order to predict the effects of
OM- Tune & Supported C.12.5
Mainten Perform expectations for each system component. changes in the expected number of cases, offices, employees,
024 Impleme
ance ance etc. The model gives immediate results concerning storage
nt
Manag requirements.
ement
Technol
ogy
Monitor, The contractor shall monitor application and Deloitte will use technology management methods to centrally
Operatio Capacit
NFR- Analyze, infrastructure performance 24/7/365 and manage system resources employed by TEDS. Our approach
ns and y and
OM- Tune & perform ongoing load balancing and proactive Supported C.12.5 enables efficient management and optimized use of tools and IT
Mainten Perform
025 Impleme management of systems to ensure sufficient resources to monitor ongoing load balancing and proactive
ance ance
nt capacity and application availability. capacity and availability management around the clock−24/7/365.
Manag
ement

563
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

TEDS includes a multi-tiered monitoring and reporting framework

Technol
supported by market leading tools for complete and consistent
ogy The contractor shall leverage leading tools for
Monitor, monitoring, analysis, and tuning of software and hardware system
Operatio Capacit the monitoring, analysis and tuning of
NFR- Analyze, components. The framework uses messaging standards and
ns and y and capacity and performance, which may include
OM- Tune & Supported C.12.5 technologies to deliver a monitoring solution for each abstraction
Mainten Perform new or emerging technologies. Tools and
026 Impleme layer of the system architecture. All tools and technologies will be
ance ance technologies shall be properly vetted and
nt vetted and approved by the State. Deloitte will work with the State
Manag approved by HCFA.
to provide relevant State employees with direct access to these
ement
tools.

Technol Deloitte’s approach to capacity and demand management

ogy revolves around developing capacity plans to estimate, measure,
Operatio Capacit The contractor shall forecast future capacity and forecast expected resource impact on the servers, network,
NFR-
ns and y and Manage needs based on industry leading practices to database, and other parts of the infrastructure which support
OM- Supported C.12.5
Mainten Perform Demand project future demand while enhancing application processing. This information is used to determine the
027
ance ance technologies to meet demand. infrastructure and hardware requirements necessary to support
Manag anticipated transaction volume. Using those requirements, we can
ement strategically plan for infrastructure needs and future growth.

Technol
ogy
The contractor shall ensure technologies are Our approach to capacity and demand management estimates
Operatio Capacit
NFR- adequately configured to meet the forecasted infrastructure resource requirements based on the estimate of
ns and y and Manage
OM- peak demands and establish thresholds Supported C.12.5 actual work, including expected transaction growth that the
Mainten Perform Demand
028 which will trigger appropriate corrective application expects to serve during normal and peak usage
ance ance
action. periods.
Manag
ement
Technol
ogy
Our approach to capacity and demand management estimates
Operatio Capacit The contractor shall map applications and
NFR- infrastructure resource requirements based on the estimate of
ns and y and Manage infrastructure to business processes and
OM- Supported C.12.5 actual work, including expected transaction growth that the
Mainten Perform Demand related demand, to measure capacity
029 application expects to serve during normal and peak usage
ance ance requests and consumption.
periods.
Manag
ement

564
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Capacity and demand management are approached during

various phases of the software development life cycle. With each
advancing stage, the application team has the ability to refine and
improve the accuracy of the estimates. As the design and
application mature, capacity estimates will be re-visited to refine
the plan with the most up-to-date data available. Deloitte’s
Technol approach involves capacity management at the following phases:
ogy • An initial plan during project initiation
Operatio Capacit • An updated plan after each cycle of stress testing
NFR- The contractor shall include cost benefit
ns and y and Manage • A final plan after performance testing is complete
OM- analysis as a component of the solution Supported C.12.5
Mainten Perform Demand We will use capacity planning and a capacity model to forecast
030 recommendation to HCFA IS.
ance ance future capacity needs for TEDS based on our past experience
Manag with similar systems in other states and industry standard
ement practices. Applications and infrastructure will be mapped to
business processes and related demand to measure capacity
requests and consumption. We will include a cost-benefit analysis
as part of our capacity and demand management solution
recommendation to the State. We will use our system
performance monitoring and management methodology to record,
track, and adjust utilization of system resources.

565
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Capacity and demand management are approached during

various phases of the software development life cycle. With each
advancing stage, the application team has the ability to refine and
improve the accuracy of the estimates. As the design and
application mature, capacity estimates will be re-visited to refine
the plan with the most up-to-date data available. Deloitte’s
Technol approach involves capacity management at the following phases:
The contractor shall record and track
ogy • An initial plan during project initiation
utilization of system resources to determine
Operatio Capacit • An updated plan after each cycle of stress testing
NFR- where capacity adjustments need to be made
ns and y and Manage • A final plan after performance testing is complete
OM- to support business processes as defined by Supported C.12.5
Mainten Perform Demand We will use capacity planning and a capacity model to forecast
031 HCFA. This shall be continually evaluated to
ance ance future capacity needs for TEDS based on our past experience
ensure any system or environmental changes
Manag with similar systems in other states and industry standard
have not impacted capacity and performance.
ement practices. Applications and infrastructure will be mapped to
business processes and related demand to measure capacity
requests and consumption. We will include a cost-benefit analysis
as part of our capacity and demand management solution
recommendation to the State. We will use our system
performance monitoring and management methodology to record,
track, and adjust utilization of system resources.

566
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deloitte’s approach to capacity and demand management

revolves around developing capacity plans to estimate, measure,
and forecast expected resource impact on the servers, network,
database, and other parts of the infrastructure which support
application processing. This information is used to determine the
infrastructure and hardware requirements necessary to support
anticipated transaction volume. Using those requirements, we can
Technol strategically plan for infrastructure needs and future growth.
ogy The objective of this analysis is to estimate the infrastructure
The contractor shall develop demand
Operatio Capacit resource requirements based on the estimate of actual work,
NFR- estimates for the TEDS solution in
ns and y and Model & including expected transaction growth that the application expects
OM- coordination with HCFA Business and IS Supported C.12.5
Mainten Perform Trend to serve during normal and peak usage periods.
032 leadership and adjust/report on estimates in
ance ance Capacity and demand management are approached during
accordance with the CIP reporting schedule.
Manag various phases of the software development life cycle. With each
ement advancing stage, the application team has the ability to refine and
improve the accuracy of the estimates. As the design and
application mature, capacity estimates will be re-visited to refine
the plan with the most up-to-date data available. Deloitte’s
approach involves capacity management at the following phases:
• An initial plan during project initiation
• An updated plan after each cycle of stress testing
• A final plan after performance testing is complete

Technol
Deloitte will use capacity planning and develop a capacity model
ogy
to forecast future capacity needs for TEDS based on our past
Operatio Capacit The contractor shall develop a model for
NFR- experience with similar systems in other states and industry
ns and y and Model & capacity demand based on available HCFA
OM- Supported C.12.5 standard practices.
Mainten Perform Trend data in coordination with HCFA Business and
033 Deloitte will develop this model based on available State data,
ance ance IS leadership.
and will work with the State Business and IS leadership on
Manag
developing demand estimates for TEDS.
ement
Technol
ogy
Deloitte will use system and component capacity modeling to aid
Operatio Capacit
NFR- The contractor shall test capacity demand in capacity forecasting using performance characteristics of
ns and y and Model &
OM- prototype models to ensure they surpass Supported C.12.5 applications based on historical data, projected load , and
Mainten Perform Trend
034 demand estimates. locations. The models will be continuously updated and tested so
ance ance
that they surpass demand estimates.
Manag
ement

567
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deloitte will use capacity planning and a system capacity model,

Technol
The contractor shall continuously update based on available State data, to work with the State Business
ogy
reusable sizing and estimating models to aid and IS leadership on developing demand estimates for TEDS.
Operatio Capacit
NFR- in capacity forecasting that utilize These estimates will be adjusted and reported as per the CIP
ns and y and Model &
OM- performance characteristics of applications Supported C.12.5 reporting schedule. System and component capacity modeling will
Mainten Perform Trend
035 based on historical data, projected load, be used to aid in capacity forecasting, using performance
ance ance
locations, and other factors the contractor characteristics of applications based on historical data, projected
Manag
deems appropriate. load and locations. The models will be continuously updated, and
ement
tested to ensure they surpass demand estimates.

Deloitte’s approach to monitoring, tuning, and implementing of

technology capacity and performance management is based on
our EVD Methodology.
We use an iterative approach to capacity planning and the
Technol
development of a capacity model where the first iteration
ogy
The contractor shall estimate the required establishes high level estimates based on the RFQ and our past
Operatio Capacit
NFR- Perform number of resources needed to support experiences. Each successive assessment builds upon the
ns and y and
OM- Applicati change in existing service levels and newly Supported C.12.5 previous one, to further refine and enhance the estimates
Mainten Perform
036 on Sizing identified services in coordination with HCFA including additional data points to the capacity model. We will
ance ance
Business and IS leadership. work with the State to draft component capacity expectations and
Manag
determine performance drivers for performance management and
ement
their system impacts, and estimate required number of resources
to support change in existing and newly identified service levels.
System capacity levels needed will be agreed upon with the State
and will be put forth for State approval.

Technol Deloitte’s approach to capacity and demand management

ogy revolves around developing capacity plans to estimate, measure,
The contractor shall develop a System
Operatio Capacit and forecast expected resource impact on the servers, network,
NFR- Capacity Plan that documents the current
ns and y and Plan & database, and other parts of the infrastructure which support
OM- levels of resource utilization and service Supported C.12.5
Mainten Perform Optimize application processing. This information is used to determine the
037 performance, and forecasts the future
ance ance infrastructure and hardware requirements necessary to support
requirements for new the TEDS resources
Manag anticipated transaction volume. Using those requirements, we can
ement strategically plan for infrastructure needs and future growth.

Technol
Deloitte will use component capacity planning and models to work
ogy
with State IS leadership in forecasting future requirements for new
Operatio Capacit
NFR- The contractor shall consult with HCFA on resources to support IT services for business activities. We will
ns and y and Plan &
OM- the service strategy plans for the TEDS Supported C.12.5 work with the State on service strategy plans for TEDS and will
Mainten Perform Optimize
038 solution. provide recommendations on resources required, costs, benefits,
ance ance
impacts, and other areas as per our knowledge base and past
Manag
experience.
ement

568
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Technol
Deloitte will use component capacity planning and models to work
ogy
The contractor shall forecast future with State IS leadership in forecasting future requirements for new
Operatio Capacit
NFR- requirements for new resources in resources to support IT services for business activities. We will
ns and y and Plan &
OM- coordination with HCFA IS leadership to Supported C.12.5 work with the State on service strategy plans for TEDS and will
Mainten Perform Optimize
039 support IT services that underpin the provide recommendations on resources required, costs, benefits,
ance ance
business activities. impacts, and other areas as per our knowledge base and past
Manag
experience.
ement

Technol
Deloitte will use component capacity planning and models to work
ogy
with State IS leadership in forecasting future requirements for new
Operatio Capacit The contractor shall provide
NFR- resources to support IT services for business activities. We will
ns and y and Plan & recommendations on resources required,
OM- Supported C.12.5 work with the State on service strategy plans for TEDS and will
Mainten Perform Optimize costs, benefits, impacts, and other areas the
040 provide recommendations on resources required, costs, benefits,
ance ance contractor or HCFA deem appropriate.
impacts, and other areas as per our knowledge base and past
Manag
experience.
ement

Deloitte will use capacity planning and a system capacity model,

based on available State data, to work with the State Business
Technol
and IS leadership on developing demand estimates for TEDS.
ogy
These estimates will be adjusted and reported as per the CIP
Operatio Capacit The contractor shall provide a non-disruptive
NFR- reporting schedule. System and component capacity modeling will
ns and y and Plan & implementation plan for the recommended
OM- Supported C.12.5 be used to aid in capacity forecasting, using performance
Mainten Perform Optimize solution and follow the HCFA IS protocol for
041 characteristics of applications based on historical data, projected
ance ance solution implementation and change control.
load , and locations. The models will be continuously updated and
Manag
tested so that they surpass demand estimates. Our plan will follow
ement
the HCFA IS approach for solution implementation and change
control and will be non-disruptive in nature.

569
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The contractor shall track and monitor metrics

through reports on a frequency agreed upon
with the State for:
– Current capacity consumption against plan Deloitte will collaborate with the State to establish status reports,
– Projected capacity needs moving forward reporting criteria, and frequency to track and monitor the following
– # of capacity related alerts received by metrics:
service desk • Current capacity consumption against plan
Technol – # of capacity related incidents identified and • Projected capacity needs moving forward
ogy resolved before any production impact • Number of capacity related alerts received by service desk
Key
Operatio Capacit – # of applications supported • Number of capacity related incidents identified and resolved
NFR- Performa
ns and y and – # of CI’s under-utilized divided by total before any production impact
OM- nce Supported C.12.5
Mainten Perform number of CI’s supported • Number of applications supported
042 Indicator
ance ance – % of SLA breaches due to either poor • Number of CI’s under-utilized divided by total number of CI’s
s
Manag service performance or poor component supported • Percent of SLA breaches due to either poor service
ement performance performance or poor component performance
– Variance of actual vs. forecasted spend for • Variance of actual vs. forecasted spend for each solution, with
each solution, with observations and observations and variance justification
justification regarding the variance • Number of capacity related adjustments due to demand
– # of capacity related adjustments due to • Percent of components that are under capacity monitoring
demand
– % of components that are under capacity
monitoring

Plan & Deloitte will draft detailed requirements for system availability in
Operatio Availabi
NFR- Design The contractor shall draft requirements for coordination with State business and IS leadership, centered on
ns and lity
OM- for system availability in coordination with HCFA Supported C.12.6 the three main principles of high availability engineering:
Mainten Manag
043 Availabili Business and IS leadership. elimination of single points of failure by adding redundancy to the
ance ement
ty system, reliable crossover, and detection of failures as they occur

Deloitte will develop a Performance and Availability Management

Plan following high availability practices, such as data backups,
Plan & The contractor shall develop a Program recovery and replication, clustering, network balancing, fail over
Operatio Availabi
NFR- Design System Performance and Availability solutions, geographic redundancy, and mitigation plans for
ns and lity
OM- for Management Plan that outlines performance Supported C.12.6 failures. We will use the Performance and Availability
Mainten Manag
044 Availabili and availability creation and management Management Plan to define, analyze, plan, measure and improve
ance ement
ty processes. all aspects of TEDS’s availability, outlining performance and
availability creation, management processes and meet the
requirements outlined in Contract Attachment 2

570
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Plan & Deloitte will work with the State to determine the target levels for
Operatio Availabi The contractor shall coordinate with HCFA
NFR- Design availability, reliability, and maintainability of corresponding IT
ns and lity and third party providers to determine targets
OM- for Supported C.12.6 infrastructure components, and also collaborating with the State to
Mainten Manag for availability, reliability, and maintainability
045 Availabili schedule downtimes required for the proper execution of
ance ement for IT infrastructure components.
ty maintenance activities
Plan &
Operatio Availabi The contractor shall agree with HCFA upon Deloitte will meet the State’s target levels for availability, reliability,
NFR- Design
ns and lity minimum target levels for availability, and maintainability of corresponding IT infrastructure components,
OM- for Supported C.12.6
Mainten Manag reliability, and maintainability of IT collaborating with the State to schedule downtimes required for
046 Availabili
ance ement infrastructure components. the proper execution of maintenance activities
ty

Deloitte will follow a well-defined process to identify potential risks

affecting the availability and reliability of the system and analyze
Operatio Availabi Perform The contractor shall perform regular what could happen if such risks realizes. We will also perform a
NFR-
ns and lity Risk availability risk assessments to identify and business impact analysis to determine the potential outcomes
OM- Supported C.12.6
Mainten Manag Assessm quantify risks and countermeasures to protect from such an interruption of the State’s time sensitive and critical
047
ance ement ent the availability of IT systems. business processes. We will perform regular availability risk
assessments to identify and quantify risks and countermeasures
to protect TEDS’s high availability.

Deloitte will review the results of our risk assessment with the
State to assess each risk based on probability and impact. Based
Impleme
Operatio Availabi The contractor shall develop appropriate on the State’s priorities, Deloitte will define and develop
NFR- nt
ns and lity controls and countermeasures to improve the appropriate controls and countermeasures to improve the
OM- Counter Supported C.12.6
Mainten Manag availability and resilience of the TEDS availability and resilience of TEDS services and underlying IT
048 measure
ance ement services and underlying IT components. components. Automated monitoring and notification solutions can
s
be added, single points of failure can be mitigated and operational
procedures can be augmented where automation is not an option.

In accordance with our Performance and Availability Management

Test Plan, Deloitte will perform periodic availability mechanism tests as
Availabili The contractor shall perform periodic defined by the State to track the availability and resiliency
Operatio Availabi
NFR- ty & availability mechanism tests to ensure that mechanisms designed to provision services are operating
ns and lity
OM- Resilienc availability and resiliency mechanisms Supported C.12.6 effectively. We will perform test planning, test reuse, test design,
Mainten Manag
049 e designed to provision services are operating test implementation, test execution, and test reporting where we
ance ement
Mechani effectively. will share availability testing results with the State. The test results
sms report will detail the testing performed, the results obtained, and
the recommended next steps.

571
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deloitte will review the results of our risk assessment with the
State to assess each risk based on probability and impact. Based
Test on the State’s priorities, Deloitte will define and develop
Availabili appropriate controls and countermeasures to improve the
Operatio Availabi
NFR- ty & The contractor shall inform the HCFA Control availability and resilience of TEDS services and underlying IT
ns and lity
OM- Resilienc Owner and the Internal Audit function of audit Supported C.12.6 components. Automated monitoring and notification solutions can
Mainten Manag
050 e findings observed during periodic audits. be added, single points of failure can be mitigated and operational
ance ement
Mechani procedures can be augmented where automation is not an option.
sms Deloitte will assist and participate in periodic audits and inform the
HCFA Control Owner and Internal Audit functions of any audit
findings.

In accordance with our Performance and Availability Management

Test Plan, Deloitte will perform periodic availability mechanism tests as
Availabili defined by the State to track the availability and resiliency
Operatio Availabi The contractor shall publish Availability &
NFR- ty & mechanisms designed to provision services are operating
ns and lity Resilience test results report and ensure that
OM- Resilienc Supported C.12.6 effectively. We will perform test planning, test reuse, test design,
Mainten Manag they are available to HCFA Business and IS
051 e test implementation, test execution, and test reporting where we
ance ement leadership.
Mechani will share availability testing results with the State. The test results
sms report will detail the testing performed, the results obtained, and
the recommended next steps.

Deloitte will perform a number of system monitoring activities

around availability, reliability, and performance. We will monitor
TEDS availability to measure that the system abides by the high
Monitor,
availability targets set by the State. Availability reports will
Operatio Availabi Measure,
NFR- document, track, and maintain all availability and performance
ns and lity Analyze, The contractor shall leverage existing HCFA
OM- Supported C.12.6 analysis results conducted on the solution. Results will be
Mainten Manag & Report tools where available
052 published to stakeholders to foster transparency and service level
ance ement Availabili
tracking. Deloitte will leverage existing State and STS monitoring
ty
tools where available and provide access to the underlying data to
create the reports to the State for review during periodic service
level review meetings.

572
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deloitte will perform a number of system monitoring activities

around availability, reliability, and performance. We will monitor
TEDS availability to measure that the system abides by the high
availability targets set by the State. Availability reports will
document, track, and maintain all availability and performance
Monitor, analysis results conducted on the solution. We will collaborate
Operatio Availabi Measure, The contractor shall develop availability with the State to design the criteria and frequency for the
NFR-
ns and lity Analyze, reports to document and maintain all availability reports and include the following metrics:
OM- Supported C.12.6
Mainten Manag & Report availability and performance analysis results • Percent availability of the overall TEDS solution
053
ance ement Availabili conducted on the system. • Percent availability of specific TEDS services
ty • Percent availability of TEDS individual systems
• Percent reduction in the unavailability of services and
components
• Percent increase in the reliability of services and components
• Percent improvement in overall end-to-end availability of service
• Percent reduction in the number and impact of service breaks

Monitor,
Deloitte will publish the results to stakeholders to foster
Operatio Availabi Measure,
NFR- The contractor shall provide availability transparency and service level tracking. Deloitte will leverage
ns and lity Analyze,
OM- reports to HCFA for review during periodic Supported C.12.6 existing State and STS monitoring tools where available, and
Mainten Manag & Report
054 service level review meetings. provide access to the underlying data to create the reports to the
ance ement Availabili
State for review during periodic service level review meetings.
ty

Monitor,
Operatio Availabi Measure, The contractor shall conduct ongoing Deloitte will perform ongoing monitoring on system activities
NFR-
ns and lity Analyze, availability and performance analysis on the around availability, reliability and performance with 24/7/365
OM- Supported C.12.6
Mainten Manag & Report system which includes monitoring the coverage with planned exceptions for scheduled downtimes to
055
ance ement Availabili availability 24/7/365. support maintenance activities and go-lives
ty

573
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The contractor shall track and monitor metrics Deloitte will perform a number of system monitoring activities
through reports on a frequency agreed upon around availability, reliability, and performance. We will monitor
with the State for: TEDS availability to measure that the system abides by the high
– % availability of the overall the TEDS availability targets set by the State. Availability reports will
solution document, track, and maintain all availability and performance
– % availability of specific the TEDS services analysis results conducted on the solution. We will collaborate
Key
Operatio Availabi – % availability of the TEDS individual with the State to design the criteria and frequency for the
NFR- Performa
ns and lity systems availability reports and include the following metrics:
OM- nce Supported C.12.6
Mainten Manag – % reduction in the unavailability of services • Percent availability of the overall TEDS solution
056 Indicator
ance ement and components • Percent availability of specific TEDS services
s
– % increase in the reliability of services and • Percent availability of TEDS individual systems
components • Percent reduction in the unavailability of services and
– % improvement in overall end-to-end components
availability of service • Percent increase in the reliability of services and components
– % reduction in the number and impact of • Percent improvement in overall end-to-end availability of service
service breaks • Percent reduction in the number and impact of service breaks

Operatio IT After performing an analysis, Deloitte will draft requirements for IT

NFR- The contractor shall draft requirements for IT
ns and Service Initiate Service Continuity in coordination with State Business and IT
OM- Service Continuity in coordination with HCFA Supported C.12.7
Mainten Continu ITSC leadership. Please refer to Strategize phase in figure C.12-5.
057 Business and IS leadership.
ance ity BCM Methodology for more details.

The contractor shall develop an Integrated

Upon approval of a strategy by the State, Deloitte will develop a
Operatio IT Business Continuity/Disaster Recovery Plan
NFR- BC/DR plan that is compliant with the HCFA BC/DR Management
ns and Service Initiate (BC/DR), consistent with NIST 800-34 Rev 1
OM- Supported C.12.7 Plan and CMS Contingency Planning Guidance. Please refer to
Mainten Continu ITSC and CMS control standards including MARS-
058 Planning phase in figure C.12-5. BCM Methodology for more
ance ity E 2.0 Contingency Planning control family
details.
that outline BC/DR capabilities.
Operatio IT
NFR- The contractor shall develop BC/DR policies As part of our phased approach to develop the BC/DR plan,
ns and Service Initiate
OM- and procedures in coordination with HCFA Supported C.12.7 Deloitte will work with the State to understand State policies and
Mainten Continu ITSC
059 leadership. procedures and align them with our BC/DR plan.
ance ity
In coordination with the State leadership, our BC/DR plan will
Operatio IT
NFR- The contractor shall draft BC/DR guidelines in include policies, procedures, and guidelines with respect to
ns and Service Initiate
OM- compliances with State policies and Supported C.12.7 BC/DR, in compliance with State policies and expectations.
Mainten Continu ITSC
060 expectations Please refer to Planning phase in figure C.12-5. BCM
ance ity
Methodology for more details.

574
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deloitte's Business Continuity/Disaster Recovery plan will include

Operatio IT
NFR- The contractor shall draft an Implementation a detailed backup strategy and implementation plan that will
ns and Service Initiate
OM- and Deployment Plan that involves vm and Supported C.12.7 describe a multiple backup strategy for software and data, and
Mainten Continu ITSC
061 volume snapshots. version control processes and procedures. Our deployment plan
ance ity
also involves vm and volume snapshots.

Operatio IT The contractor shall develop multiple backup Deloitte's Business Continuity/Disaster Recovery plan will include
NFR-
ns and Service Initiate approach strategy. Backups by using backup a detailed backup strategy and implementation plan that will
OM- Supported C.12.7
Mainten Continu ITSC software. Backups from storage systems describe a multiple backup strategy for software and data, and
062
ance ity using snapshot technologies. version control processes and procedures.

Deloitte will train both Deloitte's staff and State personnel on the
processes and procedures of BC/DR plan as well as of the
Operatio IT
NFR- implications of business and service continuity. Our Staff will
ns and Service Initiate The contractor shall have a designated
OM- Supported C.12.7 consider BC/DR procedures as normal work activities. For the
Mainten Continu ITSC BC/DR representative.
063 readiness of our staff and State personnel involved in BCDR
ance ity
procedures, we will provide periodic training sessions and a
dedicated BC/DR representative.

For the continuous stability of a system of this scale, a consistent

approach to Operations and Maintenance (O&M) is essential. To
The contractor will build and maintain a
attain this, Deloitte establishes and follows standard procedures
Standard Operating Procedure Manual (SOP)
and processes. For TEDS, Deloitte will leverage NextGen’ s
The manual will be indexed, with separate
Operatio IT proven Standard Operating Procedure (SOP) manual, which
NFR- chapters (sections) for each area of O&M)
ns and Service Initiate includes operating procedures and protocols for each of the
OM- and kept available to State staff. The State Supported C.12.1
Mainten Continu ITSC standard capabilities associated with O&M. We will work with the
064 may require an SOP be written for specific
ance ity State, on an ongoing basis, to customize and optimize it for
system support functions. *** This would be
TEDS. We agree that the State may require an SOP to be written
customized for each section to identify the
for specific system support functions. Deloitte will adhere to the
chapter in an SOP manual.
processes set forth in the SOP and provide the tools necessary to
execute these capabilities.

The contractor will develop, maintain, and

Operatio IT
NFR- implement complete version for control Deloitte will develop, maintain, and implement version control
ns and Service Initiate
OM- processes and procedures. The contractor Supported C.12.7 processes and procedures and Deloitte will provide the tools
Mainten Continu ITSC
065 will provide any / all tools necessary to fulfil necessary to perform these operations.
ance ity
the obligations of this contract.

575
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Define As part of the Analysis phase of Deloitte's Business Continuity

Operatio IT
NFR- ITSC The contractor shall perform a Business Planning methodology - BETH3, Deloitte will perform a BIA to
ns and Service
OM- Require Impact Analysis (BIA) to quantify the impact Supported C.12.7 quantify the impact of a loss of service to the State. This analysis
Mainten Continu
066 ments & of a loss of service to HCFA. shall be presented to the State to help them make a decision on a
ance ity
Strategy strategy for the BC/DR of TEDS.

As part of our strategy options for the State, we will perform and
Define
Operatio IT The contractor shall perform Risk present risk assessments to recommend the best strategy for the
NFR- ITSC
ns and Service Assessments in to determine areas that can BC/DR for TEDS. We will take into consideration the acceptable
OM- Require Supported C.12.7
Mainten Continu be mitigated by IT and to define levels of level of risk to the State and recommend an option that is an
067 ments &
ance ity acceptable risks to the organization. optimum balance of risk and cost. We will collaborate with the
Strategy
State to support their decision making process.

The contractor shall develop ITSC strategies As part of our strategy options for the State, we will perform and
Define
Operatio IT in coordination with HCFA leadership to present risk assessments to recommend the best strategy for the
NFR- ITSC
ns and Service achieve optimum balance of risk reduction BC/DR for TEDS. We will take into consideration the acceptable
OM- Require Supported C.12.7
Mainten Continu and disaster recovery and continuity options level of risk to the State and recommend an option that is an
068 ments &
ance ity based on the results of BIAs and Risk optimum balance of risk and cost. We will collaborate with the
Strategy
Assessments. State to support their decision making process.

Define
Operatio IT
NFR- ITSC Deloitte's Business Continuity/Disaster Recovery plan will contain
ns and Service The contractor shall maintain an inventory of
OM- Require Supported C.12.7 an inventory of TEDS’s critical system applications and
Mainten Continu critical system applications and processes.
069 ments & processes.
ance ity
Strategy
The contractor shall ensure that all required
Operatio IT
NFR- services, facilities and resources are Deloitte will work with the State to deliver the required services,
ns and Service Impleme
OM- delivered in an acceptable operational state Supported C12.7 facilities, and resources in an acceptable operational state and
Mainten Continu nt ITSC
070 and are ‘fit for purpose’ when accepted by the are ‘fit for purpose’ when accepted by the business.
ance ity
business.
Operatio IT
NFR- The contractor shall perform service
ns and Service Impleme In the event of a disaster, Deloitte will follow the processes and
OM- continuity procedures as defined in the Supported C.12.7
Mainten Continu nt ITSC procedures from the approved BC/DR plan.
071 BC/DR plan in the event of a disaster.
ance ity
Operatio IT
NFR-
ns and Service Impleme The contractor shall participate in enterprise Deloitte will support and participate in BC/DR testing initiated by
OM- Supported C.12.7
Mainten Continu nt ITSC BC/DR testing initiated by HCFA. the State and/or STS.
072
ance ity

Deloitte will train both Deloitte's staff and State personnel on the
Perform
The contractor shall ensure that all vendor processes and procedures of BC/DR plan as well as of the
Operatio IT ITSC
NFR- staff are aware of the implication of business implications of business and service continuity. Our Staff will
ns and Service On-
OM- continuity and of service continuity and Supported C.12.7 consider BC/DR procedures as normal work activities. For the
Mainten Continu Going
073 consider these as part of their normal working readiness of our staff and State personnel involved in BCDR
ance ity Operatio
activities. procedures, we will provide periodic training sessions and a
ns
dedicated BCDR representative.

576
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Perform
Operatio IT ITSC
NFR- The contractor shall train all HCFA, State and To ensure the readiness of our staff and State personnel involved
ns and Service On-
OM- vendor personnel involved in BC/DR Supported C.12.7 in BC/DR procedures, Deloitte will provide periodic training
Mainten Continu Going
074 procedures. sessions.
ance ity Operatio
ns

Perform Deloitte's BC/DR plan will include regular DR testing plans that
The contractor shall develop and establish a
Operatio IT ITSC will be conducted at least twice a year to ascertain that critical
NFR- program of regular testing to ensure critical
ns and Service On- components of the BC/DR strategies can be recovered within the
OM- components of the ITSC strategy can be Supported C.12.7
Mainten Continu Going desired Recovery Time Objective. Our BC/DR plan includes
075 recovered within the desired Recovery Time
ance ity Operatio twice-yearly table-top tests, quarterly selected critical component
Objective
ns testing, and yearly technical cut over tests, at a minimum.

Perform
Deloitte will monitor and assess changes that could affect the
Operatio IT ITSC
NFR- The contractor shall ensure that all changes BC/DR plan such as changes implemented in TEDS or other
ns and Service On-
OM- are assessed for potential impact on ITSC Supported C.12.7 systems TEDS interacts with, change in policy and business
Mainten Continu Going
076 plans. processes, and IT changes. Deloitte will collaborate with all TEDS
ance ity Operatio
stakeholders to keep the BCDR plan up to date.
ns

As part of the process, on a quarterly basis, Deloitte will prepare

The contractor shall develop Business and produce reports on the DR test results. We will collaborate
Continuity and Disaster reports to document with the State to track and monitor through reports on a frequency
and maintain BC/DR test results on a agreed upon with the State for the following metrics:
quarterly basis. This report shall include the • Percent of success of regular audits of the ITSC plans to ensure
following detail: that the agreed recovery requirements of the business can be
Perform achieved at all times
Operatio IT ITSC A) IT Service Continuity Management Plan • Percent overall risk and impact of possible failure of IT services
NFR-
ns and Service On- B) Business Impact Analysis Plan • Percent of business processes covered by explicit service
OM- Supported C.12.7
Mainten Continu Going C) Risk Analysis and Management exercises continuity targets
077
ance ity Operatio reports • Disaster preparedness gaps • Duration from the identification of
ns D) Notes providing continuity advice and a disaster-related risk to the implementation of a suitable
guidance continuity mechanism
E) Assessed Request for Changes relating to • Number of disaster practices carried out
continuity aspects • Number of identified deficiencies during disaster tests, practices,
F) Schedule of tests for resilient and fail-over and exercises.
components • Number of errors found in an audit of the information in reports
of key people, their responsibilities, and contact details

577
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

As part of the process, on a quarterly basis, Deloitte will prepare

and produce reports on the DR test results. We will collaborate
with the State to track and monitor through reports on a frequency
agreed upon with the State for the following metrics:
• Percent of success of regular audits of the ITSC plans to ensure
that the agreed recovery requirements of the business can be
Perform achieved at all times
Operatio IT ITSC The contractor shall provide Vendor Service • Percent overall risk and impact of possible failure of IT services
NFR-
ns and Service On- Continuity and Disaster reports to HCFA for • Percent of business processes covered by explicit service
OM- Supported C.12.7
Mainten Continu Going review during periodic service level review continuity targets
078
ance ity Operatio meetings. • Disaster preparedness gaps • Duration from the identification of
ns a disaster-related risk to the implementation of a suitable
continuity mechanism
• Number of disaster practices carried out
• Number of identified deficiencies during disaster tests, practices,
and exercises.
• Number of errors found in an audit of the information in reports
of key people, their responsibilities, and contact details

Perform
Operatio IT ITSC Deloitte’s BC/DR plan also includes a backup job and server
NFR-
ns and Service On- The contractor shall develop a backup job audit. Our strategy also takes into account the letter and notice
OM- Supported C.12.7
Mainten Continu Going and server audit. processing services of TEDS and will ensure a proper backup
079
ance ity Operatio plan is in place.
ns

Perform Our BCDR plan includes twice-yearly table top tests, quarterly
Operatio IT ITSC The contractor shall develop and implement a selected critical component testing, and yearly technical cutover
NFR-
ns and Service On- testing program to include bi-annual table-top tests, at the minimum. Any gaps identified will be reported to the
OM- Supported C.12.7
Mainten Continu Going tests, quarterly selected critical component State along with recommendations to bridge them. As approved
080
ance ity Operatio testing, and yearly technical cut over tests. by the State, Deloitte will address these gaps and update the
ns BCDR plan.

Operatio IT In the event of a disaster, Deloitte will follow the BC/DR plan
NFR-
ns and Service Invoke The contractor shall perform all ITSC approved by the State and perform all activities, processes, and
OM- Supported C.12.7.2
Mainten Continu ITSC activities as declared by HCFA. procedures included. A report of the BC/DR execution shall be
081
ance ity presented to the State for review.

578
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The contractor shall track and monitor metrics

through reports on a frequency agreed upon As part of the process, on a quarterly basis, Deloitte will prepare
with the State for: and produce reports on the DR test results. We will collaborate
– % of success of regular audits of the ITSC with the State to track and monitor through reports on a frequency
plans to ensure that, at all times, the agreed agreed upon with the State for the following metrics:
recovery requirements of the business can be • Percent of success of regular audits of the ITSC plans to ensure
achieved that the agreed recovery requirements of the business can be
– % overall risk and impact of possible failure achieved at all times
Key of IT services • Percent overall risk and impact of possible failure of IT services
Operatio IT • Percent of business processes covered by explicit service
NFR- Performa – % of business processes which are covered
ns and Service continuity targets
OM- nce by explicit service continuity targets Supported C.12.7
Mainten Continu • Disaster preparedness gaps • Duration from the identification of
082 Indicator – Disaster preparedness gaps
ance ity a disaster-related risk to the implementation of a suitable
s – Duration from the identification of a
disaster-related risk to the implementation of continuity mechanism
a suitable continuity mechanism • Number of disaster practices carried out
– Number of disaster practices carried out • Number of identified deficiencies during disaster tests, practices,
– Number of identified deficiencies during and exercises.
disaster tests, practices, and exercises • Number of errors found in an audit of the information in reports
– Number of errors found in an audit of the of key people, their responsibilities, and contact details
information in lists of key people, their
responsibilities and contact details

Define
Service Service
Operatio Transiti Transitio The contractor shall create a formalized
NFR- Deloitte will follow the formal Change and Request Management
ns and on n service description and associated details
OM- Supported C.12.8 process to propose new services and processes or changes to
Mainten Plannin Strategy when responding to business needs or
083 existing services and processes.
ance g and & proactively proposing new services
Support Approac
h
Service Define
Operatio Transiti Service
NFR- The contractor shall complete Service Design Deloitte will complete Service Design Packages (SDP) for major
ns and on Transitio
OM- Packages (SDP) for major new service Supported C.12.8 new service implementations and follow through promptly to any
Mainten Plannin n
084 implementations SDP formal checks throughout the SDLC.
ance g and Lifecycle
Support Stages
Service
Prepare
Operatio Transiti
NFR- for Deloitte will work closely with all stakeholders and maintain
ns and on The contractor shall respond to any SDP
OM- Service Supported consistent and effective communications throughout the transition
Mainten Plannin formal checks throughout the SDLC
085 Transitio lifecycle by following our approach in C.13 (Turnover).
ance g and
n
Support

579
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Service
Prepare
Operatio Transiti During the service transition lifecycle, the
NFR- for Deloitte will work closely with all stakeholders and maintain
ns and on contractor shall maintain consistent and
OM- Service Supported C.12.8 consistent and effective communications throughout the transition
Mainten Plannin effective communications with all impacted
086 Transitio lifecycle by following our approach in C.13 (Turnover).
ance g and stakeholders
n
Support
Service Plan &
The service shall provide a clearly defined
Operatio Transiti Coordina
NFR- promote-to-production process that enforces Deloitte will provide a well-defined promote-to-production process
ns and on te
OM- a strictly defined methodology for movement Supported C.12.8 by enforcing a strictly defined methodology by following our
Mainten Plannin Service
087 from development to quality assurance (QA) release deployment methodology and approach
ance g and Transitio
and production
Support n
Service Provide
The service shall provide a clearly defined
Operatio Transiti Service
NFR- promote-to-production process that enforces Deloitte will provide a well-defined promote-to-production process
ns and on Transitio
OM- a strictly defined methodology for movement Supported C.12.8 by enforcing a strictly defined methodology by following our
Mainten Plannin n
088 from development to quality assurance (QA) release deployment methodology and approach
ance g and Process
and production
Support Support

The contractor shall track and monitor metrics

through reports on a frequency agreed upon
with the State for:
Deloitte will track and monitor the following metrics through
– % increase in the number of releases reports to the State on an agreed upon frequency:
implemented that meet the customer’s • Percent increase in the number of releases implemented that
agreed requirements in terms of cost, quality, meet the State’s agreed requirements in terms of cost, quality,
Service scope and release schedule (expressed as a scope and release schedule (expressed as a percentage of all
Key
Operatio Transiti percentage of all releases) releases)
NFR- Performa
ns and on – % reduction in variation of actual versus • Percent reduction in variation of actual versus predicted scope,
OM- nce Supported C.12.8
Mainten Plannin predicted scope, quality, cost and time quality, cost, and time
089 Indicator
ance g and – % reduction in number of issues, risks and • Percent reduction in number of issues, risks, and delays •
s
Support delays Percent increase of service transition success rates
– % increase of service transition success • Percent increase in project and service team satisfaction with
rates the service transition practices
– % increase in project and service team • Percent reduction of number of issues caused by conflicting
satisfaction with the service transition demands for shared resources
practices
– % reduction of number of issues caused by
conflicting demands for shared resources

The contractor shall produce and enforce

Deloitte establishes definitive processes and procedures for
Operatio IT formal procedures to initiate and log requests
NFR- Initiate enabling a concerned stakeholder to submit a technology change
ns and Change for change (RFCs). RFCs shall provide data
OM- Change Supported C.12.9 request via ‘Request For Change’ (RFC). An RFC has sufficient
Mainten Manag to allow the State to assess the change,
090 Request details to identify the reason, priority type of change and impacts
ance ement including reason/cause, impacts, cost,
on business in terms of cost and schedule.
schedule, and priority

580
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deloitte provides JIRA, an automated Change Control Tool

Operatio IT
NFR- Initiate The contractor shall manage an automated wherein the changes are logged with the information submitted
ns and Change
OM- Change Change Control Tool where changes will be Supported C.12.9 via an RFC. JIRA provides pre-configured change workflows
Mainten Manag
091 Request logged and managed which can be customized for the State and can be interfaced with
ance ement
any applicable State tools if required.

Operatio IT The contractor shall complete a Security

NFR- Initiate For each Change request, Deloitte team conducts a security and
ns and Change Impact Analysis (SIA) form and a narrative of
OM- Change Supported C.12.9 vulnerability assessment including qualitative and quantitative risk
Mainten Manag all risks identified by the Change Request
092 Request analysis and logs the information in JIRA.
ance ement submitter with each Change Request

Review, The contractor shall clearly categorize Deloitte works with the State to identify and define the different
Operatio IT
NFR- Assess changes and publish the categorization to change types and the criteria for each change type based on the
ns and Change
OM- and HCFA for approval. Change types include Supported C.12.9 priority. For each change, our team performs the analysis and
Mainten Manag
093 Authoriz normal changes, standard changes, and classifies into one of the types: normal changes, standard
ance ement
e emergency changes changes, expedited changes and emergency changes

Deloitte performs the analysis of each change according to the

Review,
Operatio IT established and approved criteria. If a change is classified as an
NFR- Assess The contractor shall submit a documented
ns and Change emergency depending on the severity and criticality of its impact
OM- and RFC for emergency changes within 24 hours Supported C.12.9
Mainten Manag on the normal system operations, our team submits an RFC for
094 Authoriz of the change being made
ance ement State to review and approve within 24 hours of the change being
e
requested.

The contractor shall publish defined RFC

Review,
Operatio IT naming and prioritization procedures, based Deloitte will work with the State to define RFC naming
NFR- Assess
ns and Change on business priorities and impact conventions and prioritization procedures based on the priority
OM- and Supported C.12.9
Mainten Manag determinations, to ensure HCFA clearly and impact. These procedures tend to include a definitive criteria
095 Authoriz
ance ement understands what the change is, its priority, so that any ambiguity is removed for TCCB review.
e
and potential impacts
Review, Deloitte will collaborate with the State to establish the criteria and
Operatio IT The contractor shall produce and publish to
NFR- Assess process for categorizing a change as emergency. We will
ns and Change HCFA policies to categorize an emergency
OM- and Supported C.12.9 streamline the change workflows for an emergency so that no
Mainten Manag change. These changes require the
096 Authoriz undue delays are encountered in getting the executive level
ance ement appropriate executive level approvals
e approvals.
The contractor shall produce and abide by
Review,
Operatio IT the results of an automated risk calculation Deloitte utilizes a quantitative risk analysis method that calculates
NFR- Assess
ns and Change that will recommend if the change should be the risk score for a change request based on system risk and its
OM- and Supported C.12.9
Mainten Manag approved or denied. This calculation will be impact on the business. We will follow this method in
097 Authoriz
ance ement based on system risk multiplied by the recommending whether a change should be implemented or not.
e
magnitude of the impact
Review, Deloitte’s established change management processes are based
Operatio IT
NFR- Assess The contractor shall provide appropriate on prioritizing each change request based on the business needs
ns and Change
OM- and prioritization that is aligned with the business Supported C.12.9 and requirements. The process is clearly dependent on
Mainten Manag
098 Authoriz needs / requirements establishing a link between the technology and the business it is
ance ement
e designed to support.

581
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The contractor shall produce a forward

looking change schedule which accounts for
all dependencies that can affect the timing of
Operatio IT
NFR- a change (e.g. year-end close activities, Deloitte will prepare an implementation schedule after taking into
ns and Change Plan &
OM- HCFA regulatory requirements etc.). This Supported C.12.9 account all the dependencies and the downstream impact on the
Mainten Manag Schedule
099 schedule will also articulate downstream overall project.
ance ement
impacts to the overall project schedule and
identify any risks and potential contingency
plans and workarounds as appropriate

Deloitte prepares an implementation schedule after taking into

account all the dependencies and the downstream impact on the
The contractor shall manage the RFC overall project. Deloitte prepares and publishes an implementation
Operatio IT schedule with defined and published lead schedule for any RFC based on risk and impact. We work with the
NFR-
ns and Change Plan & times, based on risk and impact. All change state to get the schedules approved in accordance with the overall
OM- Supported C.12.9
Mainten Manag Schedule windows must be agreed upon by HCFA. project schedule. Deloitte performs adequate risk analysis and
100
ance ement RFC schedules will follow the same SDLC assessments for each change control so that MARS-E
process in use for the project requirements and CMS guidance documents are complied with.
Any exceptions are documented and need to be approved by the
TCCB.

Operatio IT The contractor shall provide test certification

NFR-
ns and Change Build & and other development/testing documents Deloitte will submit the test plan documents that are developed as
OM- Supported C.12.9
Mainten Manag Test required by the SDLC process and that the part of the overall test management strategy to TCCB for review.
101
ance ement HCFA Change Control Board requests

Operatio IT
NFR- The testing procedures for each change shall
ns and Change Build & Deloitte executes test plans and the results and exceptions are
OM- follow the process and standards established Supported C.12.9
Mainten Manag Test submitted to TCCB for review and approval.
102 within the Test Management Plan
ance ement

Operatio IT Approve
NFR- The contractor shall perform changes
ns and Change for Deloitte will implement the changes based on a published
OM- according to the agreed-upon and validated Supported C.12.9
Mainten Manag Impleme implementation plan and an approved schedule
103 HCFA change schedule
ance ement ntation

Operatio IT Approve The contractor shall participate in the HCFA

NFR- Deloitte team will participate in all TCCB meetings to provide any
ns and Change for CCB meetings and provide subject matter
OM- Supported C.12.9 further information required by TCCB reviewers to facilitate the
Mainten Manag Impleme experts as needed to answer questions prior
104 approval process.
ance ement ntation to formal approval process
The contractor shall update change records
Operatio IT Approve Deloitte team will update each change request with an appropriate
NFR- within the Change Control Tool with the
ns and Change for status in JIRA. Our team also consolidates and communicates the
OM- appropriate status changes and details about Supported C.12.9
Mainten Manag Impleme most current status of any change request to all the concerned
105 the change and communicate updates to
ance ement ntation stakeholders.
HCFA stakeholders and partners

582
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deloitte understands that TCCB approval is required for

Operatio IT Approve
NFR- The contractor shall receive CCB approval for implementing any change in production. Our team will obtain the
ns and Change for
OM- all changes prior to promotion into the Supported C.12.9 approval so that only authorized changes are implemented in
Mainten Manag Impleme
106 Production environment production by utilizing a solid test management strategy that
ance ement ntation
includes a thorough regression testing.

The contractor shall produce and publish to

Operatio IT Coordina Deloitte team complies with the ongoing formal documentation
NFR- HCFA ongoing formal documentation of the
ns and Change te & requirements by collaborating with the State in getting the
OM- activities and checkpoints required to Supported C.12.9
Mainten Manag Impleme implementation schedule and activities approved and added to
107 coordinate and implement authorized
ance ement nt the existing documentation repository.
change(s)

Deloitte will communicate the roles and responsibility of its

Operatio IT Coordina The contractor shall provide implementation
NFR- implementation team members to all the concerned stakeholders.
ns and Change te & team members to be on call and available
OM- Supported C.12.9 The implementation team is available onsite and on-call during
Mainten Manag Impleme following any implemented changes to
108 and after the implementation depending on the type of change
ance ement nt production team
that is being implemented

Deloitte will provide a clearly documented rollback strategy in the

Operatio IT Coordina
NFR- The contractor vendor team should be able to implementation plan for each change request. If the
ns and Change te &
OM- back out any implemented changes that have Supported C.12.9 implementation produces any negative impact on the system, our
Mainten Manag Impleme
109 a negative impact on the system team executes the rollback steps after the necessary approvals by
ance ement nt
the State and brings the system back to its previous stable state.

The contractor shall communicate and

Operatio IT Coordina
NFR- coordinate with the HCFA configuration Deloitte will collaborate with the State to include any configuration
ns and Change te &
OM- manager to ensure that all CI changes Supported C.12.9 item changes that arise after an implementation to the State’s
Mainten Manag Impleme
110 resulting from a new change is appropriately Configuration Management Database.
ance ement nt
documented
The contractor shall perform a formal post-
implementation change review to confirm that
the change has met objectives, and that
Operatio IT
NFR- HCFA's relevant change stakeholders are Deloitte will conduct an implementation review meeting with the
ns and Change Review
OM- satisfied with the results. This review will be Supported C.12.9 concerned stakeholder to review, verify and validate the results of
Mainten Manag & Close
111 based on formal post-implementation change a change.
ance ement
review process, which will be included in the
SIs IT Change Management Plan, and
approved by HCFA
Operatio IT The contractor shall document and publish to
NFR- Deloitte team documents the lessons learned while implementing
ns and Change Review HCFA lessons learned, to provide an
OM- Supported C.12.9 a change request in order to improve the change management
Mainten Manag & Close opportunity to improve the IT Change
112 process for future IT requests.
ance ement Management process for future changes

583
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The contractor shall track and monitor metrics

through reports on a frequency agreed upon
with the State for: . To track and monitor the change management process, we
develop and publish reports on the following metrics:
– % of changes implemented successfully • Percent of changes implemented successfully
– Reduction in the backlog of change • Reduction in the backlog of change requests
requests • Percent of normal changes
– % of Normal Changes • Percent of expedited changes
– % of Expedited Changes • Percent of standard changes
Key
Operatio IT – % of Standard Changes • Percent of rejected changes
NFR- Performa
ns and Change – % of Rejected Changes • Percent of backed out changes, due to inaccurate impact
OM- nce Supported C.12.9
Mainten Manag – % of Emergency Changes analysis
113 Indicator
ance ement – % of successfully implemented approved • Percent of rolled back changes
s
changes. • Percent of changes that were completed successfully with
– Time to process change requests end-to- correct data in CMS
end by type • The average time and cost of diagnosing and resolving incidents
– % of successful Back outs and problems (by type)
– % of changes which cause issues in the • Percent of business impact of outages and incidents caused by
environment poor asset and configuration management
– % of implemented changes in which Post • Number of total number of CIs tracked over time
Implementation Review is performed
– % of unauthorized changes

Plan
Operatio Configu
NFR- Configur The contractor shall develop a Configuration Deloitte will coordinate with the State to integrate our
ns and ration
OM- ation Management Plan which integrates with Supported C.12.10 Configuration Management Plan with the State’s Configuration
Mainten Manag
114 Manage HCFAs Configuration Management Plan Management Plan.
ance ement
ment
The contractor shall build and maintain a
configuration management database (CMDB)
Plan which is maintained per the standards The State will purchase and Deloitte will build and maintain a
Operatio Configu
NFR- Configur defined in the HCFA Configuration CMDB that is aligned to the standards set forth in the State’s
ns and ration
OM- ation Management Plan. The CMDB shall be Supported C.12.10 Configuration Management Plan. The CMDB will be integrated
Mainten Manag
115 Manage maintained within a service management tool with other service management capabilities such as Incident
ance ement
ment which integrates the CMDB with other service Management, Change Management Service Desk, etc.
management capabilities such as Incident
Management and Change Management

584
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deloitte will purchase, build, and maintain a Configuration

Plan
Operatio Configu Management Database (CMDB) that is aligned to the standards
NFR- Configur The Vendor CMDB shall be accessible to
ns and ration set forth in the State’s Configuration Management Plan. CMDB
OM- ation HCFA stakeholders for increased Supported C.12.10
Mainten Manag will be integrated with other service management capabilities such
116 Manage transparency
ance ement as Incident Management and Change Management Service
ment
Desk.

Operatio Configu
NFR- Identify Deloitte will collaborate with State business and IS leadership to
ns and ration Configuration Items shall be integrated to an
OM- Configur Supported C.12.10 define configuration items(CI) with appropriate levels of
Mainten Manag enterprise CMDB
117 ation granularity and integrate the CIs into an enterprise CMDB
ance ement
Operatio Configu An initial set of Configuration Items (CI's)
NFR- Identify Deloitte will collaborate with State business and IS leadership to
ns and ration must be defined by the vendor in coordination
OM- Configur Supported C.12.10 define CIs with appropriate levels of granularity and integrate the
Mainten Manag with HCFA business and IS leadership to
118 ation CIs into an enterprise CMDB
ance ement ensure appropriate level of granularity
Operatio Configu
NFR- Identify The baseline configuration of the system shall Deloitte shall work with the State to develop a configuration data
ns and ration
OM- Configur be consistent with the TEDS enterprise Supported C.12.10 model that is consistent with the State’s enterprise CMDB
Mainten Manag
119 ation architecture configuration data model.
ance ement
Deloitte will maintain older versions of approved baseline
Operatio Configu Older versions of approved baseline
NFR- Identify configurations and provide it for review or rollback upon request
ns and ration configurations should be maintained and
OM- Configur Supported C.12.10 from the State. For this purpose, we will also retain records of
Mainten Manag made available for review and rollback if
120 ation configuration controlled changes to TEDS for at least three (3)
ance ement needed
years or as directed by the State
Operatio Configu
NFR- Control The contractor configuration data model must Deloitte shall work with the State to develop a configuration data
ns and ration
OM- Configur be consistent with HCFAs enterprise CMDB Supported C.12.10 model that is consistent with the State’s enterprise CMDB
Mainten Manag
121 ation configuration data model configuration data model.
ance ement
Operatio Configu
NFR- Control
ns and ration The contractor shall manage the lifecycle of
OM- Configur Supported C.12.10 Deloitte will manage and monitor the CI life cycle
Mainten Manag each CI from identification through retirement
122 ation
ance ement
The contractor shall develop standard reports
Operatio Configu
NFR- Monitor in coordination with the HCFA configuration Deloitte will develop and produce configuration reports for the
ns and ration
OM- Configur owner which provide views, at a minimum, to Supported C.12.10 State on a periodic basis as detailed in figure C.12-7.
Mainten Manag
123 ation the definition of CI's, CI relationships, and Configuration Management Methodology.
ance ement
status
Operatio Configu Updates to CIs must be published to HFCA
NFR- Monitor
ns and ration configuration owners monthly, unless Deloitte will provide updates to CIs on a monthly basis or as set
OM- Configur Supported C.12.10
Mainten Manag otherwise stated in the HCFA Configuration forth in the State Configuration Management Plan.
124 ation
ance ement Management Plan

On a periodic basis as defined by the State, Deloitte will perform

Operatio Configu The contractor shall perform periodic audits
NFR- Verify CMDB audits to validate accuracy and reliability of data. We will
ns and ration of the CMDB to ensure accuracy and
OM- Configur Supported C.12.10 document and publish our findings on the audits in a report to the
Mainten Manag reliability of data as defined by HCFA
125 ation State for review and also work with the State to address audit
ance ement configuration owner
findings within thirty (30) days.

585
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Operatio Configu
NFR- Verify Findings from CMDB audits shall be
ns and ration Deloitte will document and publish our findings on the audits in a
OM- Configur published in an audit report and shared with Supported C.12.10
Mainten Manag report to the State for review
126 ation the HCFA configuration owner
ance ement
Operatio Configu
NFR- Verify
ns and ration Findings from the CMDB audits must be Deloitte will work with the State to address audit findings within
OM- Configur Supported C.12.10
Mainten Manag resolved within 30 days thirty (30) days.
127 ation
ance ement

The Deloitte team documents the lessons learned while

implementing a change request in order to improve the change
management process for future IT requests. To track and monitor
The contractor shall track and monitor metrics
the change management process, we develop and publish
through reports on a frequency agreed upon
reports on the following metrics:
with the State for:
• Percent of changes implemented successfully
• Reduction in the backlog of change requests
– % of backed out changes, due to inaccurate
• Percent of normal changes
Capabilit impact analysis
• Percent of expedited changes
Operatio Configu y Key – % of rolled back changes
NFR- • Percent of standard changes
ns and ration Performa – % of changes that were completed
OM- Supported C.12.9 • Percent of rejected changes
Mainten Manag nce successfully with correct data in CMS
128 • Percent of backed out changes, due to inaccurate impact
ance ement Indicator – The average time and cost of diagnosing
analysis
s and resolving incidents and problems (by
• Percent of rolled back changes
type)
• Percent of changes that were completed successfully with
– % of business impact of outages and
correct data in CMS
incidents caused by poor asset and
• The average time and cost of diagnosing and resolving incidents
configuration management
and problems (by type)
– # of total number of CIs tracked over time
• Percent of business impact of outages and incidents caused by
poor asset and configuration management
• Number of total number of CIs tracked over time

Releas
Operatio e Review The contractor shall develop a Release and
NFR-
ns and Deploy & Deployment Management Plan which Our release management plan will be integrated with the State’s
OM- Supported C.12.11
Mainten ment Validate integrates with HCFAs Release and Release and Deployment Management Plan.
129
ance Manag Release Deployment Management Plan
ement

Operatio Releas Review The contractor shall own and manage the
NFR- Deloitte will own and manage the entire Release and Deployment
ns and e & entire Release and Deployment lifecycle in
OM- Supported C.12.11 life cycle and coordinate with stakeholders from the State and
Mainten Deploy Validate coordination with HCFA stakeholders and
130 third party providers.
ance ment Release other third party providers

586
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Manag
ement

Releas
Operatio e The contractor must develop and perform
NFR- Deloitte will follow our release planning and deployment
ns and Deploy Plan formal review process to clearly define and
OM- Supported C.12.11 management approach to conduct formal release reviews and
Mainten ment Release approve the release plans with HCFA's
131 release plan approvals.
ance Manag relevant stakeholders
ement
Releas
The review process must include project
Operatio e
NFR- management planning, technical review of As detailed in our methodology and approach, we will produce
ns and Deploy Plan
OM- the Service Design Package (SDP) and Supported C.12.11 project management planning and configuration management
Mainten ment Release
132 configuration management report on the reports on release status as part of the review process.
ance Manag
status of the to-be-deployed-to environment
ement
Releas
Operatio e Build & The contractor shall produce formal
NFR- Deloitte will produce formal build notes documentation for all
ns and Deploy Configur documentation of all build notes and publish
OM- Supported C.12.11 releases including emergency release to the State for approval
Mainten ment e to HCFA's release manager to review and
133 prior to build
ance Manag Release confirm that all build activities are complete
ement
Releas
The contractor shall produce a formal test
Operatio e
NFR- Test & certificate as part of the release approval
ns and Deploy Deloitte will also produce a formal test certificate that is based on
OM- Accept process. The Test certificate must follow the Supported C.12.11
Mainten ment the process and standards set forth in the Test Management Plan
134 Release process and standards defined within the
ance Manag
Test Management Plan
ement
Releas
Operatio e
NFR- Plan The Release Plan for all new releases must For all new releases, Deloitte will develop and execute an
ns and Deploy
OM- Deploym involve and be published to all relevant IT Supported C.12.11 Implementation and Deployment Plan and publish to all relevant
Mainten ment
135 ent and Business stakeholders across HCFA IT and Business stakeholders of the State for approval.
ance Manag
ement
Releas
Operatio e The Release Plan must take into
NFR- Plan Deloitte's proposed plan will be closely aligned with the State’s
ns and Deploy consideration all dependencies and be
OM- Deploym Supported C.12.11 Change Management Plan and all dependencies will be
Mainten ment closely aligned with HCFA's Change
136 ent considered while developing this plan
ance Manag Management Plan
ement
Releas
Operatio e The contractor will manage releases in a non-
NFR- Plan
ns and Deploy disruptive fashion, managing schedules that Deloitte will implement the release during non-business and non-
OM- Deploym Supported C.12.11
Mainten ment do not conflict with primary business service delivery hours in order to avoid disruption.
137 ent
ance Manag operating and service delivery hours
ement

587
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Releas
Operatio e The contractor shall communicate to the
NFR- Plan
ns and Deploy HCFA team pre and post notifications if the Deloitte will implement the release during non-business and non-
OM- Deploym Supported C.12.11
Mainten ment RFC involves downtime in the production service delivery hours in order to avoid disruption.
138 ent
ance Manag environment
ement
Releas
Operatio e
NFR- Plan
ns and Deploy The contractor will include risk and risk For each Release deployment, we will provide formal risk and risk
OM- Deploym Supported C.12.11
Mainten ment mitigation plans for each release deployment mitigation plans, including a back-out approach to the State.
139 ent
ance Manag
ement
The contractor shall perform formal and
documented Operational Readiness
Releas
Perform validation to ensure that there is appropriate
Operatio e
NFR- Operatio knowledge transfer to the users impacted by Deloitte shall perform formal and documented Operational
ns and Deploy
OM- nal the new release and the Service Desk that Supported C.12.11 Readiness validation by following our Release Planning and
Mainten ment
140 Readine will be supporting the release. The Deployment approach
ance Manag
ss Operational Readiness validation outputs
ement
must be published to HCFA for review and
approval
Releas The contractor shall develop and manage a
Operatio e formal and documented procedure to ensure Deloitte will develop and manage a formal and documented
NFR-
ns and Deploy Deploy the integrity of the release package and its procedure to ensure the integrity of the release package and its
OM- Supported C.12.11
Mainten ment Release constituent components throughout the constituent components throughout the transition activities and
141
ance Manag transition activities. The procedure must be publish this to the State.
ement published to HCFA
Releas
The contractor shall communicate each
Operatio e Deloitte will work with the State to develop and provide a
NFR- release to the applicable HCFA IT and
ns and Deploy Deploy communication plan that details the process and procedures to
OM- Business stakeholders following an approved Supported C.12.11
Mainten ment Release notify State and other TEDS’s stakeholders regarding all aspects
142 communication plan which is shall be detailed
ance Manag of release and deployment management.
within the Release and Deployment Plan
ement
Releas
Operatio e
NFR- The contractor shall maintain segregation of
ns and Deploy Deploy Deloitte will maintain segregation of duties between release
OM- duties between development and release Supported C.12.11
Mainten ment Release planning and development teams.
143 management teams
ance Manag
ement

Releas Based on agreement with State, we will provide dedicate support

Operatio e resources, to determine success of the deployment and resolve
NFR- Go-Live The contractor shall manage deployment
ns and Deploy any resulting issues. We will send pre and post-implementation
OM- for automation tools to increase efficiency, Supported C.12.11
Mainten ment communication to the designated State personnel resources on all
144 Release speed, and accuracy of the release
ance Manag changes implemented into the production environment or any
ement other environment identified by the State.

588
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Releas
Operatio e The contractor shall dedicate support
NFR- Go-Live Deloitte will also own maintenance and repair responsibilities for
ns and Deploy resources, available at a capacity agreed
OM- for Supported C.12.11 any production issues related to a change implemented into the
Mainten ment upon by HCFA, to determine success of the
145 Release production environment.
ance Manag deployment and resolve any resulting issues
ement
The contractor shall develop and manage a
Releas
formal process to ensure that the new or
Operatio e Deloitte will develop and manage a formal process to ensure that
NFR- Manage changed service is capable of delivering the
ns and Deploy any new or changed service is capable of delivering the utility as
OM- Warranty utility and warranty as agreed upon and Supported C.12.11
Mainten ment agreed upon. We will provide this process to the State and other
146 Support stated by HCFA. The process must be
ance Manag relevant stakeholders for review and sign-off.
published to HCFA and signed - off by
ement
HCFA's relevant stakeholders

The contractor shall track and monitor metrics

through reports on a frequency agreed upon
with the State for:
Deloitte will work with the State to develop reports with an agreed
upon frequency that includes the following metrics:
– % of releases successfully meeting
• Percent of releases successfully meeting validation criteria to
validation criteria to proceed to planning
proceed to planning stage of the release
stage of the release
• Percent increase/decrease in number of releases that meet
– % increase/decrease in number of releases
customer expectations for cost, time, and quality
that meet customer expectations for cost,
• Percent increase/decrease of releases where build completion is
Releas time and quality
Key successful
Operatio e – % increase/decrease of releases where
NFR- Performa • Percent increase/decrease of releases where the component
ns and Deploy build completion is successful
OM- nce Supported C.12.11 unit tests complete successfully • Percent increase/decrease of
Mainten ment – % increase/decrease of releases where the
147 Indicator known errors and defects during testing of the release
ance Manag component unit tests complete successfully
s • Percent increase/decrease in successful test completions of the
ement – % increase/decrease of known errors and
releases
defects during testing of the release
• Percent increase/decrease in time to approve and schedule
– % increase/decrease in successful test
releases
completions of the releases
• Percent increase/decrease of incidents solved by level 1 and
– % increase/decrease in time to approve
level 2 support
and schedule releases
• Percent reduction in number of incidents due to incorrect
– % increase/decrease of incidents solved by
components being deployed
level 1 and level 2 support
– % reduction in number of incidents due to
incorrect components being deployed

589
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Request IT Software/Hardware Asset - Deloitte will leverage the

State’s existing infrastructure assets and determine a baseline
assets library for TEDS, illustrating the interdependencies
Request between existing assets and associated cost. We will follow our
The contractor shall be responsible for
Operatio IT ongoing life cycle-based approach to asset management to
NFR- Asset identifying required software and hardware
ns and software identify the requirements related to license renewal, audit and
OM- Manag for the TEDS activities. The contractor will Supported C.12.12
Mainten / compliance needs, increasing scale, and any other applicable
148 ement identify interdependencies between existing
ance hardware strategic reasons. Our Asset Management team will create
assets and associated costs
asset documentation to support our requests for IT software and
hardware procurement, highlighting interdependencies between
assets and associated costs, and submit the corresponding
procurement requests to the State.

Procure IT Software/Hardware - Deloitte will comply with the

State’s policy for TEDS’s procurement of software and hardware
Procure
Operatio assets. When our asset management plans indicate a need for
NFR- Asset IT The contractor shall provide support to HCFA
ns and new software or hardware, we will provide software and hardware
OM- Manag software in all procurement activities related to IT Supported C.12.12
Mainten specifications to the State based on the approved Capacity Plan
149 ement / assets
ance and System Configuration documentation. This information will
hardware
help the State with the procurement of IT assets to best support
TEDS

Procure The contractor is responsible for development As TEDS’s asset manager, Deloitte will develop and maintain an
Operatio
NFR- Asset IT and maintenance of an Asset Library to Asset Library to track and monitor TEDS’s IT software and
ns and
OM- Manag software enable accurate and up-to-date tracking and Supported C.12.12 hardware assets and related versions. Deloitte will monitor and
Mainten
150 ement / monitoring of procured IT software / hardware update the Asset Library for it to constantly remain accurate, up-
ance
hardware assets to-date, and reflective of current assets.

590
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deploy IT Software/Hardware Asset - Deloitte will design,

develop, and manage a formal IT software and hardware asset
deployment process to track and monitor the complete life cycle of
deployed assets from work plan to approval and implementation.
We will publish that deployment process to the State for approval.
All asset deployments will be captured in the Service Delivery
Release Log with a listing of the detailed activities that will take
place including: work plan, release plan, deployment plan, test
plan and back-out plan. The log will also include detailed release
Deploy information including scope, content, change, risk, organization,
Operatio IT The contractor shall develop and manage a stakeholders, delivery & deployment strategy, outage times, and
NFR- Asset
ns and software formal software / hardware asset deployment service level agreements.
OM- Manag Supported C.12.12
Mainten / process. The deployment process must be Detailed release information including scope, content, change,
151 ement
ance hardware published to HCFA for approval risk, organization, stakeholders, delivery & deployment strategy,
assets outage times, and service level agreements
In addition, we will follow established processes to communicate
information regarding the deployment of IT software and hardware
assets and associated contents to the internal and external users
that could be affected by that deployment. This information
includes details such as changes/updates/upgrades handled in
the release, and outage times. We will also publish through formal
processes appropriate release notes notifying affected users of
the success, or failure, of the deployment prior to closing the
deployment activity.

As part of the formal IT software and hardware assets deployment

process, we will complete a series of testing activities prior to
Deploy
actual production deployment. This includes performing the
Operatio IT The contractor shall be responsible for
NFR- Asset processes and standards defined within the Test Management
ns and software performing the test suite against the new
OM- Manag Supported C.12.12 Plan and described as part of the Service Delivery Release Log.
Mainten / assets, Following the process and standards
152 ement We will only proceed to the next step once we have successfully
ance hardware defined within the Test Management Plan
performed the complete test suite against the new assets with
assets
applicable third parties and received State approval for production
environment deployment.

Manage
Manage IT Software/Hardware Asset – Our approach to asset
Operatio IT
NFR- Asset The contractor shall be responsible for management not only covers the implementation of TEDS’s
ns and software
OM- Manag implementation and maintenance of all the Supported C.12.12 software and hardware assets, but also involves the maintenance
Mainten /
153 ement TEDS related software / hardware assets and retirement of them. We will also assist the State in the
ance hardware
identification of TEDS’s IT needs.
assets

591
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deloitte will develop an Asset Management Tool to offer a

convenient means for the State to attain an in-depth
understanding of existing TEDS assets. This Asset Management
Manage
The contractor is responsible for development Tool will facilitate the access to details such as asset types, their
Operatio IT
NFR- Asset and maintenance of an asset management usage, dates of inventory entry and retirement, their impact to IT
ns and software
OM- Manag tool(s) to allow HCFA a complete view of Supported C.12.12 services, and licensing information, and provide the State with a
Mainten /
154 ement assets lifecycle, usage, regulatory complete view of assets life cycle, usage, regulatory compliance,
ance hardware
compliance, costs, changes and viability costs, changes and viability. This extensive information repository
assets
will empower the State to make evidenced and efficient
infrastructure improvement decisions while minimizing overhead
expenses.

Deloitte will work closely with the State and applicable relevant
Manage third parties to build and maintain an Asset Library that provides
Operatio IT up-to-date visibility into existing TEDS IT landscape’s assets such
NFR- Asset
ns and software The contractor shall log and track assets in as software, hardware, remote sites, user workstations, etc. In
OM- Manag Supported C.12.12
Mainten / parallel with the CMDB addition, we will log and track IT software and hardware assets
155 ement
ance hardware into a configuration management database (CMDB). The
assets transparent visibility thus achieved will be paramount in assisting
the State develop its asset procurement and deployment strategy.

Deloitte will define and document all of the hardware and software
assets in the Service Delivery Asset Log including: Criteria for
selection, Identification and attributes, Hardware and software
Manage versions, Documentation and Ownership.
Operatio IT Our detailed asset management plan will include a defined
NFR- Asset The contractor shall be ready for periodic
ns and software approval process to maintain the ongoing asset library, and will
OM- Manag asset audits performed by HCFA or 3rd Supported C.12.12
Mainten / provide a complete view of the asset life cycle, usage, regulatory
156 ement parties
ance hardware compliance, costs, changes and viability. The information
assets continuously compiled will provide details such as baseline,
revision history, waivers and deviations in order to meet all the
audit requirements. We will participate in the periodic asset audits
performed by the State or other State Contractors.

592
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deloitte’s detailed asset decommissioning process includes

detailed steps and controls so that assets are retired safely and
legally for all users. Our decommissioning process implements a
Decomm checklist of activities for which completion is required to abide by
ission / State’s policy and compliance regulations. This established
Operatio The contractor shall produce and publish to
NFR- Asset Retire IT process will identify the targeted assets, ensure that critical
ns and HCFA a formal software / hardware assets
OM- Manag Software Supported C.12.12 backups are performed, disable user’s access, implement steps to
Mainten decommission and retirement process. The
157 ement / remove the assets from the network and execute those needed to
ance process must be approved by HCFA
Hardwar clean the data. We will publish this IT software and hardware
e Assets assets replacement, decommission, and retirement process to the
State. Our asset decommissioning process will be reviewed and
executed in accordance with the State’s approval process and
that of other applicable agencies, such as CMS.

The contractor shall track and monitor metrics

through reports on a frequency agreed upon
with the State for:
As required by the State and on an agreed upon frequency, we
– Value of software products recorded in the
will track, monitor, and report on the following metrics:
IT Asset Management Repository
• Value of software products recorded in the IT Asset
– # of software licenses
Management Repository
– Value of the hardware assets recorded in
• Number of software licenses
the IT Asset Management Repository
• Value of the hardware assets recorded in the IT Asset
– % of purchased software licenses available
Management Repository
vs. filled
• Percent of purchased software licenses available vs. filled
– Identified subscription agreements
Key • Identified subscription agreements automatically renewed
Operatio automatically renewed
NFR- Asset Performa • For each managed software product, the level of compliance
ns and – For each managed software product, the
OM- Manag nce Supported C.12.12 with licensing agreements • Number of incidents opened against
Mainten level of Compliance with licensing
158 ement Indicator Software Asset Management activities
ance agreements
s • Percent of software requests fulfilled without a ticket
– # of incidents opened against Software
• Percent of purchases for software performed outside of the
Asset Management activities
official procurement systems
– % of software requests fulfilled without a
• Percent of available hardware assets against the total number of
ticket
Hardware Assets
– % of purchases for software performed
• Number of incidents opened against hardware asset
outside of the official Procurement systems
Management activities
– % of available Hardware Assets against
• Value of the hardware assets being disposed of over a defined
the total number of Hardware Assets
period of time
– # of incidents opened against Hardware
Asset Management activities
– Value of the Hardware Assets being
disposed of over a defined period of time

593
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deloitte will produce, maintain, and enforce formal event handling

Engineer
procedures to make sure that TEDS and its associated services
&
Operatio are constantly and efficiently monitored, filtering and categorizing
NFR- Event Configur The contractor shall produce and maintain
ns and events in order to decide on appropriate actions when required.
OM- Manag e Event formal definitions for commonly occurring Supported C.12.13
Mainten In particular, we will develop and maintain formal definitions for
159 ement Manage events based of leading industry practices.
ance commonly occurring events based on industry standards such as
ment
those defined in the ITIL to align TEDS services with its business
System
needs.

Engineer
& Deloitte will develop and maintain formal definitions for commonly
Operatio
NFR- Event Configur occurring events based on industry standards such as those
ns and The contractor shall produce, maintain and
OM- Manag e Event Supported C.12.13 defined in the Information Technology Infrastructure Library (ITIL)
Mainten enforce formal event handling procedures.
160 ement Manage to align TEDS services with its business needs. We describe our
ance
ment approach to event management on Figure C.12-17above.
System

Deloitte will manage events in compliance with the State’s policies

and procedures. We will record all events taking place in the
execution of TEDS to provide an audit trail used to understand the
Operatio system activity and diagnose potential problems. For instance,
NFR- Event Detect & The contractor shall produce and enforce
ns and NextGen includes a built-in component that captures application
OM- Manag Log formal procedures for detection and logging Supported C.12.13
Mainten error events along with the point of failure, error trace and
161 ement Event of events.
ance supporting information, and persists them into a database location
for tracking and reporting purposes with details such as error
code, error details, stack trace, timestamp, transaction, and user
ID

Deloitte will produce and enforce formal procedures for detection

Operatio
NFR- Event Detect & The contractor shall produce and maintain and logging of events, following ITIL-based event management
ns and
OM- Manag Log event logs in compliance with HCFA’s Supported C.12.13 practices as highlighted on Figure C.12-17, and we will produce,
Mainten
162 ement Event policies and procedures. maintain, and share those events’ logs as part of our system
ance
monitoring activities.
The contractor shall produce formal process
Operatio Deloitte understands that events occurring in the system have
NFR- Event Correlate and documentation determining filtering
ns and different impacts, and need to be categorized. We will produce
OM- Manag & Filter definitions, policies, and procedures. The Supported C.12.13
Mainten formal process and documentation determining filtering
163 ement Event documentation must be published to HCFA
ance definitions, policies, and procedures
for approval.

Deloitte will implement fully automated correlation engines to

Operatio group events, configuring each triage tool for integration with
NFR- Event Correlate The contractor shall implement fully
ns and external service management tools, and publishing to the State
OM- Manag & Filter automated correlation engines for grouping of Supported C.12.13
Mainten the correlation rules behind the correlation engines. We will
164 ement Event events.
ance publish to the State and review our driving correlation rules to
provide ongoing improvement opportunities.

594
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deloitte will implement fully automated correlation engines to

Operatio The correlation rules that drive the correlation group events, configuring each triage tool for integration with
NFR- Event Correlate
ns and engines must be published to HCFA and external service management tools, and publishing to the State
OM- Manag & Filter Supported C.12.13
Mainten continuously reviewed for improvement the correlation rules behind the correlation engines. We will
165 ement Event
ance opportunities. publish to the State and review our driving correlation rules to
provide ongoing improvement opportunities.

Deloitte understands that events occurring in the system have

different impacts, and need to be categorized. We will produce
formal process and documentation determining filtering
definitions, policies, and procedures. Once the State approves our
Operatio documentation, we will categorize events based on our defined
NFR- Event Correlate The Contractor shall configure each triage
ns and criteria distinguishing informational, warning, and exception
OM- Manag & Filter tool to integrate with the State Configuration Supported C.12.13
Mainten events. We will implement fully automated correlation engines to
166 ement Event Management framework and ITSM Suite.
ance group events, configuring each triage tool for integration with
external service management tools, and publishing to the State
the correlation rules behind the correlation engines. We will
publish to the State and review our driving correlation rules to
provide ongoing improvement opportunities.

Events may be responded to automatically, for instance by

rebooting a device or restarting a system, or they may require
operations team’s intervention, based upon event severity, type,
and other system characteristics. Deloitte will implement fully
Operatio Select The contractor shall communicate all events automated correlation engines to group and filter events. Our on-
NFR- Event
ns and Event to the appropriate HCFA and HCFA’s site production support team will monitor the production
OM- Manag Supported C.12.13
Mainten Respons partners, functions that need to be informed environment 24/7/365, and review those grouped and filtered
167 ement
ance e or take further control actions. events. We will communicate all events to the approved State
stakeholders and partners, within a time frame dictated by the
severity of the events, as defined with the State. We will then
collaboratively determine the best response and corrective action
to offer for each of the reported event, when applicable.

Operatio Deloitte will develop and manage a formal event review process,
NFR- Event Review The contractor shall develop and manage a
ns and and submit to the State both our process, and the findings
OM- Manag & Close formal event review process. The process Supported C.12.13
Mainten unraveled. Many automated events are closed automatically or
168 ement Event and the findings must be published to HCFA,
ance are purely informational.

595
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deloitte will collaboratively determine the corrective actions to be

executed on those events that remain open or are linked to
Operatio
NFR- Event Review incidents, log those corrective actions, provide a status update on
ns and The contractor shall log corrective actions
OM- Manag & Close Supported C.12.13 the event resolution, close out the event with State approval, and
Mainten and close out event.
169 ement Event record the final disposition As part of our event reviews activities,
ance
we will also determine how event monitoring can be improved
based on historical event trends and actions.

596
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The contractor shall track and monitor metrics

through reports on a frequency agreed upon
with the State for:
– Number of events/alerts generated without
actual degradation of service/functionality
(false positives – indication of the accuracy of
the instrumentation parameters, important for
CSI).
– Number and ratio of events compared with
the number of incidents
– Number and percentage of each type of
event per platform or application versus total
number of platforms and applications
To maintain and improve any process, it is important to track and
underpinning live IT services (looking to
monitor metrics. Deloitte will work with the State to develop
identify IT services that may be at risk for lack
reports on the following metrics, on an agreed upon frequency:
of capability to detect their events)
• Number of events/alerts generated without actual degradation of
– Number and percentage of repeated or
service/functionality
duplicated events (this will help in the tuning
• Number and percentage of each type of event per platform or
of the correlation engine to eliminate
application versus total number of platforms and applications
unnecessary event generation and can also
underpinning live IT services
be used to assist in the design of better event
• Number and percentage of repeated or duplicated events
generation functionality in new services)
Key • Number and percentage of events that required human
Operatio – Number and percentage of events that
NFR- Event Performa intervention and whether this was performed
ns and required human intervention and whether this
OM- Manag nce Supported C.12.13 • Number and percentage of events that resulted in incidents or
Mainten was performed
170 ement Indicator changes • Number and ratio of events compared with the number
ance – Number of incidents that occurred and
s of incidents
percentage of these that were triggered
• Number of incidents that occurred and percentage of these that
without a corresponding event
were triggered without a corresponding event
– Number and percentage of incidents that
• Number and percentage of incidents that were resolved without
were resolved without impact to the business
impact to the business
(indicates the overall effectiveness of the
• Number and percentage of events caused by existing problems
event management process and
or known errors
underpinning solutions)
• Number and percentage of events indicating performance issue
– Number and percentage of events that
• Number and percentage of events indicating potential availability
resulted in incidents or changes
issues
– Number and percentage of events caused
by existing problems or known errors (this
may result in a change to the priority of work
on that problem or known error)
– Number and percentage of events
indicating performance issues (for example,
growth in the number of times an application
exceeded its transaction thresholds over the
past six months)
– Number and percentage of events
indicating potential availability issues (e.g.
failovers to alternative devices, or excessive
workload swapping)

597
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deloitte knows what it takes to support TEDS on a day-to-day

basis: we currently support over 30 other integrated eligibility
systems of similar scope across the nation. Deloitte dedicates a
Help Desk team to the identification, management, and resolution
of incidents, leveraging our knowledge and experience to facilitate
the flow of issues, incidents, and requests for rapid and effective
resolution. We will develop an Incident Management Plan
documenting our approach to Help Desk incident resolution,
integrating with State and other third party processes, and
The contractor shall develop and manage an addressing our monitoring and alerting procedures in domain
Incident Management Plan that that such as files exchange through interfaces, escalation procedures,
Operatio
NFR- Incident Interactio establishes the processes and standards for or alerts on all hardware, systems, applications, and access
ns and
OM- Manag n which the vendor will manage the lifecycle of Supported C.12.14 points. Once the State approves that plan, we will execute and
Mainten
171 ement Handling incidents. The SI's Incident Management Plan manage it to ensure appropriate identification, management, and
ance
must integrate with existing HCFA and other resolution of all identified incidents and problems related to TEDS
third party providers processes. such as batch, infrastructure, or database incidents.
Deloitte understands that the State, other State contractors, and
third parties interacting with TEDS might all have processes in
place to handle incident and problems with their existing systems.
We will design our Incident Management Plan so as to integrate
our incident resolution approach with those existing processes.
Our Incident Management Plan, Help Desk incident resolution
process, and our place in providing Help desk support can all be
modified to best integrate with existing State and other third party
processes.

598
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deloitte knows the importance of a well-defined, thorough Incident

The contractor shall outline their Management Plan. In particular, outlining the monitoring and
monitoring/alerting procedures within the alerting capabilities in place to facilitate the identification of
Incident Management Plan that addresses disruptions in TEDS’s smooth functioning is paramount. The plan
but is not limited to the following: that we will submit to the State for approval will describe the
o Alerting capability on any and all hardware, alerting capabilities that we will leverage to identify errors in the
systems, applications, and access points interface applications while processing input and output files, as
Operatio o Identifying errors in processing input files well as those that we will set up on all hardware, system,
NFR- Incident Interactio
ns and and/or output files. This alerting system would applications, and access points. Our plan will also describe the
OM- Manag n Supported C.12.14
Mainten capture errors in the interface application(s) process that we will follow to resolve production issues detailing
172 ement Handling
ance o Communication Plan that includes our root cause analysis procedures and how we will develop
escalation procedures. action plans and implement solutions or workaround to identified
o Root cause analysis with development of incidents and problems. We will also include documentation about
action plans and implementation of a number of other procedures within our Incident management
solution/workaround Plan. For instance, we will describe our communication
o Well-refined process for resolving system guidelines, describing our criteria for incident or problem
issues escalation, and the procedures that we will follow when faced with
the need for escalation.

The contractor shall be responsible for

Operatio Incident Deloitte will provide and maintain 24/7/365 onsite production
NFR- Incident maintaining 24/7/365 production support
ns and Detectio support by dedicating a team to the identification, diagnosis,
OM- Manag (service desk) to coordinate incident Supported C.12.14
Mainten n& documentation, and management of identified incidents and
173 ement identification, investigation, and diagnosis
ance Logging problems from discovery to resolution.
with HCFA and other 3rd party providers.

Deloitte will leverage a number of alerting capabilities that we will

setup within the system, as well as our 24/7/365 monitoring
activities to detect incidents that might impact TEDS. We will then
The contractor shall manage and maintain a use our project management tracking tool, Atlassian’s JIRA, to
tool that enables HCFA visibility into incident record and classify the information captured. We recognize that it
management and integrates with other is critical to the continued success of TEDS that incidents that
Operatio Incident service management capabilities such as require a permanent fix are prioritized appropriately for a release.
NFR- Incident
ns and Detectio Change Management and Configuration We will suggest a fact-based prioritization for the resolution of
OM- Manag Supported C.12.14
Mainten n& Management. The contractor shall leverage identified incidents, and submit that prioritization to the State for
174 ement
ance Logging existing state tools where available and approval.
possible. Investigation & Diagnosis: Research Deloitte’s Incident Management Plan documents our approach to
into the incident through data gathering and Help Desk incident resolution and describes the procedures and
lookups against knowledge bases. standards followed to address identified problems. The
procedures and standards for problems handling defined in the
Incident Management Plan will integrate with existing State and
other third party processes.

599
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Following our State-approved Incident Management Plan

procedures, we will diagnose all identified incidents, performing
root cause analysis, documenting our findings in JIRA, and
communicating our findings and prioritization suggestions to the
The contractor shall be responsible for State, the CIP Manager, and other State contractors. We will
Operatio Incident
NFR- Incident investigating and diagnosing incidents. All objectively present whether the incident could have been, should
ns and Detectio
OM- Manag procedures and findings must be documented Supported C.12.14 have been, or would not have been caught without the monitoring
Mainten n&
175 ement in incident management tool and visible to and alerting capabilities highlighted in the Incident Management
ance Logging
HCFA. Plan. Deloitte will present a mitigation plan along with the
prioritization suggested to the State so that incidents with the
most problematic user or largest business impact, or resulting in
the most application maintenance activities, are addressed
promptly and do not reoccur.

Following our State-approved Incident Management Plan

procedures, we will diagnose all identified incidents, performing
root cause analysis, documenting our findings in JIRA, and
communicating our findings and prioritization suggestions to the
State, the CIP Manager, and other State contractors. We will
Operatio Incident The contractor shall perform root cause
NFR- Incident objectively present whether the incident could have been, should
ns and Detectio analysis for all incidents and communicate
OM- Manag Supported C.12.14 have been, or would not have been caught without the monitoring
Mainten n& the findings to HCFA and other 3rd party
176 ement and alerting capabilities highlighted in the Incident Management
ance Logging providers.
Plan. Deloitte will present a mitigation plan along with the
prioritization suggested to the State so that incidents with the
most problematic user or largest business impact, or resulting in
the most application maintenance activities, are addressed
promptly and do not reoccur.

600
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Given the number of functional modules and external agency

systems that TEDS interfaces with, the complexity of the system,
and policies around which the system is built, there is,
occasionally, a need to correct anomalies in production to support
data quality and reliability requests. Deloitte diagnoses all
identified incidents to evidence their root causes. Once impacts
and causes are identified we work on providing the most
The contractor shall be responsible for appropriate resolution to the incident, prioritizing fixes for future
Operatio Resolutio
NFR- Incident identifying and enacting resolutions to releases, or immediate releases when dictated by specific
ns and n&
OM- Manag incidents. In cases where a permanent Supported C.12.14 urgencies, to implement permanent resolutions to the identified
Mainten Recover
177 ement resolution is not currently available, a incidents. We understand that a permanent resolution might not
ance y
temporary work around must be provided. always be immediately available, yet, we remain committed to
providing rapid end user relief without affecting system
functionality or project and release schedules. Therefore, we
suggest workarounds or, when imposed by the situation, place
data fixes until a permanent incident resolution is available. We
define the criteria that qualify an item for data fix using standards
collaboratively established with the State to offer continuity where
the potential impact to the business and the citizens is high.

Deloitte uses JIRA to track all incidents and problems identified

from discovery to resolution, documenting decisions, status
updates, and resolution progress every step of the way. We
conduct various rounds of testing for resolutions we offer to
Operatio Resolutio
NFR- Incident The contractor shall be responsible for production incidents. When our testing activities confirm that
ns and n&
OM- Manag validating that the incident has been resolved Supported C.12.14 issues are properly resolved, we implement those same
Mainten Recover
178 ement and obtaining end-user signoff. resolutions to TEDS’s live environment. We follow through on the
ance y
implementation of our resolutions, confirming that the incident is
fully resolved, meets the needs of the end users, that TEDS’s
smooth functioning is preserved, and that the incident will not
reoccur.

601
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

TEDS incident resolution process, developed by Deloitte, detailed

in the Incident Management Plan is a well-defined, mature model
for addressing incidents and problems that may arise during the
execution of TEDS’ operations That process provides rapid user
Operatio relief without affecting system functionality or project and releases
NFR- Incident
ns and The contractor shall develop and manage scheduled. The final step of all incident management activities is
OM- Manag Closure Supported C.12.14
Mainten incident closure procedures. the incident closure process. For all incidents identified by the
179 ement
ance Deloitte Help Desk, we will manage and adhere to those incident
closure procedures, validating that resolution objectives are
achieved, and that users’ needs are met. Incidents may be
closed, after evaluation and consultation with the State and
project teams, when it has been resolved and mitigated through

The State can access a number of details and gain insights on the
The contractor shall track and monitor metrics
overall health of the solution, pulling reports on the below metrics:
through reports on a frequency agreed upon
• Total process time to resolve incidents by priority and by
with the State for:
category
– Total process time to resolve incidents by
• Effort to resolve incidents by priority and by category
priority and by category
• Number of incidents at each stage (by status)
– Effort to resolve incidents by priority and by
• Size of current incident workload for each IT service
category
• Number and percentage of major incidents (priority 1 and 2
– Number of incidents at each stage (by
Key incidents)
Operatio status)
NFR- Incident Performa • Number and percentage of tickets aging longer than defined
ns and – Size of current incident workload for each
OM- Manag nce Supported C.12.14 time periods (10 days, 20 days etc.)
Mainten IT service
180 ement Indicator • Total number of incidents • Number of major incidents
ance – Number and percentage of major incidents
s • Number of tickets still open by time periods, status and priority
(priority 1 & 2 incidents)
• Percent of availability of IT services by percent reduction in the
– Number and percentage of tickets aging
number and duration of incidents through performing root cause
longer than defined time periods (10 days, 20
analysis and implementing permanent fixes for identified
days etc.)
problems, and performing proactive problem management
– Total number of incidents
• Percent reduction in number of incidents and through shared
– Number of major incidents
knowledgebase (problem Known Errors)
– Number of tickets still open by time periods,
• Percent change of costs on workarounds or fixes that do not
status and priority
work

602
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deloitte will leverage a number of alerting capabilities that we will

setup within the system, as well as our 24/7/365 monitoring
activities to detect incidents that might impact TEDS. We will then
Operatio Proble use our project management tracking tool, Atlassian’s JIRA, to
NFR- Record, The contractor shall be responsible for
ns and m record and classify the information captured. We recognize that it
OM- Classify, detecting, recording, classifying, and Supported C.12.14
Mainten Manag is critical to the continued success of TEDS that incidents that
181 Prioritize prioritizing problems.
ance ement require a permanent fix are prioritized appropriately for a release.
We suggest a fact-based prioritization for the resolution of
identified incidents, and submit that prioritization to the State for
approval.

Deloitte’s Incident Management Plan documents our approach to

Operatio Proble Help Desk incident resolution and describes the procedures and
NFR- Record, The contractor shall address the procedures
ns and m standards followed to address identified problems. The
OM- Classify, and standards for handling problems within Supported C.12.14
Mainten Manag procedures and standards for problems handling defined in the
182 Prioritize their Incident Management Plan.
ance ement Incident Management Plan will integrate with existing State and
other third party processes.

We will provide and maintain 24/7/365 on-site production support

by dedicating a team to the identification, diagnosis,
documentation, and management of identified incidents and
problems from discovery to resolution. Our Help desk team
Operatio Proble Investiga The contractor shall be responsible for follows the process defined in Figure C.12-18 to manage incidents
NFR-
ns and m te and investigating and diagnosing problems. All and problems. We will capture all incidents related to TEDS –
OM- Supported C.12.14
Mainten Manag Diagnos procedures and findings must be documented batch, infrastructure, or database incidents – into JIRA, our
183
ance ement e in an IT Service Management tool. project management tracking tool for TEDS. We will also
document our procedures and findings into this incident
management tool to ensure that both our Incident resolution team
and the State have full visibility and complete access into the
incident management process.

603
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Following our State-approved Incident Management Plan’s

procedures, we will diagnose all identified incidents, performing
root cause analysis, documenting our findings in JIRA, and
communicating our findings and prioritization suggestions to the
The contractor will manage and lead all State, the CIP Manager, and other State Contractors. We will
Operatio Proble Investiga
NFR- incident / problem determination / problem objectively present whether the incident could have been, should
ns and m te and
OM- resolution activities associated with the TEDS Supported C.12.14 have been or would not have been caught without the monitoring
Mainten Manag Diagnos
184 application including any issue / incident / and alerting capabilities highlighted in the Incident management
ance ement e
problems related to 3rd party causes. Plan. Deloitte will present a mitigation plan along with the
prioritization suggestion suggested to the State so that incidents
with the most problematic user or largest business impact, or
resulting in the most application maintenance activities, are
addressed promptly and do not reoccur.

Given the number of functional modules and external agency

systems that TEDS interfaces with, the complexity of the system,
and policies around which the system is built, there is,
occasionally, a need to correct anomalies in production to support
data quality and reliability requests. Deloitte diagnoses all
identified incidents to evidence their root causes. Once impacts
and causes are identified we work on providing the most
appropriate resolution to the incident, prioritizing fixes for future
The contractor shall be responsible for
Operatio Proble releases, or immediate releases when dictated by specific
NFR- identifying and enacting resolutions to
ns and m Resolve urgencies, to implement permanent resolutions to the identified
OM- incidents. In cases where a permanent Supported C.12.14
Mainten Manag Problem incidents. We understand that a permanent resolution might not
185 resolution is not currently available, a
ance ement always be immediately available. Yet, we remain committed to
temporary work around must be provided.
providing rapid end user relief without affecting system
functionality or project and release schedules. Therefore, we
suggest workaround or, when imposed by the situation, place
data fixes until a permanent incident resolution is available. We
define the criteria that qualify an item for data fix using standards
collaboratively established with the State to offer continuity in
scenarios where the potential impact to the business and the
citizens is high.

604
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deloitte will use the proposed tool, JIRA, to track all incidents and
problems identified from discovery to resolution, documenting
decisions, status updates, and resolution progress every step of
Operatio Proble the way. We conduct various rounds of testing for resolutions we
NFR- The contractor shall be responsible for
ns and m Resolve offer to production incidents. When our testing activities confirm
OM- validating that the incident has been resolved Supported C.12.14
Mainten Manag Problem that issues are properly resolved, we implement the fix to TEDS’s
186 the obtaining end-user signoff.
ance ement live environment. We will follow up on the implementation, confirm
that the incident is fully resolved, meet the needs of the end
users, that TEDS’s smooth functioning is preserved, and that the
incident will not reoccur.

TEDS incident resolution process, developed by Deloitte, detailed

in the Incident Management Plan is a well-defined, mature model
for addressing incidents and problems that may arise during the
execution of TEDS’ operations That process provides rapid user
relief without affecting system functionality or project and releases
scheduled. The final step of all incident management activities is
the incident closure process. For all incidents identified by the
Deloitte Help Desk, we will manage and adhere to those incident
closure procedures, validating that resolution objectives are
achieved, and that users’ needs are met. Incidents may be
closed, after evaluation and consultation with the State and
project teams, when it has been resolved and mitigated through
Operatio Proble
NFR- the proper implementation of a mitigation plan, or when the
ns and m Close The contractor shall develop and manage
OM- Supported C.12.14 incident is no longer a concern for the State.
Mainten Manag Problem incident closure procedures.
187 As part of the incident closure procedure, we will document the
ance ement
resolution provided and the impact on the system, as well as
control that the incident as no opportunity for reoccurrence. All of
the incident’s lifecycle remains available for the State to review
through our incident management tool: JIRA. The State can
access a number of details and gain insights on the overall health
of the Solution, pulling reports that document, for instance,
average incident resolution timeframes by reporting period, the
average time spent by incidents in a certain stage of the
resolution process, or a breakdown of incidents created versus
resolved. This visibility empowers both the Deloitte Help Desk and
the State to effectively address pain points, and review some
processes where needed.

605
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The State can access a number of details and gain insights on the
overall health of the solution, pulling reports on the below metrics:
• Total process time to resolve incidents by priority and by
category
The contractor shall track and monitor metrics
• Effort to resolve incidents by priority and by category
through reports on a frequency agreed upon
• Number of incidents at each stage (by status)
with the State for:
• Size of current incident workload for each IT service
– % of availability of IT services by %
• Number and percentage of major incidents (priority 1 and 2
reduction in the number and duration of
Key incidents)
Operatio Proble incidents through performing root cause
NFR- Performa • Number and percentage of tickets aging longer than defined
ns and m analysis and implement permanent fixes for
OM- nce Supported C.12.14 time periods (10 days, 20 days etc.)
Mainten Manag identified problems, and performing proactive
188 Indicator • Total number of incidents • Number of major incidents
ance ement problem management
s • Number of tickets still open by time periods, status and priority
– % reduction in number of incidents and
• Percent of availability of IT services by percent reduction in the
through shared knowledge bases (problem
number and duration of incidents through performing root cause
Known Errors)
analysis and implementing permanent fixes for identified
– % change of costs on workarounds or fixes
problems, and performing proactive problem management
that do not work
• Percent reduction in number of incidents and through shared
knowledgebase (problem Known Errors)
• Percent change of costs on workarounds or fixes that do not
work

Deloitte is committed to the ongoing success of TEDS. As TEDS’s

Operations and Maintenance (O&M) vendor, Deloitte will
continuously monitor the system, identifying needs to support the
Solution through the completion of O&M activities such as
The contractor shall be responsible for
automated alerting and monitoring processes, or constant users’
Operatio Reques identifying needs to support the TEDS and
NFR- feedback gathering. When new needs are identified we will create
ns and t Initiate initiating, classifying, and fulfilling requests.
OM- Supported C.12.15 a fact-based request and will submit to the State for approval. We
Mainten Manag Request The contractor shall be required to create a
189 will leverage our request management approach to validate and
ance ement justification case for each request and submit
classify, evaluate, fulfill, and eventually close those requests once
to HCFA for approval.
the targeted need is addressed to the satisfaction of all involved
stakeholders. Deloitte will use Atlassian’s JIRA as our request
management tracking tool, documenting progress every step of
the request’s lifecycle.

606
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deloitte will use Atlassian’s JIRA as the tracking project

management tool for TEDS throughout the System development
Operatio Reques Validate
NFR- The contractor shall provide and manage a Life Cycle (SDLC) of the project. We will manage and maintain
ns and t &
OM- tool logging, recording, and categorizing Supported C.12.15 JIRA to log, record, and categorize requests. The entire lifecycle
Mainten Manag Classify
190 requests. of every request will be thoroughly documented in JIRA to ensure
ance ement Request
that both our teams and the State have full visibility and complete
access into the request management process.

As part of our request management approach, Deloitte will

develop procedures and criteria to validate requests. Deloitte
Operatio Reques Validate understands that, since not all requests have the same impact on
NFR- The contractor shall be responsible for
ns and t & TEDS’s operations, it is essential that rules be created to classify
OM- developing procedures and criteria for Supported C.12.15
Mainten Manag Classify requests and allow for prioritization. Our procedure and criteria for
191 validating and classifying requests.
ance ement Request validating and classifying requests will help all interested parties
understand the request priority, impact and potential risk based on
system risk and business impact.

Deloitte will review the requests created, compare them against

identified trends, and communicate all created requests along with
our findings to the State. We will follow the State’s approved
request communication channel. We will assist the State with the
evaluation of the request considering categorization, trends,
Operatio Reques
NFR- The contractor shall be responsible for potential dependencies, and downstream impacts to facilitate an
ns and t Evaluate
OM- communicating requests to HCFA for Supported C.12.15 effective request fulfilment schedule once State approval is
Mainten Manag Request
192 evaluation and approval. received. For each request, our team will execute a set of well-
ance ement
defined test plans as part of TEDS’s overall test management
strategy. JIRA provides for easily configurable and customizable
workflows. We will leverage this capability and build an
appropriate workflow into JIRA to communicate requests to the
State for evaluation and approval.

Once the State has evaluated and approved a request, and that
request has been scheduled for implementation, we will develop a
request implementation checklist. Our request implementation
Operatio Reques
NFR- Once request is approved, the contractor checklist will include every activity needed for the fulfilment of the
ns and t Fulfil
OM- shall be responsible for fulfilling requests in Supported C.12.15 request in adherence with the State’s standards, and will clearly
Mainten Manag Request
193 accordance with HCFA’s standards. identify tasks owners. Our team is available during and after the
ance ement
implementation to respond to any potential incidents and execute
necessary pre-defined rollback steps to back out any potential
negative changes brought onto the system by the fulfilled request.

607
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Operatio Reques After fulfilling a request, we conduct a review to validate that the
NFR- Review The contractor shall be responsible for the
ns and t execution of the request effectively addressed the identified end-
OM- & Close validating the request has been fulfilled and Supported C.12.15
Mainten Manag user’s needs and the business objectives that had been
194 Request meets the needs of the end-user.
ance ement evidenced.

Operatio Reques After the end-user validates that the request has been fulfilled, we
NFR- Review Once the end-user validates the request has
ns and t will close the request, update lessons learned, and review the
OM- & Close been fulfilled, the contractor shall be Supported C.12.15
Mainten Manag request documentation to improve the request management
195 Request responsible for closing out request.
ance ement process for future requests.

In spite of thorough validation and classification of requests, there

will be instances where a request might need to be cancelled. For
instance, a recurring data fix might no longer be needed because
Operatio Reques
NFR- The contractor shall produce and publish to a permanent resolution has been implemented. We will create a
ns and t Cancel
OM- HCFA a formal request cancelation Supported C.12.15 specific workflow in JIRA to manage the request cancellation
Mainten Manag Request
196 document. process. We will produce and publish to the State a formal
ance ement
cancellation document, which we will also record in JIRA. After
receiving an approval from the State, we will cancel the request,
updating the reason for the cancellation in JIRA.

608
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

The contractor shall track and monitor metrics

through reports on a frequency agreed upon
with the State for:
– Percent of requests fulfilled within SLA
– Percent of unfulfilled requests (orphaned As required by State, Deloitte tracks, monitors, and reports on the
requests) following metrics on an agreed upon frequency:
– Percent of requests fulfilled that are • Percent of requests fulfilled within SLA
authorized • Percent of requests fulfilled that are authorized
– Breakdown of requests at each stage • Mean time to fulfil by different parameters such as category,
including Approval stage (to help with fulfilment group
identifying backlogs and bottlenecks) • Percent of incidents opened against fulfilled requests
Key – Meantime to fulfil by different parameters • Percent of RFCs submitted for fulfilment of requests
Operatio Reques
NFR- Performa such as category, fulfilment group etc. • Total number of requests (as a control measure) • Percent of
ns and t
OM- nce – Average user/customer survey score (total Supported C.12.15 unfulfilled requests (orphaned requests)
Mainten Manag
197 Indicator and by question category) • Breakdown of requests at each stage including Approval stage
ance ement
s – Percent of incidents opened against (to help with identifying backlogs and bottlenecks)
fulfilled requests • Average user/customer survey score (total and by question
– Percent of requests fulfilled without any category)
contact to the Service Desk, via self service • Percent of requests fulfilled without any contact to the Service
– Percent of RFCs submitted for fulfilment of Desk, via self-service
requests • Percent of requests handled by Tier 1 and fulfilled on first
– Percent of requests handled by Tier 1 and interaction
fulfilled on first interaction • The average cost per type of service request
– Total number of requests (as a control
measure)
– The average cost per type of service
request

Deloitte understands the role of the service desk as the heart of

real-time monitoring and as first responder to the operational
needs of the TEDS system. We will provide a 24/7/365 onsite
Service Desk that will coordinate with the State and STS to
resolve issues and provide continued TEDS services and
Operatio Technol IT The contractor shall maintain a 24/7/365 operations. The Service Desk will operate under for following
NFR-
ns and ogy Operatio Network Operations Center (NOC) within the requirements:
OM- Supported C.12.16
Mainten Operati ns service desk in close coordination with the • Leverage existing server and hardware management tools and
198
ance ons Control infrastructure service provider (STS). processes to maintain continuity with existing services of the STS
NOC
• Maintain a 24/7/365 Service Center within the Service Desk in
close coordination with the infrastructure STS
• Maintain a 24/7/365 management console to support the
technical operations of the State

609
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deloitte understands the role of the service desk as the heart of

real-time monitoring and as first responder to the operational
needs of the TEDS system. We will provide a 24/7/365 onsite
Service Desk that will coordinate with the State and STS to
resolve issues and provide continued TEDS services and
Operatio Technol IT operations. The Service Desk will operate under for following
NFR- The contractor shall leverage existing tools
ns and ogy Operatio requirements:
OM- and processes within the STS NOC where Supported C.12.16
Mainten Operati ns • Leverage existing server and hardware management tools and
199 available and possible.
ance ons Control processes to maintain continuity with existing services of the STS
NOC
• Maintain a 24/7/365 Service Center within the Service Desk in
close coordination with the infrastructure STS
• Maintain a 24/7/365 management console to support the
technical operations of the State

Deloitte understands the role of the service desk as the heart of

real-time monitoring and as first responder to the operational
needs of the TEDS system. We will provide a 24/7/365 onsite
Service Desk that will coordinate with the State and STS to
resolve issues and provide continued TEDS services and
Operatio Technol The contractor shall maintain 24/7/365 operations. The Service Desk will operate under for following
NFR- Console
ns and ogy console management strategies within the requirements:
OM- Manage Supported C.12.16
Mainten Operati Service Desk providing support to STS and • Leverage existing server and hardware management tools and
200 ment
ance ons HCFA IS processes to maintain continuity with existing services of the STS
NOC
• Maintain a 24/7/365 Service Center within the Service Desk in
close coordination with the infrastructure STS
• Maintain a 24/7/365 management console to support the
technical operations of the State

610
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deloitte Service Desk will manage all aspects of batch scheduling

and processing for TEDS, adjust schedules as needed, and
coordinate computer processing time based on system priorities
and production windows. The service desk maintains 24/7/365
Online and Batch Job management procedures. Deloitte will
Review the TEDS batch jobs requests,
establish the monitoring tools and techniques leveraging existing
Operatio Technol validate schedules, and coordinate computer
NFR- Console management tools and processes with the STS NOC and bring
ns and ogy processing time based on system priorities,
OM- Manage Supported C.12.16 value to the collaboration were possible by introducing EVD tools
Mainten Operati program run-time, processing, and restart
201 ment and methods.
ance ons requirements; considering batch and
Batch management oversight is key to meeting the expectations
production windows / schedules.
of stakeholders for consistent output and benefits of the TEDS
system. Deloitte will manage all aspects of batch scheduling,
processing, monitoring exceptions, and timing within the
production schedules. These processes will be well documented
and maintained as a function of the Service Desk.

Deloitte Service Desk will manage all aspects of batch scheduling

and processing for TEDS, adjust schedules as needed, and
coordinate computer processing time based on system priorities
and production windows. The service desk maintains 24/7/365
Online and Batch Job management procedures. Deloitte will
Online
establish the monitoring tools and techniques leveraging existing
Operatio Technol and The contractor shall maintain 24/7/365 Online
NFR- management tools and processes with the STS NOC and bring
ns and ogy Batch and Batch Job management procedures
OM- Supported C.12.16 value to the collaboration were possible by introducing EVD tools
Mainten Operati Job within the service desk providing support to
202 and methods.
ance ons Manage STS.
Batch management oversight is key to meeting the expectations
ment
of stakeholders for consistent output and benefits of the TEDS
system. Deloitte will manage all aspects of batch scheduling,
processing, monitoring exceptions, and timing within the
production schedules. These processes will be well documented
and maintained as a function of the Service Desk.

611
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deloitte Service Desk will manage all aspects of batch scheduling

and processing for TEDS, adjust schedules as needed, and
coordinate computer processing time based on system priorities
and production windows. The service desk maintains 24/7/365
Online and Batch Job management procedures. Deloitte will
Online
establish the monitoring tools and techniques leveraging existing
Operatio Technol and
NFR- The contractor shall provide any / all management tools and processes with the STS NOC and bring
ns and ogy Batch
OM- scheduling information and monitoring tools Supported C.12.16 value to the collaboration were possible by introducing EVD tools
Mainten Operati Job
203 to meet the requirements of this contract. and methods.
ance ons Manage
Batch management oversight is key to meeting the expectations
ment
of stakeholders for consistent output and benefits of the TEDS
system. Deloitte will manage all aspects of batch scheduling,
processing, monitoring exceptions, and timing within the
production schedules. These processes will be well documented
and maintained as a function of the Service Desk.

Deloitte understands the complexity of managing many production

and SDLC environments, and will work with the State to develop a
comprehensive back-up and restore process to meeting the
requirements of the TEDS solution. Due to our extensive
experience with large scale development projects as well as the
application architecture and business requirements of IE
solutions, we will provide the intermittent data refresh
Operatio Technol The contractor shall develop and maintain
NFR- Backup requirements of the SDLC development environments.
ns and ogy backup and restore procedures to support
OM- and Supported C.12.16 Guidelines and processes for maintaining backups will be well
Mainten Operati HCFA technical teams through the SDLC
204 Restore documented and periodically tested to ensure they are meeting
ance ons process.
the service requirements of the stakeholders. Backup and
recovery strategies will be tested on a monthly basis to validate
success and safeguard the business continuance of the TEDS
solution. Deloitte will work with the State to leverage backup and
recovery strategies as well as an application architecture
approach to meet the RTO and RPO requirement for disaster
response and business continuity

Deloitte will conduct State-selected data restore tests on a

Operatio Technol The contractor shall provide backup and
NFR- Backup monthly basis to validate successful backup/recovery strategies.
ns and ogy restore completion reports to HCFA for
OM- and Supported C.12.16 We will also publish backup and restore completion reports to the
Mainten Operati review during periodic service level review
205 Restore State for review during periodic service level review meetings to
ance ons meetings.
demonstrate compliance.
Operatio Technol The contractor will perform a random data
NFR- Backup Deloitte will also publish backup and restore completion reports to
ns and ogy restore test on a monthly bases that
OM- and Supported C.12.16 the State for review during periodic service level review meetings
Mainten Operati demonstrates successful backup / recovery
206 Restore to demonstrate compliance.
ance ons strategies.

612
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deloitte recognizes the importance of adhering to the retention

Operatio Technol
NFR- Storage The contractor shall comply with the storage requirements of eligibility determination systems and the various
ns and ogy
OM- and archiving and purging policies and Supported C.12.16 State and Federal requirements for archival and retrieval of client
Mainten Operati
207 Archive procedures established by HCFA. data and audit logs. Deloitte will work with the State to align with
ance ons
these requirements and policies.

Server
and
Operatio Technol As a collaborative service provider and partner, Deloitte will work
NFR- Hardwar The contractor shall maintain a 24/7/365
ns and ogy closely with the STS NOC to utilize the network management
OM- e service desk within the service desk providing Supported C.12.16
Mainten Operati tools and processes to monitor network performance and identify
208 Manage support to STS and HCFA IS
ance ons bottlenecks within the network.
ment and
Support
Server
and
Operatio Technol As a collaborative service provider and partner, Deloitte will work
NFR- Hardwar The contractor shall leverage existing tools
ns and ogy closely with the STS NOC to utilize the network management
OM- e and processes when possible within the STS Supported C.12.16
Mainten Operati tools and processes to monitor network performance and identify
209 Manage NOC.
ance ons bottlenecks within the network.
ment and
Support

Operatio Technol As a collaborative service provider and partner, Deloitte will work
NFR- Network The contractor shall partner and leverage
ns and ogy closely with the STS NOC to utilize the network management
OM- Manage existing tools and processes within the STS Supported C.12.16
Mainten Operati tools and processes to monitor network performance and identify
210 ment NOC.
ance ons bottlenecks within the network.

613
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deloitte’s technology teams have many years of experience in all

aspects of database management to meet the performance
requirements of the on-line application and the batch processing
demands. We maintain the discipline and rigor required to enable
a solid foundation to support the business functionality. We have
the tools and knowledge to maximize performance and tune the
systems as progressive releases may change conditions, as well
Operatio Technol Databas as supporting monitoring to proactively address any interruptions
NFR-
ns and ogy e to service. As a comprehensive database administration service
OM- The contractor shall monitor the Database. Supported C.12.16
Mainten Operati Administr provider, we support the administrative burdens of maintaining
211
ance ons ation licensing, patch/release updates, security management and
continual optimization.
Deloitte proposed technology operations includes 24/7/365
monitoring of database performance and we will manage
application and database functions as required by the State.
We will assume responsibility for the database administrative
functions of maintaining up-to-date licensing,
versions/release/patching, security, tuning and optimization.

As an enterprise solution provider, Deloitte understands and

supports the State’s strategy for end-to-end identify management
and SSO solutions. We will work closely with the State to
Operatio Technol Directory integrate a solution that is compliant and compatible with the
NFR- The contractor shall develop a solution that is
ns and ogy Services technical and administrative requirements of identify
OM- compatible with HCFA’s directory services Supported C.12.16
Mainten Operati Manage management. Deloitte will monitor and enforce security policies
212 and Identity Management solution.
ance ons ment to maintain the integrity and confidentiality of systems from
inappropriate access attempts. Deloitte will work with State to
develop a Solution that is compatible with State’s Directory
Services and Identity Management solution.

614
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

As an enterprise solution provider, Deloitte understands and

supports the State’s strategy for end-to-end identify management
and SSO solutions. We will work closely with the State to
The SI, in coordination with STS and HCFA
Operatio Technol Directory integrate a solution that is compliant and compatible with the
NFR- IS, shall monitor events on the directory
ns and ogy Services technical and administrative requirements of identify
OM- services, such as unsuccessful attempts to Supported C.12.16
Mainten Operati Manage management. Deloitte will monitor and enforce security policies
213 access a resource, and taking the appropriate
ance ons ment to maintain the integrity and confidentiality of systems from
action where required.
inappropriate access attempts. Deloitte will work with State to
develop a Solution that is compatible with State’s Directory
Services and Identity Management solution.

In coordination with State and other State Contractors, Deloitte

will provide an appropriate and optimal middleware solution for
the TEDS. We will also update TEDs-related middleware including
licensing, patching, installing new versions. Our 24/7/365 onsite
Middlew
The SI, in coordination with HCFA and the production team will detect and resolve issues related to TEDS
are
Operatio Technol Technical Advisory Services function, shall middleware. With Deloitte’s experience across industries and first
NFR- (Applicati
ns and ogy ensure that appropriate middleware solutions hand eligibility determination solution experiences, we know what
OM- on/Intern Supported C.12.16
Mainten Operati for the TEDS solution are chosen and that technologies work optimally in different technology and business
214 et/Web)
ance ons they can perform optimally when they are environments. Deloitte can serve as a collaborative advisor to
Manage
deployed. the State to support the middleware procurement process to best
ment
serve the State’s requirements. Given our operational
experience, we can provide support to the State for optimizing the
performance of the middleware investment, including ongoing
maintenance support

In coordination with State and other State Contractors, Deloitte

will provide an appropriate and optimal middleware solution for
the TEDS. We will also update TEDs-related middleware including
licensing, patching, installing new versions. Our 24/7/365 onsite
Middlew
production team will detect and resolve issues related to TEDS
are
Operatio Technol middleware. With Deloitte’s experience across industries and first
NFR- (Applicati The SI, in coordination with STS, shall detect
ns and ogy hand eligibility determination solution experiences, we know what
OM- on/Intern and resolve issues related to the TEDS Supported C.12.16
Mainten Operati technologies work optimally in different technology and business
215 et/Web) middleware.
ance ons environments. Deloitte can serve as a collaborative advisor to
Manage
the State to support the middleware procurement process to best
ment
serve the State’s requirements. Given our operational
experience, we can provide support to the State for optimizing the
performance of the middleware investment, including ongoing
maintenance support

615
REQ Level 1 Level 2 Level 3 Requirement Additional Solution Bidder Notes
ID Comments Support Response
Narrative
Section
Reference

Deloitte is accustomed to working in State data center facilities

Facilities The contractor shall comply with the existing and understands that the State and STS have existing data center
Operatio Technol
NFR- and Data processes and standards for Data Center management processes. Our solutions and resources will
ns and ogy
OM- Center Management provided by STS, and leverage Supported C.12.16 leverage existing services and comply with the State and STS
Mainten Operati
216 Manage STS services for maintaining the TEDS established policies and processes. We will adhere to all
ance ons
ment infrastructure. processes and standards for Data Center Management provided
by STS.

The contractor shall track and monitor metrics

through reports on a frequency agreed upon
with the State for:
– Number of technology operation related
incidents Deloitte will work with the State to identify and define reporting
– Number of escalations and reason for those criteria and frequency for tracking and monitoring the following
escalations metrics:
– Number of changes implemented and • Number of technology operation related incidents
backed out • Number of changes implemented and backed out
– Number of unauthorized changes detected • Number of releases deployed, total and successful
– Number of releases deployed, total and • Number and ratio of events compared with the number of
successful incidents
– Number of maintenance windows exceeded • Percentage reduction in the number of SLA breaches due to
– Number and ratio of events compared with either poor server or mainframe performance or poor component
the number of incidents performance
– Number of incidents that occurred and • Percentage reduction in the business disruption caused by a
Key
Operatio Technol percentage of these that were triggered lack of adequate capacity
NFR- Performa
ns and ogy without a corresponding event • Percentage increase in reliability
OM- nce Supported C.12.16
Mainten Operati – Percentage reduction in the number of SLA • Percentage reduction in the unavailability of service • Reports on
217 Indicator
ance ons breaches due to either poor server or access to the facility
s
mainframe performance or poor component • Number of escalations and reason for those escalations
performance • Number of unauthorized changes detected
– Percentage reduction in the over-capacity • Number of maintenance windows exceeded
for technology purchases • Number of incidents that occurred and percentage of these that
– Percentage reduction in the business were triggered without a corresponding event
disruption caused by a lack of adequate • Percentage reduction in the over-capacity for technology
capacity purchases
– Percentage reduction in the unavailability • Percentage reduction in the unavailability
– Percentage increase in the reliability • Percentage improvement in overall end-to-end availability of
– Percentage improvement in overall end-to- service
end availability of service • Percentage reduction in the number of incidents due to poor
– Percentage reduction in the unavailability of technology performance
service
– Percentage reduction in the number of
incidents due to poor technology performance
– Reports on access to the facility

616
 ATTACHMENT 10

STAFF HOURLY RATES AND COST PROPOSAL

The following link directs to Cost Proposal submitted in response to the procurement (RFQ 32101-
15557) resulting in Contract award:
http://tn .gov/assets/entlties/tenncare/attachments/NegotiatedCostWorkbook.xlsx

Key Positions (Hourly Rates for DOl Tasks) Hourly Rate

1 Account Executive or Program Executive $405.44
2 DDI Manager $276.65
3 Technical Solution Lead $ 362 .51
4 Business Solution Lead $ 362.51
5 Quality Assurance/Control Lead $372 .05
6 OCMT Liaison $ 362.51
7 Project Management Office (PMO) Manager $143.10
8 Infrastructure Architect $248.03
9 Configuration & Assets Manager $248.03
10 Security Manager $248.03
11 CIP Manager $248.03
12 Database Architect $ 190.79
13 Conversion Manager $248.03
14 Application Architect $248.03
15 SOA Architect $248.03
Non Key Roles (Hourly Rates for DOl Tasks) Hourly Rate
1 Business Analyst $ 181 .26
2 Senior Business Analyst $214.64
3 Database Administrator $ 119.25
4 Conversion ArchitecUProgrammer $ 143.10
5 Technical Solution Architect $143.10
6 IT Service Continuity Analyst $ 119.25
7 Interface Lead $ 214.64
8 Privacy/Compliance Specialist $ 171 .72
9 Quality Assurance Test Manager $248.03
10 QA Analyst 3 - Leads $181 .26
11 QAAnalyst2 $ 152.64

617
0 QA Analyst 1 $ 114.48
Change Manager $ 143.10
14 Service Architect $267.11
15 Management and Administrative Support $ 90.63
16 Process Analyst $267.11
17 Technical Writer $ 119.25
18 Performance Analyst/Capacity Planning Analyst $248.03
19 Security Architect $267.11
20 Senior Security Analyst $209.87
21 Senior Security Engineer $209.87
22 Security Analyst $181.26
23 Programmer Analyst $ 92.54
24 Principal Systems Security Officer (SSO) $ 362.51
25 Web Portal Specialists $ 104.94
26 Senior (Web) Programmer Analyst $ 119.25
27 Technical Specialist Application and Web Platforms $ 119.25
28 Output Document Programmer $ 104.94
Additional Roles (Hourly Rates for DDI Tasks) Hourly Rate
1 QA Partner $405.44
2 Trainer $ 133.56
'
3 OCM Analyst $ 152.64
4 Security Director $405.44
5 Security Senior Manager $ 362.51
6 Scanning Resource $ 85.86
7 CMS Compliance Resource $ 162.18
8 OCMT SME $ 171 .72
Key Positions (Hourly Rates for O&M Tasks) Hourly Rate
1 Configuration & Assets Manager $238.89
2 Service Desk, Production Control & Operations Center Manager $257.26
3 Security Manager $238 .89
4 CIP Manager $238.89
Non Key Roles (Hourly Rates for O&M Tasks) Hourly Rate
1 Database Administrator $ 114.85
2 Quality Assurance Test Manager $238.89
3 QA Analyst 3 - Leads $ 174.57

618
0 QAAnalyst2 $ 147.01
QA Analyst 1 $110.26
6 Change Manager $ 137.82
7 Service Architect $257.26
8 Management and Administrative Support $ 87 .29
9 Process Analyst $257.26
10 Operations Analyst (Service Desk) $ 110.26
11 Senior Operations Analyst (Service Desk) $257.26
12 Senior Security Analyst $202 .13
13 Security Analyst $ 174.57
14 Programmer Analyst $ 89.12
15 Incident/Problem Manager $ 183.76
16 IT Engineer/Systems Monitoring Analyst $ 114.85
17 Output Document Manager $206.73
18 Output Document Programmer $101.07
Additional Roles (Hourly Rates for O&M Tasks) Hourly Rate
1 Security Director $ 390.49
2 Security Senior Manager $ 349.14
3 CMS Compliance Resource $ 156.20
4 Project Director $390.49
Non Key Roles (Hourly Rates for Enhancement Tasks) Hourly Rate
1 Business Analyst $ 150.00
2 Senior Business Analyst $225.00
3 QA Analyst 3 - Leads $ 190.00
4 QAAnalyst 2 $ 160.00
5 QAAnalyst 1 $ 100.00
6 Programmer Analyst $ 74.00
7 Output Document Programmer $ 90 .00
Key Positions (Hourly Rates for O&M Effort - Extension Years) Hourly Rate
1 Configuration & Assets Manager $271.57
2 Service Desk, Production Control & Operations Center Manager $286.12
3 Security Manager $ 271.57
4 CIP Manager $286.12
Non Key Roles (Hourly Rates for O&M Effort- Extension Years) Hourly Rate
1 Database Administrator $ 128.03

619
0 Quality Assurance Test Manager $276.42
QA Analyst 3 - Leads $ 202.71
4 QAAnalyst 2 $ 170.70
5 QA Analyst 1 $ 128.03
6 Change Manager $ 174.58
7 Service Architect $290.00
8 Management and Administrative Support $ 102.81
9 Process Analyst $286.12
10 Operations Analyst (Service Desk) $ 128.03
11 Senior Operations Analyst (Service Desk) $286.12
12 Security Analyst $ 189.13
13 Programmer Analyst $ 104.75
14 Incident/Problem Manager $203 .68
15 IT Engineer/Systems Monitoring Analyst $ 129.00
16 Output Document Manager $227.92
17 Output Document Programmer $116 .39
Additional Roles (Hourly Rates for O&M Effort- Extension Years) Hourly Rate
1 Security Director $412.20
2 Security Senior Manager $368.56
3 CMS Compliance Resource $ 174.58
4 Project Director $412.20

620