Public Health Informatics
Multi-agency, multi-stakeholder programs where procurement, compliance, and mission alignment determine success.
Inside this journey
-
Pre-Discovery
Align stakeholders and document the current technical and decision landscape before solution design.
-
Stakeholder Alignment
Confirm decision roles, data stewards, timelines, and funding/procurement constraints across state, local, and lab stakeholders.
Alignment Questions
Starting with Who’s In the Room
- Who will be the primary users, approvers, and sponsors for this program? (List roles/titles)
- What is the single most important outcome you want this project to deliver in the next 12 months?
- How urgent is this initiative on a scale from needed for compliance to optional improvement?
- Who owns the budget or funding line that would pay for this work?
- What recent audit, mandate, or event prompted this initiative?
Are We Sure We Know Who Decides?
- If this project succeeds, who in your organization will be publicly recognized — and if it fails, who will be held accountable?
- Who has final authority to sign contracts and approve budgets for IT projects of this size?
- Which committees or governance bodies will need to review or approve requirements, and how often do they meet?
- Who are the technical data stewards (lab systems, immunization, vital records) and how do they prefer to be engaged?
- How stable are these stakeholders’ priorities — have decision owners changed recently or are they likely to change in the next year?
Where the Data Stalls — Mapping Current Reality
- Which legacy registries, siloed systems, or vendor products are currently central to surveillance and reporting?
- What lab reporting pathways do you receive today (select all that apply)?
- List the interfaces you currently maintain (EHRs, LIS, hospitals, regional labs) and the approximate number of partners per interface type.
- How timely and complete are your current data feeds on average?
- What recurring failure modes or bottlenecks do you see when trying to modernize these feeds (e.g., mapping drift, partner capacity, vendor lock-in)?
When the System Fails — Pain, Incidents, and Impact
- Tell us about a recent incident where delayed, missing, or incorrect data caused operational or public-health harm (what happened and who was affected?).
- Which of the following impacts have you experienced or fear most from data problems?
- On average, how many staff-hours per week are spent on manual reconciliation, phone/fax follow-up, or data cleaning related to surveillance feeds?
- How do these failures make your team feel — frustrated, burned out, resigned, or something else? Give an example of a recurring frustration.
- When issues occur, who is expected to remediate them and how long does it typically take to resolve critical outages?
What Would ‘Right’ Actually Look Like?
- If our platform delivered a clear win for your department, what single outcome would convince leadership you made the right choice?
- Which outcomes below should be prioritized for this engagement?
- Please define 2–3 measurable success metrics you would use to accept the implementation (e.g., report latency < X hours, completeness > Y%).
- Are there any absolute constraints that cannot be changed (data residency, specific security certifications, maximum annual spend)?
- Who outside your organization needs to see these results to be satisfied (CDC, local jurisdictions, legislature)?
Can the Platform Fit Your Real Workflows?
- Which real-world workflows do vendors typically underplay but are central to your operations (examples: lookup reconciliation, lab result triage, vaccine inventory matching)?
- Please describe 2 representative data scenarios (source → transformation → destination) that must work exactly as you expect.
- Which interface types must be supported for a successful implementation?
- What CDC reports and specific formats/versions are required for your jurisdiction (select all that apply)?
- How much historical data must be migrated and what is the minimum acceptable fidelity/date range?
Budget, Timelines, and the Procurement Minefield
- What single procurement requirement is most likely to delay or kill this purchase (e.g., procurement vehicle, vendor certification, budget timing)?
- What is your target go‑live timeframe and are there immovable dates tied to grant cycles or mandates?
- What funding source(s) will you use and what approval steps are required before funds can be committed?
- Which contracting model do you prefer or require?
- What is the expected length of procurement / contracting from RFP to signature under your process?
People, Training, and Change Readiness
- If adoption stalls after go‑live, whose responsibility is it to drive ongoing use and how would they be measured?
- What internal teams will support day‑to‑day operations (select all that apply)?
- What type(s) of training do your users prefer and expect (classroom, remote live, self-paced, train-the-trainer)?
- What level of testing and validation will you require before we can declare acceptance (unit, integration, CDC-specified validation, parallel run)?
- What existing runbooks, SOPs, or governance artifacts must we align with or update during deployment?
What Would You Need from Us to Say Yes?
- What's the smallest, most convincing deliverable we could produce in 60 days to unblock procurement or leadership?
- What acceptance criteria must be demonstrably met for a pilot to be considered successful?
- What are the top three risks you fear in this program and how would you like us to mitigate them?
- Who should be on the executive steering list and who is the single person we should brief with updates?
- What is your ideal communication cadence for status updates during discovery and implementation?
-
Current State Mapping
Document legacy registries, lab reporting paths (including fax/flat-file), interface inventories, and failure modes that block modernization.
Current State
Set the Stage: What Does 'Normal' Look Like Here?
- Briefly describe the core systems, teams, and data flows that make up your surveillance ecosystem today.
- Which core registries and systems are actively used for surveillance and reporting?
- Who owns or is the primary steward for each system you listed (team or role)?
- How confident are you in the accuracy and completeness of data feeding federal reporting from these systems?
- When was the last major upgrade, migration, or vendor change for any of these registries?
- Name one process or system that actually feels reliable today—and why it deserves that trust.
If Something Breaks, Who Notices First?
- Think back 12 months: what single system failure caused the most operational panic, and why did it escalate?
- Which stakeholders experienced the biggest impact when that failure occurred?
- How long did it typically take your team to detect that class of failure?
- How long did it take to restore normal operations after that incident?
- After that event, did your organization change priorities or resources toward modernization? If so, how?
- Are there recurring failure patterns you expect to return? Please describe one such pattern and its downstream impact.
Where Does Your Data Really Live (and Who's Still Trusted?)
- Which legacy registry or data store feels like the single biggest bottleneck to progress—and what makes it so sticky?
- List the legacy products and versions currently in production (e.g., product name + version or year).
- Which data models and storage formats are we working with across registries?
- Are any registries technically decommissioned but still relied upon as the source of truth?
- If some decommissioned systems are still trusted, which ones and why do people keep relying on them?
- How often do you run deduplication, reconciliation, or manual corrections to keep registries usable?
How Do Lab Results Actually Arrive (The Real Story)?
- If you trace a single positive lab result from the submitting lab to your surveillance dashboard, where are the most fragile handoffs?
- Which lab reporting paths are currently active with your jurisdiction's systems?
- Approximately how many sending labs or facilities still submit results via fax or paper?
- When faxed or paper results arrive, who digitizes them and what is the typical turnaround time?
- Do you have automated parsing for flat files and non‑standard feeds, or are they manually processed?
- How frequently do missing or malformed lab messages cause CDC or state report delays?
Who Owns the Connectors — and Are They Healthy?
- If an auditor reviewed your interface inventory tomorrow, what single discovery would be most embarrassing or risky?
- Which types of interfaces and connectors are in use across your ecosystem?
- How many unique sending partners (hospitals, reference labs, clinics) do you actively manage?
- Who is responsible for daily interface maintenance and triage?
- How often do you run end-to-end interface tests that include data being processed through to reporting?
- What documentation exists per interface (message spec, contact, SLA) and where is it stored?
Migration Nightmares We Should Know About
- What hidden technical debt or political obstacle would derail a migration if we ignored it?
- Have past modernization or migration efforts failed or stalled? Tell us when, what happened, and why.
- Which of the following blockers have you encountered during previous modernization attempts?
- Do you have test environments, sandbox data, and CI/CD pipelines available for partner integration work?
- How do data governance, privacy, and consent requirements tend to surface as blockers during projects?
- Which fiscal, legislative, or grant timelines must we align with to avoid project stalls?
What Would a Safe, Fast Modernization Actually Feel Like?
- Imagine modernization succeeded in six months—what would be the single most visible change for your team or the public?
- Which outcomes should we prioritize (select all that matter most)?
- What non‑negotiable constraints must any solution respect (budget, procurement rules, data residency, no downtime, etc.)?
- Who must be engaged in governance and sign‑off (roles or specific people)?
- What measurable success metrics would make you declare a 90‑day win and a 12‑month win?
- Realistically, when could you commit to a one‑week technical discovery workshop with your technical leads and an appropriate sandbox?
-
-
Outcome Discovery
Prioritize desired outcomes (CDC compliance, interoperable ELR/IIS, outbreak responsiveness), success metrics, and non-negotiable constraints.
Discovery Questions
Quick Pulse: Which Outcome Matters Most Right Now?
- Which single outcome is the highest priority for your agency at this moment?
- Tell us a recent moment or event that made this outcome feel urgent—what happened and who noticed it?
- Which roles feel this priority most acutely inside your organization?
- How urgent is progress on this outcome from a delivery perspective?
- If we could deliver one visible improvement in the next 90 days, what would you pick?
If We Don’t Fix It, What Actually Breaks?
- What’s the single worst consequence you’ve quietly come to accept because current systems don’t deliver the outcomes you need?
- How often does that consequence occur and disrupt your operations?
- How long have you been tolerating this problem?
- How does that consequence affect public health outcomes, staff capacity, or stakeholder trust?
- When these failures happen, who outside your team notices first and what do they demand?
What Would Success Actually Feel Like?
- Imagine a day when surveillance and reporting 'just work' — what does your team do differently that day?
- Pick the measurable indicators that would prove success to you (choose up to 4).
- For each key indicator you selected, what is the current baseline (numbers, percent, or anecdote)?
- Which one of those indicators would have the largest positive impact on funding or political support if improved?
- Who internally would be the loudest advocate if those measures improved, and what would they say?
Non-Negotiables: The Red Lines We Can’t Cross
- What constraints or conditions would make you stop, renegotiate, or walk away from a proposed solution even if it meets technical goals?
- Which of these are absolute dealbreakers for your project?
- Are there specific contractual, privacy, or regulatory requirements that must be spelled out before you can proceed?
- Which technical security standards or data residency rules must we comply with?
- If a vendor met most technical goals but could not accommodate one of your dealbreakers, what mitigation would you consider acceptable?
Data & Interfaces: The Gritty, Necessary Details
- If you asked your lab and hospital integrators to rate interface reliability, what score would they give and why?
- Which interface types are actively feeding your surveillance ecosystem today?
- Approximately how many unique data sources (hospitals, labs, clinics) send you data now?
- What percent of incoming lab reports are fully automated versus requiring manual handling today?
- Which failure modes should we prioritize first to unlock outcomes?
- Who owns onboarding new interfaces today and how much bandwidth do they have for additional work?
People, Process & Politics: Who Moves the Needle Here?
- Who inside or outside your agency could realistically block progress even if technology and budget are aligned—and why?
- Which stakeholders must sign off before a go-live?
- How aligned are those stakeholders today on the prioritized outcomes?
- What formal change-management resources exist (communications, training teams, SME networks)?
- What would make your executive sponsors publicly champion this project?
Money, Schedule & Risk: The Hard Boundaries
- If the project slips on budget or timeline, which consequence would be most damaging—compliance, service delivery, or leadership credibility?
- What budget range is approved or expected for this modernization effort today?
- What procurement timeline must we fit into (RFP, award, contract signature)?
- How flexible is the rollout approach—are pilots acceptable or is a big-bang required?
- What are the top three risks you worry about (technical, operational, political) and how would you like them mitigated?
- Would you consider a risk-reducing pilot that delivers partial outcomes sooner but defers full scope?
Commitment & Next Steps: What Would Make This Real?
- What specific evidence or assurances would move you to sign a Statement of Work within the next quarter?
- Which artifacts do you need before contracting (select all that apply)?
- How would you like us to participate in defining acceptance criteria and success metrics?
- Who will be the initial project sponsor and can they commit to a recurring governance cadence?
- When would you like to schedule a technical workshop to validate outcomes using your real data?
-
Solution Experience
Validate how the platform delivers the prioritized outcomes using the customer’s real workflows, data scenarios, and reporting requirements.
Experience Meetings
- Solution Experience Kickoff & Current-State Confirmation
- Data & Interface Mapping Workshop
- Workflow Replay — Live Scenario Run (End-to-End)
- Reporting & Regulatory Validation Session
- Stakeholder Validation & Sign-off
- Agree explicit acceptance thresholds and SLAs for go/no-go decisions.
- Host to update effort estimates and flag any items requiring escalation to project management.
- Environment & Test Data Sanity Check
- Demonstrate, with customer data, that the platform produces the outcomes needed to meet the future-state statements.
- Identify any remaining mapping or business-rule gaps and prioritize fixes.
- Obtain explicit validation or rejection of scenario results from domain SMEs.
- Produce a short list of configuration/engineering tasks required before formal acceptance testing.
- Host to log all discrepancies in a tracking artifact and assign owners with target dates for remediation.
- Customer SMEs to provide formal validation responses (Y/N with comments) for each scenario within 3 business days.
- Host to update transformation rules and re-run any failed scenarios as a follow-up test.
- Customer to confirm any business-rule clarifications needed for automated case creation or reconciliation logic.
- Recap Evidence from Live Runs
- Confirm that CDC and IIS outputs meet regulatory expectations or document required adjustments.
- Introductions & Meeting Objectives
- Produce a remediation plan for any compliance-level gaps with owners and timelines.
- Host to produce a regulatory validation report comparing platform outputs to legacy outputs and call out variances.
- Customer to confirm acceptance thresholds and sign off in writing or escalate open issues within 5 business days.
- Host to update report templates or CDC payload formatting per agreed adjustments and re-run validation as scheduled.
- Executive Recap: Current State, Consequence, Future State
- Obtain explicit stakeholder validation for each prioritized scenario against documented acceptance metrics.
- Agree a remediation and retest timeline for any 'Accept with Conditions' or 'Reject' items.
- Handoff clear, signed next steps into Solution Scope and Mutual Commit with named owners and dates.
- Customer executive sponsor to provide formal sign-off (or formal conditional sign-off) for the solution experience evidence within 3 business days.
- Host to compile an evidence bundle (run logs, mapping spec, regulatory validation report) and attach it to the Solution Scope handoff.
- Host and Customer to schedule the Solution Scope meeting and Mutual Commit planning within the agreed timeframe.
- Assigned owners to track remediation items in the shared backlog and update status weekly until closed.
- Produce a single, agreed one-sentence current-state description.
- Document quantified consequences tied to current-state failures.
- Agree a single operational future-state outcome and 2–4 validation scenarios with success metrics.
- Collect and schedule delivery of all artifacts and logistical needs for hands-on sessions.
- Customer to deliver anonymized sample messages (HL7/FHIR/flat-file/fax extracts) and representative failure logs within 5 business days.
- Customer to name technical SME(s) and regulatory SME(s) who will attend subsequent workshops.
- Host to provision test environment and message simulator access, and confirm credentials by the agreed date.
- Host to circulate the finalized one-sentence current-state, consequence, and future-state statements for confirmation.
- Recap Current-State, Consequence, Future-State
- Produce a draft field-level mapping document for the prioritized scenarios.
- Identify and prioritize top failure modes that must be tested and mitigated.
- Agree acceptance criteria for successful parsing/transformation for each scenario.
- Assign owners and timelines for any missing artifacts or additional samples.
- Host to deliver draft mapping spec (field mappings and transformations) within 3 business days.
- Customer to provide additional edge-case samples identified during mapping within 5 business days.
- Customer technical SME to confirm availability of any external interface partners for test endpoints.
- One-Sentence Current State
- Scenario A: ELR Ingest to CDC Report
- Sample Message Review
- Evidence Pack Presentation
- CDC Report Output Comparison
- IIS Reconciliation & Audit Trails
- Field-by-Field Mapping
- Consequence Quantification
- Scenario B: IIS Immunization Reconciliation
- Forced Validation Poll
- Scenario C (optional): Case Trigger & Outbreak Escalation
- Failure Modes & Edge Cases
- Acceptance Thresholds & SLAs
- Open Items, Risks & Remediation Plan
- Define Future State (Outcome Statement)
- Estimate Effort & Acceptance Criteria for Mappings
- Regulatory Edge Cases & Mitigation
- Sign-off, Next Steps & Handoff
-
Solution Scope
Define included modules (ELR, syndromic, IIS, case management), interfaces, data migration, roles, and measurable acceptance criteria.
Scope Configuration
- Deploy HL7 v2 Ingestion Interface
- Configure FHIR API Endpoints and Resources
- Implement Electronic Laboratory Reporting (ELR) Pipeline
- Enable Syndromic Surveillance Feed (ADT/BioSense)
- Migrate Immunization Registry Data into IIS
- Deploy Reportable Condition Case Management Module
- Automate CDC and State Report Generation Submissions
- Normalize Lab Codes (LOINC/SNOMED) and Value Sets
- Integrate Flat-File Batch Ingest and Mapping
- Provision Role-Based Access Control and SSO
- Process Vital Records (Birth/Death) Integration
- Deliver End-User Training and System Onboarding
Scope Questions
Deploy HL7 v2 Ingestion Interface
- Do you currently receive HL7 v2 messages from external partners?
- Which HL7 v2 versions do your senders use?
- Which message types are required to ingest (e.g., ADT, ORU, ORM)?
- Preferred transport method for HL7 v2 (select all that apply)?
- What is the expected message volume per day (approx)?
- Do you require message-level ACK/NACK handling and reprocessing controls?
- Are there existing transforms or mapping specs for incoming HL7 messages?
Configure FHIR API Endpoints and Resources
- Which FHIR version should be supported?
- Which FHIR resources do you need exposed or ingested?
- What authentication/authorization method will be used for FHIR APIs?
- Do you require Bulk FHIR (Bulk Data) export/import capabilities?
- Are there specific profiles or implementation guides to support (e.g., CDC PHIN, US Core)?
- Describe any expected workflow-driven APIs (e.g., case creation via FHIR) or custom endpoints.
Implement Electronic Laboratory Reporting (ELR) Pipeline
- Are sending labs already transmitting ELR to you today?
- What ELR transport/formats do you need to support?
- Do you require mapping of local test codes to LOINC/SNOMED CT?
- Which reportable condition rule sets or jurisdictional case definitions apply?
- What is the expected ELR message volume per day?
- What acceptance criteria should be used to confirm ELR pipeline readiness (e.g., % successful parsing, latency)?
Enable Syndromic Surveillance Feed (ADT/BioSense)
- Do you currently receive ADT or syndromic feeds from hospitals/EDs?
- What ADT/Syndromic message triggers are required (e.g., ADT^A01, A08)?
- Do you need BioSense/FHIR-IG compatibility or direct BioSense submission?
- What patient matching strategy will you rely on for syndromic feeds?
- Are there specific syndrome definitions or ESSENCE queries to implement?
- What latency SLA is required for syndromic data ingestion and availability?
Migrate Immunization Registry Data into IIS
- What is the source of existing immunization data (legacy IIS, spreadsheets, vendor DB)?
- Approximately how many immunization records and patient profiles need migration?
- Do you require historical immunization event retention (full history) or only current status?
- Which coding systems must be supported or normalized (e.g., CVX, MVX)?
- Are there data quality or reconciliation rules required (e.g., duplicate patient resolution)?
- What acceptance tests confirm IIS migration success (e.g., reconciliation %, load performance)?
Deploy Reportable Condition Case Management Module
- Which case workflows need to be supported (investigation, lab linkage, contact tracing)?
- Do you have standard case definitions and state reporting triggers to automate case creation?
- What roles and permissions are needed for case management users?
- Should the case module link directly to lab results, immunization, and vital records?
- Are there required automated notifications or escalations (email/SMS/workflow)?
- What measurable acceptance criteria apply for case management (e.g., case creation accuracy, time-to-investigation)?
Automate CDC and State Report Generation Submissions
- Which external reports must be automated (select all that apply)?
- What submission methods are required for each report (PHINMS, API, HL7, CSV)?
- How frequently must each report be submitted (real-time, daily, weekly, monthly)?
- Are there existing ETL or mapping specs to CDC/state schemas?
- Do you require automated validation and reject handling before submission?
- What acceptance criteria define successful automated submission (e.g., 100% schema-valid, acknowledgements received)?
Normalize Lab Codes (LOINC/SNOMED) and Value Sets
- Are local lab codes used today that require mapping to LOINC or SNOMED CT?
- Do you have an existing terminology service or prefer us to provide mapping?
- Which value sets must be supported and kept up-to-date (select all that apply)?
- What is the expected cadence for terminology updates (monthly, quarterly, ad-hoc)?
- Do you require automated mapping reconciliation reports and manual review workflows?
- How will unmapped or ambiguous codes be handled during acceptance (quarantine, vendor review, auto-map)?
Integrate Flat-File Batch Ingest and Mapping
- What flat-file formats do you need to support?
- How are files delivered (SFTP, HTTPS upload, shared drive)?
- What is the typical batch size and expected frequency?
- Do you have sample files and field-level specifications available for mapping?
- How should errors be handled for batch records (reject entire file, partial ingest, quarantine)?
- Are there PII/PHI encryption or retention policies we must follow for batch files?
Provision Role-Based Access Control and SSO
- Which identity providers do you plan to use for SSO?
- Which SSO protocol will be used?
- How many distinct user roles or role templates are required?
- Do you require attribute-based access controls (ABAC) or purely role-based (RBAC)?
- Are audit logging and access reporting required for compliance (HIPAA, state law)?
-
Mutual Commit
Finalize commercial terms, procurement timelines, governance, CDC reporting obligations, and change-control expectations.
Agreement Modules
- Non-Disclosure Agreement (NDA)
- Master Services Agreement (MSA)
- Statement of Work (SOW)
- Pricing & Commercial Terms
- Procurement & Purchase Order Timeline
- Funding & Fiscal Approval Certification
- Governance & Steering Committee Charter
- CDC Reporting Obligations Annex
- Data Use Agreement / Business Associate Agreement (BUA/BAA)
- Security & Compliance Addendum
- Integration & Interfaces Annex
- Data Migration & Reconciliation Plan
- Acceptance Criteria & Test Plan
- Change Control & Change Order Process
- Service Level Agreement (SLA) & Support Model
- Transition, Training & Knowledge Transfer Agreement
-
Deployment
Operationalize rollout with readiness checks, sequencing, enablement, and validation.
-
Pre-Deployment Readiness
Confirm data inventories, access, test environments, interface partners, and resourcing needed to execute safely.
Readiness Questions
Getting Grounded: Who's In the Room and What They Own
- Who will be our primary deployment point of contact and who are the 1–2 backups we should plan to loop in?
- Which environments do you currently operate that we must consider during deployment (select all that apply)?
- Please list the legacy registries, lab systems, and reporting endpoints we will need to inventory or migrate from (include system name and owner).
- What internal governance or steering committee meetings already exist that must approve deployment milestones?
What Could Break During Cutover (and Why It Matters)
- If deployment goes sideways tomorrow, what single operational failure would cause the most critical public‑health impact?
- Tell us about a past deployment or integration that had an unexpected failure—what happened, who noticed it first, and how long did it take to restore normal operations?
- How much downtime (if any) is acceptable for each critical capability during cutover?
- Who needs to be notified immediately (roles/teams) if a cutover incident threatens CDC reporting or hospital operations? Please include contact methods.
Who Holds the Keys: Access, Credentials, and Bottlenecks
- Do any of your systems rely on a single person or contractor for credentials or admin access that would block testing or go‑live if they were unavailable?
- Please enumerate systems that require privileged credentials for vendor testing (e.g., LIS, IIS admin, SFTP, ADP) and the average lead time to obtain access.
- What is your standard process and SLA for provisioning vendor/test credentials and network access (VPN/IP allowlist)?
- Are there any audit, legal, or HR approvals (e.g., background checks, BAAs, state vendor onboarding) that typically slow down access for external teams?
Interfaces: Which Connections Are Fragile, and Who Will Help?
- Which interfaces do you suspect are under‑documented or ‘fragile’ and likely to require custom troubleshooting?
- For each partner system (hospitals, reference labs, commercial labs, EHR vendors), do we have a technical contact and agreed test windows? If not, which partners are outstanding?
- Do you have sample messages (HL7 v2, FHIR resources, flat files) we can use in early validation, and can we get them with real-world variations (e.g., different facility codes, missing fields)?
- Which message types and versions must be supported during initial interface configuration?
Data Reality Check: Can the Legacy Data Be Trusted?
- How confident are you that migrated legacy data will be complete and accurate enough to drive reporting without manual reconciliation?
- What known data quality issues should we expect (e.g., mismatched patient identifiers, missing lab result codes, inconsistent timestamps)?
- Do you maintain a data stewardship team or documented data dictionary that we can reference during mapping and migration?
- Would you be open to a short joint data profiling run (sample extracts + automated report) before we scope migration effort?
Test Environments: Where We Fail First (and How to Avoid It)
- Do you have a production‑representative test environment where we can run end‑to‑end validation, including partner endpoints and a realistic volume of messages?
- How often is that test environment refreshed with production data (anonymized) and who owns the refresh process?
- What level of vendor access to test systems are you comfortable granting (read-only, write/test submits, admin)?
- Which tests would you expect to run in test environments before any production cutover (select all that apply)?
People & Timing: Is Your Team Really Available?
- Be candid: during the proposed deployment window, what percentage of your core informatics team can be dedicated to vendor testing and cutover activities?
- Which roles will need to be present for technical validation and final sign‑off (e.g., lab SME, epidemiologist, IIS admin, procurement)?
- Are there seasonal workloads, staffing constraints, or planned public‑health events that would make particular dates risky for go‑live?
- What training cadence and format helps your users adopt new workflows fastest (role‑based live training, recorded modules, train‑the‑trainer)?
Risk & Rollback: Can We Undo a Bad Day?
- If the new system caused reportable-data issues or an outage, do you have a defined, rehearsed rollback or mitigation playbook we must align with?
- What concrete rollback triggers should we agree on (e.g., CDC report mismatch > X%, more than Y failed messages per hour)?
- How do you expect CDC/state reporting continuity to be handled during a rollback or partial outage?
- Who is authorized to declare a rollback or emergency stop (names/roles), and what is the expected notification timeline to partners and stakeholders?
Acceptance & Go‑Live: What 'Good' Actually Means
- Are your acceptance criteria specific, measurable, and assigned to named approvers—or are they still broadly defined?
- Which of the following must pass before go‑live (select all that apply)?
- Who will sign final go/no‑go (title and authority), and what is the expected timeframe for final acceptance after the last test?
- What post‑go‑live monitoring period and criteria do you require before declaring the deployment ‘stable’?
Commitments That Make Readiness Real
- What's the single, non‑negotiable commitment your organization can make today to reduce the biggest deployment risk?
- Which procurement, legal, or funding milestones must be cleared before we can schedule detailed test windows?
- When would you be ready to begin joint pre‑deployment activities (data profiling, test endpoint setup, credential provisioning)?
- Who should we schedule a 30‑minute readiness walk-through with (roles) to convert this discovery into an actionable pre‑deployment plan?
-
Deployment Enablement
Coordinate schedules, configure interfaces (HL7/FHIR/flat-file), execute migration steps, and conduct role-based training for go‑live.
-
Validation Checklist
Run acceptance tests: data exchange integrity, CDC report accuracy, IIS reconciliations, and operational runbooks sign-off.
Validation Questions
Start Here: Quick Snapshot of Your Validation World
- Who is our primary point of contact and final decision-owner for acceptance testing?
- Who else needs to be in the room (internal and external) when we run acceptance tests?
- What is your target acceptance-testing window or go‑live date (month/year)?
- Briefly describe any previous experience running platform acceptance tests (tools used, major gaps, or things that went well).
- Are there non-negotiable external deadlines we must validate against (e.g., CDC reporting cutover, grant milestones)? If yes, name them and their dates.
If This Goes Sideways, What Breaks First?
- What single integration, report, or process failure would cause the most operational harm on day one of go‑live?
- How often have you experienced that failure mode in the last 12 months?
- Which known failure modes should we prioritize in testing (select all that apply)?
- How quickly do you typically detect a critical data flow failure today?
- Share a recent incident (what happened, impact, how it was fixed) that reveals a validation blind spot we should plan to test against.
How Perfect Does the Data Need to Be?
- Which CDC or state report cannot tolerate more than a tiny error rate—call out the report and acceptable error threshold.
- For each selected reporting stream, what numerical error thresholds are acceptable (e.g., 0%, <1%, <5%, <10%, other)?
- Describe the reconciliation cadence and owner for IIS and ELR discrepancies (how often and who signs off).
- Which data elements are mission‑critical and must be validated end‑to‑end during acceptance (select all that apply)?
- How tolerant is your team of transient discrepancies immediately post‑go‑live (hours/days/weeks) before escalation?
Prove It: What Acceptance Tests Will Convince You?
- If we ran a single 'make‑or‑break' test that would prove the system is production‑ready, which test would that be and why?
- Select the test types you require as part of formal acceptance (we'll orchestrate these):
- For each required test type, what pass/fail criteria should we use (e.g., matching rate >= X, latency < Y seconds)?
- Do you require synthetic test data, de‑identified production samples, or live partner feeds for validation?
- Which external partners must participate in acceptance tests (labs, hospitals, IIS vendors)? Please name or describe their roles.
Who Holds the Pens? Governance, Acceptance, and Change Control
- Who has final authority to sign 'Acceptance Complete'—title and organization?
- What governance steps (review boards, technical validation, legal/procurement) must happen before sign‑off?
- Describe the formal acceptance artifacts you require (e.g., test report, reconciliation logs, runbook approvals).
- How will change requests discovered during acceptance be triaged (rapid patch, deferred backlog, block acceptance)?
- What is your expected turnaround for sign‑off once passing test artifacts are delivered?
Practice, Fail, Learn: Runbooks, Simulations, and Rollback
- Imagine a sudden surge in positive lab results during cutover—what immediate actions must be executable from an agreed runbook?
- Do you already have runbooks for validation, cutover, and post‑go‑live troubleshooting?
- Which runbook owners or roles must attest they understand the procedures before go‑live?
- What rollback criteria would trigger returning to legacy flows (e.g., data loss, >X% missing reports, SLA breach)?
- How often would you like us to run live drills or simulations before go‑live (to exercise runbooks)?
After Go‑Live: How Will You Know It's Working?
- What are the top 3 early‑warning metrics you'd watch in the first 30 days (be specific: e.g., ELR daily volume match rate, IIS reconciliation delta)?
- What dashboarding or alerting thresholds do you want in place for automated escalation?
- Who should be on the incident escalation list for the first 90 days post go‑live?
- How long do you expect the vendor to remain in a high‑touch support mode after acceptance?
- What ongoing governance cadence would make you comfortable for monitoring and continuous improvements (weekly, biweekly, monthly)?
Documentation and Evidence: What Do We Need To Leave Behind?
- Which formal documents must be delivered and signed as part of acceptance (select all that apply)?
- Do you require traceable test artifacts that map each test case to acceptance criteria (e.g., test case ID → result → evidence)?
- Are there any formats or templates your procurement or audit teams insist we use for acceptance documentation?
- Who will archive and maintain acceptance artifacts for future audits, and where will they be stored?
- Is evidence of successful CDC reporting (sample transmitted reports and confirmation receipts) required before sign‑off?
-
-
Success
Review outcomes against success metrics, schedule ongoing governance cadence, and maintain a shared backlog for issues and enhancements.
Success Reviews
- Success Metrics Review (Monthly)
- Governance Cadence Kickoff (Initial)
- Shared Backlog Grooming & Prioritization (Bi‑weekly)
- Operational Health & Validation Check (Monthly)
- Quarterly Outcomes & Funding Review (Quarterly Executive QBR)
Issues & Enhancements
- Ensure runbooks, on-call rosters, and recovery steps are current and tested.
- Backlog Health Review
- Ensure a living, prioritized backlog aligned to success metrics and CDC obligations.
- Establish clear acceptance criteria for prioritized items to enable validation.
- Identify scheduling constraints and dependencies that affect delivery timelines.
- Update backlog statuses and move top-priority items into the upcoming release plan.
- Document acceptance criteria and test scenarios for each prioritized item.
- Notify external integration partners of committed work and request any required inputs.
- System Health Summary
- Confirm operational integrity of data flows and identify any immediate corrective actions.
- Validate the accuracy of CDC-bound reports and reconcile discrepancies.
- Welcome & Objectives
- Open incident remediation tasks for any failed exchanges and assign technical owners.
- Perform targeted reprocessing or data fixes for reconciliations that failed accuracy checks.
- Update runbooks and schedule a tabletop drill where gaps were identified.
- Executive Summary of Outcomes
- Secure executive commitment for required funding and procurement timelines.
- Align roadmap priorities with regulatory changes and public-health operational needs.
- Ensure visibility of program risks and mitigation plans at the executive level.
- Prepare a funding request packet with outcomes data and ROI evidence for the finance/procurement office.
- Update the product roadmap and release dates based on executive direction.
- Document executive decisions and circulate an action tracker for procurement and governance follow-up.
- Confirm which success metrics meet targets and which require remediation.
- Assign owners, acceptance criteria, and deadlines for high-priority remediation items.
- Ensure clarity on regulatory/compliance risks tied to metric deviations.
- Publish updated success-metrics dashboard and distribute to governance roster.
- Create remediation tickets for each metric deviation with owners and target dates.
- Schedule focused follow-up working session for any remediation requiring technical design.
- Introductions & Scope of Governance
- Ratify a governance charter including meeting cadence and participant list.
- Document and agree decision authorities and an escalation path for disputes.
- Agree the standard reporting package and who must deliver it prior to each meeting.
- Publish the governance charter and distribute to all named stakeholders.
- Create recurring calendar invites for the agreed cadence and meeting types.
- Assign a governance secretary to circulate pre-reads and capture decisions/action items.
- Data Exchange Integrity
- Prioritization Exercise
- Roles, Authorities & Escalation Paths
- Dashboard Walkthrough
- Trends & Impact (ROI/Risk)
- CDC Reporting Accuracy & Reconciliations
- Deviations & Consequences
- Define Scope & Acceptance Criteria
- Cadence & Meeting Types
- Funding & Procurement Status
- Scheduling & Dependencies
- Interface Partner Status
- Roadmap Alignment & Policy Changes
- Reporting Package & KPIs
- Root Cause & Remediation Options
- Decisions & Owner Assignment
- Decision Rights & Change-Control
- Runbook & Recovery Drill Readiness
- Executive Decisions & Commitments
- Owner Commitments & Risks
- Next Steps & Scheduling