MECL 03 - Appendix B - Required Artifacts List

From RCWiki
Jump to: navigation, search


MECT / MECL 2016 Documentation Toolkit
Welcome_to_MECT_2016
MECL_01_-_Medicaid_Enterprise_Certification_Life_Cycle
MECL_02_-_Appendix_A_-_MECL_and_At_a_Glance_Sheets
MECL_03_-_Appendix_B_-_Required_Artifacts_List
MECL_04_-_Appendix_C_-_Std_IV&V_Language
MECL_05_-_Appendix_D_-_Certification_Progress_Report_Template
MECL_06_-_Appendix_E_-_MMIS_Concept_of_Operations_Template
MECL_07_-_Appendix_F_-_MITA_eSelf_Assessment_Scorecard
MECL_08_-_Appendix_G_-_2007_Criteria_to_2016_Checklist_Map
MECL_09_-_Appendix_H_-_Uniform_RFP_Guide
MECL_10_-_Appendix_I_-_MMIS_Certification_Request_Letter_Template

MEDICAID ENTERPRISE

CERTIFICATION TOOLKIT Appendix B: Required Artifacts List March 2016

Category

Document / Artifact

Minimum Required Content and Notes

R1
Project Initiation Milestone Review
R2
Operational Milestone Review(s)
R3
MMIS
Certification Final Review(s)

Project Management

State Goals & Objectives

  • State goals and objectives
  • Medicaid Enterprise Certification checklists annotated
X

MITA

MITA Concept of Operations

  • Medicaid enterprise scope
  • As-is operations (business, architecture, data)
  • Drivers and enablers for transformation
  • Environment (business, architecture, data)
  • Operational scenarios
  • Impacts on stakeholders
  • Summary of improvements
  • Conditions of modularity and re-use and how to meet
X
X

MITA

MITA Technical Management Strategy

  • Document technical needs for sharing of state Medicaid Agency (SMA) services and information. See MITA, Part 3.
X
Waterfall
X
Agile

MITA

MITA Data Management Strategy

  • Document technical needs for sharing of State Medicaid Agency services and information. See MITA, Part 2.
X
Waterfall
X
Agile

MITA

MITA Self- Assessment (SS-A) & MITA Roadmap

  • As-is state
  • To-be state
  • Long term milestones specified in quarters
X
X

Technical / SDLC

MMIS Concept of Operations

  • A narrative description of each identified MMIS component, including basic functions and the business area supported
  • A statement of security / interface and disaster recovery requirements
X
X

Financial

Implementation Advanced Planning Document

  • Requirements analysis
  • Feasibility study
  • Alternatives analysis, including use of service-oriented architecture and transfer of an existing system or an explanation of why such a transfer is not feasible
  • Cost allocation plan / methodology
  • Proposed budget
  • MITA SS-A, as an attachment
  • Customized Medicaid Enterprise Certification checklists, if applicable
X
X

Security / Privacy

State Security Policies / Security Plan

  • Strategies and state policies for handling privacy, security, and HIPPA compliance. These are overarching policies that the state should have in place even before the MMIS project begins.
X
X
X

Security / Privacy

Privacy Impact Analysis

  • Use of personally identifiable information (PII) or personal health information (PHI) and a description of the types of data that will be collected
  • Sources of PII / PHI, populations, and transfer and disclosure mechanisms
  • Legal environment (legal authorities and state privacy laws)
  • Details about the entities with whom the collected information will be shared
  • Privacy and security standards for its business partners and other third parties and the agreements that bind these entities
  • Incident handling procedures
  • Privacy and/or security awareness programs and materials for its workforce
X
X
X

Procurement

Draft RFP

  • Defined goals and objectives
  • To-be environment requirements (business, architecture, data), including re-use, interoperability, and modularity requirements
  • Requirements found within the Medicaid Enterprise Certification checklists

The following are highly recommended, provided they are legally enforceable according to state law:

  • Conditions tying compensation to meeting or exceeding defined goals (e.g. service level agreements)
  • Reservation of right for state to approve and/or remove subcontractors
  • Requirement that contractors cooperate with other contractors (including IV&V contractor) and not impede progress on project as a whole
  • Performance clauses
X

Project Management

Project Management Plan

  • Modularity plans
  • Re-use plans
  • Procurements plans
  • Plans to ensure quality
  • Managing communications and stakeholders
  • System development life cycle (SDLC)
X
X

Project Management

Schedule / Milestones & Burn Down Charts

  • High level planning schedule (specified in quarters or months depending on project length - no specific dates necessary until detailed system requirements are defined)—waterfall or agile
X
X

Project Management

Risk Register / Exception Plan

  • In agile, risks may be captured in an Exception Plan
  • List of project risks and mitigation plans for each
X
X

Technical / SDLC

Test Plan

For waterfall and agile:

  • Testing strategy (unit testing, functional testing, regression testing, integration testing, user acceptance testing, performance testing, manual and automated and/or scripted testing, disaster recovery and end-to-end integration testing of COTS products, if any)
  • Bi-directional traceability to requirements and design
  • Plans for preparing the test / staging environment
  • Test cases are added as design progresses

Testing should be as automated and self-documenting as possible (e.g. continuous unit testing)

X

Technical / SDLC

Working MMIS module(s)

  • Demonstrations of working software
X
X

Project Management

Earned Value / Velocity Management Report

  • Project progress in schedule and cost against baseline spend plans
X
X

Technical / SDLC

Database Design

  • A record layout of each data store with data element definitions
  • An automatically generated record, if possible
X
X

Technical / SDLC

Data Conversion / Management Plan

  • Elaboration of material in the MITA Data Management Strategy
X
X

Technical / SDLC

Contingency / Recovery Plan

  • Back-up site / failover plan
  • Testing schedule
X
X

Technical / SDLC

Test Reports / Validated Product Reports

  • Acceptance testing report for each user story / use case
X
X

Technical / SDLC

System Design Document (SDD)

SDD is not necessary for COTS product, but an interface design document (including APIs) is required. The document should include:

  • A list of all local and off-site facilities
  • A network schematic showing all network components and technical security controls
  • A description of each component, including basic functions and the business areas supported
  • An enterprise system diagram, including all components, identifying all logic flow, data flow, systems functions, and their associated data storage
  • A bi-directional traceability to requirements and test plan
X
X

Technical / SDLC

System Requirement Document / Backlog of User Stories or Use Cases

Requirements / user stories and/or use cases for functional and non- functional requirements:

  • Business
  • Data
  • Capacity / performance
  • Security / privacy / HIPAA compliance
  • Usability
  • Maintainability
  • Interface
  • 508 compliance
  • Disaster recovery
  • Traceability to test plans or test cases
X
X

Technical / SDLC

Product Documentation

  • Operations manuals
  • Training materials
  • User guides
  • List of all error codes and explanations by MMIS component
X
X

Security / Privacy

HIPAA Statement

  • A statement that the system meets HIPAA requirements for transactions and code sets, privacy and security, and when required, National Provider Identifier. This statement is in addition to the completion of all the HIPAA-related checklist criteria.
X
X

Financial

Official Certification Request Letter

  • The date the system became fully operational
  • A copy of the state’s letter to the MMIS contractor or state development team accepting the system / modules(s)
  • A copy of the official acceptance letter from the state to the MMIS contractor or state development team
  • A proposed timeframe for the review
  • A declaration that the state’s MMIS meets all of the requirements of law and regulation:
    • Meets the requirements of 42 CFR 433.117 for all periods for which the 75-percent FFP is being claimed
    • Issues Explanation of Benefits (EOBs) on a regular basis for all periods for which 75percent FFP is being claimed, in accordance with the provisions of Section 10 of P.L. 95142, which amends section 1903(a)(3) of the Social Security Act.
  • Is ready for CMS certification, based on the state’s evaluation using the checklists in the Toolkit
  • Adjudicates claims and information required for payment of services in accordance with all provisions of 42 CFR 447 and the approved state Medicaid plan
  • Generates up-to-date and accurate T-MSIS (Transformed Medicaid Statistical Information System) data
  • Routinely generates back-ups containing up-to-date and accurate T-MSIS
  • Exercises appropriate privacy and security controls over the system in accordance with 45 CFR Part 164, P.L. 104-191, HIPAA of 1996, and 1902(a)(7) of the Social Security Act as further interpreted in regulations at 42 CFR 431.300 to 307.
X

Certification Final Evidence

Production Screenshots, Reports and Data

  • A sample of production data
  • A substantive and representative set of all reports and information retrieval screens (electronic format preferred)
  • A list of information retrieval functions and reports for each business area (including a list that identifies the distribution of the reports and who can access the information retrieval displays)
  • A list of information retrieval functions and reports for each business area (including a list that identifies the distribution of the reports and who can access the information retrieval displays)
  • The evidence that T-MSIS data requirements have been met for timeliness and data quality
  • The samples from six months of operating data
X