The Department of Health and Human Services, Centers for Medicare and Medicaid Services has a continuing requirement for Information Systems Foundational Components Support.

CMS is a federal agency that ensures health care coverage for more than 100 million Americans. CMS continues to leverage internal resources and external partnerships to fulfill the CMS mission – as an effective steward of public funds, CMS is committed to strengthening and modernizing the nation’s health care system to provide access to high quality care and equity of care. In an effort to fulfill this charge, the CMS vision of future success is a high-quality health care system that promotes better care, access to coverage and improved health. The focus is on measurably improving care and population health by transforming the U.S. health care system into an integrated and accountable delivery system that continuously improves care, reduces unnecessary costs, prevents illness and disease progression, and promotes health. The Center for Clinical Standards and Quality (CCSQ) of CMS is dedicated to improving beneficiary health outcomes, enhance provider and clinical experience, and maximize value of healthcare program investments. The Information Systems Group (ISG) is located within CCSQ and its mission is to design, build, and continuously improve user-centered and innovative IT solutions to advance the CMS Quality Strategy. Currently, the major quality programs, also referred to as lines of business (LOB), supported by ISG are: Hospital Quality Reporting (HQR), End Stage Renal Disease Quality Reporting System (EQRS), Internet Quality Improvement and Evaluation System (iQIES), Quality Payment Program (QPP), Enterprise System Services (ESS) and Quality Improvement Organizations (QIO) consisting of 4 main systems – Quality Management and Review Systems (QMARS), Financial Invoicing and Vouchering System (FIVS), Deliverable Administration Review Repository Tool (DARRT), and the CMS Quality Improvement Organization (QIO) Platform (CQP)

The Information Systems Group (ISG) manages multiple IT systems within each of its LOB. These IT systems facilitate the collection and management of provider information, patient demographic data, clinical data elements, survey information, and project data from Medicare and Medicaid providers. ISG has procured multiple IT vendors, also referred as Application Development Organizations (ADOs) to build and support these IT systems. These ADOs have deployed one or more development teams in charge of architecting, building and supporting these IT systems. Each development team focuses on specific aspects of each system and may have a unique way of implementing certain processes, such as the deployment of code. The Information Systems Foundational Components Support (FC) contract was initially awarded to support the Quality Payment Program (QPP), and later expanded to support other ISG LOBs. The responsibility of the FC team is to focus on solving commonly occurring problems within the development teams, develop services to enable self-service of common tasks between teams, build foundation and common components and code library, and provide common DevSecOps and/or infrastructure framework when needed. In doing this, the FC team has helped maintain a unified voice within CMS and fostered continuing program improvements with respect to: Security, Stability, reliability, Scalability, Usability, Quality, and efficient delivery of work products. The current FC team is working with, and across most ISG LOBs that contain multiple development teams to ensure their overall success across several ISG’s objectives (listed in Section 2.1 Objectives). CMS believes one of the most effective ways to improve upon ISG’s objectives is identifying and developing (following best practices such as automated testing and code review) common code, and automation that allows flexibility, re-usability, and efficient software deployment.

• Collaborate with CMS Technical leadership, CMS Solutions Management Team (SMT), Program Managers (PMs) and product teams to act as bridge between CMS leadership and ADOs while enabling those teams to better deliver value to CMS
• Identify existing pain points as it relates to code implementation and integration
• Help solve architectural problems and advocate for cross-product technical continuity
• Solve commonly occurring problems within the development teams by developing services to enable self-service, building foundational and common components, and providing common DevOps and/or infrastructure framework when needed
• Ensure ISG’s overall success across several objectives as stated below
• Increase efficiency of ISG’s software development and DevSecOps by solving common problems with common code
• Increase efficiency and consistency of ISG’s software development and DevOps by providing pre-vetted tools to expedite the path-to-prod and other readiness checklists
• Improve the stability of ISG Quality systems for users by collaborating with and supporting other teams to ensure incidents are resolved quickly and effectively. Ensure practices and procedures are implemented to avoid further system degradation during an incident
• Improve confidence in ISG’s Quality systems by quickly identifying incidents and clearly communicating system status to users as well as to internal and external stakeholders
• Improve product team and business owner confidence in the ISG Quality system security by ensuring a solid understanding of security implications of the software design and development process
• Improve product team and business owner confidence in ISG system security by ensuring threat modeling is completed regularly on all parts of the system providing quick and consistent results without undue burden to existing development teams
• Improve the quality and velocity of ISG’s development and deployment process by ensuring development teams can deploy and release features regularly and confidently, through automation
• Realize value of working software by deploying efficiently and as soon as possible after a feature is deemed ready by product owner
• mprove upon efficiency of software development and integration across teams by resolving issues quickly and efficiently after they are discovered
• Provide operational insight into the status of the website for all internal and external stakeholders in ISG by providing easy to use and automated reporting for relevant metrics
• Reduce overall cost of AWS Infrastructure by ensuring that ISG ADOs are making efficient use of AWS services (e.g., EC2 instance sizes, idle instances, etc.) and are accurately predicting future demand by implementing AWS Cost Dashboards, automated reporting, and alerts to provide cost feedback and detect waste
• Improve confidence in system ability to withstand major incidents by making best practices into automation (e.g., deploying across multiple availability zones and using auto scaling groups) and development processes (e.g., to update a vulnerable version of node.js or a library dependency)
• Reduce burden on development teams by simplifying existing or implementing new internal processes such as Security Impact Analysis (SIA), Technical Decision Board (TDB), Technical Decision Log (TDL), etc. that enables development teams to get documented, researched, and approved direction from CMS with respect to significant or cross-cutting technical decisions and efficient approval for adoption of cutting-edge new technologies
• Enable discipline-specific sharing in the context of cross-functional teams by implementation of program mechanisms such as the SRE Guild, Security Guild, and Testing Guild within ISG LOBs
• Improve cross-product integration testing by implementing shared libraries to allow teams to consistently de-identify production data
• Improve testing capability and reduce individual team burden by implementing a selfservice mechanism to allow teams and third-party service consumers to create synthetic test data that works consistently across disparate services and applications, such as creating appropriate QNet Access Roles and Profile (HARP) entities for authentication and authorization
• Improve program security awareness of ISG systems by implementation of periodic program-level bug bash that leverages the program’s security expertise in creative ways that improve practical security
• Reduce burden associated with on-boarding and off-boarding of developers on a development team by creating self-service automated on-boarding and off-boarding tools that easily and automatically create accounts on various development tools
• Simplify and secure numerous AWS accounts for various development teams by implementing industry standard best practices with respect to AWS Accounts standardization and AIM policy managements
• Provide visibility of all work necessary to support efficient development and delivery of cross team business requirements by participating in SAFe Program Increment (PI) planning and working on Program Enablers to research, analyze, prototype prospective solutions and alternatives
• Provide Solution Architecture oversite from a holistic perspective of the application by understanding how things influence one another within a whole system, and helping teams understand the goal of the overall system architecture
• Develop dashboards that allow teams to see real time metrics on the quality of products they are delivering
• Work with other architects and systems teams throughout the QNet enterprise to promote reusability, as appropriate, and to understand the direction of the QNet enterprise
• Research and identify new technologies or methods that can be used by the whole program to deliver more value faster with cost savings. Help the QNet team continue to find innovative ways to deliver value faster
• Assist with driving down technical debt by helping with the refactoring of code
• Continually improve testing methodologies, and ensure end-to-end testing is complete
• Support the CMS Strategic Objectives and associated Strategic Pillars, support CCSQ Strategy, and support ISG Strategy and its associated Objectives & Key Results (OKRs) per CMS direction