Modernizing CMS' Health Insurance Oversight System (HIOS)
The Challenge
The Centers for Medicare & Medicaid Services (CMS) was built in the rush to meet the legislative mandates of the Affordable Care Act (ACA). Time to market factors resulted in inefficient design and development resulting in system limitations and performance challenges. System complexity (17 enterprise-level systems, over 75 web services, 22,000+ active users, data from 6,090 issues and 11,064 Health Plan Identifiers), ACA fast-track requirements, increased cyber threats, and a rapidly evolving technology landscape created sizable risk to mission and program objectives. Maintenance costs skyrocketed to more than 80 cents on each dollar spent on HIOS.
The Solution
SBD implemented a tailored Agile Development framework to enable an aggressive integrated release schedule involving more than 35 production releases each year – incrementally delivering both enhancements and production fixes while maintaining 99.9% uptime. SBD implemented automated software delivery processes, implementing DevSecOps and CI/CD pipeline (Jenkins) capabilities. SBD migrated all 17 modules to the AWS cloud using Puppet, Nexus Pro, SonarCube, Fortify, and Splunk.
The Benefits
SBD improved the overall HIOS system design and framework which optimized performance, reduced costs and better positioned CMS to meet future ACA requirements. Modernization delivered process efficiencies, streamlined maintenance complexity, improved system agility and flexibility, and achieved cost savings with no disruption to operations. The shift to the cloud enabled further savings through reductions in software, hardware, and licensing costs. The modernized system allowed CMS to integrate enhanced cybersecurity solutions better protecting the data and system.
Key Takeaways
- Modernized system resulted in dramatic shift in balance of O&M costs (70%) to new development costs (30%) to 40% O&M vs. 60% new development.
- Introduced Agile-based iterative development, resulting in 35+ production releases per year (with 99.9% uptime).
- Through automation, decreased patching time by 71% in a span of 3 months.
Capabilities

Application
Development

Cloud &
Infrastructure

DevSecOps

Cyber
Security