STATE OF NEW HAMPSHIRE
CMS APD Approval: April 15, 2026 | Project Start: May 1, 2026
DoIT
Enterprise Services Lead
DHHS
Program Requirements Lead
GraniteBus
NH's API-Led Enterprise Services Platform
Modernizing Medicaid Enterprise System (MES) integration through API-led connectivity — enabling real-time data exchange, streamlined provider services, and enhanced CMS compliance
DHHS Division Program Leadership:
🚀 Accelerated Delivery Potential
Strategic acquisition of pre-built API development accelerators and deployment toolkits from qualified vendors may significantly improve ROI and compress implementation timelines — reducing custom development effort while establishing reusable foundational patterns for enterprise-wide adoption.
FedRAMP Government Cloud
Moderate Authorization
Medicaid Claims Processing
Real-Time API Integration
CMS Compliance
MITA 2 → 3.5 Advancement
30+ MES APIs
Provider & Member Services
Future Program Sponsors (Phases 2-3):
Additional agencies planned for API-Led Services adoption post-DHHS implementation
Executive Summary
GraniteBus delivers API-led Medicaid Enterprise System (MES) modernization — transforming NH DHHS integration through real-time eligibility verification, streamlined provider services, and automated claims processing. Built on a FedRAMP-authorized Government Cloud API Services Platform, enabling CMS compliance and measurable outcomes for New Hampshire citizens.
DDI Investment
$0.00M
Federal Share (90%)
$0.00M
State Share (10%)
$0.00M
DDI Timeline
0 Months
Phases
0 Phases
Target APIs
0+
Operations & Maintenance (Steady-State)
Peak Staffing (Ph 2)
0 FTE
8 State / 20 Contractor
Steady-State (Jul 2031+)
0 FTE
10 State / 7 Contractor
Annual O&M
$0.00M
75% FFP ($2.55M Fed / $0.85M State)
5-Year O&M Total
$0M
Fed: $12.75M / State: $4.25M
Strategic Objectives
- Replace 200+ SFTP integrations with managed APIs
- Enable real-time data exchange across MMIS (Mule 4.x LTS mandatory)
- Automate CMS-64, T-MSIS, OCSE-34/157 reporting
- Achieve MITA Level 3.5 by Q4 2031
- Position ESB as backbone for GraniteFamilies (CCWIS), DOT & DOS in Phase 3+
- Quick Wins: $3.80M committed Phase 1 value (Provider + Eligibility APIs, Apr-Jun 2027)
Implementation Timeline
62-month master schedule (May 2026 - Jun 2031) with milestones aligned to budget cycles
Phase Details
Detailed breakdown of objectives, activities, and success criteria
Phase 0: Foundation
May 1 - Dec 15, 2026 (7.5 months)
Objectives
- CMS APD approved (Apr 15) & G&C contracting
- Deploy MuleSoft Government Cloud (FedRAMP Moderate)
- MANDATE: MuleSoft 4.x LTS (P0 non-negotiable — avoids $2.5M-$6.5M remediation)
- Establish connectivity to Conduent ORR ecosystem
- Create foundational API endpoints (3-5 System APIs)
- Elevate Eligibility API to #1 engineering priority (Section 5.2 #1)
- Rescope Provider Directory to 40,908 providers (Section 5.2 #2)
Key Activities
- Execute SI procurement process (GraniteBus partner selection)
- Provision MuleSoft Anypoint Platform with Runtime Fabric (RTF) — Mule 4.6+ LTS ONLY
- Deploy Runtime Fabric agents in NH DHHS data center
- Configure Anypoint MQ for asynchronous messaging
- Build DevOps CI/CD pipeline with automated testing
- Establish ODBC connections to MMIS ORR, NHORR, PBM ORR
- Reframe Eligibility API value: 270/271 batch replacement (44.95M txns/yr), MCO_MISMATCH denial prevention (Section 5.2 #4)
- Eliminate call center ROI line items from all projections (Section 5.2 #3)
- Add GraniteFamilies/Bridges capacity (25-50× headroom) to IAPD narrative (Section 5.2 #8)
- Implement TLS 1.3 encryption and API governance policies
- ITSM/ServiceNow foundation setup
Success Criteria
- CMS APD and G&C approvals secured
- SI partner contract executed — Mule 4.x LTS mandated in all SOWs
- MuleSoft Government Cloud operational with FedRAMP compliance
- 3-5 System APIs deployed with >99% availability
- Provider Directory scope validated at 40,908 with 36,288 updates/yr
- Phase 1 ROI committed at $3.80M/yr to CMS/Legislature (Provider $1.30M + Eligibility $2.50M)
- GraniteFamilies CCWIS integration capacity documented in IAPD
Phase Budget
Total
$2.72M
Federal (90%)
$2.45M
State (10%)
$272K
Staffing
18 FTE (5 State / 13 Contractor)
Investment Analysis
62-month DDI (May 2026 - Jun 2031) with milestones aligned to budget cycles
$13.55M
DDI Investment
90% FFP Rate
$17.0M
5-Year M&O
17 FTE (10 State / 7 Cont.)
$30.55M
Total Program
FY2026-2032
$24.95M
Federal Share
82% FFP blended
$5.60M
State Share
18% state match
DDI Phase (90% FFP): $13.55M
Federal (90%)
$12.20M
State (10%)
$1.35M
5-Year M&O (75% FFP): $17.0M
Federal (75%)
$12.75M
State (25%)
$4.25M
DDI Budget by Phase ($M) - 62-Month Timeline
Phase 0
$2.72M | 18 FTE
7.5 months
Phase 1
$3.09M | 25 FTE
12 months
Phase 2
$3.80M | 28 FTE
12 mo (Peak)
Phase 3
$2.40M | 22 FTE
12 months
Phase 4
$1.54M | 17 FTE
18 months
Quick Wins ROI (Phase 0-1) — Volume Analysis v2 Validated
Phase 0-1 Investment
$5.81M
Extended Phase 0
Ph 1 Committed
$3.80M
Provider + Eligibility
6-Year BCR
2.9:1
NPV: $42M @ 7%
Payback Period
3.8 yrs
IAPD v13 validated
FMAP Protected
$25.7M
Cures Act compliance
Source: IAPD v13 (Mar 2026) — Ph 1: $3.80M (Provider $1.30M + Eligibility $2.50M) | Ph 2 EVV: $1.20M (Q2 2028)
Key Risk Factors Applied to Estimates
+25%
MuleSoft specialists scarce; market premium for architects
+15%
SI partner negotiations; Conduent coordination overhead
+6 mo
CMS IAPD approval; G&C procurement cycles extended
+20%
Legacy ORR complexity; 200+ SFTP connections to migrate
Quick Wins Production Roadmap
IAPD-validated implementation plan: $3.80M Phase 1 committed value (Provider + Eligibility APIs, Apr-Jun 2027) plus $1.20M Phase 2 EVV (Q2 2028, pending validation). Total Phases 0-2: $5.0M.
Project start: May 1, 2026 — Phase 1 go-live: Apr-Jun 2027 — Phase 2 EVV: Q2 2028 — All development currently pending
$3.80M
Phase 1 Committed
+$1.20M Ph2 EVV
2.9:1
6-Year BCR
NPV: $42M @ 7%
11 mo
Time to Value
Provider Apr 2027
1.04M
Unique Denials/Yr
~417K MCO mismatch
Initiative Status
Implementation Timeline (May 2026 - Mar 2027)
Annual Value Breakdown ($M) — Committed Cap
Phase 1 (Jun 2027)
Phase 1 (Apr 2027)
Phase 2 (Q2 2028)
Ph 2 EVV: +$1.20M (Q2 2028)
Cumulative Value Realization ($M)
First value capture begins Apr 2027 with Provider Directory Sync go-live
ROI Analysis & Improvement Plan
IAPD v13 validated ROI projections based on Conduent MMIS production data. Phase 1 Committed: $3.80M (Provider $1.30M + Eligibility $2.50M). EVV $1.20M moved to Phase 2 (Q2 2028).
$3.80M
Phase 1 Value
Provider + Eligibility
$5.81M
Phase 0-1 Investment
Extended Phase 0
2.9:1
6-Year BCR
NPV: $42M @ 7%
3.8 yrs
Payback Period
IAPD v13 validated
$25.7M
FMAP Protected
Cures Act compliance
ROI Projections (Volume Analysis v2)
Original estimates vs vendor-validated revisions — Conduent MMIS production data
DDI Ph 0-2 Investment
Phase 1 Committed Value
Phase 2 EVV Value
6-Year Benefit-Cost Ratio
Net Present Value (7%)
Payback Period
Key Change: Call center ROI removed (<$10K/yr actual — was 132× overstated). Eligibility reframed around 270/271 batch replacement (44.95M txns/yr).
Vendor-Validated Data Points
Production metrics from Conduent MMIS — basis for all ROI projections
Unique Annual Denials
Corrected baseline for ROI calculations
MCO Enrollment Mismatch
~40% of total denials — primary Eligibility API target
270/271 Batch Transactions
Real-time API replaces 24-48hr batch staleness
Provider Universe
36,288 updates/yr processed
FTE Recovery Range
Conservative target: 20 FTE minimum in 18 months
EVV Compliance Status
API sustains compliance, replaces fragile SFTP batch
Phase 0-1 Project Plan, WBS & Staffing
Comprehensive implementation plan with generous staffing to ensure successful delivery of $3.80M committed Phase 1 value (Provider $1.30M + Eligibility $2.50M) through two quick win integrations (EVV: Phase 2).
16.5
Months Total
Phase 0 + Phase 1
$5.81M
Phase 0-1 Budget
$2.72M + $3.09M
25
Peak FTE Cap
8 State / 17 Contractor
$3.80M
Phase 1 Value
Provider + Eligibility
2.9:1
6-Year BCR
IAPD v13 validated
Staffing Ramp (Feb 2026 - Jun 2027)
Phase 0 Peak
18 FTE
Phase 1 Peak (Cap)
25 FTE
Phase 1 End
14 FTE
Phase Summary
Platform foundation, governance, SI selection, AI tooling & automation
2 Quick Wins LIVE: $3.80M Phase 1 value (Provider $1.30M + Eligibility $2.50M)
Generous staffing in Phase 0-1 mitigates MuleSoft expertise scarcity, complex MMIS dependencies, and aggressive delivery timelines.
Staffing Plan
60-month staffing progression from Phase 0 foundation through steady-state operations. Phase 0-1 budget at $5.81M ($2.72M + $3.09M) with 25 FTE peak.
Phase 0-1 Budget
$5.81M
$2.72M + $3.09M
Phase 0-1 Peak FTE
25 FTE
8 State / 17 Contractor
Steady-State Target
17 FTE
10 State / 7 Contractor
May - Dec 2026
Foundation: APD, G&C, SI procurement, AI tooling & automation
Dec 2026 - Dec 2027
Quick Wins: Provider Sync, EVV Exchange, Eligibility API
Jan 2028 - Dec 2028
MMIS Expansion: EBI 2.0, PBM, provider portal
Jan 2029 - Dec 2029
Enterprise: SFTP retirement, DOT/DOS, MDM
Jan 2030 - Jun 2031
Optimization: Knowledge transfer, MITA 3.5
Jul 2031+
O&M: Sustainable 17 FTE operations model
62-Month Staffing Progression
GraniteBus Enables EBI 2.0
Transform batch-oriented ETL operations into a modern, event-driven analytics platform with real-time data streaming, unified API access, and intelligent automation.
EBI Transformation Vision
Current: EBI 1.0
- • Informatica PowerCenter ETL
- • Zena batch scheduler
- • SFTP file transfers
- • Monthly load cycles
- • Email-based alerts
Target: EBI 2.0
- • MuleSoft API Gateway
- • Event-driven streaming
- • Real-time CDC
- • Continuous data flow
- • Intelligent monitoring
GraniteBus Enablers
Performance Improvements
Data Freshness
Batch Job Failures/Month
Manual Interventions/Week
Report Generation Time
Data Lineage Visibility
API Response Time
EBI 2.0 Architecture with GraniteBus
Data Sources
GraniteBus ESB
sapi-mmis, sapi-eligibility
papi-claims-agg, papi-member-sync
xapi-bi-catalog, xapi-reports
Event streaming & CDC
Analytics Consumers
Integration Architecture
NH DHHS Enterprise Integration Architecture Overview
Risk Dashboard
Enterprise-level risk assessment and mitigation strategies
Critical Risk
High Risk
Medium Risk
Low Risk
Technical Risks
Legacy integration complexity
HighMitigation: Detailed discovery POC; maintain SFTP fallback
Integration performance
HighMitigation: Performance testing early; horizontal scaling
Organizational Risks
Staff capacity constraints
MediumMitigation: Hybrid staffing model; phased implementation
Change resistance
MediumMitigation: Training, GraniteBus partnership, change management
Vendor Risks
Conduent data access delays
HighMitigation: Early contractual engagement; escalation path
Vendor lock-in
LowMitigation: Open standards; knowledge transfer
Regulatory Risks
CMS IAPD approval
CriticalMitigation: Early State Officer engagement; pre-submission review
Security accreditation delays
MediumMitigation: Early DoIT security engagement; FedRAMP artifacts
Governance Framework
Enterprise-level governance structure for multi-agency integration
Project Governance Structure
Enterprise Services Planning
Multi-Agency Portfolio Planning Committee
Project Governance Board
DHHS IT Director | DHHS PMO | DoIT Project Lead | GraniteBus | Conduent Liaison
Technical Council
Architecture | Security | Standards
Data Governance
Data Quality | Privacy | Stewardship
Change Advisory
Release Mgmt | Change Control | Risk
API Governance Standards
| Standard | Specification | Enforcement |
|---|---|---|
| API Design | RESTful, OpenAPI 3.0 | API Review Board approval |
| Security | OAuth 2.0, TLS 1.3, AES-256 | Security scan before deployment |
| Performance | <250ms p95, >99.9% availability | Automated monitoring |
| Documentation | RAML 1.0, inline examples | Coverage metrics |
| Versioning | Semantic versioning | Version lifecycle management |
NH DHHS / DoIT | Document Version 1.0 | January 2026
This document was prepared in support of the NH DHHS MMIS Integration Modernization initiative
Platform Sustainability Overview
Long-term operations & governance framework ensuring continuous platform viability, fiscal responsibility, and alignment with Enterprise Architecture standards.
EA Governance
DoIT Enterprise Lead
Architecture standards & oversight
Steady-State Team
17 FTE
10 State / 7 Contractor
Annual O&M Cost
$3.4M
Risk-adjusted (17 FTE)
Federal Funding
75% FFP
$2.55M Fed / $0.85M State
Platform SLA
99.9%
Availability target
5-Year O&M Total
$17.0M
Fed: $12.75M / State: $4.25M
DoIT Role — Enterprise Services Lead
- •Platform governance and architectural standards
- •Technology strategy and vendor relationship management
- •Security and compliance oversight
- •Cross-agency integration coordination
- •Infrastructure and hosting decisions
DHHS Role — Program Requirements Lead
- •Business requirements and use case prioritization
- •Division-specific integration needs (DMS, DES, DCYF, DPHS, DBH, DLTSS)
- •Federal reporting compliance (CMS, OCSE, ACF)
- •Program-level funding and cost allocation
- •User acceptance and change management
Plan Scope
Enterprise Architecture governance and decision-making processes
Resource models for development, implementation, and steady-state operations
Vendor engagement and contract management strategies
Ongoing support and maintenance (O&M) framework
Financial sustainability and cost allocation across DHHS divisions
Risk management, succession planning, and vendor exit strategies
Performance metrics and continuous improvement KPIs
Governance Framework
Enterprise Architecture governance structure ensuring consistent decision-making, standards compliance, and effective change management.
Executive Steering Committee
Members: DoIT Commissioner (Chair), DHHS Commissioner, CFO Representatives
Scope: Strategic Direction, Major Investments
Project Governance Board
Members: DoIT Deputy CIO, DHHS CIO, Division Directors (DMS, DES, DCYF)
Scope: Project Oversight, Resource Allocation
Technical Council
Members: DoIT Enterprise Architects
Scope: Architecture Reviews, Standards Compliance
Data Governance Council
Members: DHHS Data Stewards
Scope: Data Quality, Privacy, Access Control
Change Advisory Board (CAB)
Members: Operations Lead, Technical Leads
Scope: Change Approvals, Release Planning
Resource Model
Staffing requirements for development, implementation, and steady-state operations with recommended State/Contractor resource allocation.
Peak DDI Team - Phase 2 (Jun 2027 - Jun 2028)
| Role | FTE | Type | Responsibilities |
|---|---|---|---|
| Program Manager | 1 | State (DHHS) | Overall program coordination, stakeholder management |
| Enterprise Architect | 1 | State (DoIT) | Architecture governance, standards compliance |
| Security Analyst | 1 | State (DoIT) | Security reviews, compliance validation |
| Senior Business Analyst | 2 | State (DHHS) | Requirements gathering, business process mapping |
| Business Analyst | 2 | State (DHHS) | T-MSIS/CMS-64 mapping, domain expertise |
| Conduent Liaison | 1 | State (DHHS) | ORR coordination, test environment access |
| SI Project Manager | 1 | Contractor | Day-to-day project execution, schedule management |
| Integration Architect | 2 | Contractor | MuleSoft design, API patterns |
| Senior API Developer | 4 | Contractor | API development, DataWeave transforms |
| API Developer | 4 | Contractor | API development, unit testing |
| Data Integration Engineer | 2 | Contractor | Data mapping, ETL specifications |
| DevOps Engineer | 2 | Contractor | CI/CD pipeline, RTF deployment |
| QA Lead | 1 | Contractor | Test strategy, automation framework |
| QA Analyst | 2 | Contractor | Test execution, defect management |
| Technical Writer | 1 | Contractor | Documentation, API specifications |
| ServiceNow Developer | 1 | Contractor | ITSM integration, CMDB |
| TOTAL PEAK (Phase 2) | 28 | 8 State / 20 Contractor | |
Resource Mix (29% State / 71% Contractor)
State Resources: Governance, oversight, institutional knowledge
Contractor Resources: MuleSoft expertise, scalable capacity
Vendor Engagement Strategy
Strategic partnerships and contract structures for MuleSoft, Conduent, and Systems Integrator vendor management.
MuleSoft Premier Support + Professional Services
| Component | Description | Cost |
|---|---|---|
| Anypoint Platform License | Government Cloud, Runtime Fabric | $350,000/year |
| Premier Support | 24x7 support, 1-hour P1 response | Included |
| Professional Services | 200 hours advisory services | $60,000/year |
| Training Credits | Annual certification/enablement | $15,000/year |
| TOTAL MULESOFT ANNUAL | $425,000/year | |
MuleSoft Engagement Model
Quarterly Business Reviews (QBR)
Strategic alignment with MuleSoft Customer Success
Annual Architecture Review
Deep-dive with MuleSoft Solutions Architect
Beta Features Access
Priority access to roadmap briefings and new features
Named Technical Account Manager
Dedicated TAM for escalation and guidance
Ongoing Support & Maintenance
Tiered operational support model, incident management, API lifecycle, and platform monitoring framework.
Tier 1: Service Desk
Staffing
State + Contractor
Response
<30 min
Hours: 7am-7pm ET M-F
Responsibilities:
- •First contact resolution (password resets, basic inquiries)
- •Ticket triage and categorization
- •Known issue lookup and workaround guidance
Tier 2: Application Support
Staffing
Contractor
Response
<2 hours
Hours: 7am-7pm ET M-F
Responsibilities:
- •API troubleshooting and debugging
- •Configuration changes and minor fixes
- •Performance investigation
- •Integration issue diagnosis
Tier 3: Engineering Support
Staffing
Contractor + MuleSoft
Response
<1 hour (P1)
Hours: 24x7 on-call
Responsibilities:
- •Complex defect resolution
- •Platform issues (MuleSoft escalation)
- •Architecture changes
- •Emergency hotfixes
Financial Sustainability
Annual O&M cost projections, federal funding sustainability, and cost allocation model across DHHS divisions.
$16.37M
5-Year O&M Total
$12.28M
Federal Share (75%)
$4.09M
State Share (25%)
$3.1M
Year 1 Annual Cost
Annual O&M Cost Breakdown
Year 1 Cost Categories
5-Year Cost Detail
| Cost Category | Year 1 | Year 2 | Year 3 | Year 4 | Year 5 |
|---|---|---|---|---|---|
| MuleSoft Platform | $485,000 | $500,000 | $515,000 | $530,000 | $546,000 |
| Contractor Staff (7 FTE) | $980,000 | $1,010,000 | $1,040,000 | $1,071,000 | $1,103,000 |
| State Staff (10 FTE) | $1,150,000 | $1,185,000 | $1,220,000 | $1,257,000 | $1,295,000 |
| Infrastructure/Hosting | $85,000 | $88,000 | $91,000 | $94,000 | $97,000 |
| Training/Certifications | $60,000 | $40,000 | $40,000 | $40,000 | $40,000 |
| Contingency (10%) | $340,000 | $350,000 | $361,000 | $372,000 | $383,000 |
| TOTAL ANNUAL O&M | $3,100,000 | $3,173,000 | $3,267,000 | $3,364,000 | $3,464,000 |
Sustainability Risk Management
Risk identification, succession planning, vendor dependency management, and exit strategies for long-term platform sustainability.
Sustainability Risks & Mitigations
| Risk | Category | Probability | Impact | Mitigation Strategy |
|---|---|---|---|---|
| Federal funding reduction | Financial | Medium | High | Diversify funding (grants, cross-agency), maintain state contingency fund |
| Key personnel turnover | Organizational | High | Medium | Cross-training, documentation, competitive compensation |
| Vendor dependency (MuleSoft) | Vendor | Low | High | Maintain API portability standards, exit strategy documentation |
| Technology obsolescence | Technical | Medium | Medium | Annual technology reviews, roadmap alignment with vendor |
| Contractor transition | Vendor | Medium | Medium | Knowledge transfer requirements, transition period overlap |
| CMS compliance changes | Regulatory | Medium | High | Active participation in CMS workgroups, early adopter programs |
| Security breach | Security | Low | Critical | Continuous monitoring, incident response plan, cyber insurance |
| Performance degradation | Technical | Medium | Medium | Proactive capacity planning, performance baselines |
4
High/Critical Impact
5
Medium Probability
2
Low Probability
8
Total Risks Identified
Maturity Planning
MITA 3.0 target progression from Level 2 to Level 3.5 maturity
Target Maturity Matrix by Business Area
| Business Area | Baseline (2025) | Phase 1-2 (2027) | Phase 3 (2029) | Phase 4 (2031) |
|---|---|---|---|---|
| Member Management | 2 | 2.5 | 3 | 3.5 |
| Provider Management | 2 | 2.5 | 3 | 3.5 |
| Operations Management | 2 | 2.5 | 3 | 3.5 |
| Plan Management | 2 | 2 | 3 | 3.5 |
| Financial Management | 2 | 2.5 | 3 | 3.5 |
Maturity Level Progression
Phase 1
- API Gateway deployment
- OpenAPI specifications
- Canonical data models
Phase 2
- SOA-based federal reporting
- Real-time eligibility services
- Event-driven architecture
Phase 3
- Modular MES components
- Advanced analytics APIs
- Cross-program integration
Phase 4
- MDM for unified records
- AI/ML services
- Zero-trust security
IT Service Management Integration
ServiceNow integration and ITIL process alignment for enterprise service delivery
ServiceNow Enterprise Instance
Primary ITSM Platform — DoIT Managed
ServiceNow Module Integration
Incident Management
API-driven incident creation from monitoring alerts
Change Management
Automated RFC creation for API deployments
Problem Management
Root cause analysis workflows, KEDB population
Service Catalog
ESB service offerings, API subscription requests
CMDB
Auto-discovery of APIs, connections, dependencies
SLA Management
SLA monitoring dashboards, breach notifications
Knowledge Management
Runbooks, troubleshooting guides, API docs
Event Management
Alert correlation, noise reduction, automation
Incident Management Workflow
SLA Targets by Priority
P1 Critical Triggers
- • Federal reporting API failure (CMS-64, TMSIS, OCSE)
- • Eligibility determination system unavailable
- • Claims processing halted
- • Security breach or data exposure
Change Management Process
Change Categories
Change Advisory Board (CAB)
CI/CD Pipeline Change Integration
ADDM & CMDB Management
Application Dependency Discovery Management and Configuration Management Database design
ADDM Discovery Architecture
CMDB (ServiceNow)
ServiceNow Discovery
MuleSoft Visualizer
NH DHHS Data Center
Conduent/Vendor Environments
Discovery Tool Selection
ServiceNow Discovery
Infrastructure CI discovery
MuleSoft Visualizer
API topology & dependencies
AppDynamics/Datadog
APM & dependencies
Informatica Axon
Data lineage & catalog
ESB Configuration Item Classes
ESB:APIPublished API endpoint
Name, version, status, owner, SLA
ESB:IntegrationPoint-to-point connection
Source, target, protocol, schedule
ESB:ConnectorMuleSoft connector instance
Type, version, configuration
ESB:RuntimeMule runtime instance
Version, cluster, capacity
ESB:GatewayFlex Gateway instance
Policies, certificates
ESB:DataSourceExternal data connection
Type, host, database, schema
ESB:ConsumerAPI consumer application
App name, owner, usage tier
CI Relationship Model
Dependency Impact Analysis Matrix
| Failed Component | Immediate Impact | Cascading Impact | Priority |
|---|---|---|---|
| Mule Runtime | All hosted APIs | All consumers, federal reporting | P1 |
| MMIS ORR Connection | Claims APIs, eligibility | CMS-64, TMSIS, payments | P1 |
| Flex Gateway | External API access | Provider portal, MCO | P1 |
| NHORR Connection | Eligibility APIs | SNAP-Medicaid sync | P1 |
| Informatica ETL | Batch processing | EBI feeds, reports | P2 |
| Reference Data | Code lookups | All API validations | P2 |
Support Tier Structure
Multi-tiered support model for sustainable ESB operations
Self-Service
Scope
- API Developer Portal (docs, sandbox)
- Knowledge Base (FAQs, guides)
- Status Dashboard (real-time health)
- Automated Alerts (subscriptions)
Target
Resolve 60% without human contact
Service Desk
Scope
- Initial triage
- Password resets
- Access requests
- Basic diagnostics
Target
Resolve 40%, route remainder <15 min
ESB Application Support
Scope
- API troubleshooting
- Configuration changes
- Performance tuning
- Integration issues
Target
Resolve 50% escalated, >95% SLA
Engineering & Vendor
Scope
- Complex bugs
- Platform issues
- Architecture decisions
- MuleSoft Premier Support
Target
Root cause analysis, permanent fixes
Executive Escalation
Scope
- P1 >4hr unresolved
- P2 >12hr unresolved
- Business-critical impact
- Resource mobilization
Target
Vendor escalation, executive action
Steady-State Operations Team
On-Call Rotation Schedule
On-Call Compensation
Monitoring & Alerting
Comprehensive observability stack with automated alerting and runbook library
Monitoring Stack
Anypoint Monitoring
Datadog/New Relic
Splunk
PagerDuty
Grafana
Functional Monitoring
Alert Thresholds
→ Investigate, scale if needed
→ Investigate root cause
→ Immediate investigation
→ Scale or optimize
→ Scale or investigate leak
→ Scale consumers
→ Renew certificate
→ Restart/failover
PagerDuty Alert Routing
severity == criticalseverity == highseverity == mediumseverity == lowRunbook Library108 Total
Incident Response
P1 response, escalation, war room
API Operations
Deployment, rollback, scaling
Platform Admin
User mgmt, certs, upgrades
Integration Troubleshooting
Connector issues, data sync
Federal Reporting
CMS-64, TMSIS validation
Disaster Recovery
Failover, restore, continuity
Ticketing & SLA Management
ServiceNow ticketing configuration and performance metrics
Key Performance Indicators
SLA Performance
Ticket Volume Trend
ServiceNow Assignment Groups
ESB-Tier1-TriageInitial ticket receipt
ESB-Tier2-SupportApplication support
ESB-Tier3-EngineeringComplex issues
ESB-Platform-AdminPlatform issues
ESB-DevOpsDeployment issues
ESB-SecuritySecurity incidents
Ticket Category Distribution
SLA Breach Escalation Matrix
Response SLA Breach
Resolution SLA at 50%
Resolution SLA Breach
Delivery & DevOps Recommendations
AI-augmented development approach, platform toolset, joint DHHS–DoIT team structure, and CI/CD foundation for the GraniteBus MES modernization program.
Bottom Line Up Front
Adopt an AI-augmented, agent-orchestrated development model using Claude Code + CrewAI Enterprise as the orchestration layer, delivered through Slack, managed via Linear. All development uses synthetic X12 data in a private repo with versioned artifact delivery to the state—zero PHI ever touches the parallel build environment.
7
AI Agent Team
~$3.4K
Monthly Model Cost
~$30K
6-Mo Parallel Build
0
PHI Exposure
AI-First Development
Manager-Specialist-Worker agent hierarchy mirrors proven 2026 enterprise patterns. The Orchestrator (Claude Opus) decomposes PRDs into tasks; Specialist agents (Claude Sonnet) generate code, parsers, and transforms; Worker agents handle testing and documentation.
Key Principle
Managers orchestrate, not generate. Specialists receive typed state objects, not raw conversation history. Every agent transition checkpoints state.
Compliance-by-Design
Signed BAA with Anthropic before any PHI-adjacent work. AWS Bedrock provides HIPAA-eligible, FedRAMP High (GovCloud) infrastructure covering Claude, Titan, and Llama models under a single agreement.
Synthetic Data Strategy
Build from canonical data model: generated Member IDs, real taxonomy codes with fictional names, valid X12 837/835/270/271 structures. Forces better edge-case coverage than real data.
Artifact-Based Delivery
Versioned release packages (code, configs, tests, docs) are delivered to state-accessible repos after each sprint. The state team reviews, tests, and deploys to state infrastructure. Clean separation of build vs. production environments.
Sprint Delivery Cycle
Package → Security scan (Snyk/Semgrep) → HIPAA review (AI agent) → Tag release → PR to state repo → State review & deploy.
Off-State-Network Parallel Build Architecture
Parallel Build Environment
- Private GitHub repo — NH ESB codebase (Java 17, MuleSoft 4.x LTS)
- Claude Code + CrewAI agents — all work on synthetic X12 data
- AWS Bedrock (personal/team account) — Claude Sonnet/Haiku agents
- Anthropic API (BAA signed) — Opus for Orchestrator & HIPAA review
- Zero PHI ever in this environment
State Delivery Pipeline
- Package deliverables (code, tests, configs, documentation)
- Run security scan (Snyk/Semgrep — SAST + dependency audit)
- HIPAA compliance review by Opus agent (PHI field audit, encryption verification)
- Tag versioned release in GitHub (semver)
- PR / delivery to state-accessible repository
- State team reviews, tests, and deploys to state infrastructure
Critical: All deliverables undergo automated HIPAA compliance scan + human review before state handoff
Development Methodology: Hybrid Agile + AI Agents
Sprint Cadence (2-Week Sprints)
Sprint Planning
Orchestrator agent decomposes PRDs/user stories into CrewAI tasks; human PM validates priorities and dependencies
Development
Specialist agents (MuleSoft Flow Engineer, X12 Parser, DataWeave Transform) execute assigned work streams in parallel
QA & Compliance
Test Writer agent generates MUnit/JUnit tests; HIPAA Compliance Reviewer audits PHI handling patterns
Integration Testing
Integration Test agent runs end-to-end flows with synthetic X12 data; Documentation agent generates ADRs
Review & Release
Human architects review agent output; security scan; versioned package delivery to state repo
Quality Gates (Every Sprint)
Code Quality
SonarQube analysis — 0 critical/blocker findings
Security Scan
Snyk (dependencies) + Semgrep (SAST) — 0 high/critical vulns
HIPAA Review
AI agent audit — PHI field encryption, BAA compliance patterns
Test Coverage
MUnit + JUnit — ≥80% line coverage, 100% X12 parser coverage
API Spec Review
RAML schema validation — contract-first design compliance
Architecture Review
Human architect sign-off on agent-generated designs
Source: NH ESB Agent Orchestration Recommendation v1.0 (March 2026) · GraniteBus Volume Capacity Analysis v2 · Program Architecture Documentation
CMS Outcomes & Metrics Crosswalk
Comprehensive mapping of GraniteBus ESB capabilities to CMS Streamlined Modular Certification (SMC) required outcomes across all 16 MES modules.
MES Module Alignment Heatmap
Click any module to view detailed outcome mappings
This crosswalk maps GraniteBus ESB capabilities to CMS-Required Outcomes as defined in the MES Certification Repository. Alignment scores indicate the degree to which GraniteBus integration capabilities support the achievement of each CMS outcome. State-specific outcomes will be proposed in the IAPD to address NH-specific program needs.
Master Data Management — Customer 360 Framework
Citizen + Provider golden record strategy aligned to GraniteBus API-led architecture, DHHS 25-27 roadmap, and Informatica MDM SaaS platform. Designed to hand off to 4 dedicated resources.
4
Data Domains
Citizen · Provider · Org · Ref
475K+
Citizen Records
→ ~350K golden records
40,908
Provider Records
→ ~38K golden records
$1.93M
Year 1 Investment
Informatica proposal basis
6.5
FTE Team
3 State + 3 CAI + 0.5 ESB
MDM Strategy — Enterprise Customer 360
Vision
A single, authoritative source of truth for Citizen (Medicaid beneficiary) and Provider data across all NH DHHS programs — served through the GraniteBus API-led integration layer to eliminate data silos, reduce denials, and enable real-time decision making.
Strategic Principles
API-First Golden Records
MDM golden records exposed exclusively through ESB System APIs — no direct DB access
Domain-Driven Design
Citizen, Provider, Organization, Reference — each with defined ownership and stewardship
Federated Governance
DHHS owns business rules, DoIT owns platform & standards, CAI operates
Progressive Enrichment
Start with Provider (Phase 1), then Citizen — align to GraniteBus quick win cadence
CMS/MITA Alignment
MDM maturity mapped to MITA Level 3.5 data management capabilities
GraniteBus & DHHS 25-27 Roadmap Alignment
Why MDM + ESB Together
GraniteBus provides the integration backbone (APIs), MDM provides the data backbone (golden records). Together they eliminate the root cause of $2.50M in eligibility denials — stale, duplicated, and conflicting member/provider data across 14+ source systems.
Program Alignment Map
Provider Sync API (Apr 2027)
Provider golden record feeds canonical provider data
Eligibility API (Jun 2027)
Citizen golden record enables real-time eligibility resolution
EVV Exchange (Q2 2028)
Provider/member attribution from golden records
GraniteFamilies CCWIS
Cross-program person matching (DCYF/DES/DMS)
CMS T-MSIS / CMS-64
Deduplicated member counts for accurate federal reporting
MITA 3.5 Certification
MDM maturity is prerequisite for data management capability
DHHS 25-27 Roadmap: MDM is a foundational capability enabling data-driven transformation across DMS, DES, DCYF, DPHS, and BDS. The Customer 360 model directly supports the Governor's priority of “One DHHS” service delivery.