A Case Study from the Mod Squad: Modernizing Health IT Ecosystems through Transformative DevSecOps

Calendar icon 08-24-2021

As a leading federal health information technology (IT) solutions provider, Halfaker, an SAIC company, delivers transformative DevSecOps practices to accelerate modernization of legacy health IT ecosystems while promoting secure, seamless delivery of high-quality services to patients and healthcare providers. Since 2016, we’ve been helping government clients enhance key healthcare systems as they prepare to transition to a new electronic health record (EHR). To support this transition, one of Halfaker’s government customers required modernization of several legacy system components to enhance electronic data interchange (EDI) system capabilities, provide standardized data exchange in alignment with modern healthcare protocols, and deliver higher quality functionality faster.


Major capability areas:

System Modernization, Cloud Migration, DevSecOps, Test Driven Development, Continuous Integration/Continuous Deployment (CI/CD)



The challenge

Our client’s EDI product portfolio comprises multiple software products supporting medical insurance reimbursement that reside within the organization’s legacy EHR system. To successfully transition from the legacy system to the new EHR platform, our client requires rapid deployment of intuitive user interfaces and application programming interfaces (APIs) to pull legacy system data into modern cloud-based applications, enable reliable exchanges of healthcare information, and drive “no-touch” transaction development. Moreover, our client needed a strategy to implement and mature a DevSecOps practice that would enable early and continuous delivery of these enhancements, improve quality and speed, and accelerate health system modernization.

Our solution

Halfaker combines our DevSecOps tools with a product line management (PLM)-aligned Scaled Agile Framework (SAFe) methodology to modernize EDI transaction business and processing logic, rapidly delivering releases with drastically fewer defects in production, greater modularity, and less risk of downstream technical debt. To meet our client’s needs with no disruption to operations, we instituted a modernized software development approach across our client’s products and ecosystem, leveraging key innovations like DevSecOps-enabled automated build, test, and deployment tools to drive real-time visibility into development status. Our team automates code quality reviews and builds through thoughtfully configured CI/CD pipelines and SAFe software development practices for enterprise-level coordination with various development teams deploying across multiple EDI products simultaneously. Halfaker used these techniques to modernize our client’s legacy system to a new technology stack through Microsoft Azure Government (MAG) Cloud, implementing modern development frameworks and automated reporting to reduce technical debt, optimize business processes, and rapidly deliver capabilities into production.

Further accelerating modernization, Halfaker is transforming the delivery of our client’s key software products through a thoughtful and strategic application of DevSecOps practices (e.g., automated testing, infrastructure-as-code, continuous builds, and automated pipelines) to increase development velocity and minimize defects. To mature our client’s DevSecOps practice, we analyzed customer requirements in an agile fashion, worked with stakeholders to validate if and how existing pipelines supported planned services and features, and created a roadmap to optimize DevSecOps capabilities. Based on requirements, our DevSecOps engineers guided the implementation of a consistent set of automated DevSecOps pipelines, streamlined processes, and customer-approved tools to create, test, promote, integrate, and version-control source code to enable rapid, defect-free builds. To promote rapid adoption of DevSecOps tools, processes, and methodologies across product teams and stakeholders, we documented and evangelized DevSecOps standard operating procedures (SOPs) and best practices, conducting targeted training workshops. Our DevSecOps engineers configured selected tools and automated connections between our pipeline and the customer’s data environment for seamless orchestration and promotion of code, software, and cloud services. Once deployed, our team continuously evaluates and optimizes DevSecOps toolsets and EDI product capabilities, leveraging metrics from our pipelines to inform performance improvements and plan for additional enhancements.

Realized benefits

Halfaker’s approach to EDI capability modernization resulted in greater system accuracy and efficiency, increased interoperability across products, and has boosted the client’s ability to process medical reimbursement claims. Our integrated DevSecOps-driven solution enables greater flexibility to respond and adapt to changing needs, resulting in more robust security and higher quality code in production, early identification and resolution of vulnerabilities, resource optimization, and lower operational costs. Customers benefit from:

  • Early defect identification and resolution
  • Lower operational costs
  • Enhanced data quality and security

Our combination of automated tools and optimized pipelines offers streamlined delivery between cloud environments, enables rapid deployment, and establishes continuous configuration management, code quality, security, and functionality in alignment with client standards and timelines.