Securing federal healthcare with modern engineering

Challenge

The search for new & creative improvements in the quality of care supported by a federal healthcare agency helps the government spend less on overhead & administrative costs and dedicate more resources to directly helping people in need. In FY2024, the allocation for program management within a federal healthcare agency’s budget was approximately $4.55 billion (up 9.3% YoY) alongside a ~15% reduction in allocations for payments to healthcare trust funds.

The priorities of a contracted quality assurance body focus on data-driven decisions to improve quality of care, preserve the integrity of the federal health insurance trust by ensuring payments are made only for necessary goods & services, and protect beneficiaries by swiftly addressing complaints, appeals, & EMTALA violations. Our goal was to assemble a team capable of supporting these activities—providing expertise, experience, & focus to ensure adherence to proven best practices & solid engineering principles.

Approach

We embraced a multifaceted approach, working shoulder-to-shoulder with developers, DevOps engineers, administrators, operators, & security officers to ensure alignment at every step.

A cornerstone of our strategy was implementing DevSecOps pipelines—the backbone enabling automated checks on every change. These pipelines verify development standards, minimize vulnerabilities, & ensure safe, reliable deployment 24/7. To meet these goals, we:

1. Built robust testing & reporting systems: Quality gates & reports tailored to the tools, languages, & practices of 12+ teams—creating a unified standard of excellence.
2. Embedded subject-matter expertise: Integrated experts within teams to drive informed decisions & maintain clarity.
3. Strengthened security & compliance: Partnered with the platform security team to secure the Authority to Operate (ATO) & ensure FISMA compliance—meeting rigorous federal standards while staying adaptable.
4. Reduced inefficiencies & boosted agility: Addressed operational backlogs and increased deployment frequency—delivering results faster without sacrificing quality or security.

Outcomes

The global average cost of a data breach in 2024 was $4.88M. With every vulnerability detected, credential or API token intercepted, unsafe practice blocked, & safeguard implemented, we reduced the probability & scope of breach incidents for this agency. Scans run on every line of custom code with each change—24×7×365—and continuously adapt to emerging threats.

When we started, the backlog contained hundreds of issues, and platform updates hadn’t been deployed in more than six months. Today, updates ship twice per week.

Beyond preventing security-related downtime, our foundational work also reduced outages from system instability—providing a more reliable mechanism to deliver quality-related data where it’s needed, maximizing benefits & minimizing healthcare-related waste.