CMS builds better software faster with less risk

The Centers for Medicare & Medicaid Services (CMS) is part of the Department of Health and Human Services and administers programs such as Medicare, Medicaid, the Children’s Health Insurance Program, and the Health Insurance Marketplace. LaunchDarkly is used broadly across the agency to control digital user experiences and is driving business value by improving the overall efficiency of software delivery and reducing the risk associated with code deployments.

This case study explores three LaunchDarkly use cases within CMS.

In 2020, over 24 million people enrolled in Medicare benefits. The Medicare Plan Finder on Medicare.gov helps beneficiaries understand their plan options and enroll in benefits during the annual enrollment period.

The Plan Finder application is complex due to its breadth of end-users and the varying cost and availability of prescription drugs based on location and plan type. The CMS team managing the Plan Finder application uses LaunchDarkly to control user experiences leading up to and during Open Enrollment, which is the most highly trafficked period of the year for the agency.

Using LaunchDarkly, development teams can deploy and test code leading up to Open Enrollment while hiding it from end-users. Program managers can then work to ensure that the information on the website is accurate and aligned with the agency’s timelines. Independent of engineering resources, program managers can quickly update UI features to satisfy both agency and end-user needs. For example, program managers control the transition from the Public Preview period—where beneficiaries can view and compare plans but not yet enroll—into Open Enrollment, by updating site language and exposing the “Enroll” button using feature flags. All of this can be done quickly without the need to deploy new code, helping the teams deliver a seamless end-user experience in a simple way.

CMS needed to launch a new, consistent header for Medicare.gov to provide a common set of navigation items, including public pages and tools as well as personalized items for authenticated users. The CMS team who manages the Medicare Authenticated Experience (MAX), was responsible for rolling out the new header. There were six application teams involved in the launch—the largest scale project the team had seen yet. With different environment configurations across teams, testing for all scenarios was difficult and the likelihood of an error in production was high. The team selected LaunchDarkly to help them better manage the header release and minimize any disruption to end-users.

It was important for the launch to be completed within one day to avoid creating a disjointed experience across the website. For a team that typically launched once per quarter, completing six launches within a day would have been daunting, if not impossible, without LaunchDarkly.

The team rolled out the new header gradually, staggering the release for each application group to ensure functionality in production was as expected. If a bug was encountered during the rollout, they could immediately disable the code with a flag, without disrupting end-users. With this phased release approach and the ability to turn code on and off with LaunchDarkly, the team successfully completed their global rollout within a day—without downtime or call center alerts.

Easy Access to System Information (EASi) is an internal application within CMS that facilitates system access and project requests. Like everything in the CMS tech stack, access to the EASi application is governed by role-based permissions managed by their in-house Identity Access Management (IAM) Platform. Specific access codes are assigned to each internal stakeholder in order to grant them the appropriate level of access.

Since these access codes can be different between user groups, testing user experiences became a challenge for the engineering team. Each developer could only interact and test the application in the capacity granted to them by their assigned authorization code. For example, if developers needed to test functionality and the user experience that a particular role would see, they would need to submit a request to change their individual role one code at a time. This slowed testing cycles dramatically. To simulate and test for each user experience, the team would have to request the role changes and wait for approval, which could take hours or even days.

The team was already using LaunchDarkly for release management and came up with a workflow that enabled them to downgrade permission roles temporarily for testing purposes using a flag and targeting rules. This helped streamline testing and ensure accuracy and performance across different groups of users.

LaunchDarkly use cases at CMS

• Gating features from users until they are ready
• Enabling continuous deployment
• Hiding broken code without disrupting users
• Testing code in production
• Improving test efficiency

Data privacy

• While data privacy is always a concern when integrating services, CMS does not have to send any PII or PHI data to LaunchDarkly in order for the application to work