The Firm Behind Healthcare.gov had Top-Notch Credentials -- and it Didn't Help
CGI Federal, the lead contractor at Healthcare.gov, is a veritable black belt in software development, with the highest possible certification from CMMI. So what does the website's flawed rollout say about how useful CMMI is?
Mon, December 30, 2013
Computerworld — CGI Federal, the lead contractor at Healthcare.gov, is a veritable black belt in software development. In 2012, it achieved the highest possible Capability Maturity Model Integration (CMMI) level for development certification, only the 10th company in the U.S. to do so.
CMMI offers process models to help an organization keep developments on track, ensure resources are in place, meet requirements, are measured, stay on budget and deliver value. But it does not offer technical approaches, such as how to conduct a test.
CMMI certifications frequently turn up as a requirement in government software development contracts. In fact, the Centers for Medicare & Medicaid Services, which oversaw the healthcare.gov project, says CMMI provides "the essential elements of an effective process."
In November, just a few weeks after Healthcare.gov launched, Henry Chao, the deputy CIO at the agency running the project, told Congress that 30% to 40% of the system had yet to be built. The government, clearly rattled by the problematic rollout, initiated a "tech surge" to bring in fresh help from Google, Red Hat and Oracle and help "development be more agile so Healthcare.gov can release improvements more rapidly."
Though CGI Federal got something of a black eye from the rollout, the CMMI certification it had did not come under fire , and no one has made a case that it should. Project requirements were changed late in the development cycle, warnings weren't heeded, and time for testing was cut short. Those actions are all anathema to CMMI's careful and measured development processes.
If a project that's based on CMMI runs into problems, process defenders will usually cite issues with management and decision-making. (That was certainly the case with Healthcare.gov.) But that's a default defense of CMMI generally. When a project fails, questions about CMMI may never come up. But when a project succeeds, CMMI may get the credit.
What good is CMMI?
So is CMMI of value? The private sector has clearly mixed views.
Joel Basgall the CEO of custom software developer firm Geneca, says he has never had a client who uses CMMI. (Geneca helped build healthcare exchanges for private companies.) "When we're out in marketplace, we compete more on what we can do, and how we do it, as opposed to the fact that we have a process," Basgall said.
He argued that the government should pick developers based on who has the best chance of success and drop CMMI certifications as a contract requirement.
"Everybody they (the government) go to will have a process -- nobody can function without one," said Basgall. "CMMI isn't actually measuring how good the process is, it's measuring whether it's defined, and if it's managed, and optimizing," he said.