Business Analyst — Healthcare Interoperability & Security

Role Summary The Business Analyst will bridge the gap between healthcare interoperability standards, cryptographic identity frameworks, and the health plans business requirements. This includes eliciting and documenting requirements across the three integration points (front-end onboarding, validation layer, back-end Dynamic Client Registration Protocol - DCRP), mapping credential workflows to existing payer processes, and ensuring alignment with CMS interoperability mandates and CARIN Alliance guidelines. The BA must understand both the FHIR-based data exchange landscape and the emerging trust and security models that underpin the vLEI credential chain.

Key Responsibilities

• Elicit, document, and manage requirements for the health plan vLEI integration across front-end onboarding, validation/confidence factor review, and back-end DCRP integration workstreams
• Map vLEI credential chain workflows (organization, person, purpose-of-use, dynamic client registration) to health plan business processes and payer authorization models
• Translate FHIR resource specifications, SMART on FHIR authorization flows, and FAST Security trust framework requirements into functional specifications for the development team
• Analyze CMS interoperability rules (CMS-0057-F) and CARIN Alliance Code of Conduct requirements as they apply to credential-based payer data exchange, primarily payer-to-payer exchange
• Document TEFCA/CMS Aligned Network alignment requirements and assess how the vLEI trust model maps to Qualified Health Information Network (QHIN) designation criteria
• Facilitate requirements workshops with health plan stakeholders to define confidence factor thresholds and approval/rejection workflows for the validation layer
• Create user stories, acceptance criteria, and process flow documentation for integration development sprints
• Support the Technical PM in SOW deliverable tracking and participate in payer coordination meetings
• Analyze Da Vinci Implementation Guides (PDex, HRex, CDex) for applicability to the credential-based exchange model

Required Qualifications

• 5+ years of business analysis experience in healthcare IT, health information exchange, or payer technology environments
• Strong working knowledge of HL7 FHIR (R4+), including resource types, search parameters, and FHIR API patterns relevant to payer data exchange
• Understanding of SMART on FHIR authorization framework, including OAuth 2.0 flows, scopes, and client registration in healthcare contexts
• Familiarity with CMS interoperability regulations, including the Patient Access API, Provider Directory API, and Payer-to-Payer data exchange requirements
• Experience with CARIN Alliance Blue Button Framework or Consumer Directed Payer Data Exchange (CARIN IG for Blue Button)
• Knowledge of FAST Security Trust Framework concepts, including endpoint trust verification and credential-based authentication models
• Experience creating functional specifications, user stories, and process flows for API integration projects
• Strong facilitation and requirements elicitation skills with experience working across technical and business stakeholders in large payer organizations

Preferred Qualifications

• Exposure to decentralized identity concepts, verifiable credentials, or digital trust frameworks
• Familiarity with vLEI (Verifiable Legal Entity Identifier), KERI (Key Event Receipt Infrastructure), or similar identity ecosystems
• Understanding of cryptographic concepts: public key infrastructure, digital signatures, key rotation, and hash-based integrity verification
• Experience with TEFCA Common Agreement requirements and QHIN onboarding processes
• Knowledge of Da Vinci Implementation Guides, particularly PDex (Payer Data Exchange), HRex, and CDex
• Experience with Dynamic Client Registration Protocol (RFC 7591) or OAuth 2.0 Dynamic Client Registration, or SMART Back-end Services in healthcare
• CBAP, PMI-PBA, or HL7 FHIR certification

Engagement Structure This is a part-time contract engagement at 24 hours per week for an initial 12-week term. This may expand into a full-time engagement. The Business Analyst works within the client and Business Partner delivery team, collaborating closely with the Security Specialist and Integration Engineers to translate requirements into implementable specifications. The role includes direct interaction with Health Plan business and technical stakeholders Apply tot his job Apply To this Job