In prior Management Moment columns,1,2 we have offered the public health community the vision, strategies, operations, and tactics needed to build “informatics-savvy health departments.” Across the country, health agencies are now engaged in this process. As agency teams design, develop, and manage public health information systems, increasing numbers of public health professionals are following the steps of the systems development life cycle (SDLC; also referred to as “the IT life cycle”).3
The SDLC is widely used in industry for information system design and implementation. The system development life cycle is a project management model that defines the stages involved in bringing a project from inception to completion. Software development teams, for example, deploy a variety of techniques that include waterfall, spiral, and agile processes.3 In this column, the SDLC is reviewed with particular emphasis on use in public health agencies. Each phase includes a set of major activities; exit criteria are used to determine whether the team can move on to the next phase. Use of the SDLC model serves as a roadmap for information system development; its use also helps to avoid costly mistakes.
Phase 1: The Initiation and Concept Phase
The SDLC process begins with a creation of a compelling business case that delineates the strategic benefit to the agency of a new or improved information system.2 The business plan created at this stage explores whether the agency's current enterprise architecture can support a new system. The plan also provides cost estimates, financing approaches, and a time line. Conducting a feasibility study and performing a SWOT (strengths, weaknesses, opportunities, and threats) analysis are important tools to be used in this stage.
Gaining executive sponsorship is key to getting the “buy-in” needed to ensure that the project is aligned with agency priorities and that the “drivers” and potential benefits for building a new system are well understood. Risks and risk mitigation strategies should also be identified. Funding should also be secured, not only for creation of the system but also for ongoing operations costs. Keep in mind that some agencies will only provide funding for this phase before approaching funding for the full project. Therefore, carrying out the analysis of the total cost of ownership is an important exercise to include in this stage. Creation of a project charter, signed by key stakeholders, is an essential component of the initiation and concept phase of the SDLC.4 This phase concludes with a “go/no-go” decision by key stakeholders.
Phase 2: Planning Phase
Once a “go” decision is made, the team develops a project management plan that defines the scope, deliverables, and milestones for the project. A project manager should ensure that the scope meets the business needs identified during the earlier phase and that resources (both human and financial) have been identified. Other plan elements include the process of change control, risk mitigation, and communication strategies and operations.
Phase 3: Requirements Definition
Central to the creation of a new information system is the analysis of the public health agency's business processes that the information system must support. A standardized approach—the Collaborative Requirements Development Methodology (CRDM)—should be used to carefully analyze business processes and also identify ways to streamline existing processes to improve efficiency.5 Once a requirements document is created, the team must decide whether to use internal developers or to contract with an external vendor to develop the software.
Phase 4: Design and Development
Only after a rigorous process of requirements development is the team ready to embark on the design and development of a new or improved public health information system. If this does not happen, very costly and time-consuming mistakes will be made. Therefore, the team must take the needed time to lay the groundwork for the design and development phase before entering this phase of the SDLC.
Although much of the work at this stage will be led by IT staff (either internal or external to the agency), public health agency staff must stay involved to ensure that the system under development satisfies requirements and conforms to security needs. The goal of this phase is to create an application that can be tested by potential users.
Phase 5: Testing
Once a testable system is created, testing occurs using test scripts. Testing must be linked back to the defined requirements to ensure that they have been met. In addition, testing allows users to identify defects before the system is deployed. A testing environment that simulates the actual use of the system should be used. As a result, priority defects can be fixed. At this phase, there is a risk of “scope creep” such that system enhancements that go beyond the charter and project management plan may be identified. These potential enhancements should be logged for future consideration but not acted upon immediately. The project manager plays a central role in this prioritization process. The end goal of this phase is for a system that is ready for implementation.
Phase 6: Training and Implementation
This phase is guided by an implementation plan that covers training, data migration, and operational impact. A robust communication plan is central to ensuring that all stakeholders are aware of the implementation process. Change management is critical during this phase, and high levels of communication with the system user group are critical for successful migration and adoption of the new system.
“Super users” can help in the training process to assist those with less technical experience and understanding. The training process should simulate actual use, and the team should not assume that users can learn on their own without assistance. Deployment support is essential in this phase. This phase ends with a “go-live” decision and should include contingency plans to address challenges as the system is implemented.
Phase 7: Operations and Maintenance
Once the system is deployed within the agency, ongoing operations and maintenance will occur that are led by agency IT staff along program leads. Periodic review of system function should occur to ensure that the system performs as designed and system updates are identified. Regular system backups should be performed.
Phase 8: Disposition
Once a system has reached the point at which formal system operations is to end, a set of steps should be undertaken to move data to a new system, dispose of outdated equipment, and cancel service contracts. In some agencies, contracts may be managed centrally and the need to cancel the contract may be overlooked, resulting in unneeded expense. At times, a legacy system must be maintained for a period as a new system is being fully implemented.
Use of the standard SDLC has become a best practice in many public health agencies across the nation as they design and develop information systems central to agency operations. By adhering to this proven approach, public health agencies have avoided costly information system disasters with attendant disruption of operations. Furthermore, by adopting the SDLC approach, agency staff have gained the knowledge and know-how to be full partners with IT staff in the design and development of information systems, thereby ensuring that new systems better meet the needs of the agency. Since the SDLC is not familiar to most public health agencies, an online training course and related learning resources have been created by the Public Health Informatics Institute with support from the de Beaumont Foundation.6 Use of these and other resources and the SDLC approach can assist public health agencies as they aspire to become more “informatics-savvy.”
1. Brand B, LaVenture M, Lipshutz JA, Stephens WF, Baker EL. The information imperative for public health: a call to action to become informatics-savvy. J Public Health Manag Pract. 2018;26(6):586–589.
2. Baker EL, Brand B, Davidson A, LaVenture M, Singletary V, Smith P. Building the business case for public health information systems. J Public Health Manag Pract. 2016;22(6):603–606.
3. VeraCode. What is system development life cycle? https://www.veracode.com/security/what-systems-development-life-cycle
. Accessed on August 8, 2019.
4. Public Health Informatics Institute. Project Charter Lite Template (Academy). https://www.phii.org/resources/view/9457/project-charter-lite-template-academy
. Accessed on August 8, 2019.
5. Public Health Informatics Institute. Collaborative Requirements Development Methodology (CRDM). https://www.phii.org/crdm
. Accessed on August 8, 2019.
6. Public Health Informatics Institute. Home page. https://www.phii.org
. Accessed on August 8, 2019.