Early-stage documentation. Field names, schema details, and retention
policies may be refined before production launch. This page describes
current product intent.
Veridian Health handles Protected Health Information (PHI) in a custody
context. This page documents the core data entities, how they flow between
the inmate kiosk and provider dashboard, and the privacy controls applied at
each layer.For organization-wide security posture, see also Security overview and HIPAA.
Veridian Health collects only what the MSK triage workflow requires. We do
not ingest criminal history, disciplinary records, or unrelated clinical
data unless a jail explicitly provides clinically relevant context in a
referral field.
Every read and write on PHI-linked entities produces an audit event:
who, what, when, and from which role. Logs are exportable by jail
administrators for compliance review.
Upon contract termination, jails receive a 30-day export window, followed
by cryptographic erasure of PHI from active systems within 90 days. See
Data handling for full deletion procedures.
PHI may be processed by Veridian sub-processors (hosting, AI analysis
infrastructure) under signed BAAs. The current sub-processor list is
available to jail partners on request.
Inmate HIPAA rights (access, amendment, accounting of disclosures) are
exercised through the jail as covered entity. Veridian supplies data to
authorized facility staff to fulfill requests.