Skip to main content

Data model & privacy

Early-stage documentation. Field names, schema details, and retention policies may be refined before production launch. This page describes current product intent.
Veridian Health handles Protected Health Information (PHI) in a custody context. This page documents the core data entities, how they flow between the inmate kiosk and provider dashboard, and the privacy controls applied at each layer. For organization-wide security posture, see also Security overview and HIPAA.

Core entities

EntityDescriptionCreated by
Organization (Jail)A purchasing facility with its own users, devices, and provider approvalsVeridian admin
ReferralA medical staff request to assess a specific inmateFacility medical staff
Kiosk sessionAn inmate intake instance — photos, questionnaire, metadataInmate kiosk
CaseA kiosk session linked to referral, ready for provider reviewPlatform (on submit)
RecommendationPT-authored clinical output attached to a caseProvider dashboard
ProviderA licensed PT enrolled in Veridian’s networkVeridian credentialing
Audit eventImmutable log entry for access and state changesPlatform

Data flow

Referral ──► Kiosk Session ──► Case ──► Recommendation
   │              │               │            │
   │              │               │            └──► Facility medical staff
   │              │               └──► Provider dashboard
   │              └──► 4 photos + questionnaire (PHI)
   └──► Inmate identifier + clinical context

Referral data

Minimum fields required to initiate a kiosk session:
  • Inmate identifier (per jail convention)
  • Chief complaint / reason for referral
  • Referring staff identifier
  • Urgency and facility constraints (optional)
Referrals do not require full medical records or external EHR exports.

Kiosk session data

Field groupExamplesClassification
ImagesFront, back, left, right photosPHI
QuestionnairePain location, severity, history, mobilityPHI
Session metadataTimestamps, device ID, completion statusPHI (when linked to inmate)
Exception flagsSkipped photos, timeout eventsPHI (when linked to inmate)
Images are encrypted in transit and at rest immediately upon capture.

Case and recommendation data

Field groupExamplesClassification
AI analysis outputPreliminary MSK patterns, red-flag scoresPHI
Provider recommendationAssessment, exercises, precautions, follow-upPHI
Provider actionsReview timestamps, sign-off eventsAudit (may reference PHI)

Access control model

Access follows least privilege by role and jail boundary:
RoleKiosk dataCasesRecommendationsAdmin
Jail administratorConfig onlyAll (own jail)All (own jail)Yes
Medical staffInitiate sessionsRead (own jail)Read (own jail)No
Custody staffInitiate (optional)Logistics onlyNoNo
Provider (approved)No direct accessRead (approved jails)WriteNo
Veridian opsBreak-glass onlyBreak-glass onlyNo routine accessInternal
Providers cannot access cases from jails that have not approved them. Cross-jail data isolation is enforced at the platform level.

Privacy principles

Minimum necessary

Veridian Health collects only what the MSK triage workflow requires. We do not ingest criminal history, disciplinary records, or unrelated clinical data unless a jail explicitly provides clinically relevant context in a referral field.

Facility control

  • Jails own referral and access decisions
  • Jails approve which providers participate
  • Assessment devices remain facility-controlled

No inmate-facing clinical output (MVP)

Recommendations are delivered to authorized facility staff and provider records — not displayed on the kiosk to the inmate by default.

Audit trail

Every read and write on PHI-linked entities produces an audit event: who, what, when, and from which role. Logs are exportable by jail administrators for compliance review.

Retention and deletion

Data typeDefault retention
Kiosk sessions, cases, recommendationsDuration of jail relationship + 6 years
Assessment imagesSame as case record
Audit logs7 years
Provider credentialingDuration of provider relationship + 6 years
Upon contract termination, jails receive a 30-day export window, followed by cryptographic erasure of PHI from active systems within 90 days. See Data handling for full deletion procedures.

Sub-processors

PHI may be processed by Veridian sub-processors (hosting, AI analysis infrastructure) under signed BAAs. The current sub-processor list is available to jail partners on request.

Patient rights

Inmate HIPAA rights (access, amendment, accounting of disclosures) are exercised through the jail as covered entity. Veridian supplies data to authorized facility staff to fulfill requests.

What’s next

HIPAA

Business Associate obligations in detail.

Data handling

Retention, export, and deletion procedures.

Incident response

What happens if something goes wrong.