Skip to main content

Data model & privacy

Veridian Motion uses Supabase Postgres with Row-Level Security (RLS) on every table. This page describes data categories as built. Veridian Motion stores correctional health data under a HIPAA-aligned design. The application is not HIPAA-certified. A BAA is required with the health provider and any vendor (email, hosting) that touches PHI in production.

Core entities

EntityDescriptionPHI
PatientEnrolled inmate — inmate number, internal IDYes
AssessmentOne intake submission (body map, complaint, photos, Q&A, AI output)Yes
PhotosFour posture images per assessmentYes
Q&A responsesFollow-up questionnaire answersYes
Exercise planDraft and PT-approved bodyweight plan; links to exercise mediaYes
Exercise mediaLibrary images/video for prescribed exercisesGenerally no PHI
PT notesClinical notes; optional share-with-inmate flagYes
MessagesAppend-only internal care-team ↔ inmate threadYes
Staff rolesRole assignments per staff userMetadata
Audit logSensitive action record (no PHI in log payload)No PHI in logs

Data flow

Enroll (staff) → Patient + PIN

Kiosk intake → Assessment (body map, complaint, photos, Q&A)

Server AI → Observations, hypotheses, red flags, draft plan (staff only)

Assign (admin) → PT review → Status: reviewed

Inmate view → Approved plan + shared notes only

Row-Level Security

RLS policies enforce:
ActorAccess
InmateOwn patient row, own assessments, own messages; plans only after reviewed; notes only if shared
PTAssigned assessments and related patients per policy
AdminRoster, assignment, roles, enrollment per role scope
Other staff rolesLeast-privilege per officer, warden, it_admin configuration
Cross-inmate access is denied at the database layer, not only in the UI.

Photos and signed URLs

  • Photos live in a private Supabase Storage bucket
  • The browser never receives permanent public URLs
  • Authorized staff retrieve photos via signed URLs valid for five minutes
  • Inmates do not receive raw storage URLs for other patients’ images

Session and client storage

  • No PII in browser localStorage
  • Inmate kiosk session state is in-memory; idle auto-reset clears it
  • Staff sessions use Supabase Auth tokens per standard secure cookie/session handling

Audit log

Append-only audit entries cover sensitive actions, including:
  • Patient enroll
  • Case assign
  • Assessment review / status change
  • Note create / share
  • Role grant / revoke
  • MFA reset (staff)
  • Message send
  • PDF email to allowlisted address
Application logs do not contain PHI. Audit entries reference resource IDs and action types, not clinical content.

Messaging

Messages are append-only, monitored, and internal only — no external SMS, email to inmates, or outbound links. Threads are part of the medical record subject to the same RLS and retention rules as assessments.

Retention

Retention schedules are configured per agency agreement. Defaults follow health-record conventions (typically multi-year retention for clinical artifacts). Contact your Veridian Health Partners account contact for export and deletion procedures at contract end.

Agency vs. application responsibilities

TopicVeridian MotionAgency / facility
RLS and access controlEnforced in app
BAA with health providerDesign + vendor chainExecute agreements
CJIS / FedRAMP / GovCloud hostingProvide environment
MDM and physical kiosk controlsApp hardening onlyDevice management
Personnel screeningAgency HR / policy

What’s next

HIPAA

Business Associate framing.

Data handling

Collection, retention, deletion summary.

Incident response

If something goes wrong.