EDORA
Skip to content
βˆ‘

EDORA β€’ Learn

Justice Index Β· Advocacy Lab Β· Field Guide

EDORA Learn β€” Pipelines

← Back to Learning Center

Information Sharing & Confidentiality (Interagency Flow)

Pipeline 09C

Transparency note: data-sharing practices vary by state and agency type. Where MOUs or statutes differ, indicators are standardized for comparability but annotated with applicable jurisdictional notes.

Overview

Effective youth case management depends on timely information sharing among courts, probation, education, and health systemsβ€”while respecting confidentiality laws such as FERPA, HIPAA, and 42 CFR Part 2. This page outlines common frameworks for exchange, consent practices, and safeguards that maintain privacy while enabling continuity of care.

What We Track

Legal Frameworks

  • MOUs & interagency agreements current and signed (scope, duration, renewal date)
  • State & federal statutes cited (FERPA, HIPAA, 42 CFR Part 2, JJRA confidentiality clauses)

Consent & Authorization

  • Informed consent forms on file (youth & caregiver) with scope and expiration date
  • Revocation or amendment process documented and accessible

Minimum Necessary

  • Role-based access controls enforced (user groups, privilege sets)
  • Automated redaction/filtering for sensitive elements (mental-health notes, victim data)
  • Periodic reviews of field-level access lists

Audit & Security

  • Access logs retained (who, what, when) with quarterly review
  • Encryption standards documented (AES-256 at rest, TLS 1.3 in transit)
  • Breach-notification procedure with statutory timeframes (≀ 72 hours typical)

Transparency & Privacy Balance

  • Aggregated indicators published (disparity rates, outcome dashboards) with de-identification thresholds
  • Statistical disclosure control applied: small-n suppression, top-coding, noise injection where appropriate

Typical Flow

  1. Data request initiated or automated trigger fires (e.g., placement, release)
    • Identify data owner & legal authority for disclosure
  2. Consent check applied; limit fields to authorized scope
    • Validate signature & expiration; apply role-based filters before export
  3. Transmission through secure channel (API, encrypted email, portal)
    • Attach audit timestamp and checksum; verify receipt at destination
  4. Use & retention governed by MOU/statute
    • Delete or archive on closure/expiry; prevent re-use outside original purpose
  5. Review & audit performed periodically
    • Analyze access logs & anomalies; document corrective actions
Schema source: information-sharing

Fields

FieldTypeRequiredCodesetDescription
pipeline_place_iduuidβœ…β€”Unique identifier for this information-sharing record.
pipeline_stage_idenumβœ…
stages.yml#stage_key(8)
  • intake
  • detention
  • adjudication
  • disposition
  • supervision
  • commitment_and_placement
  • reentry
  • closure
One of the canonical stages; here = reentry_aftercare.
pipeline_place_keyenumβœ…
pipeline_places.yml#place_key(45)
  • intake
  • pre_petition_diversion_and_deflection
  • diversion
  • youth_assessment_tools
  • prosecutorial_screening
  • status_offenses
  • adjudication
  • case_planning
  • family_engagement
  • case_timeliness
  • language_access
  • restorative_justice
  • detention_screening
  • community_atds
  • electronic_monitoring
  • court_appearance_and_fta
  • initial_hearing
  • pretrial_supervision
  • probation
  • intensive_supervision
  • …and 25 more
Canonical key for this place (maps to route/slug).
occurred_datetimedatetimeβœ…β€”Timestamp when the disclosure/export/import occurred (anchor).
jurisdiction_codestringβœ…β€”County/parish/circuit or standardized local code.
source_systemstringβœ…β€”Origin system name (human-readable label).
source_filestringβ€”Batch/file id or API job id, if applicable.
extract_run_idstringβ€”ETL run id for lineage.
series_break_flagbooleanβ€”Comparability break applies to this row.
series_break_reasonenum
series_breaks.yml#reason(4)
  • definition_change
  • vendor_change
  • coverage_change
  • policy_change
Reason for break (policy/process/tool change).
request_type_codeenumβœ…
request_types.yml#type(4)
  • automated_trigger
  • routine_exchange
  • ad_hoc_request
  • research_use
automated_trigger, routine_exchange, ad_hoc_request, research_use.
sending_system_codeenumβœ…
interface_systems.yml#system(12)
  • probation_cms
  • court_cms
  • prosecutor_cms
  • detention_mis
  • placement_ehr
  • education_sis
  • state_education_data_warehouse
  • health_ehr
  • behavioral_health_ehr
  • reentry_coordination_tool
  • data_lake
  • other
System initiating the disclosure.
receiving_system_codeenumβœ…
interface_systems.yml#system(12)
  • probation_cms
  • court_cms
  • prosecutor_cms
  • detention_mis
  • placement_ehr
  • education_sis
  • state_education_data_warehouse
  • health_ehr
  • behavioral_health_ehr
  • reentry_coordination_tool
  • data_lake
  • other
System receiving the disclosure.
data_directionality_codeenumβœ…
data_directionality.yml#direction(3)
  • push
  • pull
  • bidirectional
push, pull, or bidirectional.
governance_framework_codesarray<string>
governance_frameworks.yml#framework(5)
  • FERPA
  • HIPAA
  • 42CFRPart2
  • state_statute
  • MOU
Applicable frameworks (FERPA, HIPAA, 42CFRPart2, JJRA, MOU, state statute); semicolon-delimited.
agreement_mou_idstringβ€”Local id/contract id of governing MOU or agreement.
agreement_status_codeenum
agreement_statuses.yml#status(4)
  • active
  • expired
  • pending_renewal
  • none
Agreement lifecycle status (active, expired, pending_renewal, none).
agreement_start_datedateβ€”Agreement effective start date.
agreement_end_datedateβ€”Agreement end/expiry date.
statute_citation_codesarray<string>
statutes.yml#citation(8)
  • FERPA
  • HIPAA
  • 42CFRPart2
  • JJRA_confidentiality
  • CAPTA
  • CJIS
  • state_statute_generic
  • local_policy
Cited legal bases (e.g., FERPA, HIPAA, 42CFRPart2, state statutes); semicolon-delimited.
consent_type_codesarray<string>
consent_types.yml#type⚠️ using consent_types.yml#Type(5)
  • medical
  • education
  • service_referral
  • information_sharing
  • other
Types of consents that apply to this disclosure; semicolon-delimited.
consent_status_codeenum
consent_statuses.yml#status⚠️ using consent_statuses.yml#Status(4)
  • signed
  • pending
  • refused
  • expired
signed, pending, refused, expired.
consent_signed_datedateβ€”Date consent was signed (if any).
consent_expiration_datedateβ€”Consent expiration date (if scoped/limited).
consent_revoked_flagbooleanβ€”True if consent was revoked/amended prior to disclosure.
consent_revoked_datedateβ€”Date consent was revoked or amended.
ferpa_sharing_basis_codeenum
ferpa_sharing_bases.yml#basis(6)
  • consent
  • allowable_disclosure
  • mou
  • court_order
  • emergency_safety
  • other
consent, allowable_disclosure, mou, court_order, emergency_safety, other.
access_role_codesarray<string>
access_roles.yml#role(8)
  • probation_officer
  • school_liaison
  • behavioral_health_provider
  • data_steward
  • prosecutor
  • court_clerk
  • researcher_restricted
  • admin
Role groups used to scope fields (e.g., probation_officer, school_liaison); semicolon-delimited.
privilege_set_codesarray<string>
privilege_sets.yml#set(7)
  • read_core
  • read_edu
  • read_health_limited
  • read_health_sensitive
  • read_court
  • read_provider
  • publish_aggregates
Privilege sets applied to the export (read_core, read_edu, read_health_limited, etc.); semicolon-delimited.
disclosure_scope_category_codesarray<string>
disclosure_scope_categories.yml#category(9)
  • education_packet
  • schedule
  • credit_history
  • assessment_results
  • health_summary
  • behavioral_health_summary
  • service_referrals
  • attendance_summary
  • outcomes_aggregated
Data categories released (education_packet, schedule, health_summary, etc.); semicolon-delimited.
sensitive_element_codesarray<string>
sensitive_data_elements.yml#element(8)
  • mh_notes
  • substance_use_treatment
  • hiv_status
  • victim_identifiers
  • sealed_records
  • juvenile_names
  • personal_contact_info
  • other
Sensitive elements present (mh_notes, victim_data, substance_use_treatment); semicolon-delimited.
redaction_method_codesarray<string>
redaction_methods.yml#method(5)
  • field_drop
  • masking
  • tokenization
  • aggregation
  • generalized_codes
Redaction/filtering used (field_drop, tokenization, masking); semicolon-delimited.
access_review_datetimedatetimeβ€”Timestamp of most recent periodic access review prior to disclosure.
access_review_outcome_codeenum
access_review_outcomes.yml#outcome(3)
  • ok
  • updated_lists
  • remediation_required
ok, updated_lists, remediation_required.
transport_protocol_codeenumβœ…βŒ missing in _index.ymlAPI, SFTP, HTTPS upload, message queue, etc.
encryption_method_codeenumβœ…
encryption_methods.yml#method(4)
  • tls
  • pgp
  • aes256
  • none
TLS, PGP, AES-256, none.
access_log_reference_idstringβ€”Reference to access/transport log entry.
audit_review_datetimedatetimeβ€”Timestamp of audit review for this disclosure.
audit_anomaly_flagbooleanβ€”True if audit found anomaly requiring action.
audit_action_codesarray<string>
audit_action_types.yml#action(5)
  • training
  • access_revoked
  • policy_update
  • incident_report
  • notification_sent
Actions taken (training, revocation, policy_update, incident_report); semicolon-delimited.
breach_notification_required_flagbooleanβ€”True if incident met breach reporting criteria.
breach_detected_datetimedatetimeβ€”When the breach was detected.
breach_notified_datetimedatetimeβ€”When notifications were sent.
breach_timeframe_met_flagbooleanβ€”True if notification met statutory timeframe.
breach_severity_codeenum
breach_severity_levels.yml#level(3)
  • minor
  • moderate
  • severe
minor, moderate, severe (local policy-aligned).
publication_allowed_flagbooleanβ€”True if aggregated indicators may be published per policy.
sdc_method_codesarray<string>
sdc_methods.yml#method(5)
  • suppression
  • top_coding
  • noise_injection
  • rounding
  • swapping
Statistical disclosure controls used (suppression, top_coding, noise); semicolon-delimited.
suppression_threshold_valueintegerβ€”Minimum cell size threshold for publication.
top_coding_applied_flagbooleanβ€”True if top-coding applied to upper-tail values.
noise_injection_applied_flagbooleanβ€”True if calibrated noise was applied to published aggregates.
requestor_staff_idstringβ€”Staff who initiated the request.
data_steward_staff_idstringβ€”Designated steward for this disclosure.
data_owner_staff_idstringβ€”Data owner who approved or denied the disclosure.
digital_handoff_status_codeenum
digital_handoff_statuses.yml#status(4)
  • efile_received
  • api_synced
  • partial
  • failed
efile_received, api_synced, partial, failed (end-to-end disposition).
Download CSVwhat_we_track.csv

Data & Methods

Information-sharing metrics focus on timeliness (request→response hours/days), coverage (percentage of cases with valid consent and successful exchange), and compliance (no unauthorized disclosures). When agencies update MOUs, exchange platforms, or encryption standards, we mark series breaks. Data governance and confidentiality principles derive from Data Governance & Ethical Integration and Data Privacy & Disclosure Control. Quality assurance methods align with Data Quality & Validation, and audit frequency follows Real-Time & Version Control.

Related