DiscordSign up
SKILLS.SH

hipaa-compliance

HIPAA-specific entrypoint for healthcare privacy and security work. Use when a task is explicitly framed around HIPAA, PHI handling, covered entities, BAAs,…

INSTALLATION
npx skills add https://github.com/affaan-m/everything-claude-code --skill hipaa-compliance
Run in your project or agent environment. Adjust flags if your CLI version differs.

SKILL.md

$27

  • Start with healthcare-phi-compliance for the concrete implementation rules.
  • Apply HIPAA-specific decision gates:
  • Is this data PHI?
  • Is this actor a covered entity or business associate?
  • Does a vendor or model provider require a BAA before touching the data?
  • Is access limited to the minimum necessary scope?
  • Are read/write/export events auditable?
  • Escalate to healthcare-reviewer if the task affects patient safety, clinical workflows, or regulated production architecture.

HIPAA-Specific Guardrails

  • Never place PHI in logs, analytics events, crash reports, prompts, or client-visible error strings.
  • Never expose PHI in URLs, browser storage, screenshots, or copied example payloads.
  • Require authenticated access, scoped authorization, and audit trails for PHI reads and writes.
  • Treat third-party SaaS, observability, support tooling, and LLM providers as blocked-by-default until BAA status and data boundaries are clear.
  • Follow minimum necessary access: the right user should only see the smallest PHI slice needed for the task.
  • Prefer opaque internal IDs over names, MRNs, phone numbers, addresses, or other identifiers.

Examples

Example 1: Product request framed as HIPAA

User request:

Add AI-generated visit summaries to our clinician dashboard. We serve US clinics and need to stay HIPAA compliant.

Response pattern:

  • Activate hipaa-compliance
  • Use healthcare-phi-compliance to review PHI movement, logging, storage, and prompt boundaries
  • Verify whether the summarization provider is covered by a BAA before any PHI is sent
  • Escalate to healthcare-reviewer if the summaries influence clinical decisions

Example 2: Vendor/tooling decision

User request:

Can we send support transcripts and patient messages into our analytics stack?

Response pattern:

  • Assume those messages may contain PHI
  • Block the design unless the analytics vendor is approved for HIPAA-bound workloads and the data path is minimized
  • Require redaction or a non-PHI event model when possible

Related Skills

  • healthcare-phi-compliance
  • healthcare-reviewer
  • healthcare-emr-patterns
  • healthcare-eval-harness
  • security-review
BrowserAct

Let your agent run on any real-world website

Bypass CAPTCHA & anti-bot for free. Start local, scale to cloud.

Explore BrowserAct Skills →

Related skills

azure-compliance
3/3

Azure compliance scanning, Key Vault expiration auditing, and resource configuration validation. Runs azqr (Azure Quick Review) for comprehensive compliance assessment against best practices across subscriptions and resource groups Monitors Key Vault keys, secrets, and certificates for expiration dates and identifies items without expiration policies Detects orphaned, misconfigured, and non-compliant resources using Resource Graph queries Classifies findings by priority (Critical, High, Medium, Low) with remediation guidance for each issue

Verified authormicrosoft
SKILLS.SH
293K1.1K
2026-05-22
openclaw-secure-linux-cloud
1/3

Use when self-hosting OpenClaw on a cloud server, hardening a remote OpenClaw gateway, choosing between SSH tunneling, Tailscale, or reverse-proxy exposure, or…

xixu-me
SKILLS.SH
150K53
2026-05-22
entra-agent-id
3/3

Provision Microsoft Entra Agent Identity Blueprints, BlueprintPrincipals, and per-instance Agent Identities via Microsoft Graph, and configure OAuth 2.0 token…

Verified authormicrosoft
SKILLS.SH
59.1K1.1K
2026-05-21
firebase-security-rules-auditor
3/3

A skill to evaluate how secure Firestore security rules are. Use this when Firestore security rules are updated to ensure that the generated rules are…

firebase
SKILLS.SH
23.5K292
2026-05-21

Stop writing automation&scrapers

Install the CLI. Run your first Skill in 30 seconds. Scale when you're ready.

Start free
free · no credit card