healthcare-phi-compliance

by affaan-m

healthcare-phi-compliance helps review healthcare apps for PHI/PII risk across data models, APIs, logs, and access paths. Use it to check data classification, access control, encryption, audit trails, and common leak vectors for HIPAA, DISHA, GDPR, and related security audit needs.

Stars156.2k

Favorites0

Comments0

AddedApr 15, 2026

CategorySecurity Audit

Install Command

npx skills add affaan-m/everything-claude-code --skill healthcare-phi-compliance

Curation Score

This skill scores 68/100, which means it is worth listing for users who need healthcare data-protection guidance, but it is not a deeply operational skill. The repository gives enough substance to help agents apply PHI/PII compliance patterns with less guesswork than a generic prompt, though users should expect to rely on the written guidance rather than an automated workflow.

68/100

Strengths

Clear use cases for when to trigger it: patient records, access control, APIs, audit trails, schema design, and code review.
Substantive domain coverage across PHI/PII classification, access control, audit logging, encryption, and leak vectors.
Frontmatter is valid and the body is non-placeholder, with multiple headings and concrete compliance framing for healthcare contexts.

Cautions

No install command, scripts, or support files, so adoption depends entirely on reading SKILL.md rather than running a packaged workflow.
Operational depth appears limited: there is one workflow signal and no repository references or resources to verify broader implementation guidance.

Healthcare Compliance Privacy Security Medical Audit

Overview

Overview of healthcare-phi-compliance skill

The healthcare-phi-compliance skill helps you design and review healthcare software so PHI and PII are handled safely across data models, APIs, logs, and access paths. It is most useful when you need a practical compliance-aware check, not a legal memo: building patient-facing features, adding clinician workflows, hardening audit trails, or doing a healthcare security review.

What this skill is for

Use healthcare-phi-compliance when the main question is “where can sensitive data leak, and how do I prevent it?” The skill focuses on data classification, access control, encryption, and auditability for healthcare systems that may need to align with HIPAA, DISHA, GDPR, or similar obligations.

Best-fit readers and teams

This healthcare-phi-compliance skill is a good fit for engineers, security reviewers, platform teams, and AI agents generating code or policy checks for medical products. It is especially helpful for multi-tenant apps, RLS-based systems, and teams that need consistent handling of patient, clinician, and financial records.

What makes it different

Unlike a generic security prompt, this skill centers healthcare-specific leak vectors: overbroad patient queries, logging of identifiers, weak row-level access, and accidental exposure through analytics or support tooling. It is most valuable when you need a clear decision path before implementation or a structured review for a healthcare release.

How to Use healthcare-phi-compliance skill

Install and load the skill

Install the healthcare-phi-compliance skill in your Claude Code or skill-enabled environment, then point your agent at the repository’s SKILL.md first. If your workflow supports skill installation by name, use the repo path for skills/healthcare-phi-compliance and confirm the skill is active before asking for output.

Give the model the right inputs

For a useful healthcare-phi-compliance usage flow, provide: the data type involved, who should access it, where it is stored, what surfaces return it, and what country or regulatory context matters. Strong inputs are specific, for example: “Review a patient portal API that returns lab results, appointment history, and insurance claims for HIPAA and GDPR risks.” Weak inputs like “make this compliant” usually miss the real exposure points.

Read these parts first

Start with SKILL.md, then inspect any headings that describe When to Use, How It Works, and data classification or access-control rules. For this repository, there are no extra rules/, resources/, or helper scripts, so the main value is in understanding the core guidance and applying it to your own architecture.

Turn a rough prompt into a useful workflow

A better healthcare-phi-compliance install workflow is: define the feature, list the sensitive fields, name the actors, identify storage and logging paths, and ask for a risk review or implementation plan. For example: “Using healthcare-phi-compliance, review this multi-tenant EHR endpoint for PHI exposure, propose RLS checks, define audit events, and flag any logging or caching issues.” That structure gives the skill enough context to produce actionable output instead of generic compliance language.

healthcare-phi-compliance skill FAQ

Is healthcare-phi-compliance only for HIPAA?

No. The skill is relevant to HIPAA, but it also fits healthcare systems that must respect DISHA, GDPR, and broader privacy/security controls. Treat it as a healthcare PHI/PII design and review guide, not a single-regulation checklist.

When should I not use this skill?

Do not use it as a substitute for legal review, formal compliance certification, or organization-specific policy. If your task is unrelated to healthcare data exposure, ordinary security prompting may be enough.

Is it beginner-friendly?

Yes, if you can describe the data flow clearly. The healthcare-phi-compliance guide is easier to use when you already know which records are sensitive and which roles should see them. Beginners get better results by asking for classification, access, and audit checks separately.

How is it different from a normal security prompt?

A normal prompt often stays generic. healthcare-phi-compliance forces the review to center on healthcare-specific data classes, access boundaries, logging risks, and auditability, which makes the output more useful for Security Audit work and implementation planning.

How to Improve healthcare-phi-compliance skill

Provide a concrete system boundary

The best way to improve healthcare-phi-compliance results is to specify the exact subsystem: patient portal, clinician dashboard, billing service, analytics pipeline, or support admin panel. The skill performs better when it knows whether the problem is read access, write access, logging, exports, or backups.

Name the sensitive fields and actors

List the fields that count as PHI or PII and the roles that should access them. For example: name, dob, phone, diagnosis, lab_results, insurance_id; roles like patient, doctor, nurse, claims agent, and support admin. This makes the recommendation sharper than a blanket “protect sensitive data” response.

Ask for the exact artifact you need

If you want this healthcare-phi-compliance skill for Security Audit, say whether you need a threat model, code review checklist, RLS policy draft, audit-log plan, or remediation steps. The more explicit the artifact, the more likely the output will be directly usable in review, implementation, or sign-off.

Iterate on leaks, not abstractions

After the first output, push the skill toward concrete failure modes: over-logging, over-fetching, cached PHI, broad database queries, weak export controls, or missing audit events. That is where healthcare-phi-compliance adds the most value, especially when you are trying to reduce real exposure before shipping.

Ratings & Reviews

No ratings yet

Share your review

0/10000

Latest reviews

Saving...

more skill

security-review

by affaan-m

Use the security-review skill to review auth, user input, secrets, APIs, payments, uploads, and other sensitive flows. It provides a practical security-review guide with clear pass/fail checks, risky-pattern examples, and a focused process for catching common issues before release.

Security Audit

Favorites 0GitHub 156.3k

django-security

by affaan-m

django-security is a practical guide for hardening Django apps with authentication, authorization, CSRF, XSS, SQL injection prevention, secure cookies, and production settings. It helps developers and reviewers run a focused Security Audit, quickly spot risky config, and apply concrete fixes before deployment.

Security Audit

Favorites 0GitHub 156.1k

supabase-postgres-best-practices

by supabase

supabase-postgres-best-practices is a Supabase Postgres optimization skill for query tuning, indexing, schema design, RLS performance, locking, and connection management.

Database Engineering

Favorites 0GitHub 1.7k

audit-website

by squirrelscan

The audit-website skill uses the squirrel CLI to audit websites and webapps across 230+ rules for SEO, technical, content, performance, security, links, and site health, then returns actionable LLM-ready reports.

UX Audit

Favorites 0GitHub 68

skill-comply

by affaan-m

skill-comply is a compliance-testing skill that checks whether an agent follows a skill, rule, or agent definition in real runs. It generates specs from markdown, runs three prompt strictness levels, classifies tool-call timelines, and reports compliance rates with evidence. Useful for skill-comply for Compliance Review.

Compliance Review

Favorites 0GitHub 156.3k

security-scan

by affaan-m

The security-scan skill audits your Claude Code .claude/ configuration for secrets, risky MCP setup, injection-prone instructions, dangerous bypass flags, and weak agent or hook definitions using AgentShield. Use it for repeatable security checks before committing or onboarding.

Security Audit

Favorites 0GitHub 156.3k

perl-security

by affaan-m

perl-security helps you review Perl code for safer input handling, taint mode, shell execution, DBI placeholders, and web security issues like XSS, SQLi, and CSRF. Use this perl-security skill for Security Audit work, remediation planning, and secure development when user-controlled data reaches sensitive sinks.

Security Audit

Favorites 0GitHub 156.2k

laravel-security

by affaan-m

The laravel-security skill is a practical Laravel security checklist for authn/authz, validation, CSRF, mass assignment, file uploads, secrets, rate limiting, and secure deployment. Use it for audits, feature reviews, and hardening work in Laravel apps.

Security Audit

Favorites 0GitHub 156.2k

healthcare-eval-harness

by affaan-m

healthcare-eval-harness is a patient safety evaluation harness for healthcare app deployments. It helps teams verify CDSS accuracy, PHI exposure, data integrity, clinical workflow behavior, and integration compliance before release. Critical failures block deployment, making it useful for healthcare-eval-harness for Model Evaluation and CI safety gates.

Model Evaluation

Favorites 0GitHub 156.2k

github-ops

by affaan-m

github-ops is a GitHub operations skill for triaging issues, managing PRs, checking CI failures, preparing releases, and monitoring repository health with the gh CLI. Use the github-ops skill when you need repeatable github-ops usage for a real repository, with auth via gh auth login and clear repo context.

Github

Favorites 0GitHub 156.2k

ecc-tools-cost-audit

by affaan-m

ecc-tools-cost-audit is an evidence-first audit skill for ECC Tools cost spikes, runaway PR creation, quota bypass, premium-model leakage, and duplicate jobs. Use it for Backend Development investigations that trace a request from webhook to worker to billing decision and prove where spend is being created.

Backend Development

Favorites 0GitHub 156.1k

defi-amm-security

by affaan-m

defi-amm-security is a focused security checklist for Solidity AMMs, liquidity pools, LP vaults, and swap flows. It helps auditors and engineers review reentrancy, CEI ordering, donation or inflation attacks, oracle assumptions, slippage, admin controls, and integer math with less guesswork than a generic prompt.

Security Audit

Favorites 0GitHub 156.1k

code-reviewer

by Shubhamsaboo

code-reviewer is an AI code review skill that follows a strict review order: security, performance, correctness, and maintainability. It uses rule files for SQL injection, XSS, N+1 queries, error handling, naming, and type hints, making PR reviews more consistent than a generic review prompt.

Code Review

Favorites 0GitHub 104.2k

stride-analysis-patterns

by wshobson

stride-analysis-patterns helps agents run a structured STRIDE threat-modeling pass for architectures, APIs, and data flows. Install from the wshobson/agents repo, read the SKILL.md file, and use it to turn system descriptions into categorized threats and control-focused review output.

Threat Modeling

Favorites 0GitHub 32.6k

anti-reversing-techniques

by wshobson

anti-reversing-techniques is a reverse-engineering skill for authorized malware analysis, CTF work, packed binary triage, and security audits. It helps you identify anti-debugging, anti-VM, packing, and obfuscation patterns, then choose a practical analysis workflow using the core skill and advanced reference.

Security Audit

Favorites 0GitHub 32.6k

k8s-security-policies

by wshobson

k8s-security-policies helps teams draft Kubernetes NetworkPolicy, Pod Security Standards labels, and RBAC patterns using repo-backed templates and references for hardening and audit-ready rollout planning.

Security Audit

Favorites 0GitHub 32.6k