hipaa-compliance

by affaan-m

hipaa-compliance is the HIPAA-specific entrypoint for healthcare privacy and security work. Use the hipaa-compliance skill when a task is explicitly about PHI, covered entities, BAAs, breach posture, or whether a workflow creates HIPAA exposure. It is a thin overlay for fast compliance triage and guidance.

Stars156.2k

Favorites0

Comments0

AddedApr 15, 2026

CategoryCompliance Review

Install Command

npx skills add affaan-m/everything-claude-code --skill hipaa-compliance

Curation Score

This skill scores 71/100, which means it is list-worthy for users who need a HIPAA-specific entrypoint, but it is intentionally thin and should be installed as a routing layer rather than a full standalone workflow. For directory users, that means it can reduce prompt guesswork when a task is explicitly about HIPAA/PHI/BAAs, but they should pair it with the broader healthcare and security skills it points to.

71/100

Strengths

Explicit trigger language for HIPAA, PHI, covered entities, BAAs, and healthcare compliance makes activation straightforward.
Clear role separation: it routes users to related skills for implementation, review, and general security instead of pretending to cover everything itself.
Substantive body text with concrete use cases and decision gates gives agents a fast way to decide whether the skill applies.

Cautions

The skill is intentionally thin and depends on other skills for most operational work, so it is not a complete HIPAA playbook.
No install command, support files, references, or scripts are present, which limits trust signals and implementation depth.

Hipaa Compliance Privacy Security Compliance Legal

Overview

Overview of hipaa-compliance skill

hipaa-compliance is the HIPAA-specific entrypoint for US healthcare privacy and security work. Use the hipaa-compliance skill when the task is explicitly about PHI, covered entities, business associates, BAAs, breach exposure, or whether a workflow creates HIPAA risk.

What this skill is for

It helps you decide whether a product, feature, or workflow is HIPAA-relevant and what guardrails matter before implementation. The main job-to-be-done is not generic security review; it is answering “does this design create HIPAA exposure, and what must be true before we ship?”

What makes it different

This skill is intentionally thin and canonical. It does not replace broader healthcare privacy implementation or general security review. Instead, it routes HIPAA questions through the right lens so you can avoid over-applying HIPAA rules to unrelated work or under-scoping a real compliance issue.

Best-fit readers

Install hipaa-compliance if you are reviewing or building patient-facing systems, clinician tools, internal support flows, logging pipelines, analytics, or LLM-assisted workflows that may touch PHI. It is especially useful for compliance, product, and engineering teams that need fast, consistent triage before deeper review.

How to Use hipaa-compliance skill

Install and verify the skill

Use the hipaa-compliance install command shown in the repo and confirm the skill is available in your agent workflow. If you are browsing the directory first, start with SKILL.md to confirm the scope before relying on it in production work.

Give the skill the right input

The hipaa-compliance usage pattern works best when you state the compliance question, the data type, the actor, and the workflow in one prompt. For example: “Review whether this support chatbot can see appointment notes, whether that creates PHI exposure, and what minimum necessary controls are needed.”

Start from the canonical flow

Read SKILL.md first, then follow any linked guidance in the repo if present. For this repository, the key decision path is: identify whether the request is HIPAA-scoped, defer concrete implementation details to the broader healthcare privacy skill, and use HIPAA as a compliance overlay rather than a standalone architecture plan.

Prompt shape that gets better results

Strong hipaa-compliance prompts include the system context, the exact feature, and the decision you need made. Weak prompts say “make it HIPAA compliant.” Better prompts say “assess whether storing chat transcripts from a patient intake bot is permissible, what data should be excluded, and what audit/logging limits are required.”

hipaa-compliance skill FAQ

Is hipaa-compliance enough by itself?

Usually no. The repository makes clear that hipaa-compliance is the overlay for HIPAA decisions, while healthcare-phi-compliance handles the concrete privacy and handling rules. Use both when the work involves actual PHI workflows.

When should I not use this skill?

Do not use hipaa-compliance for generic app security, ordinary privacy design, or non-healthcare products that never touch PHI. If the issue is general auth, secrets, input validation, or deployment hardening, security-review is the better fit.

Is this beginner-friendly?

Yes, if you already know the basic facts of the workflow. The skill is useful for beginners because it narrows the question to HIPAA-relevant decision gates, but you still need to provide clear facts about what data is involved and who can access it.

Does it help with compliance review?

Yes, hipaa-compliance for Compliance Review is a good fit when you need a quick pre-check on logs, analytics, support tooling, or LLM prompts that may expose PHI. It is strongest as a triage layer before formal legal or security review.

How to Improve hipaa-compliance skill

Provide the missing compliance facts

The biggest quality boost comes from naming the data, the actor, and the purpose. Say whether the system handles diagnosis notes, appointment data, payment info, transcripts, images, or identifiers, and whether the user is a covered entity, business associate, or vendor.

Ask for a decision, not just a summary

To get better hipaa-compliance usage results, ask for a concrete output such as “risk assessment,” “go/no-go call,” “control checklist,” or “what must change before launch.” That forces the response to translate HIPAA concerns into action.

Watch for common failure modes

The most common mistake is treating every healthcare-adjacent feature as equally regulated. Another is ignoring indirect exposure through logs, analytics, support tickets, or prompts. If those channels exist, call them out explicitly so the skill can evaluate minimum necessary access and breach posture.

Iterate with the first draft

After the first pass, tighten the prompt with one more layer of context: where PHI appears, how long it is retained, who can see it, and what external services are involved. That is usually enough to turn a generic answer into a useful hipaa-compliance guide for real implementation decisions.

Ratings & Reviews

No ratings yet

Share your review

0/10000

Latest reviews

Saving...

more skill

security-review

by affaan-m

Use the security-review skill to review auth, user input, secrets, APIs, payments, uploads, and other sensitive flows. It provides a practical security-review guide with clear pass/fail checks, risky-pattern examples, and a focused process for catching common issues before release.

Security Audit

Favorites 0GitHub 156.3k

django-security

by affaan-m

django-security is a practical guide for hardening Django apps with authentication, authorization, CSRF, XSS, SQL injection prevention, secure cookies, and production settings. It helps developers and reviewers run a focused Security Audit, quickly spot risky config, and apply concrete fixes before deployment.

Security Audit

Favorites 0GitHub 156.1k

accessibility-compliance

by wshobson

The accessibility-compliance skill helps teams audit and improve web or mobile UI with practical WCAG 2.2, ARIA, keyboard access, screen reader, and mobile accessibility guidance. Best for UX audits, component fixes, and implementation-ready recommendations.

UX Audit

Favorites 0GitHub 32.6k

skill-comply

by affaan-m

skill-comply is a compliance-testing skill that checks whether an agent follows a skill, rule, or agent definition in real runs. It generates specs from markdown, runs three prompt strictness levels, classifies tool-call timelines, and reports compliance rates with evidence. Useful for skill-comply for Compliance Review.

Compliance Review

Favorites 0GitHub 156.3k

perl-security

by affaan-m

perl-security helps you review Perl code for safer input handling, taint mode, shell execution, DBI placeholders, and web security issues like XSS, SQLi, and CSRF. Use this perl-security skill for Security Audit work, remediation planning, and secure development when user-controlled data reaches sensitive sinks.

Security Audit

Favorites 0GitHub 156.2k

laravel-security

by affaan-m

The laravel-security skill is a practical Laravel security checklist for authn/authz, validation, CSRF, mass assignment, file uploads, secrets, rate limiting, and secure deployment. Use it for audits, feature reviews, and hardening work in Laravel apps.

Security Audit

Favorites 0GitHub 156.2k

customs-trade-compliance

by affaan-m

customs-trade-compliance is a trade compliance skill for customs documentation, HS/HTS classification, duty planning, restricted party screening, and Compliance Review. It helps users turn shipment facts into defensible import/export decisions with less guesswork than a generic prompt.

Compliance Review

Favorites 0GitHub 156.1k

k8s-security-policies

by wshobson

k8s-security-policies helps teams draft Kubernetes NetworkPolicy, Pod Security Standards labels, and RBAC patterns using repo-backed templates and references for hardening and audit-ready rollout planning.

Security Audit

Favorites 0GitHub 32.6k

security

by markdown-viewer

The security skill creates PlantUML security architecture diagrams with AWS stencils for identity, encryption, firewalling, compliance, and threat detection. Use it for IAM flows, zero-trust designs, encryption pipelines, Security Audit diagrams, and review-ready documentation. It is not meant for general cloud infrastructure or generic UML modeling.

Security Audit

Favorites 0GitHub 1.1k

apple-appstore-reviewer

by github

apple-appstore-reviewer helps audit iOS apps for App Store rejection risks, privacy gaps, permissions, subscriptions, and reviewer-blocking flows before submission.

Compliance Review

Favorites 0GitHub 0

pci-compliance

by wshobson

Use the pci-compliance skill to guide PCI DSS architecture reviews, scope reduction, gap analysis, and payment data handling decisions. Best for teams designing payment flows, preparing for assessments, or reviewing controls before a compliance review.

Compliance Review

Favorites 0GitHub 32.6k

wcag-audit-patterns

by wshobson

wcag-audit-patterns is a structured WCAG 2.2 audit skill for accessibility reviews. Use it to combine automated findings with manual checks, prioritize issues by severity and conformance level, and generate actionable remediation guidance for pages, flows, and components.

UX Audit

Favorites 0GitHub 32.5k

agent-governance

by github

agent-governance is a documentation-first skill for designing AI agent guardrails, policy checks, trust rules, tool restrictions, and audit logging for tool-using and multi-agent systems.

Agent Standards

Favorites 0GitHub 27.8k

healthcare-phi-compliance

by affaan-m

healthcare-phi-compliance helps review healthcare apps for PHI/PII risk across data models, APIs, logs, and access paths. Use it to check data classification, access control, encryption, audit trails, and common leak vectors for HIPAA, DISHA, GDPR, and related security audit needs.

Security Audit

Favorites 0GitHub 156.2k

security-requirement-extraction

by wshobson

security-requirement-extraction turns threat models and business context into testable security requirements, user stories, acceptance criteria, and backlog-ready outputs for Requirements Planning.

Requirements Planning

Favorites 0GitHub 32.6k

gdpr-data-handling

by wshobson

The gdpr-data-handling skill helps teams turn GDPR requirements into practical review guidance for consent, lawful basis, data subject rights, retention, and privacy-by-design decisions.

Compliance Review

Favorites 0GitHub 32.5k