Agent_skills hipaa-compliance-guard
Audits HealthTech applications for HIPAA technical safeguards like encryption and audit logging. Use when reviewing healthcare infrastructure or ensuring PHI is handled according to legal security standards.
install
source · Clone the upstream repo
git clone https://github.com/jorgealves/agent_skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/jorgealves/agent_skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/hipaa-compliance-guard" ~/.claude/skills/jorgealves-agent-skills-hipaa-compliance-guard-fd9d77 && rm -rf "$T"
manifest:
hipaa-compliance-guard/SKILL.mdsource content
HIPAA Compliance Guard
Purpose and Intent
The
hipaa-compliance-guardWhen to Use
- Architecture Reviews: Run during the design phase to ensure encryption and logging are planned.
- Pre-Audit Self-Assessment: Use before a formal 3rd-party HIPAA audit to identify and fix low-hanging violations.
- Infrastructure Changes: Run after modifying Terraform or Cloud scripts to ensure security groups or encryption haven't been compromised.
When NOT to Use
- Real Patient Data: This tool should NOT be used on live databases containing PHI. It is for checking the systems that handle the data.
- Legal Certification: Passing this audit does not mean you are "HIPAA Certified"; it means your technical configuration follows best practices.
Error Conditions and Edge Cases
- Obfuscated Infrastructure: If cloud resources are created via manual console actions (ClickOps) instead of code, this tool cannot see them.
- Custom Encryption: Proprietary or non-standard encryption methods may be flagged as warnings.
Security and Data-Handling Considerations
- No PHI Access: The tool is designed to look at configurations, not data.
- Local Analysis: Keep your infrastructure code local and run the scan within your trusted environment.