hipaa-compliance-automator
HIPAA security and privacy compliance automation for ePHI protection, safeguards assessment, and audit preparation
Best use case
hipaa-compliance-automator is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
HIPAA security and privacy compliance automation for ePHI protection, safeguards assessment, and audit preparation
Teams using hipaa-compliance-automator should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/hipaa-compliance-automator/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How hipaa-compliance-automator Compares
| Feature / Agent | hipaa-compliance-automator | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
HIPAA security and privacy compliance automation for ePHI protection, safeguards assessment, and audit preparation
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# HIPAA Compliance Automator Skill
## Purpose
Automate Health Insurance Portability and Accountability Act (HIPAA) compliance activities including ePHI inventory, safeguards assessment, risk analysis, Business Associate Agreement management, and breach notification procedures.
## Capabilities
### ePHI Inventory and Tracking
- Discover and catalog electronic Protected Health Information
- Map ePHI data flows between systems
- Identify ePHI storage locations
- Track ePHI access and usage
- Document minimum necessary standards
### Administrative Safeguards Assessment
- Security management process evaluation
- Workforce security procedures review
- Information access management assessment
- Security awareness training tracking
- Security incident procedures review
- Contingency plan evaluation
- Business associate oversight
### Technical Safeguards Validation
- Access control verification
- Audit controls assessment
- Integrity controls validation
- Transmission security review
- Encryption verification (at rest and in transit)
- Authentication mechanisms review
### Physical Safeguards Assessment
- Facility access controls review
- Workstation use and security
- Device and media controls
- Physical security documentation
### Business Associate Management
- BAA inventory and tracking
- BAA compliance monitoring
- Subcontractor BAA tracking
- BAA renewal management
- Risk assessment for BAs
### Breach Notification Procedures
- Breach assessment and documentation
- Risk assessment for notification determination
- HHS notification tracking (60-day rule)
- Individual notification management
- Media notification for large breaches (500+)
### Risk Analysis
- Comprehensive risk assessment
- Threat and vulnerability identification
- Risk level determination
- Safeguard recommendations
- Risk treatment tracking
## HIPAA Rules Coverage
### Privacy Rule
- Use and disclosure limitations
- Minimum necessary standard
- Patient rights
- Notice of Privacy Practices
- Authorization requirements
### Security Rule
- Administrative safeguards (164.308)
- Physical safeguards (164.310)
- Technical safeguards (164.312)
- Policies and procedures (164.316)
### Breach Notification Rule
- Discovery and notification timelines
- Risk assessment methodology
- Notification content requirements
- Documentation requirements
## Integrations
- **Compliancy Group**: HIPAA compliance platform
- **HIPAA One**: Compliance management
- **Accountable HQ**: HIPAA compliance software
- **Custom audit tools**: Organization-specific solutions
- **EHR Systems**: Electronic health records integration
## Target Processes
- HIPAA Security and Privacy Compliance
- Security Risk Analysis
- Business Associate Compliance
- Breach Response Process
- Compliance Audit Preparation
## Input Schema
```json
{
"type": "object",
"properties": {
"assessmentType": {
"type": "string",
"enum": ["full", "security", "privacy", "risk", "breach", "baa"],
"description": "Type of HIPAA assessment"
},
"entityType": {
"type": "string",
"enum": ["covered_entity", "business_associate", "hybrid"],
"description": "HIPAA entity classification"
},
"scope": {
"type": "object",
"properties": {
"systems": { "type": "array", "items": { "type": "string" } },
"facilities": { "type": "array", "items": { "type": "string" } },
"businessAssociates": { "type": "array", "items": { "type": "string" } }
}
},
"breachDetails": {
"type": "object",
"properties": {
"discoveryDate": { "type": "string", "format": "date" },
"description": { "type": "string" },
"affectedIndividuals": { "type": "integer" },
"phiCategories": { "type": "array" }
}
},
"existingDocumentation": {
"type": "string",
"description": "Path to existing HIPAA documentation"
}
},
"required": ["assessmentType", "entityType"]
}
```
## Output Schema
```json
{
"type": "object",
"properties": {
"assessmentId": {
"type": "string"
},
"assessmentType": {
"type": "string"
},
"entityType": {
"type": "string"
},
"assessmentDate": {
"type": "string",
"format": "date-time"
},
"ephiInventory": {
"type": "object",
"properties": {
"systems": { "type": "array" },
"dataFlows": { "type": "array" },
"storageLocations": { "type": "array" }
}
},
"safeguardsAssessment": {
"type": "object",
"properties": {
"administrative": {
"type": "object",
"properties": {
"implemented": { "type": "integer" },
"partiallyImplemented": { "type": "integer" },
"notImplemented": { "type": "integer" }
}
},
"technical": { "type": "object" },
"physical": { "type": "object" }
}
},
"riskAnalysis": {
"type": "object",
"properties": {
"threats": { "type": "array" },
"vulnerabilities": { "type": "array" },
"riskLevel": { "type": "string" }
}
},
"gapAnalysis": {
"type": "array",
"items": {
"type": "object",
"properties": {
"standard": { "type": "string" },
"requirement": { "type": "string" },
"currentState": { "type": "string" },
"gap": { "type": "string" },
"remediation": { "type": "string" },
"priority": { "type": "string" }
}
}
},
"breachAssessment": {
"type": "object"
},
"complianceScore": {
"type": "number"
},
"recommendations": {
"type": "array",
"items": { "type": "string" }
}
}
}
```
## Usage Example
```javascript
skill: {
name: 'hipaa-compliance-automator',
context: {
assessmentType: 'full',
entityType: 'covered_entity',
scope: {
systems: ['EHR', 'Patient Portal', 'Billing System'],
facilities: ['Main Hospital', 'Outpatient Clinic']
}
}
}
```Related Skills
compliance-checker
Check compliance with SOC 2, GDPR, HIPAA, and PCI-DSS standards
soc2-compliance-automator
SOC 2 Trust Services Criteria compliance automation for evidence collection, control mapping, and audit preparation
pci-dss-compliance-automator
PCI DSS compliance assessment and reporting for cardholder data protection, SAQ automation, and ASV scan orchestration
gdpr-compliance-automator
GDPR compliance assessment and automation for data mapping, consent management, DSAR handling, and privacy impact assessments
compliance-evidence-collector
Automated evidence collection across compliance frameworks from cloud providers, identity systems, and security tools
regulatory-compliance-assessment
Evaluate organizational compliance with healthcare regulations including HIPAA, CMS Conditions of Participation, and accreditation standards through gap analysis and audit procedures
accessibility-compliance-auditing
Evaluate learning materials and technology for WCAG, Section 508, and accessibility compliance with remediation recommendations
accessibility-compliance
Ensure cultural programs and facilities meet ADA requirements and universal design principles including accommodations, assistive technologies, and inclusive practices
iso-nanotechnology-compliance-checker
Regulatory compliance skill for ISO nanotechnology standards verification and documentation
ada-compliance-checker
ADA accessibility compliance checking skill for routes, slopes, and pedestrian facilities
iso-standards-compliance-checker
Medical device standards compliance verification skill for ISO 13485, ISO 14971, IEC 62304, IEC 60601, and related standards
hipaa-compliance-validator
HIPAA compliance validation skill for genomic data handling and audit