hipaa-workflow-design
Use this skill when designing HIPAA-compliant workflow requirements for Health Cloud: minimum necessary access design, audit trail requirements mapping, access control patterns, and BAA dependency identification. NOT for security implementation (Shield Platform Encryption configuration, event monitoring setup) — this skill covers workflow requirements design, not technical security build steps.
Best use case
hipaa-workflow-design is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Use this skill when designing HIPAA-compliant workflow requirements for Health Cloud: minimum necessary access design, audit trail requirements mapping, access control patterns, and BAA dependency identification. NOT for security implementation (Shield Platform Encryption configuration, event monitoring setup) — this skill covers workflow requirements design, not technical security build steps.
Teams using hipaa-workflow-design should expect a more consistent output, faster repeated execution, less prompt rewriting, better workflow continuity with your supporting tools.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
- You already have the supporting tools or dependencies needed by this skill.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/hipaa-workflow-design/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How hipaa-workflow-design Compares
| Feature / Agent | hipaa-workflow-design | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Use this skill when designing HIPAA-compliant workflow requirements for Health Cloud: minimum necessary access design, audit trail requirements mapping, access control patterns, and BAA dependency identification. NOT for security implementation (Shield Platform Encryption configuration, event monitoring setup) — this skill covers workflow requirements design, not technical security build steps.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# HIPAA Workflow Design for Health Cloud Use this skill when designing HIPAA-compliant workflow requirements for Health Cloud: defining minimum necessary access patterns, identifying audit trail requirements, designing access controls for PHI, and mapping HIPAA Security Rule provisions to Salesforce platform controls. This skill focuses on requirements design and mapping. It does NOT cover the technical implementation of security controls (Shield Platform Encryption field configuration, Event Monitoring stream setup, field-level security configuration) — those are implementation-layer skills. --- ## Before Starting Gather this context before working on anything in this domain: - Confirm that a Business Associate Agreement (BAA) has been signed with Salesforce OR is in the procurement pipeline. No PHI may legally reside in any Salesforce org until the BAA is executed. This is a hard prerequisite. - Identify which Salesforce products are covered under the BAA. Only specific Salesforce products are BAA-eligible. PHI stored in non-covered services (certain Chatter features, some AppExchange products) voids HIPAA coverage even with Shield enabled. - Inventory all PHI fields. PHI includes all 18 HIPAA identifier categories: names, dates (except year), geographic data below state, phone/fax, email, SSN, medical record numbers, health plan numbers, account numbers, certificate/license numbers, VINs, device identifiers, URLs, IP addresses, biometric identifiers, full-face photos, and any unique identifying code. - Confirm Shield Platform Encryption, Field Audit Trail, and Event Monitoring licenses are in the contract. Shield is a paid add-on not included in any Salesforce edition. --- ## Core Concepts ### HIPAA Shared Responsibility Model Salesforce is responsible for infrastructure security (data center, network, platform availability). The customer is responsible for application-level controls: who can access PHI, encryption configuration, audit trail setup, consent workflows, and policies/procedures. The BAA documents this shared responsibility. A signed BAA does not make the org HIPAA-compliant — the customer must implement all required technical safeguards. ### HIPAA Security Rule to Salesforce Control Mapping | HIPAA Requirement | Salesforce Control | |---|---| | Access Control (§164.312(a)(1)) | OWD = Private + sharing rules + permission sets + care team role-scoped access | | Audit Controls (§164.312(b)) | Shield Field Audit Trail (10-year retention); Event Monitoring for system access logs | | Integrity (§164.312(c)(1)) | Shield Platform Encryption for PHI at rest; TLS for data in transit | | Transmission Security (§164.312(e)(1)) | TLS enforced; no PHI in HTTP headers or query strings | | Minimum Necessary (§164.514(d)) | OWD-Private + care team role scoping | ### Standard Field History Tracking Does NOT Satisfy HIPAA HIPAA requires audit log retention for 6 years from the date of creation or last effective date. Standard Field History Tracking retains only 18 months. Shield Field Audit Trail provides up to 10 years of field-level change history. Using standard Field History Tracking for PHI fields will fail a HIPAA audit — this is one of the most consequential architectural mistakes in Health Cloud implementations. ### Event Monitoring Log Expiration Event Monitoring logs in Salesforce are retained for only 30 days by default. HIPAA requires 6-year retention for access audit logs. Event Monitoring logs must be streamed to an external SIEM (Security Information and Event Management) system within 30 days. Salesforce does not provide long-term storage — this is an ongoing operational requirement, not a one-time configuration. --- ## Common Patterns ### Minimum Necessary Access Design **When to use:** Designing the permission model for a Health Cloud org with multiple user roles and varying PHI access needs. **How it works:** 1. Define user roles: primary care clinicians, specialists, care coordinators, administrative staff, billing staff, compliance officers. 2. Set OWD to Private for Account (patient records) and all clinical objects. 3. Use care team role-based sharing: each care team member gets read/edit access to their assigned patient records only. Non-care-team users have no default access. 4. Use permission sets (not profiles) to control field-level access to PHI fields — administrative staff get demographic PHI access but not clinical PHI; billing staff get billing codes but not diagnosis notes. 5. Document the access matrix. **Why not the alternative:** Public OWD or over-broad permission sets violate the minimum necessary standard by exposing all PHI to all users regardless of care role. ### HIPAA Audit Trail Architecture **When to use:** Specifying audit trail controls for a production Health Cloud org. **How it works:** 1. Shield Field Audit Trail for all PHI fields — set retention to 10 years. 2. Event Monitoring enabled for Login, Logout, Report, API Access, and field access events. 3. Event Monitoring logs streamed to an external SIEM within 30 days. 4. SIEM retention policy set to 6 years minimum. 5. Document the complete audit trail architecture in the BAA/compliance record. --- ## Decision Guidance | Situation | Recommended Approach | Reason | |---|---|---| | PHI field change history | Shield Field Audit Trail | 10-year retention; standard Field History = 18 months | | System access log retention | Event Monitoring + SIEM streaming | Logs expire in 30 days without external streaming | | PHI at-rest encryption | Shield Platform Encryption | Required HIPAA technical safeguard | | Patient record access control | OWD-Private + care team sharing | Minimum necessary access enforcement | | BAA not yet signed | Do not store PHI | Hard regulatory prerequisite | | AppExchange product used with PHI | Verify BAA coverage for that product | Not all AppExchange products are BAA-eligible | --- ## Recommended Workflow 1. **Verify BAA status** — confirm the Salesforce BAA is executed or in process. Document which products are BAA-covered. Flag any products or integrations that may not be covered. 2. **Complete PHI field inventory** — catalog all fields across all objects containing PHI using all 18 HIPAA identifier categories. This inventory drives all downstream security control configuration. 3. **Design access control model** — define user role taxonomy, set OWD to Private for all PHI-containing objects, design care team role-based sharing, and document the access matrix per role. 4. **Map HIPAA controls to Shield** — map each HIPAA Security Rule technical safeguard to a Shield component. Identify all PHI fields for encryption and Field Audit Trail coverage. 5. **Design Event Monitoring streaming** — identify the SIEM target, define log types to stream, design the streaming pipeline, and establish a 6-year retention policy. 6. **Produce implementation requirements specification** — document the HIPAA controls specification for the security implementation team, including the PHI field inventory, access matrix, audit trail scope, and SIEM streaming requirements. --- ## Review Checklist - [ ] BAA with Salesforce executed before any PHI is stored - [ ] All PHI-containing Salesforce products confirmed as BAA-covered - [ ] PHI field inventory completed (all 18 HIPAA identifier categories reviewed) - [ ] OWD-Private designed for all PHI-containing objects - [ ] Care team role-based sharing designed for minimum necessary access - [ ] Shield Field Audit Trail scoped for all PHI fields (NOT standard Field History Tracking) - [ ] Event Monitoring streaming to SIEM designed with 6-year retention policy - [ ] Shield Platform Encryption scoped for all PHI at-rest fields --- ## Salesforce-Specific Gotchas 1. **Standard Field History Tracking does not meet HIPAA 6-year retention** — 18-month standard retention fails the audit log requirement. Shield Field Audit Trail (10 years) is required. This is the #1 HIPAA architectural mistake in Health Cloud implementations. 2. **Event Monitoring logs expire in 30 days** — without streaming to a SIEM, all access audit logs are permanently lost. This is an ongoing operational requirement, not a one-time setup step. 3. **BAA coverage is product-specific** — using PHI with an uncovered Salesforce product or AppExchange package breaks HIPAA coverage even with Shield enabled. Verify BAA coverage for every product and service that touches PHI. --- ## Output Artifacts | Artifact | Description | |---|---| | PHI field inventory | Complete catalog of PHI fields across all org objects | | HIPAA controls specification | HIPAA Security Rule safeguard to Salesforce control mapping | | Access control matrix | Role-by-role PHI access requirements for OWD and permission set configuration | | Event Monitoring streaming requirements | SIEM target, log types, 6-year retention policy | --- ## Related Skills - admin/health-cloud-patient-setup — PHI field configuration on patient records - admin/health-cloud-consent-management — HIPAA Privacy Rule consent controls - admin/hipaa-compliance-architecture — Full HIPAA compliance architecture design
Related Skills
customer-data-request-workflow
Implement GDPR/CCPA data subject rights (access, deletion, rectification) using Salesforce Privacy Center and/or custom workflow. NOT for general backup or org-level data retention policy.
omniscript-design-patterns
Use when designing or reviewing OmniScripts for guided experiences, step structure, branching, save/resume, and the boundary between OmniScript, Integration Procedures, DataRaptors, and custom LWCs. Triggers: 'omniscript design', 'too many steps in omniscript', 'save and resume omniscript', 'branching in omniscript', 'when should this be an integration procedure'. NOT for deep Integration Procedure or DataRaptor design when the guided interaction layer is not the main concern.
flexcard-design-patterns
Use when designing, building, or reviewing OmniStudio FlexCards — including data source selection, card states, actions, conditional visibility, flyout configuration, and child card iteration. Triggers: 'FlexCard', 'card template', 'flyout', 'card action', 'card state', 'data source', 'child card', 'conditional visibility'. NOT for OmniScript design, standalone LWC development, or Apex controller architecture outside the FlexCard context.
calculation-procedure-design
Design OmniStudio Calculation Procedures and Calculation Matrices for pricing, rating, and rules-heavy scoring. Trigger keywords: calculation procedure, calculation matrix, rating engine, pricing matrix, expression set, decision matrix, OmniStudio rules. Does NOT cover: generic Apex-only pricing code, Salesforce CPQ price rules (different product), or Flow-based decision logic.
slack-workflow-builder
Use this skill when designing or troubleshooting Slack Workflow Builder workflows that call Salesforce — especially the Salesforce connector step Run a Flow, mapping inputs/outputs, handling failures, and understanding limits. Triggers on: Slack Workflow Builder Salesforce, Run a Flow from Slack, autolaunched flow from Slack, Slack automation calling Salesforce. NOT for Salesforce Flow Builder tutorials unrelated to Slack (use flow skills), not for Flow Core Actions that send Slack messages from Salesforce (use flow-for-slack), not for initial org-to-workspace connection (use slack-salesforce-integration-setup), and not for building custom Slack apps outside Workflow Builder.
api-error-handling-design
Designing HTTP error classification, RFC 7807-style error payload structure, and client-side error parsing for Salesforce REST/SOAP integrations and custom Apex REST endpoints. Use when deciding which HTTP status codes to return from custom Apex REST services, how to structure error response bodies, how to classify inbound API errors as retry-safe vs non-retry-safe, or how to parse Salesforce error responses on the consumer side. NOT for retry execution mechanics or circuit breaker implementation (use retry-and-backoff-patterns). NOT for Apex exception class design (use apex-error-handling-framework). NOT for OAuth error flows (use oauth-flows-and-connected-apps).
workflow-rule-to-flow-migration
Migrate Workflow Rules to record-triggered Flows: field update mapping, email alert migration, outbound message alternatives using Flow Core Actions, time-based workflow replacement with Scheduled Paths. NOT for Process Builder migration (use process-builder-to-flow-migration), NOT for building new flows from scratch.
data-model-design-patterns
Use when designing, reviewing, or troubleshooting Salesforce object relationships and field type choices — lookup vs master-detail, junction object modeling, indexing strategy, and data model anti-patterns. NOT for object creation steps (use object-creation-and-design). NOT for bulk data loading operations.
data-extension-design
Use this skill when designing, creating, or troubleshooting Marketing Cloud Data Extensions — including sendable vs. non-sendable DE selection, primary key composition, data retention configuration, Send Relationship mapping, and performance indexing. Trigger keywords: data extension, sendable DE, send relationship, DE primary key, data retention, Marketing Cloud data model, DE columns, subscriber key mapping. NOT for CRM (Sales/Service Cloud) custom object design, Marketing Cloud Connect object sync configuration, or Contact Builder attribute group architecture beyond simple relationship type selection.
solution-design-patterns
Use when selecting the right automation layer (Flow, Apex, LWC) for a new feature, reviewing an existing design for technical debt, or troubleshooting a mismatched automation architecture. Triggers: 'should I use Flow or Apex', 'declarative vs programmatic', 'which layer should handle this', 'automation design review', 'should I use LWC or standard components', 'is this over-engineered'. NOT for individual feature design (use role-specific skills), NOT for detailed Apex implementation (use apex/ skills), NOT for LWC component authoring (use lwc/ skills), NOT for Flow-specific build steps (use flow/ skills).
sla-design-and-escalation-matrix
Use when designing the SLA tier definition table, escalation matrix document, and milestone threshold configuration for a Salesforce Service Cloud implementation. Covers designing the artifact layer — tier tiers (e.g., Enterprise/Professional/Basic), response and resolution time targets, business hours mapping, milestone percentage thresholds at 50/75/90/100%, and the escalation action matrix that maps thresholds to notification targets and automated actions. Triggers: SLA design, escalation matrix, milestone thresholds, tier definition, business hours alignment, SLA enforcement design. NOT for entitlement process configuration steps (use admin/case-management-setup), NOT for escalation rule setup (use admin/escalation-rules), NOT for CPQ quoting SLAs.
knowledge-taxonomy-design
Use when designing or restructuring a Salesforce Knowledge taxonomy: Data Category Group structure, hierarchy depth, article type selection, article lifecycle governance (Draft/Published/Archived), Validation Status gating, and content gap analysis via KCS methodology and Search Activity Gaps. Triggers: knowledge taxonomy design, data category hierarchy, knowledge article lifecycle, knowledge governance model, KCS content gap analysis, search activity gaps, knowledge category structure. NOT for Knowledge admin feature setup (use admin/knowledge-setup), NOT for Experience Cloud search configuration, NOT for Einstein Article Recommendations tuning.