hipaa-compliance-automator
// HIPAA security and privacy compliance automation for ePHI protection, safeguards assessment, and audit preparation
$ git log --oneline --stat
stars:384
forks:73
updated:March 4, 2026
SKILL.mdreadonly
SKILL.md Frontmatter
namehipaa-compliance-automator
descriptionHIPAA security and privacy compliance automation for ePHI protection, safeguards assessment, and audit preparation
allowed-toolsBash,Read,Write,Glob,Grep,WebFetch
HIPAA Compliance Automator Skill
Purpose
Automate Health Insurance Portability and Accountability Act (HIPAA) compliance activities including ePHI inventory, safeguards assessment, risk analysis, Business Associate Agreement management, and breach notification procedures.
Capabilities
ePHI Inventory and Tracking
- Discover and catalog electronic Protected Health Information
- Map ePHI data flows between systems
- Identify ePHI storage locations
- Track ePHI access and usage
- Document minimum necessary standards
Administrative Safeguards Assessment
- Security management process evaluation
- Workforce security procedures review
- Information access management assessment
- Security awareness training tracking
- Security incident procedures review
- Contingency plan evaluation
- Business associate oversight
Technical Safeguards Validation
- Access control verification
- Audit controls assessment
- Integrity controls validation
- Transmission security review
- Encryption verification (at rest and in transit)
- Authentication mechanisms review
Physical Safeguards Assessment
- Facility access controls review
- Workstation use and security
- Device and media controls
- Physical security documentation
Business Associate Management
- BAA inventory and tracking
- BAA compliance monitoring
- Subcontractor BAA tracking
- BAA renewal management
- Risk assessment for BAs
Breach Notification Procedures
- Breach assessment and documentation
- Risk assessment for notification determination
- HHS notification tracking (60-day rule)
- Individual notification management
- Media notification for large breaches (500+)
Risk Analysis
- Comprehensive risk assessment
- Threat and vulnerability identification
- Risk level determination
- Safeguard recommendations
- Risk treatment tracking
HIPAA Rules Coverage
Privacy Rule
- Use and disclosure limitations
- Minimum necessary standard
- Patient rights
- Notice of Privacy Practices
- Authorization requirements
Security Rule
- Administrative safeguards (164.308)
- Physical safeguards (164.310)
- Technical safeguards (164.312)
- Policies and procedures (164.316)
Breach Notification Rule
- Discovery and notification timelines
- Risk assessment methodology
- Notification content requirements
- Documentation requirements
Integrations
- Compliancy Group: HIPAA compliance platform
- HIPAA One: Compliance management
- Accountable HQ: HIPAA compliance software
- Custom audit tools: Organization-specific solutions
- EHR Systems: Electronic health records integration
Target Processes
- HIPAA Security and Privacy Compliance
- Security Risk Analysis
- Business Associate Compliance
- Breach Response Process
- Compliance Audit Preparation
Input Schema
{
"type": "object",
"properties": {
"assessmentType": {
"type": "string",
"enum": ["full", "security", "privacy", "risk", "breach", "baa"],
"description": "Type of HIPAA assessment"
},
"entityType": {
"type": "string",
"enum": ["covered_entity", "business_associate", "hybrid"],
"description": "HIPAA entity classification"
},
"scope": {
"type": "object",
"properties": {
"systems": { "type": "array", "items": { "type": "string" } },
"facilities": { "type": "array", "items": { "type": "string" } },
"businessAssociates": { "type": "array", "items": { "type": "string" } }
}
},
"breachDetails": {
"type": "object",
"properties": {
"discoveryDate": { "type": "string", "format": "date" },
"description": { "type": "string" },
"affectedIndividuals": { "type": "integer" },
"phiCategories": { "type": "array" }
}
},
"existingDocumentation": {
"type": "string",
"description": "Path to existing HIPAA documentation"
}
},
"required": ["assessmentType", "entityType"]
}
Output Schema
{
"type": "object",
"properties": {
"assessmentId": {
"type": "string"
},
"assessmentType": {
"type": "string"
},
"entityType": {
"type": "string"
},
"assessmentDate": {
"type": "string",
"format": "date-time"
},
"ephiInventory": {
"type": "object",
"properties": {
"systems": { "type": "array" },
"dataFlows": { "type": "array" },
"storageLocations": { "type": "array" }
}
},
"safeguardsAssessment": {
"type": "object",
"properties": {
"administrative": {
"type": "object",
"properties": {
"implemented": { "type": "integer" },
"partiallyImplemented": { "type": "integer" },
"notImplemented": { "type": "integer" }
}
},
"technical": { "type": "object" },
"physical": { "type": "object" }
}
},
"riskAnalysis": {
"type": "object",
"properties": {
"threats": { "type": "array" },
"vulnerabilities": { "type": "array" },
"riskLevel": { "type": "string" }
}
},
"gapAnalysis": {
"type": "array",
"items": {
"type": "object",
"properties": {
"standard": { "type": "string" },
"requirement": { "type": "string" },
"currentState": { "type": "string" },
"gap": { "type": "string" },
"remediation": { "type": "string" },
"priority": { "type": "string" }
}
}
},
"breachAssessment": {
"type": "object"
},
"complianceScore": {
"type": "number"
},
"recommendations": {
"type": "array",
"items": { "type": "string" }
}
}
}
Usage Example
skill: {
name: 'hipaa-compliance-automator',
context: {
assessmentType: 'full',
entityType: 'covered_entity',
scope: {
systems: ['EHR', 'Patient Portal', 'Billing System'],
facilities: ['Main Hospital', 'Outpatient Clinic']
}
}
}