hipaa-compliance-guard
HIPAA Compliance Guard
Purpose and Intent
The hipaa-compliance-guard is a specialized auditing tool for the healthcare industry. Its goal is to provide a technical assessment of how well an application adheres to the HIPAA Security Rule, specifically focusing on the protection of Electronic Protected Health Information (ePHI).
When to Use
- Architecture Reviews: Run during the design phase to ensure encryption and logging are planned.
- Pre-Audit Self-Assessment: Use before a formal 3rd-party HIPAA audit to identify and fix low-hanging violations.
- Infrastructure Changes: Run after modifying Terraform or Cloud scripts to ensure security groups or encryption haven't been compromised.
When NOT to Use
- Real Patient Data: This tool should NOT be used on live databases containing PHI. It is for checking the systems that handle the data.
- Legal Certification: Passing this audit does not mean you are "HIPAA Certified"; it means your technical configuration follows best practices.
Error Conditions and Edge Cases
- Obfuscated Infrastructure: If cloud resources are created via manual console actions (ClickOps) instead of code, this tool cannot see them.
- Custom Encryption: Proprietary or non-standard encryption methods may be flagged as warnings.
Security and Data-Handling Considerations
- No PHI Access: The tool is designed to look at configurations, not data.
- Local Analysis: Keep your infrastructure code local and run the scan within your trusted environment.
More from jorgealves/agent_skills
python-security-scanner
Detect common Python vulnerabilities such as SQL injection, unsafe deserialization, and hardcoded secrets. Use as part of a secure SDLC for Python projects.
175prompt-injection-scanner
Audits agent skill instructions and system prompts for vulnerabilities to prompt hijacking and indirect injection. Use when designing new agent skills or before deploying agents to public environments where users provide untrusted input.
140gdpr-ccpa-privacy-auditor
Audits web applications to ensure declared privacy policies match actual technical data collection practices. Use to identify discrepancies in cookie usage, tracking scripts, and user data handling.
137pii-sanitizer
Detects and redacts Personally Identifiable Information (PII) like emails, phone numbers, and credit cards. Use when cleaning logs, datasets, or communications to comply with GDPR/CCPA privacy standards.
119python-data-pipeline-designer
Design ETL workflows with data validation using tools like Pandas, Dask, or PySpark. Use when building robust data processing systems in Python.
116documentation-generator
Analyzes source code to automatically generate technical documentation and architecture diagrams. Use to maintain up-to-date API references and onboarding materials for engineering teams.
114