hipaa-compliance-guard
HIPAA Compliance Guard
Purpose and Intent
The hipaa-compliance-guard is a specialized auditing tool for the healthcare industry. Its goal is to provide a technical assessment of how well an application adheres to the HIPAA Security Rule, specifically focusing on the protection of Electronic Protected Health Information (ePHI).
When to Use
- Architecture Reviews: Run during the design phase to ensure encryption and logging are planned.
- Pre-Audit Self-Assessment: Use before a formal 3rd-party HIPAA audit to identify and fix low-hanging violations.
- Infrastructure Changes: Run after modifying Terraform or Cloud scripts to ensure security groups or encryption haven't been compromised.
When NOT to Use
- Real Patient Data: This tool should NOT be used on live databases containing PHI. It is for checking the systems that handle the data.
- Legal Certification: Passing this audit does not mean you are "HIPAA Certified"; it means your technical configuration follows best practices.
Error Conditions and Edge Cases
- Obfuscated Infrastructure: If cloud resources are created via manual console actions (ClickOps) instead of code, this tool cannot see them.
- Custom Encryption: Proprietary or non-standard encryption methods may be flagged as warnings.
Security and Data-Handling Considerations
- No PHI Access: The tool is designed to look at configurations, not data.
- Local Analysis: Keep your infrastructure code local and run the scan within your trusted environment.
More from jorgealves/agent_skills
python-security-scanner
Detect common Python vulnerabilities such as SQL injection, unsafe deserialization, and hardcoded secrets. Use as part of a secure SDLC for Python projects.
175prompt-injection-scanner
Audits agent skill instructions and system prompts for vulnerabilities to prompt hijacking and indirect injection. Use when designing new agent skills or before deploying agents to public environments where users provide untrusted input.
140gdpr-ccpa-privacy-auditor
Audits web applications to ensure declared privacy policies match actual technical data collection practices. Use to identify discrepancies in cookie usage, tracking scripts, and user data handling.
137pii-sanitizer
Detects and redacts Personally Identifiable Information (PII) like emails, phone numbers, and credit cards. Use when cleaning logs, datasets, or communications to comply with GDPR/CCPA privacy standards.
119secret-leak-detector
Scans source code, configuration files, and git history for hardcoded credentials, API keys, and tokens. Use when auditing repositories for security leaks or ensuring sensitive data is not committed to version control.
104agent-capability-discovery
Scans all skill directories in the repository to generate a comprehensive global map of agent capabilities, inputs, and outputs. Use when you need to understand the full potential of your agent library or when a master agent needs to decide which sub-agent skill to invoke for a complex task.
104