assess-hipaa
SKILL.md
HIPAA Compliance Assessment
Conduct a comprehensive HIPAA compliance assessment.
Workflow
Step 1: Load Required Skills
Load these skills:
hipaa-compliance- HIPAA requirements and safeguardsdata-classification- PHI identificationsecurity-frameworks- Security control mapping
Step 2: Spawn Compliance Analyst Agent
Spawn the compliance-analyst agent with the following prompt:
Conduct a comprehensive HIPAA compliance assessment for: $ARGUMENTS
Perform the following assessments:
1. PHI Identification
- Identify all Protected Health Information
- Map PHI data flows
- Document storage locations
- Identify all access points
2. Entity Classification
- Determine if Covered Entity or Business Associate
- Identify all Business Associate relationships
- Review BAA coverage
3. Administrative Safeguards
- Security management process
- Workforce security
- Information access management
- Security awareness and training
- Incident response procedures
- Contingency planning
4. Physical Safeguards
- Facility access controls
- Workstation security
- Device and media controls
5. Technical Safeguards
- Access controls (unique user ID, MFA)
- Audit controls
- Integrity controls
- Transmission security
6. Risk Assessment
- Identify threats and vulnerabilities
- Assess likelihood and impact
- Calculate risk levels
- Recommend mitigations
7. Breach Notification Readiness
- Incident detection capabilities
- Breach assessment procedures
- Notification procedures
Provide a complete HIPAA assessment with:
- Safeguard compliance scores
- Gap analysis with severity
- Risk assessment summary
- Remediation priorities
Step 3: Generate Assessment Report
Ensure the report includes:
- Executive summary with compliance posture
- Detailed safeguard assessment
- Risk register
- BAA inventory
- Remediation roadmap
Example Usage
# Assess a patient portal
/compliance-planning:assess-hipaa "patient portal with PHI access and messaging"
# Assess a medical records system
/compliance-planning:assess-hipaa "electronic health record system with multi-provider access"
# Assess a healthcare analytics platform
/compliance-planning:assess-hipaa "healthcare analytics platform processing de-identified data"
Output Format
# HIPAA Compliance Assessment: [System Name]
## Executive Summary
### Entity Type: [Covered Entity / Business Associate]
### Overall Compliance: [COMPLIANT / PARTIAL / NON-COMPLIANT]
| Safeguard Category | Score | Status |
|--------------------|-------|--------|
| Administrative | [X/10] | [Status] |
| Physical | [X/10] | [Status] |
| Technical | [X/10] | [Status] |
| **Overall** | **[X/10]** | **[Status]** |
### Critical Findings
- [Finding 1]
- [Finding 2]
---
## PHI Inventory
| Data Element | HIPAA Identifier | Location | Access |
|--------------|------------------|----------|--------|
---
## Safeguard Assessment
### Administrative Safeguards
| Requirement | Status | Evidence | Gap |
|-------------|--------|----------|-----|
### Physical Safeguards
| Requirement | Status | Evidence | Gap |
|-------------|--------|----------|-----|
### Technical Safeguards
| Requirement | Status | Evidence | Gap |
|-------------|--------|----------|-----|
---
## Business Associate Analysis
| BA Name | Services | BAA Status | Last Review |
|---------|----------|------------|-------------|
---
## Risk Assessment
| Risk | Threat | Vulnerability | Likelihood | Impact | Score | Mitigation |
|------|--------|---------------|------------|--------|-------|------------|
---
## Gap Analysis
### Critical Gaps
| Gap | Safeguard | Risk | Priority | Remediation |
|-----|-----------|------|----------|-------------|
---
## Remediation Roadmap
### Phase 1: Critical (Immediate)
1. [Action with owner]
### Phase 2: High Priority (30 days)
1. [Action]
### Phase 3: Improvements (90 days)
1. [Action]
---
## Breach Notification Readiness
- [ ] Incident detection in place
- [ ] Breach assessment procedure documented
- [ ] Notification templates ready
- [ ] HHS reporting procedure defined
Weekly Installs
1
Repository
melodic-softwar…-pluginsGitHub Stars
38
First Seen
10 days ago
Security Audits
Installed on
amp1
cline1
opencode1
cursor1
kimi-cli1
codex1