health-hipaa-secure-delivery
HIPAA Secure Delivery
Overview
Use this skill to evaluate architecture and delivery choices for healthcare software where privacy, access control, auditability, and operational discipline matter.
Workflow
- Identify the data types, actors, and system boundaries involved.
- Trace how protected or sensitive information enters, moves through, and leaves the system.
- Review access, logging, operational controls, and deployment assumptions.
- Produce concrete risks, mitigations, and implementation guidance.
Constraints
- Focus on engineering and delivery decisions, not legal advice.
- Highlight where assumptions depend on deployment context or organizational controls.
- Separate baseline safeguards from context-specific enhancements.
Resources
references/control-areas.md: control areas to review for secure healthcare delivery
Output Contract
- Provide risks, recommended safeguards, open assumptions, and delivery implications.
More from reason-healthcare/health-skills
health-fhir-api-design
Design FHIR R4 API interactions — search queries, operations ($), validation, workflow patterns, and custom SearchParameter / OperationDefinition resources. The user provides requirements; the skill recommends a concrete R4 approach with trade-offs.
13health-docs
Audit and consolidate documentation for healthcare engineering systems. Supports two modes — analyze (coverage audit — writes only .health-docs/analysis.md) and document (consolidate existing docs + fill gaps). Detects applicable jurisdiction overlays and regulatory regimes from codebase signals, composes existing skills as subagents for deep-dimension analysis, and produces a structured handoff artifact consumed by document mode.
9health-product-discovery
Healthcare product discovery skill that maps incentive structures, adoption dynamics, and clinical workflow constraints before shaping solutions. Uses a jurisdiction-neutral core workflow plus explicit US and EU market overlays. Supports explore and document modes for early-stage ideation, consulting, pilot scoping, and strategic planning.
9health-human-factors
Review healthcare and EHR software interfaces against a comprehensive design style guide grounded in NIST, FDA, IEC 62366, ISO 9241, ISO 14971, WCAG 2.1, ONC SAFER, and HL7 FHIR standards. Produces a report-only assessment without modifying code or designs. Use when an agent needs to evaluate clinical UI screens, data display, forms, alerts, or workflows for patient-safety, usability, accessibility, and data-clarity compliance.
9health-refactor
Produce a scope-bounded, plan-only refactoring assessment for healthcare codebases. Resolves a bounded file set via git range, file area, or symbol/dependency context, proposes `us`, `eu`, or `us+eu` overlays from evidence, then orchestrates healthcare-aware refactoring, human-factors review, and regulatory review into a unified plan. Never modifies code.
8health-fhir-modeling
Map domain concepts to FHIR R4 resources and understand profile compliance. Select the right base resources, read US Core and QI Core profile constraints, model relationships, find existing extensions, and apply terminology bindings correctly. Outputs annotated example instances — not StructureDefinition or profile artifacts.
7