Can it assist with audit logging for compliance?

Yes, it provides templates for tamper-evident logging that records every PHI access event, including read operations, which is critical for compliance audits.

How does it handle data disposal?

It prioritizes cryptographic erasure—destroying encryption keys—as a faster and more auditable method than physical overwriting, following NIST SP 800-88 standards.

Does this skill help with de-identification?

Yes, it provides specific checklists for the Safe Harbor method (removing 18 identifiers) and documentation requirements for Expert Determination.

What is the 'minimum necessary' principle in this context?

It is a HIPAA requirement that ensures users and systems only access the specific amount of PHI needed to perform a task. This skill helps implement this at the API layer rather than the client.

PHI Data Handling for Healthcare

Name: PHI Data Handling for Healthcare
Author: rnavarych

byrnavarych

•

Seguridad y Pruebas

Implements HIPAA-compliant workflows for protecting, de-identifying, and auditing Protected Health Information (PHI) in clinical systems.

This Claude Code skill provides specialized domain knowledge for handling Protected Health Information (PHI) within healthcare software. It guides developers through the 18 HIPAA identifiers, de-identification methods like Safe Harbor and Expert Determination, and the implementation of essential security controls such as role-based access and tamper-evident audit logging. By enforcing the 'minimum necessary' principle at the API layer and providing patterns for AES-256 encryption and cryptographic erasure, this skill ensures that engineering teams build clinical systems that are secure by design and compliant with federal regulations.

Características Principales

01HIPAA-compliant de-identification using Safe Harbor and Expert Determination methods

0211 GitHub stars

03Role-based access control (RBAC) design specifically tailored for clinical environments

04Comprehensive audit logging patterns for all PHI access events, including reads

05Implementation of the 'minimum necessary' principle at the API and service layers

06Secure encryption workflows utilizing AES-256-GCM and cloud-based key rotation

Casos de Uso

01Auditing existing codebases for compliance with HIPAA data handling requirements

02Implementing secure disposal and media sanitization protocols for sensitive health data

03Designing a new healthcare database schema that isolates and protects PHI

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add rnavarych/alpha-engineer phi-data-handling

For use in Claude.ai and ChatGPT

Características Principales

01HIPAA-compliant de-identification using Safe Harbor and Expert Determination methods

0211 GitHub stars

03Role-based access control (RBAC) design specifically tailored for clinical environments

04Comprehensive audit logging patterns for all PHI access events, including reads

05Implementation of the 'minimum necessary' principle at the API and service layers

06Secure encryption workflows utilizing AES-256-GCM and cloud-based key rotation

Casos de Uso

01Auditing existing codebases for compliance with HIPAA data handling requirements

02Implementing secure disposal and media sanitization protocols for sensitive health data

03Designing a new healthcare database schema that isolates and protects PHI