What are the 18 HIPAA identifiers this skill helps manage?

The skill identifies and provides de-identification logic for all 18 identifiers, including names, geographic data smaller than a state, dates (except year), SSNs, medical record numbers, and biometric identifiers.

Does this skill help with database encryption standards?

Yes, it provides implementation patterns for AES-256-GCM encryption at rest and mandatory TLS 1.2+ for transmission to meet HIPAA Security Rule requirements.

Which cloud services are listed as HIPAA-eligible?

The skill maintains a directory of services like AWS, Google Cloud, Azure, Twilio, and Stripe that offer Business Associate Agreements (BAAs), while warning against non-eligible services like standard Firebase or Google Analytics.

How does it handle the 'Minimum Necessary' requirement?

It provides code patterns for role-based access control (RBAC) and server-side filtering to ensure users only access the specific data fields required for their job function.

HIPAA Compliance Guide

Name: HIPAA Compliance Guide
Author: peixotorms

bypeixotorms

0•

보안 및 테스팅

Provides expert guidance and technical safeguards for developing HIPAA-compliant healthcare applications and handling Protected Health Information (PHI).

The HIPAA Compliance skill is a specialized resource for developers building healthcare software, ensuring adherence to the Privacy, Security, and Breach Notification Rules. It provides actionable patterns for implementing mandatory technical safeguards like AES-256 encryption, multi-factor authentication, and granular audit logging. By identifying the 18 PHI identifiers and offering de-identification strategies such as the Safe Harbor Method, this skill helps teams minimize regulatory risk and navigate complex Business Associate Agreement (BAA) requirements for cloud services like AWS, Azure, and GCP.

주요 기능

010 GitHub stars

02Implementation patterns for technical safeguards including encryption at rest and in transit.

03Comprehensive guidance on the 18 HIPAA identifiers and Safe Harbor de-identification.

04Audit logging templates to track ePHI access, modifications, and exports.

05Role-based access control (RBAC) mapping for the Minimum Necessary Rule.

06Directory of HIPAA-eligible third-party services and BAA requirements.

사용 사례

01Architecting EHR integrations or patient portals that require secure handling of ePHI.

02Scrubbing PHI from logs and error tracking payloads before transmission to third-party tools.

03Developing automated breach detection and incident response workflows for healthcare APIs.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add peixotorms/odinlayer-skills hipaa-compliance

For use in Claude.ai and ChatGPT

Download Skill