Is risk assessment a one-time process with this skill?

No, the skill advocates for continuous risk assessment, providing an 8-step methodology to be used after every significant system change or incident.

Can it help with mandatory breach notifications?

Yes, it includes procedures for responding to suspected PHI breaches and managing the strict 60-day HHS and individual notification timelines.

What technical safeguards are included in the implementation?

It covers Role-Based Access Control (RBAC), break-glass procedures, session timeouts, and tamper-evident audit logging for all PHI access.

How does this skill help with PHI encryption?

It provides standards for AES-256-GCM at rest and TLS 1.3 in transit, including KMS key management and envelope encryption strategies.

Does it cover vendor management requirements?

It includes a detailed Business Associate Agreement (BAA) checklist to ensure all subcontractors follow mandatory PHI flow-down requirements.

HIPAA Compliance for Healthcare

Name: HIPAA Compliance for Healthcare
Author: rnavarych

byrnavarych

•

安全与测试

Implements and audits HIPAA-compliant safeguards, risk assessments, and breach notification procedures for healthcare software systems.

This Claude Code skill provides comprehensive guidance for developers and architects building software that handles Protected Health Information (PHI). It integrates technical, administrative, and physical safeguard implementations—including AES-256 encryption, audit logging, and RBAC—while offering structured checklists for Business Associate Agreements (BAAs) and formal risk assessments. Whether you are designing a new clinical system or auditing an existing one for regulatory compliance, this skill ensures your architecture meets high-stakes healthcare security standards and legal requirements.

主要功能

01Structured 8-step HIPAA risk assessment methodology

02Business Associate Agreement (BAA) vendor onboarding checklists

03Tamper-evident audit logging with 6-year retention requirements

0411 GitHub stars

05Breach notification protocol management and HHS reporting timelines

06Encryption implementation (AES-256-GCM at rest, TLS 1.3 in transit)

使用场景

01Reviewing clinical system logs to ensure mandatory access control tracking

02Auditing cloud infrastructure for HIPAA-compliant encryption and KMS configuration

03Navigating vendor evaluations and BAA requirements during third-party integration

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add rnavarych/alpha-engineer hipaa-compliance

For use in Claude.ai and ChatGPT

主要功能

01Structured 8-step HIPAA risk assessment methodology

02Business Associate Agreement (BAA) vendor onboarding checklists

03Tamper-evident audit logging with 6-year retention requirements

0411 GitHub stars

05Breach notification protocol management and HHS reporting timelines

06Encryption implementation (AES-256-GCM at rest, TLS 1.3 in transit)

使用场景

01Reviewing clinical system logs to ensure mandatory access control tracking

02Auditing cloud infrastructure for HIPAA-compliant encryption and KMS configuration

03Navigating vendor evaluations and BAA requirements during third-party integration

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add rnavarych/alpha-engineer hipaa-compliance

For use in Claude.ai and ChatGPT