ReddRadar
Agent skill
hipaa-compliance-automator
HIPAA security and privacy compliance automation for ePHI protection, safeguards assessment, and audit preparation
Install this agent skill to your Project
npx add-skill https://github.com/a5c-ai/babysitter/tree/main/library/specializations/security-compliance/skills/hipaa-compliance-automator
SKILL.md
HIPAA Compliance Automator Skill
Purpose
Automate Health Insurance Portability and Accountability Act (HIPAA) compliance activities including ePHI inventory, safeguards assessment, risk analysis, Business Associate Agreement management, and breach notification procedures.
Capabilities
ePHI Inventory and Tracking
- Discover and catalog electronic Protected Health Information
- Map ePHI data flows between systems
- Identify ePHI storage locations
- Track ePHI access and usage
- Document minimum necessary standards
Administrative Safeguards Assessment
- Security management process evaluation
- Workforce security procedures review
- Information access management assessment
- Security awareness training tracking
- Security incident procedures review
- Contingency plan evaluation
- Business associate oversight
Technical Safeguards Validation
- Access control verification
- Audit controls assessment
- Integrity controls validation
- Transmission security review
- Encryption verification (at rest and in transit)
- Authentication mechanisms review
Physical Safeguards Assessment
- Facility access controls review
- Workstation use and security
- Device and media controls
- Physical security documentation
Business Associate Management
- BAA inventory and tracking
- BAA compliance monitoring
- Subcontractor BAA tracking
- BAA renewal management
- Risk assessment for BAs
Breach Notification Procedures
- Breach assessment and documentation
- Risk assessment for notification determination
- HHS notification tracking (60-day rule)
- Individual notification management
- Media notification for large breaches (500+)
Risk Analysis
- Comprehensive risk assessment
- Threat and vulnerability identification
- Risk level determination
- Safeguard recommendations
- Risk treatment tracking
HIPAA Rules Coverage
Privacy Rule
- Use and disclosure limitations
- Minimum necessary standard
- Patient rights
- Notice of Privacy Practices
- Authorization requirements
Security Rule
- Administrative safeguards (164.308)
- Physical safeguards (164.310)
- Technical safeguards (164.312)
- Policies and procedures (164.316)
Breach Notification Rule
- Discovery and notification timelines
- Risk assessment methodology
- Notification content requirements
- Documentation requirements
Integrations
- Compliancy Group: HIPAA compliance platform
- HIPAA One: Compliance management
- Accountable HQ: HIPAA compliance software
- Custom audit tools: Organization-specific solutions
- EHR Systems: Electronic health records integration
Target Processes
- HIPAA Security and Privacy Compliance
- Security Risk Analysis
- Business Associate Compliance
- Breach Response Process
- Compliance Audit Preparation
Input Schema
{
"type": "object",
"properties": {
"assessmentType": {
"type": "string",
"enum": ["full", "security", "privacy", "risk", "breach", "baa"],
"description": "Type of HIPAA assessment"
},
"entityType": {
"type": "string",
"enum": ["covered_entity", "business_associate", "hybrid"],
"description": "HIPAA entity classification"
},
"scope": {
"type": "object",
"properties": {
"systems": { "type": "array", "items": { "type": "string" } },
"facilities": { "type": "array", "items": { "type": "string" } },
"businessAssociates": { "type": "array", "items": { "type": "string" } }
}
},
"breachDetails": {
"type": "object",
"properties": {
"discoveryDate": { "type": "string", "format": "date" },
"description": { "type": "string" },
"affectedIndividuals": { "type": "integer" },
"phiCategories": { "type": "array" }
}
},
"existingDocumentation": {
"type": "string",
"description": "Path to existing HIPAA documentation"
}
},
"required": ["assessmentType", "entityType"]
}
Output Schema
{
"type": "object",
"properties": {
"assessmentId": {
"type": "string"
},
"assessmentType": {
"type": "string"
},
"entityType": {
"type": "string"
},
"assessmentDate": {
"type": "string",
"format": "date-time"
},
"ephiInventory": {
"type": "object",
"properties": {
"systems": { "type": "array" },
"dataFlows": { "type": "array" },
"storageLocations": { "type": "array" }
}
},
"safeguardsAssessment": {
"type": "object",
"properties": {
"administrative": {
"type": "object",
"properties": {
"implemented": { "type": "integer" },
"partiallyImplemented": { "type": "integer" },
"notImplemented": { "type": "integer" }
}
},
"technical": { "type": "object" },
"physical": { "type": "object" }
}
},
"riskAnalysis": {
"type": "object",
"properties": {
"threats": { "type": "array" },
"vulnerabilities": { "type": "array" },
"riskLevel": { "type": "string" }
}
},
"gapAnalysis": {
"type": "array",
"items": {
"type": "object",
"properties": {
"standard": { "type": "string" },
"requirement": { "type": "string" },
"currentState": { "type": "string" },
"gap": { "type": "string" },
"remediation": { "type": "string" },
"priority": { "type": "string" }
}
}
},
"breachAssessment": {
"type": "object"
},
"complianceScore": {
"type": "number"
},
"recommendations": {
"type": "array",
"items": { "type": "string" }
}
}
}
Usage Example
skill: {
name: 'hipaa-compliance-automator',
context: {
assessmentType: 'full',
entityType: 'covered_entity',
scope: {
systems: ['EHR', 'Patient Portal', 'Billing System'],
facilities: ['Main Hospital', 'Outpatient Clinic']
}
}
}
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
a5c-ai/babysitter
gsd-tools
Central utility skill for GSD operations. Provides config parsing, slug generation, timestamps, path operations, and orchestrates calls to other specialized skills. Acts as the unified entry point that the original gsd-tools.cjs provided via its lib/ modules (commands, config, core, init).
a5c-ai/babysitter
model-profile-resolution
Resolve model profile (quality/balanced/budget) at orchestration start and map agents to specific models. Enables cost/quality tradeoffs by selecting appropriate AI models for each agent role.
a5c-ai/babysitter
verification-suite
Plan structure validation, phase completeness checks, reference integrity verification, and artifact existence confirmation. Provides the structured verification layer ensuring GSD artifacts are well-formed and complete.
a5c-ai/babysitter
state-management
STATE.md reading, writing, and field-level updates. Provides cross-session state persistence via .planning/STATE.md with structured fields for current task, completed phases, blockers, decisions, and quick tasks.
a5c-ai/babysitter
git-integration
Git commit patterns, formats, and conventions for GSD methodology. Provides atomic commits per task, structured commit messages, planning file commits, branch management, and milestone tag operations.
a5c-ai/babysitter
frontmatter-parsing
YAML frontmatter parsing and manipulation for .planning/ documents. Provides read, write, update, query, and validation operations on frontmatter blocks in GSD markdown artifacts.
Didn't find tool you were looking for?