hipaa readiness audit
Audits codebases for HIPAA Security Rule gaps, identifies PHI leaks, and maps BAA requirements.
$48
· or 240 creditsSecure checkout via Stripe
Works with the AI tools you already use
About this skill
The problem
Developers often assume their stack is HIPAA compliant because they use AWS or Bitlocker. They lack a concrete map of how their specific code violates the HIPAA Security Rule or which vendors require a BAA.
What it does
- Scans codebases for ePHI-handling defects and maps them to specific HIPAA Security Rule citations.
- Identifies third-party vendors and AI providers that require a Business Associate Agreement (BAA).
- Finds missing audit controls, including failures to log record access (reads) rather than just writes.
- Detects ePHI leakage into client-side analytics, session replays, and unscrubbed error trackers.
- Generates severity-rated findings structured for OCR investigators or hospital security reviews.
Why this beats prompting it yourself
Generic LLM prompts often confuse proposed 2025 rules with current law or treat addressable requirements as optional. This skill uses a strict reference snapshot to ensure citations are accurate and distinguishes between code-level safeguards and organizational policies.
Use cases
- Preparing for a hospital CISO security review or vendor questionnaire.
- Auditing a healthtech repo to identify PHI exposure before a production launch.
- Generating evidence to feed an official 164.308(a)(1) risk analysis.
- Mapping AI usage to identify which LLM flows must stop due to missing BAAs.
Known limitations
Cannot verify physical safeguards (facility access) or administrative policies (employee training). Findings are unverified if repo access is not provided.
Details
How to install
Drop the file into your AI Agent. Works with Claude, Cursor, ChatGPT, and 20+ more.
Reviews
No reviews yet - be the first to share your experience.
Only users who have downloaded or purchased this skill can leave a review.
Be the first to review this skill.
Only users who have downloaded or purchased this skill can leave a review.
Security Scanned
Passed automated security review
Permissions
No special permissions declared or detected
Creator
Frequently Asked Questions
Browse More Skills

prompt-engineer
Professional prompt engineering patterns for building robust, secure, and production-ready LLM applications.
designing-hybrid-context-layers
Architects the right retrieval strategy for every query — teaching your agent when to use RAG, a knowledge graph, or a temporal index instead of defaulting to vector search for everything.
Bounty Security Pattern Master Library — 399 Vulnerability Patterns
A premium library of 399 vulnerability patterns and DeFi attack vectors for AI-driven bug hunting and security audits.
synthesizing-institutional-knowledge
Builds the organizational memory schema your AI agent needs to answer why — capturing decision provenance, causal chains, and event context that embedding-based retrieval permanently discards.