Summary
This is a static analysis tool for checking whether your healthcare infrastructure code follows HIPAA's technical safeguards. Run it during architecture reviews or before deploying Terraform changes to catch missing encryption configs or audit logging gaps. It won't touch actual patient data and it definitely won't make you legally compliant on its own, but it's useful for self-assessment before a real audit. The main limitation is it can only see what's in your infrastructure as code, so if your team is doing manual console provisioning, this won't catch those resources.
Install to Claude Code
npx -y skills add jorgealves/agent_skills --skill hipaa-compliance-guard --agent claude-codeInstalls into .claude/skills of the current project.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Files
SKILL.mdView on GitHub
HIPAA Compliance Guard
Purpose and Intent
The hipaa-compliance-guard is a specialized auditing tool for the healthcare industry. Its goal is to provide a technical assessment of how well an application adheres to the HIPAA Security Rule, specifically focusing on the protection of Electronic Protected Health Information (ePHI).
When to Use
- Architecture Reviews: Run during the design phase to ensure encryption and logging are planned.
- Pre-Audit Self-Assessment: Use before a formal 3rd-party HIPAA audit to identify and fix low-hanging violations.
- Infrastructure Changes: Run after modifying Terraform or Cloud scripts to ensure security groups or encryption haven't been compromised.
When NOT to Use
- Real Patient Data: This tool should NOT be used on live databases containing PHI. It is for checking the systems that handle the data.
- Legal Certification: Passing this audit does not mean you are "HIPAA Certified"; it means your technical configuration follows best practices.
Error Conditions and Edge Cases
- Obfuscated Infrastructure: If cloud resources are created via manual console actions (ClickOps) instead of code, this tool cannot see them.
- Custom Encryption: Proprietary or non-standard encryption methods may be flagged as warnings.
Security and Data-Handling Considerations
- No PHI Access: The tool is designed to look at configurations, not data.
- Local Analysis: Keep your infrastructure code local and run the scan within your trusted environment.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
