Clinical-grade PII/PHI detection and de-identification for healthcare text data. Scans all 18 HIPAA identifier categories with confidence scoring, generates audit logs, supports custom regex patterns, and produces de-identified output while preserving document structure.
60
72%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Fix and improve this skill with Tessl
tessl review fix ./scientific-skills/Academic Writing/hipaa-compliance-auditor/SKILL.mdA clinical-grade PII/PHI detection and de-identification tool for healthcare text data.
Use this command to verify that the packaged script entry point can be parsed before deeper execution.
python -m py_compile scripts/main.pyUse these concrete commands for validation. They are intentionally self-contained and avoid placeholder paths.
python -m py_compile scripts/main.py
python scripts/main.py --help
python scripts/main.py --text "Audit validation sample with explicit methods, findings, and conclusion."Provide clinical text in one of two ways:
python scripts/main.py --input patient_text.txt --output deidentified.txtpython scripts/main.py --text "Patient John Doe, SSN 123-45-6789..." --audit-log audit.jsonIf neither input provided: Request the text or file path from the user. Do not proceed without input.
--confidence 0.7 (default): Minimum confidence threshold (0.0-1.0). Lower = more detections but more false positives.--preserve-structure true (default): Maintain document formatting after redaction--custom-patterns <path>: Optional custom regex patterns JSON for institution-specific identifiers🔍 Checkpoint 1: If confidence threshold is changed from default, inform the user about the trade-off (lower threshold catches more PII but may produce more false positives).
from scripts.main import HIPAAAuditor
auditor = HIPAAAuditor()
result = auditor.deidentify("Patient John Doe was admitted on 2024-01-15...")
# result.cleaned_text → De-identified output
# result.detected_pii → List of found PII entities with types and confidence scoresIf de-identification fails (missing spaCy model): Install with python -m spacy download en_core_web_trf, then retry.
Check the audit log for:
If unexpected PII remains: Increase custom patterns or lower confidence threshold.
This skill analyzes text for HIPAA-protected identifiers and automatically redacts or anonymizes them. It uses a combination of regex patterns, NLP entity recognition, and contextual analysis to identify 18 HIPAA identifier categories.
[PATIENT_NAME], [DATE_1])python scripts/main.py --input "patient_text.txt" --output "deidentified.txt"
python scripts/main.py --text "Patient John Doe, SSN 123-45-6789..." --audit-log audit.jsonfrom scripts.main import HIPAAAuditor
auditor = HIPAAAuditor()
result = auditor.deidentify("Patient John Doe was admitted on 2024-01-15...")
print(result.cleaned_text) # De-identified output
print(result.detected_pii) # List of found PII entities| Parameter | Type | Default | Required | Description |
|---|---|---|---|---|
--input, -i | string | - | No | Path to input text file |
--text | string | - | No | Direct text input (alternative to file) |
--output, -o | string | - | No | Path for de-identified output file |
--audit-log | string | - | No | Path for JSON audit log |
--confidence | float | 0.7 | No | Minimum confidence threshold (0.0-1.0) |
--preserve-structure | bool | true | No | Maintain document structure |
--custom-patterns | string | - | No | Path to custom regex patterns JSON |
Original identifiers replaced with semantic tags:
[PATIENT_NAME_1], [PATIENT_NAME_2] ...[DATE_1], [DATE_2] ...[SSN_1][PHONE_1], [PHONE_2] ...[EMAIL_1][MRN_1] (Medical Record Number)[ADDRESS_1]{
"timestamp": "2024-01-15T10:30:00Z",
"input_hash": "sha256:abc123...",
"detections": [
{
"type": "PATIENT_NAME",
"position": [10, 18],
"confidence": 0.95,
"replacement": "[PATIENT_NAME_1]",
"original_length": 8
}
],
"statistics": {
"total_pii_found": 5,
"categories_detected": ["NAME", "DATE", "PHONE", "SSN"]
}
}See references/requirements.txt for full dependency list.
⚠️ CRITICAL: This tool is designed as a helper, not a replacement for human review.
references/hipaa_safe_harbor_guide.pdf - HIPAA Safe Harbor de-identification standardsreferences/pii_patterns.json - Complete regex pattern definitionsreferences/test_cases/ - Sample clinical texts with expected outputsreferences/requirements.txt - Python dependenciesComplex NLP pipelines, contextual disambiguation, regulatory compliance requirements.
| Risk Indicator | Assessment | Level |
|---|---|---|
| Code Execution | Python/R scripts executed locally | Medium |
| Network Access | No external API calls | Low |
| File System Access | Read input files, write output files | Medium |
| Instruction Tampering | Standard prompt guidelines | Low |
| Data Exposure | Output files saved to workspace | Low |
# Python dependencies
pip install -r requirements.txtEvery final response should make these items explicit when they are relevant:
scripts/main.py fails, report the failure point, summarize what still can be completed safely, and provide a manual fallback.This skill accepts requests that match the documented purpose of hipaa-compliance-auditor and include enough context to complete the workflow safely.
Do not continue the workflow when the request is out of scope, missing a critical input, or would require unsupported assumptions. Instead respond:
hipaa-compliance-auditoronly handles its documented workflow. Please provide the missing required inputs or switch to a more suitable skill.
Use the following fixed structure for non-trivial requests:
If the request is simple, you may compress the structure, but still keep assumptions and limits explicit when they affect correctness.
7cc5680
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.