checking-hipaa-compliance

This skill enables Claude to automatically check for HIPAA (Health Insurance Portability and Accountability Act) compliance issues in codebases, infrastructure configurations, and documentation. It leverages the hipaa-compliance-checker plugin to identify potential violations related to data privacy, security, and access controls. Use this skill when the user explicitly requests to "check HIPAA compliance", "scan for HIPAA violations", "assess HIPAA readiness", or similar phrases related to HIPAA audits and security best practices. It is useful for projects handling protected health information (PHI) and requiring adherence to HIPAA regulations.

Install with Tessl CLI

npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill checking-hipaa-compliance

What are skills?

1.13x

Quality

55%

Does it follow best practices?

Impact

93%

1.13x

Average score across 9 eval scenarios

Optimize this skill with Tessl

npx tessl skill review --optimize ./backups/skills-migration-20251108-070147/plugins/security/hipaa-compliance-checker/skills/hipaa-compliance-checker/SKILL.md

SKILL.md

Review

Evals

Evaluation results

94%

Patient Portal API Pre-Launch Compliance Review

HIPAA report generation with severity prioritization

Criteria

Without context

With context

Uses hipaa-compliance-checker

50%

Target specified as codebase

100%

Report produced

100%

Multiple violations identified

100%

Impact per finding

100%

Severity ordering

100%

Covers PHI exposure issues

100%

Covers access control issues

100%

Covers audit trail issues

100%

No raw output only

100%

Without context: $0.2240 · 2m 53s · 8 turns · 9 in / 5,217 out tokens

With context: $0.7098 · 7m · 32 turns · 289 in / 10,728 out tokens

83%

-7%

Hospital Cloud Infrastructure HIPAA Readiness Assessment

Infrastructure configuration compliance scanning

Criteria

Without context

With context

Uses hipaa-compliance-checker

50%

Target: infra config

100%

S3 encryption finding

100%

Public access finding

100%

Audit logging finding

100%

Open network access finding

100%

Impact per finding

100%

Severity ordering

100%

SIEM/vulnerability integration

100%

14%

Structured report format

100%

Without context: $0.4107 · 3m 48s · 13 turns · 13 in / 8,364 out tokens

With context: $0.6076 · 6m 2s · 26 turns · 57 in / 9,763 out tokens

81%

14%

HIPAA Policy Documentation Compliance Audit

Four-step compliance workflow and SIEM integration

Criteria

Without context

With context

Uses hipaa-compliance-checker

60%

Target: documentation

100%

Workflow steps documented

33%

58%

Plugin initiation evidenced

62%

Findings reviewed and interpreted

100%

Impact per finding

100%

Severity prioritization

100%

SIEM or vulnerability mgmt integration

41%

At least 3 distinct gaps identified

100%

Remediation recommendations

100%

Without context: $0.3029 · 3m 48s · 12 turns · 13 in / 6,646 out tokens

With context: $0.5352 · 5m 32s · 22 turns · 170 in / 8,681 out tokens

100%

10%

Telemedicine Appointment Service Compliance Review

Compliance report review and remediation prioritization

Criteria

Without context

With context

Uses hipaa-compliance-checker

100%

Target specified as codebase

100%

PHI logging violation identified

100%

Unencrypted storage identified

100%

Unencrypted communication identified

100%

Missing access control identified

100%

Impact per finding

100%

Remediation roadmap produced

100%

Remediation prioritized by severity

100%

Structured report format

100%

Without context: $0.3793 · 5m 16s · 17 turns · 18 in / 7,009 out tokens

With context: $0.6572 · 6m 32s · 31 turns · 78 in / 9,825 out tokens

97%

Healthcare Kubernetes Infrastructure HIPAA Readiness Check

Infrastructure HIPAA readiness assessment

Criteria

Without context

With context

Uses hipaa-compliance-checker

70%

Target: infra config files

100%

TLS/encryption-in-transit finding

100%

Credentials in ConfigMap finding

100%

Audit logging disabled finding

100%

Open network policy finding

100%

Encryption-at-rest finding

100%

Impact per finding

100%

Severity ordering

100%

HIPAA readiness verdict

100%

Without context: $0.3405 · 4m 23s · 14 turns · 15 in / 6,283 out tokens

With context: $0.5508 · 5m 13s · 27 turns · 849 in / 9,178 out tokens

89%

Health Records Data Export Service Security Review

PHI data export codebase compliance scan

Criteria

Without context

With context

Uses hipaa-compliance-checker

100%

Target specified as codebase

100%

Hardcoded API key identified

100%

PHI logging violation identified

100%

Unencrypted HTTP communication identified

100%

Unencrypted storage identified

100%

Missing access control identified

100%

Impact per finding

100%

Severity ordering

100%

Security operations integration

50%

31%

Without context: $0.4423 · 5m 14s · 19 turns · 19 in / 8,267 out tokens

With context: $0.5325 · 5m 43s · 23 turns · 55 in / 8,490 out tokens

100%

10%

Telehealth Platform Security Review

Node.js healthcare API compliance scan

Criteria

Without context

With context

Uses hipaa-compliance-checker

100%

Target: Node.js codebase

100%

Hardcoded credentials finding

100%

PHI logging violation identified

100%

Unencrypted transport identified

100%

Missing authentication identified

100%

Unencrypted storage identified

100%

Missing audit trail identified

100%

Impact per finding

100%

Severity ordering

100%

Structured report format

100%

Without context: $0.3327 · 3m 30s · 10 turns · 11 in / 6,839 out tokens

With context: $0.5455 · 3m 42s · 27 turns · 319 in / 8,984 out tokens

98%

21%

Patient Communication Service Compliance Audit

Compliance workflow documentation and SIEM integration

Criteria

Without context

With context

Uses hipaa-compliance-checker

80%

Target specified as codebase

100%

Step 1: Request analysis documented

87%

100%

Step 2: Plugin initiation documented

100%

Step 3: Check execution documented

62%

100%

Step 4: Report generation documented

87%

100%

PHI in plaintext storage identified

100%

Impact per finding

100%

Severity ordering

100%

SIEM or vulnerability mgmt integration

100%

Procedure document produced

100%

Without context: $0.5157 · 5m 13s · 16 turns · 17 in / 11,067 out tokens

With context: $0.7386 · 7m 49s · 26 turns · 57 in / 14,155 out tokens

98%

22%

Pre-Certification HIPAA Assessment for Patient Records Service

Multi-component healthcare system pre-certification audit

Criteria

Without context

With context

Uses hipaa-compliance-checker

100%

Target: application code

100%

Target: infrastructure config

100%

PHI in response payload finding

25%

100%

Credentials in environment config finding

100%

Missing encryption at rest finding

100%

Missing TLS/network security finding

100%

Missing audit logging finding

100%

75%

Impact per finding

100%

Severity ordering

100%

Remediation recommendations

100%

Without context: $0.3163 · 3m 23s · 8 turns · 9 in / 6,718 out tokens

With context: $0.6086 · 6m 32s · 28 turns · 59 in / 9,275 out tokens

Evaluated: 5 days ago
Agent: Claude Code
Model: Claude Sonnet 4.6

Table of Contents

Patient Portal API Pre-Launch Compliance Review Hospital Cloud Infrastructure HIPAA Readiness Assessment HIPAA Policy Documentation Compliance Audit Telemedicine Appointment Service Compliance Review Healthcare Kubernetes Infrastructure HIPAA Readiness Check Health Records Data Export Service Security Review Telehealth Platform Security Review Patient Communication Service Compliance Audit Pre-Certification HIPAA Assessment for Patient Records Service

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.