checking-hipaa-compliance
This skill enables Claude to automatically check for HIPAA (Health Insurance Portability and Accountability Act) compliance issues in codebases, infrastructure configurations, and documentation. It leverages the hipaa-compliance-checker plugin to identify potential violations related to data privacy, security, and access controls. Use this skill when the user explicitly requests to "check HIPAA compliance", "scan for HIPAA violations", "assess HIPAA readiness", or similar phrases related to HIPAA audits and security best practices. It is useful for projects handling protected health information (PHI) and requiring adherence to HIPAA regulations.
86
48%
Does it follow best practices?
Impact
93%
1.13xAverage score across 9 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./backups/skills-migration-20251108-070147/plugins/security/hipaa-compliance-checker/skills/hipaa-compliance-checker/SKILL.mdEvaluation results
94%
6%Patient Portal API Pre-Launch Compliance Review
HIPAA report generation with severity prioritization
Uses hipaa-compliance-checker
0%
50%
Target specified as codebase
100%
100%
Report produced
100%
100%
Multiple violations identified
100%
100%
Impact per finding
100%
100%
Severity ordering
100%
100%
Covers PHI exposure issues
100%
100%
Covers access control issues
100%
100%
Covers audit trail issues
100%
100%
No raw output only
100%
100%
83%
-7%Hospital Cloud Infrastructure HIPAA Readiness Assessment
Infrastructure configuration compliance scanning
Uses hipaa-compliance-checker
0%
50%
Target: infra config
100%
100%
S3 encryption finding
100%
100%
Public access finding
100%
100%
Audit logging finding
100%
100%
Open network access finding
100%
100%
Impact per finding
100%
100%
Severity ordering
100%
100%
SIEM/vulnerability integration
100%
14%
Structured report format
100%
100%
81%
14%HIPAA Policy Documentation Compliance Audit
Four-step compliance workflow and SIEM integration
Uses hipaa-compliance-checker
0%
60%
Target: documentation
100%
100%
Workflow steps documented
33%
58%
Plugin initiation evidenced
0%
62%
Findings reviewed and interpreted
100%
100%
Impact per finding
100%
100%
Severity prioritization
100%
100%
SIEM or vulnerability mgmt integration
41%
41%
At least 3 distinct gaps identified
100%
100%
Remediation recommendations
100%
100%
100%
10%Telemedicine Appointment Service Compliance Review
Compliance report review and remediation prioritization
Uses hipaa-compliance-checker
0%
100%
Target specified as codebase
100%
100%
PHI logging violation identified
100%
100%
Unencrypted storage identified
100%
100%
Unencrypted communication identified
100%
100%
Missing access control identified
100%
100%
Impact per finding
100%
100%
Remediation roadmap produced
100%
100%
Remediation prioritized by severity
100%
100%
Structured report format
100%
100%
97%
7%Healthcare Kubernetes Infrastructure HIPAA Readiness Check
Infrastructure HIPAA readiness assessment
Uses hipaa-compliance-checker
0%
70%
Target: infra config files
100%
100%
TLS/encryption-in-transit finding
100%
100%
Credentials in ConfigMap finding
100%
100%
Audit logging disabled finding
100%
100%
Open network policy finding
100%
100%
Encryption-at-rest finding
100%
100%
Impact per finding
100%
100%
Severity ordering
100%
100%
HIPAA readiness verdict
100%
100%
89%
7%Health Records Data Export Service Security Review
PHI data export codebase compliance scan
Uses hipaa-compliance-checker
0%
100%
Target specified as codebase
100%
100%
Hardcoded API key identified
100%
100%
PHI logging violation identified
100%
100%
Unencrypted HTTP communication identified
100%
100%
Unencrypted storage identified
100%
100%
Missing access control identified
100%
100%
Impact per finding
100%
100%
Severity ordering
100%
100%
Security operations integration
50%
31%
100%
10%Telehealth Platform Security Review
Node.js healthcare API compliance scan
Uses hipaa-compliance-checker
0%
100%
Target: Node.js codebase
100%
100%
Hardcoded credentials finding
100%
100%
PHI logging violation identified
100%
100%
Unencrypted transport identified
100%
100%
Missing authentication identified
100%
100%
Unencrypted storage identified
100%
100%
Missing audit trail identified
100%
100%
Impact per finding
100%
100%
Severity ordering
100%
100%
Structured report format
100%
100%
98%
21%Patient Communication Service Compliance Audit
Compliance workflow documentation and SIEM integration
Uses hipaa-compliance-checker
0%
80%
Target specified as codebase
100%
100%
Step 1: Request analysis documented
87%
100%
Step 2: Plugin initiation documented
0%
100%
Step 3: Check execution documented
62%
100%
Step 4: Report generation documented
87%
100%
PHI in plaintext storage identified
100%
100%
Impact per finding
100%
100%
Severity ordering
100%
100%
SIEM or vulnerability mgmt integration
100%
100%
Procedure document produced
100%
100%
98%
22%Pre-Certification HIPAA Assessment for Patient Records Service
Multi-component healthcare system pre-certification audit
Uses hipaa-compliance-checker
0%
100%
Target: application code
100%
100%
Target: infrastructure config
100%
100%
PHI in response payload finding
25%
100%
Credentials in environment config finding
100%
100%
Missing encryption at rest finding
0%
100%
Missing TLS/network security finding
100%
100%
Missing audit logging finding
100%
75%
Impact per finding
100%
100%
Severity ordering
100%
100%
Remediation recommendations
100%
100%
- Commit
13d35b8
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.