CtrlK
CommunityDocumentationLog inGet started
Tessl Logo

checking-hipaa-compliance

tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill checking-hipaa-compliance

This skill enables Claude to automatically check for HIPAA (Health Insurance Portability and Accountability Act) compliance issues in codebases, infrastructure configurations, and documentation. It leverages the hipaa-compliance-checker plugin to identify potential violations related to data privacy, security, and access controls. Use this skill when the user explicitly requests to "check HIPAA compliance", "scan for HIPAA violations", "assess HIPAA readiness", or similar phrases related to HIPAA audits and security best practices. It is useful for projects handling protected health information (PHI) and requiring adherence to HIPAA regulations.

57%

Overall

Validation81%

Implementation20%

Activation90%

SKILL.md
Review
Evals

Validation

81%
CriteriaDescriptionResult

metadata_version

'metadata' field is not a dictionary

Warning

license_field

'license' field is missing

Warning

body_output_format

No obvious output/return/format terms detected; consider specifying expected outputs

Warning

Total

13

/

16

Passed

Implementation

20%

This skill content is overly verbose and lacks actionable guidance. It describes what the plugin does conceptually but never shows how to actually invoke it, what parameters it accepts, or what output to expect. The content would benefit significantly from concrete examples with actual commands and expected output formats.

Suggestions

Add concrete plugin invocation syntax showing exact commands or API calls (e.g., `hipaa-compliance-checker scan --target ./src --output report.json`)

Include an example of actual plugin output or report format so users know what to expect

Remove the 'How It Works' and 'When to Use This Skill' sections as they repeat the description and add no actionable value

Add validation steps: how to verify the scan ran correctly, how to handle plugin errors, and what exit codes mean

DimensionReasoningScore

Conciseness

The content is verbose and explains concepts Claude already knows (what HIPAA is, general workflow descriptions). Sections like 'How It Works' and 'When to Use This Skill' repeat information from the description and add no actionable value.

1 / 3

Actionability

No concrete code, commands, or executable guidance provided. The examples describe what 'will happen' abstractly but don't show actual plugin invocation syntax, command-line usage, or expected output formats.

1 / 3

Workflow Clarity

Steps are listed in sequence but lack validation checkpoints, error handling, or feedback loops. No guidance on what to do if the plugin fails or how to verify the scan completed successfully.

2 / 3

Progressive Disclosure

Content is organized into sections but everything is inline with no references to external documentation. The 'Integration' section hints at broader usage but provides no links or concrete guidance.

2 / 3

Total

6

/

12

Passed

Activation

90%

This is a well-crafted skill description with strong trigger terms and explicit 'Use when' guidance that clearly defines when Claude should select this skill. The main weakness is that the capabilities section could be more specific about what concrete checks or actions the skill performs beyond general categories like 'data privacy, security, and access controls'.

Suggestions

Add more specific concrete actions like 'audit encryption settings', 'verify access logging', 'check PHI handling in code', or 'validate BAA requirements' to improve specificity

DimensionReasoningScore

Specificity

Names the domain (HIPAA compliance) and mentions checking 'codebases, infrastructure configurations, and documentation' with some actions like 'identify potential violations related to data privacy, security, and access controls', but doesn't list multiple specific concrete actions like what specific checks are performed.

2 / 3

Completeness

Clearly answers both what (checks for HIPAA compliance issues in codebases, configs, and docs) AND when with explicit 'Use this skill when...' clause listing specific trigger phrases like 'check HIPAA compliance', 'scan for HIPAA violations', etc.

3 / 3

Trigger Term Quality

Includes excellent natural trigger terms: 'check HIPAA compliance', 'scan for HIPAA violations', 'assess HIPAA readiness', 'HIPAA audits', 'protected health information (PHI)', and 'HIPAA regulations' - these are terms users would naturally say.

3 / 3

Distinctiveness Conflict Risk

Very clear niche focused specifically on HIPAA compliance checking with distinct triggers around HIPAA, PHI, and healthcare security - unlikely to conflict with general security or compliance skills due to the specific HIPAA focus.

3 / 3

Total

11

/

12

Passed

Reviewed

Table of Contents

ValidationImplementationActivation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill