checking-hipaa-compliance
This skill enables Claude to automatically check for HIPAA (Health Insurance Portability and Accountability Act) compliance issues in codebases, infrastructure configurations, and documentation. It leverages the hipaa-compliance-checker plugin to identify potential violations related to data privacy, security, and access controls. Use this skill when the user explicitly requests to "check HIPAA compliance", "scan for HIPAA violations", "assess HIPAA readiness", or similar phrases related to HIPAA audits and security best practices. It is useful for projects handling protected health information (PHI) and requiring adherence to HIPAA regulations.
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill checking-hipaa-compliance87
Quality
55%
Does it follow best practices?
Impact
93%
1.13xAverage score across 9 eval scenarios
Optimize this skill with Tessl
npx tessl skill review --optimize ./backups/skills-migration-20251108-070147/plugins/security/hipaa-compliance-checker/skills/hipaa-compliance-checker/SKILL.mdDiscovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted skill description with excellent trigger terms and completeness. It clearly defines when to use the skill with explicit trigger phrases and establishes a distinct HIPAA-focused niche. The main weakness is that the capabilities could be more specific about concrete actions performed rather than general categories.
Suggestions
Add more specific concrete actions like 'audit encryption configurations, verify access control policies, check audit logging, identify PHI exposure risks' to improve specificity.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (HIPAA compliance) and mentions checking 'codebases, infrastructure configurations, and documentation' and identifying 'violations related to data privacy, security, and access controls', but doesn't list specific concrete actions like 'scan encryption settings, audit access logs, verify BAA documentation'. | 2 / 3 |
Completeness | Clearly answers both what (check for HIPAA compliance issues in codebases, configs, and docs) and when (explicit 'Use this skill when...' clause with specific trigger phrases like 'check HIPAA compliance', 'scan for HIPAA violations'). | 3 / 3 |
Trigger Term Quality | Includes strong natural trigger terms users would say: 'check HIPAA compliance', 'scan for HIPAA violations', 'assess HIPAA readiness', 'HIPAA audits', 'protected health information (PHI)', and 'HIPAA regulations'. | 3 / 3 |
Distinctiveness Conflict Risk | Very clear niche focused specifically on HIPAA compliance with distinct regulatory terminology (PHI, HIPAA) that is unlikely to conflict with general security or compliance skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
20%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill content is overly descriptive and lacks actionable, executable guidance. It explains what the plugin does conceptually but never shows how to actually invoke it, what parameters it accepts, or what output to expect. The content would benefit significantly from concrete command examples and removal of explanatory text that adds no value for Claude.
Suggestions
Add concrete plugin invocation syntax showing exact commands or function calls (e.g., `hipaa-compliance-checker scan --target ./src --output report.json`)
Include an example of actual plugin output or report format so Claude knows what to expect and how to interpret results
Remove the 'How It Works' and 'When to Use This Skill' sections as they repeat the description and explain concepts Claude already understands
Add validation steps: how to verify the plugin ran successfully, what error codes mean, and how to handle common failures
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is verbose and explains concepts Claude already knows (what HIPAA is, general workflow descriptions). Sections like 'How It Works' and 'When to Use This Skill' repeat information from the description and add no actionable value. | 1 / 3 |
Actionability | No concrete code, commands, or executable guidance provided. The examples describe what 'will happen' abstractly but don't show actual plugin invocation syntax, command-line usage, or expected output formats. | 1 / 3 |
Workflow Clarity | Steps are listed in sequence but lack validation checkpoints, error handling, or feedback loops. No guidance on what to do if the plugin fails, how to interpret specific error codes, or how to verify the scan completed successfully. | 2 / 3 |
Progressive Disclosure | Content is organized into sections but everything is inline in one file. The 'Integration' section hints at advanced usage that could be split out, and there are no references to detailed documentation for the plugin's options or report formats. | 2 / 3 |
Total | 6 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.