tdg-personal/hipaa-compliance
HIPAA-specific entrypoint for healthcare privacy and security work. Use when a task is explicitly framed around HIPAA, PHI handling, covered entities, BAAs, breach posture, or US healthcare compliance requirements.
83
83%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid skill description with excellent trigger terms and completeness, clearly scoping to HIPAA and US healthcare compliance. Its main weakness is that the 'what' portion is somewhat abstract—it describes itself as an 'entrypoint' rather than listing specific concrete actions it performs (e.g., drafting BAAs, assessing breach notification requirements, reviewing PHI safeguards). Adding specific actions would strengthen the description.
Suggestions
Replace the vague 'entrypoint for healthcare privacy and security work' with specific concrete actions, e.g., 'Assesses HIPAA compliance posture, drafts BAA language, evaluates PHI safeguards, and guides breach notification procedures.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description names the domain (HIPAA/healthcare privacy and security) and mentions several relevant concepts (PHI handling, covered entities, BAAs, breach posture), but it doesn't list concrete actions the skill performs—it says 'entrypoint for healthcare privacy and security work' which is somewhat vague about what it actually does. | 2 / 3 |
Completeness | Clearly answers both 'what' (HIPAA-specific entrypoint for healthcare privacy and security work) and 'when' with an explicit 'Use when...' clause listing specific trigger conditions (HIPAA, PHI handling, covered entities, BAAs, breach posture, US healthcare compliance requirements). | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms users would actually say: 'HIPAA', 'PHI handling', 'covered entities', 'BAAs', 'breach posture', 'US healthcare compliance'. These are the exact terms someone working in healthcare compliance would use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with a clear niche—HIPAA and US healthcare compliance is a very specific domain. The trigger terms (PHI, BAAs, covered entities, breach posture) are unlikely to conflict with other skills, and the description explicitly scopes to US healthcare compliance. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
70%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured routing/overlay skill that clearly defines when to activate, how to sequence decisions, and where to delegate for implementation details. Its main weakness is that actionability stays at the principle/pattern level rather than providing concrete artifacts—though this is partially justified by its role as a thin entrypoint. Some meta-commentary and redundancy could be trimmed to improve conciseness.
Suggestions
Remove meta-commentary like 'This skill intentionally stays thin and canonical' and the bullet list explaining what other skills do—Claude can discover that from the skills themselves.
Add at least one concrete, executable example showing what a HIPAA-compliant implementation artifact looks like (e.g., a redaction function, an audit log schema, or a BAA checklist template) rather than only 'response patterns' described as bullet points.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is reasonably efficient but includes some redundancy—the preamble explaining what other skills do could be trimmed, and phrases like 'This skill intentionally stays thin and canonical' are meta-commentary that doesn't add actionable value. The guardrails and examples are well-scoped though. | 2 / 3 |
Actionability | The skill provides clear decision gates and guardrails but remains at the level of principles and routing rather than executable code or commands. The examples show 'response patterns' as bullet points rather than concrete implementation steps, and the actual work is delegated to other skills without showing what the concrete output looks like. | 2 / 3 |
Workflow Clarity | The 'How It Works' section provides a clear 3-step sequence with explicit decision gates (Is this PHI? Is a BAA required? Is access minimum necessary?). The escalation path to healthcare-reviewer is well-defined. For a routing/overlay skill like this, the workflow is appropriately sequenced with validation checkpoints at each decision gate. | 3 / 3 |
Progressive Disclosure | Excellent progressive disclosure—the skill explicitly positions itself as a thin entrypoint that routes to healthcare-phi-compliance for implementation details, healthcare-reviewer for review tasks, and security-review for general hardening. References are one level deep, clearly signaled, and the Related Skills section provides clean navigation. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
Reviewed
Table of Contents