Name: tdg-personal/hipaa-compliance
Rating: 66.4 (1 reviews)
Author: tdg-personal

tdg-personal/hipaa-compliance

HIPAA-specific entrypoint for healthcare privacy and security work. Use when a task is explicitly framed around HIPAA, PHI handling, covered entities, BAAs, breach posture, or US healthcare compliance requirements.

Quality

83%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Passed

No known issues

Quality

Content

70%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a well-structured routing/overlay skill that clearly defines when to activate, how to sequence decisions, and where to delegate for implementation details. Its main weakness is that actionability stays at the principle/pattern level rather than providing concrete artifacts—though this is partially justified by its role as a thin entrypoint. Some meta-commentary and redundancy could be trimmed to improve conciseness.

Suggestions

Remove meta-commentary like 'This skill intentionally stays thin and canonical' and the bullet list explaining what other skills do—Claude can discover that from the skills themselves.

Add at least one concrete, executable example showing what a HIPAA-compliant implementation artifact looks like (e.g., a redaction function, an audit log schema, or a BAA checklist template) rather than only 'response patterns' described as bullet points.

Dimension	Reasoning	Score
Conciseness	The skill is reasonably efficient but includes some redundancy—the preamble explaining what other skills do could be trimmed, and phrases like 'This skill intentionally stays thin and canonical' are meta-commentary that doesn't add actionable value. The guardrails and examples are well-scoped though.	2 / 3
Actionability	The skill provides clear decision gates and guardrails but remains at the level of principles and routing rather than executable code or commands. The examples show 'response patterns' as bullet points rather than concrete implementation steps, and the actual work is delegated to other skills without showing what the concrete output looks like.	2 / 3
Workflow Clarity	The 'How It Works' section provides a clear 3-step sequence with explicit decision gates (Is this PHI? Is a BAA required? Is access minimum necessary?). The escalation path to healthcare-reviewer is well-defined. For a routing/overlay skill like this, the workflow is appropriately sequenced with validation checkpoints at each decision gate.	3 / 3
Progressive Disclosure	Excellent progressive disclosure—the skill explicitly positions itself as a thin entrypoint that routes to healthcare-phi-compliance for implementation details, healthcare-reviewer for review tasks, and security-review for general hardening. References are one level deep, clearly signaled, and the Related Skills section provides clean navigation.	3 / 3
	Total	10 / 12 Passed

Description

89%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a solid skill description with excellent trigger terms and completeness, clearly scoping to HIPAA and US healthcare compliance. Its main weakness is that the 'what' portion is somewhat abstract—it describes itself as an 'entrypoint' rather than listing specific concrete actions it performs (e.g., drafting BAAs, assessing breach notification requirements, reviewing PHI safeguards). Adding specific actions would strengthen the description.

Suggestions

Replace the vague 'entrypoint for healthcare privacy and security work' with specific concrete actions, e.g., 'Assesses HIPAA compliance posture, drafts BAA language, evaluates PHI safeguards, and guides breach notification procedures.'

Dimension	Reasoning	Score
Specificity	The description names the domain (HIPAA/healthcare privacy and security) and mentions several relevant concepts (PHI handling, covered entities, BAAs, breach posture), but it doesn't list concrete actions the skill performs—it says 'entrypoint for healthcare privacy and security work' which is somewhat vague about what it actually does.	2 / 3
Completeness	Clearly answers both 'what' (HIPAA-specific entrypoint for healthcare privacy and security work) and 'when' with an explicit 'Use when...' clause listing specific trigger conditions (HIPAA, PHI handling, covered entities, BAAs, breach posture, US healthcare compliance requirements).	3 / 3
Trigger Term Quality	Excellent coverage of natural trigger terms users would actually say: 'HIPAA', 'PHI handling', 'covered entities', 'BAAs', 'breach posture', 'US healthcare compliance'. These are the exact terms someone working in healthcare compliance would use.	3 / 3
Distinctiveness Conflict Risk	Highly distinctive with a clear niche—HIPAA and US healthcare compliance is a very specific domain. The trigger terms (PHI, BAAs, covered entities, breach posture) are unlikely to conflict with other skills, and the description explicitly scopes to US healthcare compliance.	3 / 3
	Total	11 / 12 Passed

Validation

90%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 10 / 11 Passed

Validation for skill structure

Criteria	Description	Result
frontmatter_unknown_keys	Unknown frontmatter key(s) found; consider removing or moving to metadata	Warning

	Total	10 / 11 Passed

Reviewed

2 months ago

Table of Contents

Discovery Implementation Validation