← Back to Skills Marketplace

Hipaa Compliance Auditor

Name: Hipaa Compliance Auditor
Author: aipoch-ai

by AIpoch · GitHub ↗ · v0.1.0 · MIT-0

cross-platform ✓ Security Clean

165

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install hipaa-compliance-auditor

Description

Automatically detect and de-identify PII (Personal Identifiable Information) and PHI (Protected Health Information) from clinical/medical text to ensure HIPA...

README (SKILL.md)

HIPAA Compliance Auditor

A clinical-grade PII/PHI detection and de-identification tool for healthcare text data.

Overview

This skill analyzes text for HIPAA-protected identifiers and automatically redacts or anonymizes them. It uses a combination of regex patterns, NLP entity recognition, and contextual analysis to identify 18 HIPAA identifier categories.

Features

18 HIPAA Identifiers Detection: Names, dates, SSN, MRN, phone/fax, email, geographic data, etc.
Automatic De-identification: Replace PII with semantic tokens (e.g., [PATIENT_NAME], [DATE_1])
Context-Aware Detection: Distinguishes between similar patterns (dates vs. lab values)
Audit Logging: Track all redaction actions for compliance documentation
Confidence Scoring: Flag uncertain detections for manual review

Usage

Command Line

python scripts/main.py --input "patient_text.txt" --output "deidentified.txt"
python scripts/main.py --text "Patient John Doe, SSN 123-45-6789..." --audit-log audit.json

Python API

from scripts.main import HIPAAAuditor

auditor = HIPAAAuditor()
result = auditor.deidentify("Patient John Doe was admitted on 2024-01-15...")
print(result.cleaned_text)  # De-identified output
print(result.detected_pii)  # List of found PII entities

Parameters

Parameter	Type	Default	Required	Description
`--input`, `-i`	string	-	No	Path to input text file
`--text`	string	-	No	Direct text input (alternative to file)
`--output`, `-o`	string	-	No	Path for de-identified output file
`--audit-log`	string	-	No	Path for JSON audit log
`--confidence`	float	0.7	No	Minimum confidence threshold (0.0-1.0)
`--preserve-structure`	bool	true	No	Maintain document structure
`--custom-patterns`	string	-	No	Path to custom regex patterns JSON

Output Format

De-identified Text

Original identifiers replaced with semantic tags:

[PATIENT_NAME_1], [PATIENT_NAME_2] ...
[DATE_1], [DATE_2] ...
[SSN_1]
[PHONE_1], [PHONE_2] ...
[EMAIL_1]
[MRN_1] (Medical Record Number)
[ADDRESS_1]

Audit Log JSON

{
  "timestamp": "2024-01-15T10:30:00Z",
  "input_hash": "sha256:abc123...",
  "detections": [
    {
      "type": "PATIENT_NAME",
      "position": [10, 18],
      "confidence": 0.95,
      "replacement": "[PATIENT_NAME_1]",
      "original_length": 8
    }
  ],
  "statistics": {
    "total_pii_found": 5,
    "categories_detected": ["NAME", "DATE", "PHONE", "SSN"]
  }
}

Technical Architecture

Preprocessing: Normalize text encoding, handle line breaks
Regex Engine: Pattern matching for structured identifiers (SSN, phone, email, MRN)
NLP Pipeline: spaCy NER for names, organizations, locations
Context Filter: Remove false positives (e.g., "Dr. Smith" vs. "smith fracture")
Replacement Engine: Sequential replacement with semantic tokens
Validation: Ensure no original PII remains in output

Dependencies

Python 3.9+
spaCy (en_core_web_trf or en_core_web_lg)
regex (for advanced pattern matching)
Presidio (optional, for enhanced PII detection)

See references/requirements.txt for full dependency list.

Limitations & Warnings

⚠️ CRITICAL: This tool is designed as a helper, not a replacement for human review.

Context-dependent PII (e.g., rare disease names + location) may not be fully detected
Unstructured narrative text may contain identifying information not caught by patterns
Always perform manual QA on output before HIPAA-compliant release
AI Autonomous Acceptance Status: 需人工检查 (Requires Manual Review)

References

references/hipaa_safe_harbor_guide.pdf - HIPAA Safe Harbor de-identification standards
references/pii_patterns.json - Complete regex pattern definitions
references/test_cases/ - Sample clinical texts with expected outputs
references/requirements.txt - Python dependencies

Technical Difficulty: High

Complex NLP pipelines, contextual disambiguation, regulatory compliance requirements.

Risk Assessment

Risk Indicator	Assessment	Level
Code Execution	Python/R scripts executed locally	Medium
Network Access	No external API calls	Low
File System Access	Read input files, write output files	Medium
Instruction Tampering	Standard prompt guidelines	Low
Data Exposure	Output files saved to workspace	Low

Security Checklist

No hardcoded credentials or API keys
No unauthorized file system access (../)
Output does not expose sensitive information
Prompt injection protections in place
Input file paths validated (no ../ traversal)
Output directory restricted to workspace
Script execution in sandboxed environment
Error messages sanitized (no stack traces exposed)
Dependencies audited

Prerequisites

# Python dependencies
pip install -r requirements.txt

Evaluation Criteria

Success Metrics

Successfully executes main functionality
Output meets quality standards
Handles edge cases gracefully
Performance is acceptable

Test Cases

Basic Functionality: Standard input → Expected output
Edge Case: Invalid input → Graceful error handling
Performance: Large dataset → Acceptable processing time

Lifecycle Status

Current Stage: Draft
Next Review Date: 2026-03-06
Known Issues: None
Planned Improvements:
- Performance optimization
- Additional feature support

Usage Guidance

This skill appears coherent with its HIPAA de-identification purpose, but before installing or running it: 1) Test on non-production/sample data to validate detection and false-positive rates. 2) Ensure required spaCy models (en_core_web_trf/en_core_web_lg) and optional Presidio are installed from official sources; be aware transformer models are large and may be downloaded. 3) Treat audit logs and any JSON containing original_text or input hashes as sensitive — store them encrypted or restrict access, or configure the tool to avoid persisting original PII if you do not need it. 4) Perform manual review on outputs (the README warns this) and confirm the tool meets your organization’s legal/compliance requirements. If you need, provide the truncated portion of scripts/main.py for a full review to ensure no hidden network calls or writes beyond the workspace.

Capability Assessment

✓ Purpose & Capability

Name/description match the delivered artifacts: SKILL.md, regex patterns, spaCy-based NER usage, and a CLI/Python API are all appropriate for a de-identification auditor. Declared dependencies (spaCy, optional Presidio) align with the stated technical approach.

ℹ Instruction Scope

Runtime instructions are scoped to reading input text, detecting PII, producing de-identified output and an audit log. One operational note: the implementation includes PIIDetection.original_text (the original matched text) which may be included in audit logs used for manual review — this is reasonable for QA but is sensitive and should be protected or redacted according to policy.

✓ Install Mechanism

No install script is provided (instruction-only + code file). Dependencies are standard Python/NLP packages; model installs (en_core_web_trf/en_core_web_lg) are invoked separately per spaCy guidance. No downloads from unknown servers or run-time extraction of remote archives were found.

✓ Credentials

The skill requires no environment variables, credentials, or config paths beyond local filesystem access for input/output — appropriate for its function. Caveat: audit logs and output files may contain original sensitive values (or metadata) and must be stored with appropriate access controls; installing transformer models may require network access to download large model files.

✓ Persistence & Privilege

The skill does not request always:true or otherwise elevated persistent privileges. It reads/writes files in the workspace as expected for a CLI tool and does not modify other skills or system-wide agent settings.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install hipaa-compliance-auditor
After installation, invoke the skill by name or use /hipaa-compliance-auditor
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.1.0

Initial release: HIPAA Compliance Auditor skill introduced. - Automatically detects and de-identifies PII and PHI in clinical/medical text for HIPAA compliance. - Supports 18 HIPAA identifier categories, with context-aware detection and NLP. - Provides audit logs for all redactions and confidence scoring for manual review. - Usable via command line and Python API with customizable parameters. - Includes detailed technical documentation, output formats, and risk assessment. - Requires manual QA before use in compliance workflows.

Metadata

Slug hipaa-compliance-auditor

Version 0.1.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Hipaa Compliance Auditor?

Automatically detect and de-identify PII (Personal Identifiable Information) and PHI (Protected Health Information) from clinical/medical text to ensure HIPA... It is an AI Agent Skill for Claude Code / OpenClaw, with 165 downloads so far.

How do I install Hipaa Compliance Auditor?

Run "/install hipaa-compliance-auditor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Hipaa Compliance Auditor free?

Yes, Hipaa Compliance Auditor is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Hipaa Compliance Auditor support?

Hipaa Compliance Auditor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Hipaa Compliance Auditor?

It is built and maintained by AIpoch (@aipoch-ai); the current version is v0.1.0.

More Skills