← Back to Skills Marketplace
826
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install afrexai-hipaa-compliance
Description
Generate HIPAA compliance checklists, risk assessments, and audit frameworks for healthcare AI deployments to ensure data security and regulatory adherence.
README (SKILL.md)
HIPAA Compliance for AI Agents
Generate HIPAA compliance checklists, risk assessments, and audit frameworks for healthcare organizations deploying AI agents.
What This Skill Does
When activated, produce any of these deliverables based on user request:
1. Pre-Deployment Compliance Gate
- BAA requirements checklist for AI vendors
- PHI data flow mapping template
- Minimum Necessary standard application guide
- Risk assessment framework (45 CFR 164.308(a)(1))
2. Technical Safeguards (45 CFR 164.312)
Access Controls:
- Unique service account IDs for AI agents
- Emergency access procedures for system failures
- 15-minute auto-logoff configuration
- Role-based minimum necessary permissions
Audit Controls:
- PHI access logging (timestamp, user, action, data)
- 6-year retention compliance
- Anomaly detection on access patterns
- AI decision audit trails
Transmission Security:
- TLS 1.3 enforcement
- E2E encryption for patient comms
- Certificate pinning for API connections
- No PHI in URLs, query strings, or logs
3. AI-Specific Risk Matrix
| Risk | Impact | Mitigation |
|---|---|---|
| Prompt injection → PHI leak | Critical | Input sanitization, output filtering, sandboxing |
| Model training on PHI | High | BAA prohibition, single-tenant deployment |
| Hallucinated medical info | Critical | Human-in-loop, confidence thresholds |
| Shadow AI with PHI | High | Approved tool registry, DLP rules |
4. Breach Response Timeline
- 0-1 hrs: Contain (disable agent, preserve logs)
- 1-24 hrs: Assess scope of PHI exposure
- 24-48 hrs: Document root cause, affected individuals
- Within 60 days: Notify HHS + individuals + media (if 500+)
- 30-90 days: Remediate, patch, retrain
5. Compliance by Use Case
Rate each AI deployment:
- Patient scheduling → Medium risk
- Billing/coding → High risk
- Clinical decision support → Critical risk
- Patient communication → High risk
- Medical records summarization → Critical risk
6. Penalty Reference
| Tier | Per Violation | Annual Cap |
|---|---|---|
| Unknowing | $141 - $71,162 | $2,134,831 |
| Reasonable cause | $1,424 - $71,162 | $2,134,831 |
| Willful neglect (corrected) | $14,232 - $71,162 | $2,134,831 |
| Willful neglect (not corrected) | $71,162 | $2,134,831 |
Average healthcare breach cost: $10.93M (IBM/Ponemon 2025).
Output Format
- Markdown checklist with status columns
- Risk matrix with impact/likelihood scoring
- Timeline tables for breach response
- Department-specific compliance cards
Resources
- Healthcare AI Context Pack — $47 — Full patient journey automation, revenue cycle, EHR integration patterns
- AI Revenue Leak Calculator — Find where manual processes cost you money
- AI Agent Setup Wizard — Configure compliant AI agents in 5 minutes
Usage Guidance
This skill appears coherent and low-risk because it only generates compliance content and asks for no credentials or installs. Before you use it: (1) Do not paste real PHI into prompts when testing — treat outputs as guidance, not legal advice. (2) Verify citations, statutory references, and fine amounts against authoritative sources or counsel before acting on them. (3) Review the external links and any paid resources before following or purchasing. (4) If you plan to operationalize recommendations (e.g., implement access controls, BAAs, incident response), have your security/compliance team and legal counsel vet and adapt the output to your environment. (5) If you need integrations (automated scans, logging, or deployments), prefer an implementation that requires explicit credentials and review rather than embedding PHI in model prompts.
Capability Analysis
Type: OpenClaw Skill
Name: afrexai-hipaa-compliance
Version: 1.0.0
The skill bundle appears benign. The `SKILL.md` and `README.md` files clearly define the purpose of generating HIPAA compliance frameworks for AI agents, including checklists, risk assessments, and audit frameworks. There are no instructions attempting prompt injection against the AI agent to perform malicious actions, nor any code or instructions for data exfiltration, unauthorized execution, or persistence. The external links provided are to `github.io` pages, which are common for project resources, and their descriptions align with the skill's stated purpose, showing no signs of malicious intent.
Capability Assessment
Purpose & Capability
The name/description (HIPAA compliance checklists, risk assessments, audit frameworks) matches the SKILL.md deliverables. The skill requires no binaries, env vars, or installs, which is appropriate for a guidance/checklist generator.
Instruction Scope
SKILL.md contains only content-generation instructions (checklists, matrices, timelines) and recommended output formats. It does not instruct the agent to read local files, access environment variables, or transmit data to external endpoints. It includes a few external resource links (promotional), but does not direct runtime data to them.
Install Mechanism
There is no install spec and no code files — this is instruction-only, which minimizes disk write/execute risk.
Credentials
The skill declares no required environment variables, credentials, or config paths. Nothing in SKILL.md attempts to access secrets or unrelated services.
Persistence & Privilege
always:false and user-invocable:true (defaults). The skill does not request permanent presence or modification of other skills or system-wide settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install afrexai-hipaa-compliance - After installation, invoke the skill by name or use
/afrexai-hipaa-compliance - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of the HIPAA Compliance for AI Agents skill.
- Generate HIPAA compliance checklists, risk assessments, and audit frameworks for healthcare AI deployments.
- Includes technical safeguards, AI-specific risk matrix, and breach response timelines tailored to AI use cases.
- Provides compliance ratings by AI deployment scenario and a clear penalty reference table.
- Outputs are formatted as markdown checklists, risk matrices, timelines, and compliance cards.
Metadata
Frequently Asked Questions
What is HIPAA Compliance for AI Agents?
Generate HIPAA compliance checklists, risk assessments, and audit frameworks for healthcare AI deployments to ensure data security and regulatory adherence. It is an AI Agent Skill for Claude Code / OpenClaw, with 826 downloads so far.
How do I install HIPAA Compliance for AI Agents?
Run "/install afrexai-hipaa-compliance" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is HIPAA Compliance for AI Agents free?
Yes, HIPAA Compliance for AI Agents is completely free (open-source). You can download, install and use it at no cost.
Which platforms does HIPAA Compliance for AI Agents support?
HIPAA Compliance for AI Agents is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created HIPAA Compliance for AI Agents?
It is built and maintained by 1kalin (@1kalin); the current version is v1.0.0.
More Skills