← 返回 Skills 市场
826
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install afrexai-hipaa-compliance
功能描述
Generate HIPAA compliance checklists, risk assessments, and audit frameworks for healthcare AI deployments to ensure data security and regulatory adherence.
使用说明 (SKILL.md)
HIPAA Compliance for AI Agents
Generate HIPAA compliance checklists, risk assessments, and audit frameworks for healthcare organizations deploying AI agents.
What This Skill Does
When activated, produce any of these deliverables based on user request:
1. Pre-Deployment Compliance Gate
- BAA requirements checklist for AI vendors
- PHI data flow mapping template
- Minimum Necessary standard application guide
- Risk assessment framework (45 CFR 164.308(a)(1))
2. Technical Safeguards (45 CFR 164.312)
Access Controls:
- Unique service account IDs for AI agents
- Emergency access procedures for system failures
- 15-minute auto-logoff configuration
- Role-based minimum necessary permissions
Audit Controls:
- PHI access logging (timestamp, user, action, data)
- 6-year retention compliance
- Anomaly detection on access patterns
- AI decision audit trails
Transmission Security:
- TLS 1.3 enforcement
- E2E encryption for patient comms
- Certificate pinning for API connections
- No PHI in URLs, query strings, or logs
3. AI-Specific Risk Matrix
| Risk | Impact | Mitigation |
|---|---|---|
| Prompt injection → PHI leak | Critical | Input sanitization, output filtering, sandboxing |
| Model training on PHI | High | BAA prohibition, single-tenant deployment |
| Hallucinated medical info | Critical | Human-in-loop, confidence thresholds |
| Shadow AI with PHI | High | Approved tool registry, DLP rules |
4. Breach Response Timeline
- 0-1 hrs: Contain (disable agent, preserve logs)
- 1-24 hrs: Assess scope of PHI exposure
- 24-48 hrs: Document root cause, affected individuals
- Within 60 days: Notify HHS + individuals + media (if 500+)
- 30-90 days: Remediate, patch, retrain
5. Compliance by Use Case
Rate each AI deployment:
- Patient scheduling → Medium risk
- Billing/coding → High risk
- Clinical decision support → Critical risk
- Patient communication → High risk
- Medical records summarization → Critical risk
6. Penalty Reference
| Tier | Per Violation | Annual Cap |
|---|---|---|
| Unknowing | $141 - $71,162 | $2,134,831 |
| Reasonable cause | $1,424 - $71,162 | $2,134,831 |
| Willful neglect (corrected) | $14,232 - $71,162 | $2,134,831 |
| Willful neglect (not corrected) | $71,162 | $2,134,831 |
Average healthcare breach cost: $10.93M (IBM/Ponemon 2025).
Output Format
- Markdown checklist with status columns
- Risk matrix with impact/likelihood scoring
- Timeline tables for breach response
- Department-specific compliance cards
Resources
- Healthcare AI Context Pack — $47 — Full patient journey automation, revenue cycle, EHR integration patterns
- AI Revenue Leak Calculator — Find where manual processes cost you money
- AI Agent Setup Wizard — Configure compliant AI agents in 5 minutes
安全使用建议
This skill appears coherent and low-risk because it only generates compliance content and asks for no credentials or installs. Before you use it: (1) Do not paste real PHI into prompts when testing — treat outputs as guidance, not legal advice. (2) Verify citations, statutory references, and fine amounts against authoritative sources or counsel before acting on them. (3) Review the external links and any paid resources before following or purchasing. (4) If you plan to operationalize recommendations (e.g., implement access controls, BAAs, incident response), have your security/compliance team and legal counsel vet and adapt the output to your environment. (5) If you need integrations (automated scans, logging, or deployments), prefer an implementation that requires explicit credentials and review rather than embedding PHI in model prompts.
功能分析
Type: OpenClaw Skill
Name: afrexai-hipaa-compliance
Version: 1.0.0
The skill bundle appears benign. The `SKILL.md` and `README.md` files clearly define the purpose of generating HIPAA compliance frameworks for AI agents, including checklists, risk assessments, and audit frameworks. There are no instructions attempting prompt injection against the AI agent to perform malicious actions, nor any code or instructions for data exfiltration, unauthorized execution, or persistence. The external links provided are to `github.io` pages, which are common for project resources, and their descriptions align with the skill's stated purpose, showing no signs of malicious intent.
能力评估
Purpose & Capability
The name/description (HIPAA compliance checklists, risk assessments, audit frameworks) matches the SKILL.md deliverables. The skill requires no binaries, env vars, or installs, which is appropriate for a guidance/checklist generator.
Instruction Scope
SKILL.md contains only content-generation instructions (checklists, matrices, timelines) and recommended output formats. It does not instruct the agent to read local files, access environment variables, or transmit data to external endpoints. It includes a few external resource links (promotional), but does not direct runtime data to them.
Install Mechanism
There is no install spec and no code files — this is instruction-only, which minimizes disk write/execute risk.
Credentials
The skill declares no required environment variables, credentials, or config paths. Nothing in SKILL.md attempts to access secrets or unrelated services.
Persistence & Privilege
always:false and user-invocable:true (defaults). The skill does not request permanent presence or modification of other skills or system-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install afrexai-hipaa-compliance - 安装完成后,直接呼叫该 Skill 的名称或使用
/afrexai-hipaa-compliance触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the HIPAA Compliance for AI Agents skill.
- Generate HIPAA compliance checklists, risk assessments, and audit frameworks for healthcare AI deployments.
- Includes technical safeguards, AI-specific risk matrix, and breach response timelines tailored to AI use cases.
- Provides compliance ratings by AI deployment scenario and a clear penalty reference table.
- Outputs are formatted as markdown checklists, risk matrices, timelines, and compliance cards.
元数据
常见问题
HIPAA Compliance for AI Agents 是什么?
Generate HIPAA compliance checklists, risk assessments, and audit frameworks for healthcare AI deployments to ensure data security and regulatory adherence. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 826 次。
如何安装 HIPAA Compliance for AI Agents?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install afrexai-hipaa-compliance」即可一键安装,无需额外配置。
HIPAA Compliance for AI Agents 是免费的吗?
是的,HIPAA Compliance for AI Agents 完全免费(开源免费),可自由下载、安装和使用。
HIPAA Compliance for AI Agents 支持哪些平台?
HIPAA Compliance for AI Agents 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 HIPAA Compliance for AI Agents?
由 1kalin(@1kalin)开发并维护,当前版本 v1.0.0。
推荐 Skills