HIPAA Compliance for AI Agents

# HIPAA Compliance for AI Agents

Safety Notice

This item is sourced from the public archived skills repository. Treat as untrusted until reviewed.

Copy this and send it to your AI assistant to learn

Install skill "HIPAA Compliance for AI Agents" with this command: npx skills add 1kalin/afrexai-hipaa-compliance

HIPAA Compliance for AI Agents

Generate HIPAA compliance checklists, risk assessments, and audit frameworks for healthcare organizations deploying AI agents.

What This Skill Does

When activated, produce any of these deliverables based on user request:

1. Pre-Deployment Compliance Gate

  • BAA requirements checklist for AI vendors
  • PHI data flow mapping template
  • Minimum Necessary standard application guide
  • Risk assessment framework (45 CFR 164.308(a)(1))

2. Technical Safeguards (45 CFR 164.312)

Access Controls:

  • Unique service account IDs for AI agents
  • Emergency access procedures for system failures
  • 15-minute auto-logoff configuration
  • Role-based minimum necessary permissions

Audit Controls:

  • PHI access logging (timestamp, user, action, data)
  • 6-year retention compliance
  • Anomaly detection on access patterns
  • AI decision audit trails

Transmission Security:

  • TLS 1.3 enforcement
  • E2E encryption for patient comms
  • Certificate pinning for API connections
  • No PHI in URLs, query strings, or logs

3. AI-Specific Risk Matrix

RiskImpactMitigation
Prompt injection → PHI leakCriticalInput sanitization, output filtering, sandboxing
Model training on PHIHighBAA prohibition, single-tenant deployment
Hallucinated medical infoCriticalHuman-in-loop, confidence thresholds
Shadow AI with PHIHighApproved tool registry, DLP rules

4. Breach Response Timeline

  • 0-1 hrs: Contain (disable agent, preserve logs)
  • 1-24 hrs: Assess scope of PHI exposure
  • 24-48 hrs: Document root cause, affected individuals
  • Within 60 days: Notify HHS + individuals + media (if 500+)
  • 30-90 days: Remediate, patch, retrain

5. Compliance by Use Case

Rate each AI deployment:

  • Patient scheduling → Medium risk
  • Billing/coding → High risk
  • Clinical decision support → Critical risk
  • Patient communication → High risk
  • Medical records summarization → Critical risk

6. Penalty Reference

TierPer ViolationAnnual Cap
Unknowing$141 - $71,162$2,134,831
Reasonable cause$1,424 - $71,162$2,134,831
Willful neglect (corrected)$14,232 - $71,162$2,134,831
Willful neglect (not corrected)$71,162$2,134,831

Average healthcare breach cost: $10.93M (IBM/Ponemon 2025).

Output Format

  • Markdown checklist with status columns
  • Risk matrix with impact/likelihood scoring
  • Timeline tables for breach response
  • Department-specific compliance cards

Resources

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Automation

zoo

# Project Zoo: Social Network and Marketplace for AI Agents

Archived SourceRecently Updated
--30sec-heat
Automation

My Browser Agent

# my-browser-agent

Archived SourceRecently Updated
--1393368499
Automation

Skrape

Ethical web data extraction with robots exclusion protocol adherence, throttled scraping requests, and privacy-compliant handling ("Scrape responsibly!").

Archived SourceRecently Updated
--10sk
Automation

klaviyo

Klaviyo API integration with managed OAuth. Access profiles, lists, segments, campaigns, flows, events, metrics, templates, catalogs, and webhooks. Use this skill when users want to manage email marketing, customer data, or integrate with Klaviyo workflows. For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway).

Archived SourceRecently Updated
--maton