HIPAA Compliance for AI Agents

Data & APIs

Generate HIPAA compliance checklists, risk assessments, and audit frameworks for healthcare AI deployments to ensure data security and regulatory adherence.

Install

openclaw skills install afrexai-hipaa-compliance

HIPAA Compliance for AI Agents

Generate HIPAA compliance checklists, risk assessments, and audit frameworks for healthcare organizations deploying AI agents.

What This Skill Does

When activated, produce any of these deliverables based on user request:

1. Pre-Deployment Compliance Gate

BAA requirements checklist for AI vendors
PHI data flow mapping template
Minimum Necessary standard application guide
Risk assessment framework (45 CFR 164.308(a)(1))

2. Technical Safeguards (45 CFR 164.312)

Access Controls:

Unique service account IDs for AI agents
Emergency access procedures for system failures
15-minute auto-logoff configuration
Role-based minimum necessary permissions

Audit Controls:

PHI access logging (timestamp, user, action, data)
6-year retention compliance
Anomaly detection on access patterns
AI decision audit trails

Transmission Security:

TLS 1.3 enforcement
E2E encryption for patient comms
Certificate pinning for API connections
No PHI in URLs, query strings, or logs

3. AI-Specific Risk Matrix

Risk	Impact	Mitigation
Prompt injection → PHI leak	Critical	Input sanitization, output filtering, sandboxing
Model training on PHI	High	BAA prohibition, single-tenant deployment
Hallucinated medical info	Critical	Human-in-loop, confidence thresholds
Shadow AI with PHI	High	Approved tool registry, DLP rules

4. Breach Response Timeline

0-1 hrs: Contain (disable agent, preserve logs)
1-24 hrs: Assess scope of PHI exposure
24-48 hrs: Document root cause, affected individuals
Within 60 days: Notify HHS + individuals + media (if 500+)
30-90 days: Remediate, patch, retrain

5. Compliance by Use Case

Rate each AI deployment:

Patient scheduling → Medium risk
Billing/coding → High risk
Clinical decision support → Critical risk
Patient communication → High risk
Medical records summarization → Critical risk

6. Penalty Reference

Tier	Per Violation	Annual Cap
Unknowing	$141 - $71,162	$2,134,831
Reasonable cause	$1,424 - $71,162	$2,134,831
Willful neglect (corrected)	$14,232 - $71,162	$2,134,831
Willful neglect (not corrected)	$71,162	$2,134,831

Average healthcare breach cost: $10.93M (IBM/Ponemon 2025).

Output Format

Markdown checklist with status columns
Risk matrix with impact/likelihood scoring
Timeline tables for breach response
Department-specific compliance cards

Resources

Healthcare AI Context Pack — $47 — Full patient journey automation, revenue cycle, EHR integration patterns
AI Revenue Leak Calculator — Find where manual processes cost you money
AI Agent Setup Wizard — Configure compliant AI agents in 5 minutes

HIPAA Compliance for AI Agents

Install

HIPAA Compliance for AI Agents

What This Skill Does

1. Pre-Deployment Compliance Gate

2. Technical Safeguards (45 CFR 164.312)

3. AI-Specific Risk Matrix

4. Breach Response Timeline

5. Compliance by Use Case

6. Penalty Reference

Output Format

Resources

Related skills