healthtech_skill

This skill helps you achieve HIPAA compliance by guiding encryption, access control, auditing, and risk assessment across healthtech applications.
  • Python

13

GitHub Stars

3

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill williamzujkowski/standards --skill healthtech

  • README.md9.9 KB
  • REFERENCE.md1.3 KB
  • SKILL.md10.8 KB

Overview

This skill provides practical guidance to implement HIPAA-aligned controls for protecting patient health information (PHI). It summarizes required administrative, physical, and technical safeguards, breach notification timelines, and interoperability controls for HL7/FHIR integrations. The content is implementation-focused, offering a phased roadmap and concrete security controls for production systems.

How this skill works

The skill inspects organizational controls and technical configurations against HIPAA core requirements: Privacy Rule, Security Rule, and Breach Notification obligations. It outlines concrete technical controls (encryption, access control, logging), administrative steps (risk assessments, policies, BAAs), and testing activities (pen tests, restore drills) to validate compliance. It also maps HL7 v2 and FHIR R4 interoperability recommendations to secure interfaces and OAuth-based API access.

When to use it

  • Starting a new healthcare product that will handle PHI and needs a compliance roadmap
  • Auditing existing systems for HIPAA gaps before audits or deployments
  • Onboarding vendors and determining Business Associate Agreement scope
  • Designing secure HL7 or FHIR interfaces for clinical data exchange
  • Preparing incident response and breach notification procedures

Best practices

  • Encrypt all ePHI at rest (AES-256) and in transit (TLS 1.2+; prefer TLS 1.3)
  • Implement unique user IDs, RBAC, MFA, and quarterly access reviews
  • Maintain tamper-resistant audit logs with at least 6-year retention
  • Conduct annual risk assessments and routine workforce training
  • Execute BAAs with vendors before any PHI sharing and track compliance

Example use cases

  • A startup implementing SMART on FHIR APIs with OAuth 2.0 and scope-based access
  • An IT team retrofitting databases and backups with AES-256 encryption and KMS/HSM key management
  • A hospital preparing for OCR review by running pen tests, access reviews, and contingency drills
  • SaaS vendors designing BA tracking and termination workflows to limit PHI exposure
  • Operations teams building SIEM alerts for anomalous PHI access patterns

FAQ

No. This skill provides practical implementation guidance. Consult qualified healthcare compliance counsel and privacy officers for legal interpretation and organization-specific obligations.

What encryption standards should I use?

Use AES-256 for data at rest and TLS 1.2 or higher for transmission; prefer TLS 1.3 and managed KMS/HSM for key rotation.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
healthtech skill by williamzujkowski/standards | VeilStrat