- Home
- Skills
- Williamzujkowski
- Standards
- Healthtech
healthtech_skill
- Python
13
GitHub Stars
3
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill williamzujkowski/standards --skill healthtech- README.md9.9 KB
- REFERENCE.md1.3 KB
- SKILL.md10.8 KB
Overview
This skill provides practical guidance to implement HIPAA-aligned controls for protecting patient health information (PHI). It summarizes required administrative, physical, and technical safeguards, breach notification timelines, and interoperability controls for HL7/FHIR integrations. The content is implementation-focused, offering a phased roadmap and concrete security controls for production systems.
How this skill works
The skill inspects organizational controls and technical configurations against HIPAA core requirements: Privacy Rule, Security Rule, and Breach Notification obligations. It outlines concrete technical controls (encryption, access control, logging), administrative steps (risk assessments, policies, BAAs), and testing activities (pen tests, restore drills) to validate compliance. It also maps HL7 v2 and FHIR R4 interoperability recommendations to secure interfaces and OAuth-based API access.
When to use it
- Starting a new healthcare product that will handle PHI and needs a compliance roadmap
- Auditing existing systems for HIPAA gaps before audits or deployments
- Onboarding vendors and determining Business Associate Agreement scope
- Designing secure HL7 or FHIR interfaces for clinical data exchange
- Preparing incident response and breach notification procedures
Best practices
- Encrypt all ePHI at rest (AES-256) and in transit (TLS 1.2+; prefer TLS 1.3)
- Implement unique user IDs, RBAC, MFA, and quarterly access reviews
- Maintain tamper-resistant audit logs with at least 6-year retention
- Conduct annual risk assessments and routine workforce training
- Execute BAAs with vendors before any PHI sharing and track compliance
Example use cases
- A startup implementing SMART on FHIR APIs with OAuth 2.0 and scope-based access
- An IT team retrofitting databases and backups with AES-256 encryption and KMS/HSM key management
- A hospital preparing for OCR review by running pen tests, access reviews, and contingency drills
- SaaS vendors designing BA tracking and termination workflows to limit PHI exposure
- Operations teams building SIEM alerts for anomalous PHI access patterns
FAQ
No. This skill provides practical implementation guidance. Consult qualified healthcare compliance counsel and privacy officers for legal interpretation and organization-specific obligations.
What encryption standards should I use?
Use AES-256 for data at rest and TLS 1.2 or higher for transmission; prefer TLS 1.3 and managed KMS/HSM for key rotation.