implementing-hipaa-security-rule-safeguards

Installation
SKILL.md

Implementing HIPAA Security Rule Safeguards

When to Use

  • When an organization is a covered entity (health plan, clearinghouse, or provider transmitting electronic transactions) or a business associate handling ePHI on their behalf.
  • When standing up or maturing controls to protect electronic protected health information.
  • When performing the mandatory HIPAA Security Risk Analysis (§164.308(a)(1)(ii)(A)) — the single most-cited gap in OCR enforcement.
  • When preparing for an OCR audit/investigation or responding to a suspected breach.
  • When drafting, reviewing, or remediating a Business Associate Agreement (BAA).
  • When mapping existing security controls to the HIPAA safeguard standards and implementation specifications.

Scope note: this skill covers the Security Rule (ePHI). The Privacy Rule (uses/disclosures of all PHI) and the Breach Notification Rule are related but distinct; this skill touches breach readiness and BAAs where they intersect security.

Prerequisites

  • A clear determination of the organization's role (covered entity vs business associate) and where ePHI lives, flows, and is stored (an ePHI data map).
  • An asset inventory of systems that create, receive, maintain, or transmit ePHI.
  • Knowledge of the current rule's structure (45 CFR §§164.302–318) and the required vs addressable distinction.
  • Awareness that a 2025 NPRM proposes significant changes (see Workflow step 7 and references/standards.md) — track but do not assume them as in force.
Installs
5
GitHub Stars
24.7K
First Seen
13 days ago
implementing-hipaa-security-rule-safeguards — mukul975/anthropic-cybersecurity-skills