$ loading_
帮助团队按 HIPAA 要求处理医疗隐私、安全合规与泄露应对事项
复制安装指令,让 AI 自动完成配置 · 推荐新手
请帮我安装 askskill 上的 "hipaa-compliance" 技能: 1. 下载 https://raw.githubusercontent.com/affaan-m/ECC/main/skills/hipaa-compliance/SKILL.md 2. 保存为 ~/.claude/skills/hipaa-compliance/SKILL.md 3. 装好后重载技能,告诉我可以用了
请根据 HIPAA 要求审查这份患者数据处理流程,指出涉及 PHI 的环节、潜在合规风险,并给出整改建议,重点关注最小必要原则、访问控制和审计日志。
一份 HIPAA 风险审查结果,列出 PHI 接触点、风险说明与优先级整改建议。
为我们与第三方供应商签署业务伙伴协议(BAA)制作一份 HIPAA 审核清单,涵盖双方责任、PHI 使用限制、事件通报、分包商要求和终止后的数据处理。
一份结构化的 BAA 审核清单,便于法务、采购和安全团队共同检查。
假设一家美国医疗服务机构发生包含 PHI 的数据泄露,请根据 HIPAA 提供事件分级思路、初步响应步骤、通知义务检查点,以及需要保留的证据与记录。
一份 HIPAA 导向的泄露响应框架,帮助团队快速判断后续合规动作。
Use this as the HIPAA-specific entrypoint when a task is clearly about US healthcare compliance. This skill intentionally stays thin and canonical:
healthcare-phi-compliance remains the primary implementation skill for PHI/PII handling, data classification, audit logging, encryption, and leak prevention.healthcare-reviewer remains the specialized reviewer when code, architecture, or product behavior needs a healthcare-aware second pass.security-review still applies for general auth, input-handling, secrets, API, and deployment hardening.Treat HIPAA as an overlay on top of the broader healthcare privacy skill:
healthcare-phi-compliance for the concrete implementation rules.healthcare-reviewer if the task affects patient safety, clinical workflows, or regulated production architecture.User request:
Add AI-generated visit summaries to our clinician dashboard. We serve US clinics and need to stay HIPAA compliant.
Response pattern:
hipaa-compliancehealthcare-phi-compliance to review PHI movement, logging, storage, and prompt boundarieshealthcare-reviewer if the summaries influence clinical decisionsUser request:
Can we send support transcripts and patient messages into our analytics stack?
Response pattern:
healthcare-phi-compliancehealthcare-reviewerhealthcare-emr-patternshealthcare-eval-harnesssecurity-review帮助用户在回答前选择简短、标准或详细版本,控制回复深度与 token 用量。
帮助团队跟踪合规要求、审计准备进度与相关证明文档。