Automate patient-safety checks for healthcare deployments and block unsafe releases.
The material indicates this is essentially an open-source prompt/test-spec style evaluation harness with no declared secrets or fixed remote endpoints, so overall risk appears low. The README includes sample commands and test flows, but based on the provided facts it looks more like documentation/prompt content and does not itself show clear signs of data exfiltration or privilege abuse.
The material explicitly says no keys or environment variables are required, and it does not request API tokens, database credentials, or service accounts, so credential exposure and misuse risk appears low.
No remote endpoints are declared, and the description does not show user data being sent to external services; the provided content is mainly local/CI test categorization and command examples, with no explicit egress path shown.
The system flags it as prompt-only; although the README shows example Jest and shell commands, as an audit target this appears to be documentation-style usage guidance rather than a skill explicitly declaring native code execution capabilities.
The material does not declare actual permissions to read or write local files, databases, or system resources; while it discusses PHI, EHR, and database-schema test scenarios, it does not show the skill itself requesting excessive data access.
The source is an open-source GitHub repository with very high community adoption (~210k stars), which is a strong positive trust signal. The missing license declaration and unknown maintenance status are minor auditability gaps, but not enough on their own to raise this to high risk.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "healthcare-eval-harness" skill from askskill: 1. Download https://raw.githubusercontent.com/affaan-m/ECC/main/skills/healthcare-eval-harness/SKILL.md 2. Save it as ~/.claude/skills/healthcare-eval-harness/SKILL.md 3. Reload skills and tell me it's ready
Create a patient-safety evaluation plan for a hospital CDSS deployment covering recommendation accuracy, PHI exposure checks, clinical workflow integrity, and EHR integration compliance; define release-blocking rules on failure.
An actionable pre-deployment evaluation checklist, test cases, and release-blocking criteria.
Design an automated regression suite for the latest healthcare triage app release, focusing on symptom-triage accuracy, sensitive patient data leakage risk, and broken critical form workflows, with pass thresholds.
An automated test plan with sample cases and measurable acceptance thresholds for key risks.
A healthcare app deployment was blocked by safety evaluation. Analyze likely causes categorized by CDSS accuracy, PHI exposure, clinical workflow issues, and integration compliance, and recommend remediation priorities.
A categorized diagnostic report with clear remediation priorities.
Automated verification system for healthcare application deployments. A single CRITICAL failure blocks deployment. Patient safety is non-negotiable.
Note: Examples use Jest as the reference test runner. Adapt commands for your framework (Vitest, pytest, PHPUnit, etc.) — the test categories and pass thresholds are framework-agnostic.
The eval harness runs five test categories in order. The first three (CDSS Accuracy, PHI Exposure, Data Integrity) are CRITICAL gates requiring 100% pass rate — a single failure blocks deployment. The remaining two (Clinical Workflow, Integration) are HIGH gates requiring 95%+ pass rate.
Each category maps to a Jest test path pattern. The CI pipeline runs CRITICAL gates with --bail (stop on first failure) and enforces coverage thresholds with --coverage --coverageThreshold.
1. CDSS Accuracy (CRITICAL — 100% required)
Tests all clinical decision support logic: drug interaction pairs (both directions), dose validation rules, clinical scoring vs published specs, no false negatives, no silent failures.
npx jest --testPathPattern='tests/cdss' --bail --ci --coverage
2. PHI Exposure (CRITICAL — 100% required)
Tests for protected health information leaks: API error responses, console output, URL parameters, browser storage, cross-facility isolation, unauthenticated access, service role key absence.
npx jest --testPathPattern='tests/security/phi' --bail --ci
3. Data Integrity (CRITICAL — 100% required)
Tests clinical data safety: locked encounters, audit trail entries, cascade delete protection, concurrent edit handling, no orphaned records.
npx jest --testPathPattern='tests/data-integrity' --bail --ci
4. Clinical Workflow (HIGH — 95%+ required)
Tests end-to-end flows: encounter lifecycle, template rendering, medication sets, drug/diagnosis search, prescription PDF, red flag alerts.
tmp_json=$(mktemp)
npx jest --testPathPattern='tests/clinical' --ci --json --outputFile="$tmp_json" || true
total=$(jq '.numTotalTests // 0' "$tmp_json")
passed=$(jq '.numPassedTests // 0' "$tmp_json")
if [ "$total" -eq 0 ]; then
echo "No clinical tests found" >&2
exit 1
fi
rate=$(echo "scale=2; $passed * 100 / $total" | bc)
echo "Clinical pass rate: ${rate}% ($passed/$total)"
5. Integration Compliance (HIGH — 95%+ required)
Tests external systems: HL7 message parsing (v2.x), FHIR validation, lab result mapping, malformed message handling.
tmp_json=$(mktemp)
npx jest --testPathPattern='tests/integration' --ci --json --outputFile="$tmp_json" || true
total=$(jq '.numTotalTests // 0' "$tmp_json")
passed=$(jq '.numPassedTests // 0' "$tmp_json")
if [ "$total" -eq 0 ]; then
echo "No integration tests found" >&2
exit 1
fi
rate=$(echo "scale=2; $passed * 100 / $total" | bc)
echo "Integration pass rate: ${rate}% ($passed/$total)"
| Category | Threshold | On Failure |
|---|---|---|
| CDSS Accuracy | 100% | BLOCK deployment |
| PHI Exposure | 100% | BLOCK deployment |
| Data Integrity | 100% | BLOCK deployment |
| Clinical Workflow | 95%+ | WARN, allow with review |
| Integration | 95%+ | WARN, allow with review |
name: Healthcare Safety Gate
on: [push, pull_request]
jobs:
safety-gate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
- run: npm ci
…
Handle returns, refunds, fraud checks, and warranty claim decisions efficiently.
Use Bun for runtime, bundling, testing, packages, and Node migration decisions.
Use the correct Ethereum Keccak-256 hashing in Node.js and TypeScript.
Apply Nuxt 4 patterns for SSR safety, performance, and data fetching.
Generate images, videos, and audio with one unified AI media workflow.
Design Quarkus 3 backend patterns for messaging, APIs, data, and async workflows.
Scan schema metadata to classify PHI and assess HIPAA-ready migrations.
Connect to SMART on FHIR records and analyze personal health data.
Design safer EMR/EHR workflows, prescribing modules, and accessible clinical data-entry interfaces.
Search a local health knowledge base and trace linked medical notes.
Build formal evaluations for Claude Code sessions with eval-driven development.
Evaluate AI safety classifier robustness against decomposition, obfuscation, and multi-agent attacks.