Skill
legalcode-hipaa-compliance-assessment
HIPAA compliance assessment for covered entities and business associates covering the Security Rule (45 CFR Part 164 Subpart C), Privacy Rule (45 CFR Part 164 Subpart E), and Breach Notification Rule (45 CFR Part 164 Subpart D). Assesses all administrative safeguards (security management process, workforce security, information access management, security awareness and training, contingency planning, evaluation, and business associate oversight), physical safeguards (facility access, workstation security, device and media controls), and technical safeguards (access controls, audit controls, integrity, authentication, and transmission security). Evaluates Privacy Rule obligations including minimum necessary standard, individual rights (access, amendment, accounting, restriction, confidential communications), Notice of Privacy Practices, and authorization requirements. Incorporates 2024-2025 Security Rule NPRM awareness (mandatory MFA, encryption mandates, 72-hour restoration, network segmentation) as emerging requirements to prepare for. Assesses business associate agreement completeness under 45 CFR 164.504(e) and 164.314. Produces Security Risk Analysis documentation structured to meet OCR audit expectations and NIST SP 800-66r2 guidance, with COMPLIANT/PARTIAL/NON-COMPLIANT/CRITICAL DEFICIENCY classification, prioritized remediation roadmaps, and Glass Box audit trail. Use when a covered entity or business associate needs to determine compliance posture, prepare for OCR audit, conduct an annual security evaluation under 45 CFR 164.308(a)(8), respond to a security incident, assess a new technology deployment involving ePHI, or build a HIPAA compliance program from scratch.
Jurisdictions
Global
Install command
$ npx legalcode skill install legalcode-hipaa-compliance-assessment