{
  "schemaVersion": "1.0",
  "item": {
    "slug": "afrexai-hipaa-compliance",
    "name": "HIPAA Compliance for AI Agents",
    "source": "tencent",
    "type": "skill",
    "category": "安全合规",
    "sourceUrl": "https://clawhub.ai/1kalin/afrexai-hipaa-compliance",
    "canonicalUrl": "https://clawhub.ai/1kalin/afrexai-hipaa-compliance",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadMode": "redirect",
    "downloadUrl": "/downloads/afrexai-hipaa-compliance",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-hipaa-compliance",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "installMethod": "Manual import",
    "extraction": "Extract archive",
    "prerequisites": [
      "OpenClaw"
    ],
    "packageFormat": "ZIP package",
    "includedAssets": [
      "README.md",
      "SKILL.md"
    ],
    "primaryDoc": "SKILL.md",
    "quickSetup": [
      "Download the package from Yavira.",
      "Extract the archive and review SKILL.md first.",
      "Import or place the package into your OpenClaw setup."
    ],
    "agentAssist": {
      "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.",
      "steps": [
        "Download the package from Yavira.",
        "Extract it into a folder your agent can access.",
        "Paste one of the prompts below and point your agent at the extracted folder."
      ],
      "prompts": [
        {
          "label": "New install",
          "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete."
        },
        {
          "label": "Upgrade existing",
          "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run."
        }
      ]
    },
    "sourceHealth": {
      "source": "tencent",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-04-23T16:43:11.935Z",
      "expiresAt": "2026-04-30T16:43:11.935Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard",
        "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"",
        "redirectLocation": null,
        "bodySnippet": null
      },
      "scope": "source",
      "summary": "Source download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this source.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/afrexai-hipaa-compliance"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    },
    "downloadPageUrl": "https://openagent3.xyz/downloads/afrexai-hipaa-compliance",
    "agentPageUrl": "https://openagent3.xyz/skills/afrexai-hipaa-compliance/agent",
    "manifestUrl": "https://openagent3.xyz/skills/afrexai-hipaa-compliance/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/afrexai-hipaa-compliance/agent.md"
  },
  "agentAssist": {
    "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.",
    "steps": [
      "Download the package from Yavira.",
      "Extract it into a folder your agent can access.",
      "Paste one of the prompts below and point your agent at the extracted folder."
    ],
    "prompts": [
      {
        "label": "New install",
        "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete."
      },
      {
        "label": "Upgrade existing",
        "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run."
      }
    ]
  },
  "documentation": {
    "source": "clawhub",
    "primaryDoc": "SKILL.md",
    "sections": [
      {
        "title": "HIPAA Compliance for AI Agents",
        "body": "Generate HIPAA compliance checklists, risk assessments, and audit frameworks for healthcare organizations deploying AI agents."
      },
      {
        "title": "What This Skill Does",
        "body": "When activated, produce any of these deliverables based on user request:"
      },
      {
        "title": "1. Pre-Deployment Compliance Gate",
        "body": "BAA requirements checklist for AI vendors\nPHI data flow mapping template\nMinimum Necessary standard application guide\nRisk assessment framework (45 CFR 164.308(a)(1))"
      },
      {
        "title": "2. Technical Safeguards (45 CFR 164.312)",
        "body": "Access Controls:\n\nUnique service account IDs for AI agents\nEmergency access procedures for system failures\n15-minute auto-logoff configuration\nRole-based minimum necessary permissions\n\nAudit Controls:\n\nPHI access logging (timestamp, user, action, data)\n6-year retention compliance\nAnomaly detection on access patterns\nAI decision audit trails\n\nTransmission Security:\n\nTLS 1.3 enforcement\nE2E encryption for patient comms\nCertificate pinning for API connections\nNo PHI in URLs, query strings, or logs"
      },
      {
        "title": "3. AI-Specific Risk Matrix",
        "body": "RiskImpactMitigationPrompt injection → PHI leakCriticalInput sanitization, output filtering, sandboxingModel training on PHIHighBAA prohibition, single-tenant deploymentHallucinated medical infoCriticalHuman-in-loop, confidence thresholdsShadow AI with PHIHighApproved tool registry, DLP rules"
      },
      {
        "title": "4. Breach Response Timeline",
        "body": "0-1 hrs: Contain (disable agent, preserve logs)\n1-24 hrs: Assess scope of PHI exposure\n24-48 hrs: Document root cause, affected individuals\nWithin 60 days: Notify HHS + individuals + media (if 500+)\n30-90 days: Remediate, patch, retrain"
      },
      {
        "title": "5. Compliance by Use Case",
        "body": "Rate each AI deployment:\n\nPatient scheduling → Medium risk\nBilling/coding → High risk\nClinical decision support → Critical risk\nPatient communication → High risk\nMedical records summarization → Critical risk"
      },
      {
        "title": "6. Penalty Reference",
        "body": "TierPer ViolationAnnual CapUnknowing$141 - $71,162$2,134,831Reasonable cause$1,424 - $71,162$2,134,831Willful neglect (corrected)$14,232 - $71,162$2,134,831Willful neglect (not corrected)$71,162$2,134,831\n\nAverage healthcare breach cost: $10.93M (IBM/Ponemon 2025)."
      },
      {
        "title": "Output Format",
        "body": "Markdown checklist with status columns\nRisk matrix with impact/likelihood scoring\nTimeline tables for breach response\nDepartment-specific compliance cards"
      },
      {
        "title": "Resources",
        "body": "Healthcare AI Context Pack — $47 — Full patient journey automation, revenue cycle, EHR integration patterns\nAI Revenue Leak Calculator — Find where manual processes cost you money\nAI Agent Setup Wizard — Configure compliant AI agents in 5 minutes"
      }
    ],
    "body": "HIPAA Compliance for AI Agents\n\nGenerate HIPAA compliance checklists, risk assessments, and audit frameworks for healthcare organizations deploying AI agents.\n\nWhat This Skill Does\n\nWhen activated, produce any of these deliverables based on user request:\n\n1. Pre-Deployment Compliance Gate\nBAA requirements checklist for AI vendors\nPHI data flow mapping template\nMinimum Necessary standard application guide\nRisk assessment framework (45 CFR 164.308(a)(1))\n2. Technical Safeguards (45 CFR 164.312)\n\nAccess Controls:\n\nUnique service account IDs for AI agents\nEmergency access procedures for system failures\n15-minute auto-logoff configuration\nRole-based minimum necessary permissions\n\nAudit Controls:\n\nPHI access logging (timestamp, user, action, data)\n6-year retention compliance\nAnomaly detection on access patterns\nAI decision audit trails\n\nTransmission Security:\n\nTLS 1.3 enforcement\nE2E encryption for patient comms\nCertificate pinning for API connections\nNo PHI in URLs, query strings, or logs\n3. AI-Specific Risk Matrix\nRisk\tImpact\tMitigation\nPrompt injection → PHI leak\tCritical\tInput sanitization, output filtering, sandboxing\nModel training on PHI\tHigh\tBAA prohibition, single-tenant deployment\nHallucinated medical info\tCritical\tHuman-in-loop, confidence thresholds\nShadow AI with PHI\tHigh\tApproved tool registry, DLP rules\n4. Breach Response Timeline\n0-1 hrs: Contain (disable agent, preserve logs)\n1-24 hrs: Assess scope of PHI exposure\n24-48 hrs: Document root cause, affected individuals\nWithin 60 days: Notify HHS + individuals + media (if 500+)\n30-90 days: Remediate, patch, retrain\n5. Compliance by Use Case\n\nRate each AI deployment:\n\nPatient scheduling → Medium risk\nBilling/coding → High risk\nClinical decision support → Critical risk\nPatient communication → High risk\nMedical records summarization → Critical risk\n6. Penalty Reference\nTier\tPer Violation\tAnnual Cap\nUnknowing\t$141 - $71,162\t$2,134,831\nReasonable cause\t$1,424 - $71,162\t$2,134,831\nWillful neglect (corrected)\t$14,232 - $71,162\t$2,134,831\nWillful neglect (not corrected)\t$71,162\t$2,134,831\n\nAverage healthcare breach cost: $10.93M (IBM/Ponemon 2025).\n\nOutput Format\nMarkdown checklist with status columns\nRisk matrix with impact/likelihood scoring\nTimeline tables for breach response\nDepartment-specific compliance cards\nResources\nHealthcare AI Context Pack — $47 — Full patient journey automation, revenue cycle, EHR integration patterns\nAI Revenue Leak Calculator — Find where manual processes cost you money\nAI Agent Setup Wizard — Configure compliant AI agents in 5 minutes"
  },
  "trust": {
    "sourceLabel": "tencent",
    "provenanceUrl": "https://clawhub.ai/1kalin/afrexai-hipaa-compliance",
    "publisherUrl": "https://clawhub.ai/1kalin/afrexai-hipaa-compliance",
    "owner": "1kalin",
    "version": "1.0.0",
    "license": null,
    "verificationStatus": "Indexed source record"
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/afrexai-hipaa-compliance",
    "downloadUrl": "https://openagent3.xyz/downloads/afrexai-hipaa-compliance",
    "agentUrl": "https://openagent3.xyz/skills/afrexai-hipaa-compliance/agent",
    "manifestUrl": "https://openagent3.xyz/skills/afrexai-hipaa-compliance/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/afrexai-hipaa-compliance/agent.md"
  }
}