Afrexai Hipaa Compliance

# HIPAA Compliance for AI Agents

Generate HIPAA compliance checklists, risk assessments, and audit frameworks for healthcare organizations deploying AI agents.

## What This Skill Does

When activated, produce any of these deliverables based on user request:

### 1. Pre-Deployment Compliance Gate
- BAA requirements checklist for AI vendors
- PHI data flow mapping template
- Minimum Necessary standard application guide
- Risk assessment framework (45 CFR 164.308(a)(1))

### 2. Technical Safeguards (45 CFR 164.312)
**Access Controls:**
- Unique service account IDs for AI agents
- Emergency access procedures for system failures
- 15-minute auto-logoff configuration
- Role-based minimum necessary permissions

**Audit Controls:**
- PHI access logging (timestamp, user, action, data)
- 6-year retention compliance
- Anomaly detection on access patterns
- AI decision audit trails

**Transmission Security:**
- TLS 1.3 enforcement
- E2E encryption for patient comms
- Certificate pinning for API connections
- No PHI in URLs, query strings, or logs

### 3. AI-Specific Risk Matrix

| Risk | Impact | Mitigation |
|------|--------|------------|
| Prompt injection → PHI leak | Critical | Input sanitization, output filtering, sandboxing |
| Model training on PHI | High | BAA prohibition, single-tenant deployment |
| Hallucinated medical info | Critical | Human-in-loop, confidence thresholds |
| Shadow AI with PHI | High | Approved tool registry, DLP rules |

### 4. Breach Response Timeline
- 0-1 hrs: Contain (disable agent, preserve logs)
- 1-24 hrs: Assess scope of PHI exposure
- 24-48 hrs: Document root cause, affected individuals
- Within 60 days: Notify HHS + individuals + media (if 500+)
- 30-90 days: Remediate, patch, retrain

### 5. Compliance by Use Case
Rate each AI deployment:
- Patient scheduling → Medium risk
- Billing/coding → High risk
- Clinical decision support → Critical risk
- Patient communication → High risk
- Medical records summarization → Critical risk

### 6....

# HIPAA Compliance for AI Agents

Generate HIPAA compliance frameworks for healthcare organizations deploying AI automation.

Covers 45 CFR 164 technical/administrative safeguards, AI-specific risks (prompt injection, PHI in training data, hallucination), breach response timelines, and penalty reference tables.

Built for compliance officers, CISOs, and healthcare IT teams rolling out AI agents in 2026.

## What You Get
- Pre-deployment compliance gate (7-point checklist)
- Technical safeguards audit (access, audit, transmission, integrity)
- AI-specific risk matrix with mitigations
- Breach response timeline (0 hrs → 90 days)
- Use case risk ratings (scheduling through clinical decision support)
- Penalty reference with 2025 fine amounts

## Links
- [Healthcare AI Context Pack — $47](https://afrexai-cto.github.io/context-packs/)
- [AI Revenue Leak Calculator](https://afrexai-cto.github.io/ai-revenue-calculator/)
- [AI Agent Setup Wizard](https://afrexai-cto.github.io/agent-setup/)

*© 2026 AfrexAI*