BAA Review
Know exactly what your vendor BAA is missing
Clause-by-clause Business Associate Agreement analysis against 45 CFR 164.504. Evaluates all required HIPAA BAA provisions with risk scoring, contract language citations, and specific remediation recommendations.
From document to output
Paste or upload your Business Associate Agreement text
The Covered Entity and Business Associate are extracted from the agreement
Every required BAA element under 45 CFR 164.504 is assessed
Each gap is rated critical, high, medium, or low based on regulatory exposure
Specific remediation language you can use to amend deficient clauses
What you get back
Every finding is structured JSON: status, evidence, risk level, and remediation in one package. No interpretation required before acting on it.
{
"provision": "Subcontractor Requirements",
"status": "deficient",
"risk_level": "high",
"baa_text_excerpt": "Business Associate shall require its subcontractors to protect PHI.",
"gap_description": "Overly vague. Does not require written subcontractor BAAs per 2013 Omnibus Rule.",
"recommendations": [
"Require written agreements with same restrictions",
"Include Security Rule flow-down obligations"
]
} Two ways to run this skill
One-click install for Claude and Cowork users. The skill runs as a native tool in your Claude environment — no configuration, no MCP setup. Apache 2.0.
Get on ClawHub →Install as an MCP server in Claude Code, or download the SKILL.md and use it as a system prompt with any LLM. Runs the full methodology against documents you provide. Apache 2.0. No account required.
The Snapshot runs these skills against your full document corpus using workspace-isolated RAG: every finding is sourced to a specific document section, cross-referenced across your entire policy library, and delivered with a maturity score and remediation roadmap. Free. Delivered by Dan within a week.
Get a free SnapshotSeven more skills in the methodology.
HIPAA Gap Analysis, BAA Review, Framework Mapping, Control Assessment, Risk Assessment, Compliance Q&A, Compliance Posture Intake, and Document Finder. All open source under Apache 2.0.