Clause-by-clause Business Associate Agreement analysis against 45 CFR 164.504. Evaluates all required HIPAA BAA provisions with risk scoring, contract language citations, and specific remediation recommendations.
From document to output
Paste or upload your Business Associate Agreement text
The Covered Entity and Business Associate are extracted from the agreement
Every required BAA element under 45 CFR 164.504 is assessed
Each gap is rated critical, high, medium, or low based on regulatory exposure
Specific remediation language you can use to amend deficient clauses
What you get back
Every finding is structured JSON — status, evidence, risk level, and remediation in one package. No interpretation required before acting on it.
{
"provision": "Subcontractor Requirements",
"status": "deficient",
"risk_level": "high",
"baa_text_excerpt": "Business Associate shall require its subcontractors to protect PHI.",
"gap_description": "Overly vague. Does not require written subcontractor BAAs per 2013 Omnibus Rule.",
"recommendations": [
"Require written agreements with same restrictions",
"Include Security Rule flow-down obligations"
]
} Two ways to run this skill
Download the skill file and run it with any LLM that supports structured instructions. Apache 2.0 licensed. No account required.
Inside a Rote workspace, this skill runs against your organization's documents, prior analyses, and policies. RAG-backed answers. Audit trail included.
Start free trial →Five other skills in the platform.
HIPAA Gap Analysis, BAA Review, Framework Mapping, Control Assessment, Compliance Q&A — and Sentinel for continuous monitoring.