HIPAA Gap Analysis
Find what your policies are missing before an auditor does
Try it in the platformAssess compliance documents against HIPAA Security Rule and Privacy Rule requirements. Get structured findings with coverage status, evidence citations, confidence scores, and remediation recommendations for every control.
From document to output
Paste your security policy, procedures manual, or compliance documentation
Each HIPAA Security Rule control is evaluated against your document text
Direct quotes are pulled from your document with section references
Missing or insufficient controls are flagged with severity and confidence scores
Specific, actionable steps to close each gap
What you get back
Every finding is structured JSON — status, evidence, risk level, and remediation in one package. No interpretation required before acting on it.
{
"control_id": "164.310(d)(1)",
"control_name": "Device and Media Controls",
"status": "gap",
"confidence": 0.95,
"gap_description": "No policies or procedures for disposal, re-use, accountability, or movement of hardware and electronic media containing ePHI.",
"recommendations": [
"Develop device and media controls policy",
"Implement NIST SP 800-88 sanitization procedures",
"Create ePHI media inventory tracking system"
]
} Two ways to run this skill
Download the skill file and run it with any LLM that supports structured instructions. Apache 2.0 licensed. No account required.
Inside a Rote workspace, this skill runs against your organization's documents, prior analyses, and policies. RAG-backed answers. Audit trail included.
Start free trial →Five other skills in the platform.
HIPAA Gap Analysis, BAA Review, Framework Mapping, Control Assessment, Compliance Q&A — and Sentinel for continuous monitoring.