Assess compliance documents against HIPAA Security Rule and Privacy Rule requirements. Get structured findings with coverage status, evidence citations, confidence scores, and remediation recommendations for every control.

From document to output

Provide your document

Paste your security policy, procedures manual, or compliance documentation

Controls are assessed

Each HIPAA Security Rule control is evaluated against your document text

Evidence is extracted

Direct quotes are pulled from your document with section references

Gaps are identified

Missing or insufficient controls are flagged with severity and confidence scores

Remediation is recommended

Specific, actionable steps to close each gap

What you get back

Every finding is structured JSON: status, evidence, risk level, and remediation in one package. No interpretation required before acting on it.

Example response
{
  "control_id": "164.310(d)(1)",
  "control_name": "Device and Media Controls",
  "status": "gap",
  "confidence": 0.95,
  "gap_description": "No policies or procedures for disposal, re-use, accountability, or movement of hardware and electronic media containing ePHI.",
  "recommendations": [
    "Develop device and media controls policy",
    "Implement NIST SP 800-88 sanitization procedures",
    "Create ePHI media inventory tracking system"
  ]
}

Two ways to run this skill

Install on ClawHub

One-click install for Claude and Cowork users. The skill runs as a native tool in your Claude environment — no configuration, no MCP setup. Apache 2.0.

Get on ClawHub →
HIPAA Gap Analysis SKILL.md

Install as an MCP server in Claude Code, or download the SKILL.md and use it as a system prompt with any LLM. Runs the full methodology against documents you provide. Apache 2.0. No account required.

Seven more skills in the methodology.

HIPAA Gap Analysis, BAA Review, Framework Mapping, Control Assessment, Risk Assessment, Compliance Q&A, Compliance Posture Intake, and Document Finder. All open source under Apache 2.0.