HIPAA Gap Analysis
Find what your policies are missing before an auditor does
Assess compliance documents against HIPAA Security Rule and Privacy Rule requirements. Get structured findings with coverage status, evidence citations, confidence scores, and remediation recommendations for every control.
From document to output
Paste your security policy, procedures manual, or compliance documentation
Each HIPAA Security Rule control is evaluated against your document text
Direct quotes are pulled from your document with section references
Missing or insufficient controls are flagged with severity and confidence scores
Specific, actionable steps to close each gap
What you get back
Every finding is structured JSON: status, evidence, risk level, and remediation in one package. No interpretation required before acting on it.
{
"control_id": "164.310(d)(1)",
"control_name": "Device and Media Controls",
"status": "gap",
"confidence": 0.95,
"gap_description": "No policies or procedures for disposal, re-use, accountability, or movement of hardware and electronic media containing ePHI.",
"recommendations": [
"Develop device and media controls policy",
"Implement NIST SP 800-88 sanitization procedures",
"Create ePHI media inventory tracking system"
]
} Two ways to run this skill
One-click install for Claude and Cowork users. The skill runs as a native tool in your Claude environment — no configuration, no MCP setup. Apache 2.0.
Get on ClawHub →Install as an MCP server in Claude Code, or download the SKILL.md and use it as a system prompt with any LLM. Runs the full methodology against documents you provide. Apache 2.0. No account required.
The Snapshot runs these skills against your full document corpus using workspace-isolated RAG: every finding is sourced to a specific document section, cross-referenced across your entire policy library, and delivered with a maturity score and remediation roadmap. Free. Delivered by Dan within a week.
Get a free SnapshotSeven more skills in the methodology.
HIPAA Gap Analysis, BAA Review, Framework Mapping, Control Assessment, Risk Assessment, Compliance Q&A, Compliance Posture Intake, and Document Finder. All open source under Apache 2.0.