Skill

vertical-healthcare

Pre-configures ai-brain-starter substrate for HIPAA healthcare compliance: typed-memory categories for PHI/clinical data/BAA, retention policies, Epic/Cerner FHIR/Salesforce Health Cloud connectors, decision audits. For covered entities/health systems.

Salesforce

security

api-development

npx claudepluginhub adelaidasofia/ai-brain-starter

Configuration

Arguments: init | status | rebuild [--tenant <id>]

Tool Access

This skill uses the workspace's default tool permissions.

Preview

A pre-configured pack that turns the empty substrate into a healthcare-ready system in one install. The pack ships typed-memory categories that match how patient data, clinical decisions, and BAA relationships move through a covered entity; FHIR connectors for the two dominant EHR vendors; HIPAA retention defaults plus per-state add-ons; and decision-audit patterns that enforce PHI handling at ...

Supporting Assets

README.mdconnectors/cerner-fhir.mdconnectors/epic-fhir.mdconnectors/salesforce-health-cloud.mddecision-audit/clinical-decision-trail.mddecision-audit/phi-handling.mdretention/defaults.mdschema/typed-memory-categories.md

SKILL.md

Similar Skills

hipaa-compliance

179.4k

Provides HIPAA-specific guidance for healthcare privacy and security, including PHI handling, BAAs, covered entities, minimum access, and audit trails. For explicit HIPAA compliance tasks.

ecc

domain-healthcare:hipaa-compliance

Guides HIPAA compliance for healthcare systems handling PHI: technical/administrative/physical safeguards, BAA checklists, risk assessments, breach notifications.

3 files4 tools

domain-healthcare

hipaa-compliance

395

Provides HIPAA compliance guidance for healthcare software developers on technical safeguards like encryption, access controls, audit logs. Reviews docs, generates policies, educates on rules.

4 files

hipaa-compliance

Stats

Stars14

Forks1

Last CommitMay 9, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

/vertical-healthcare

Why this exists

Healthcare organizations operate under the strictest data-handling regime in commercial software: HIPAA, the HITECH Act, state-level add-ons (California CMIA, Texas HB 300, New York SHIELD), plus a forest of payer and joint-commission rules. A blank substrate install forces every covered entity to re-derive the same PHI-handling firewall and the same retention rules.

This pack ships the firewall and the rules so the org can spend day one on its own clinical workflows rather than on schema design and HIPAA mapping.

What this pack sets up

Layer	What ships	Where it lands
Schema	7 typed-memory categories with frontmatter contracts	`schema/typed-memory-categories.md`
Connectors	Epic FHIR, Cerner FHIR, Salesforce Health Cloud specs and SMART-on-FHIR auth	`connectors/*.md`
Retention	HIPAA 6-year baseline, per-state add-ons, breach-notification log retention	`retention/defaults.md`
Decision audit	PHI handling against 18 HIPAA identifiers, clinical-decision evidence chains	`decision-audit/*.md`

Nothing is auto-applied. Drafts stage under drafts/; the privacy officer, security officer, and clinical informatics lead review and merge.

Categories shipped

patient-scoped-fact
clinical-decision
phi-tagged-doc
baa-counterparty
retention-policy
hipaa-incident
breach-notification

Connectors shipped

connectors/epic-fhir.md : Epic via FHIR R4; SMART-on-FHIR auth; resource types covered
connectors/cerner-fhir.md : Oracle Cerner via FHIR R4; SMART-on-FHIR auth; resource types covered
connectors/salesforce-health-cloud.md : Salesforce Health Cloud connector; OAuth and Salesforce platform auth

Retention defaults shipped

HIPAA records: 6 years from creation or last effective date (45 CFR 164.530(j)).
California CMIA add-on: 7 years for medical records.
Minor patient records: until age of majority + retention floor (varies by state; California: age 18 + 7 years; Texas: age 18 + 7 years).
Breach-notification log: 6 years.
Decedent records: 50 years post-death (HIPAA decedent rule).

See retention/defaults.md.

Decision-audit patterns shipped

decision-audit/phi-handling.md : every PHI tag is verified at write time against the 18 HIPAA identifiers; PHI cannot cross tenant boundaries; audit log is BAA-default; every PHI access is logged with role, matter (encounter or case), and disposition.
decision-audit/clinical-decision-trail.md : every clinical recommendation has a chain: input data, decision, decision-maker, supporting evidence, alternatives considered.

When to use this pack

A covered entity is installing the substrate.
A business associate handling PHI on behalf of a covered entity is installing.
A health system is consolidating across hospitals or clinics on a shared substrate.
A digital health vendor needs HIPAA-compliant memory for clinical workflows.

When NOT to use this pack

Pure life-sciences research without PHI (use a thinner subset).
Veterinary medicine (the schema would need extensive remapping).
Non-clinical health-tech without patient data (skip; use the generic substrate).

Install

/vertical-healthcare init

Stages drafts, prints a review checklist, stops.

Status

/vertical-healthcare status

Reports which categories are live, which connectors are configured, BAA execution status for each downstream counterparty, and any PHI access in the past 30 days that lacked a logged disposition.

What this pack does NOT include

Clinical decision support (CDS) algorithms (out of scope; the pack tracks decisions, it does not make them).
Coding and billing workflows (use the finance pack plus a healthcare-specific billing layer).
Pharmacy or DEA-controlled-substance tracking (out of scope for v1).
Clinical trial data (use a research-specific schema; HIPAA does not cover de-identified research data the same way).
42 CFR Part 2 substance-use-disorder protections (these are stricter than HIPAA; v1 does not encode them).

Provenance

Every retention default cites the rule. Every connector cites the FHIR or platform documentation URL. Every decision-audit pattern cites the HIPAA section, HITECH provision, or state law. Drafts without provenance are gaps.