From openevidence-pack
Data Handling for OpenEvidence. Trigger: "openevidence data handling".
npx claudepluginhub flight505/skill-forge --plugin openevidence-packThis skill is limited to using the following tools:
OpenEvidence provides AI-powered clinical evidence synthesis for healthcare professionals. Data types include clinical queries (potentially containing PHI), evidence citations from medical literature, patient-contextualized responses, research paper references, and usage analytics. All data handling must comply with HIPAA (PHI safeguards, minimum necessary standard, BAA requirements), GDPR for ...
Provides UI/UX resources: 50+ styles, color palettes, font pairings, guidelines, charts for web/mobile across React, Next.js, Vue, Svelte, Tailwind, React Native, Flutter. Aids planning, building, reviewing interfaces.
Fetches up-to-date documentation from Context7 for libraries and frameworks like React, Next.js, Prisma. Use for setup questions, API references, and code examples.
Analyzes multiple pages for keyword overlap, SEO cannibalization risks, and content duplication. Suggests differentiation, consolidation, and resolution strategies when reviewing similar content.
Share bugs, ideas, or general feedback.
OpenEvidence provides AI-powered clinical evidence synthesis for healthcare professionals. Data types include clinical queries (potentially containing PHI), evidence citations from medical literature, patient-contextualized responses, research paper references, and usage analytics. All data handling must comply with HIPAA (PHI safeguards, minimum necessary standard, BAA requirements), GDPR for EU clinicians, and FDA guidance on clinical decision support. Query data may contain patient identifiers, diagnoses, or treatment details that require de-identification before storage or analytics.
| Data Type | Sensitivity | Retention | Encryption |
|---|---|---|---|
| Clinical queries (may contain PHI) | Critical | De-identify within 24h, purge raw in 7 days | AES-256 + TLS, field-level for PHI |
| Evidence citations | Low | Indefinite (public literature) | TLS in transit |
| Patient-contextualized responses | High (derived PHI) | 30 days max, then de-identify | AES-256 at rest |
| Research paper metadata | Low | Indefinite | TLS in transit |
| Clinician usage analytics | Medium | 1 year (de-identified) | AES-256 at rest |
interface ClinicalQuery {
queryId: string; clinicianId: string; queryText: string;
patientContext?: { age?: number; sex?: string; conditions?: string[] };
timestamp: string;
}
async function submitClinicalQuery(query: ClinicalQuery): Promise<string> {
const sanitized = { ...query, queryText: deidentifyPHI(query.queryText) };
const res = await fetch('https://api.openevidence.com/v1/query', {
method: 'POST',
headers: { Authorization: `Bearer ${process.env.OPENEVIDENCE_API_KEY}`, 'Content-Type': 'application/json' },
body: JSON.stringify(sanitized),
});
return (await res.json()).evidenceId;
}
function deidentifyPHI(text: string): string {
return text
.replace(/\b(MRN|mrn)[:\s]?\d{6,}\b/g, '[MRN_REDACTED]')
.replace(/\b\d{3}-\d{2}-\d{4}\b/g, '[SSN_REDACTED]')
.replace(/\b(DOB|dob)[:\s]?\d{1,2}\/\d{1,2}\/\d{2,4}\b/g, '[DOB_REDACTED]')
.replace(/\b[A-Z][a-z]+ [A-Z][a-z]+, (MD|DO|NP|PA)\b/g, '[PROVIDER_REDACTED]');
}
async function exportEvidenceSummary(queryIds: string[]) {
const summaries = [];
for (const id of queryIds) {
const res = await fetch(`https://api.openevidence.com/v1/evidence/${id}`, {
headers: { Authorization: `Bearer ${process.env.OPENEVIDENCE_API_KEY}` },
});
const data = await res.json();
summaries.push({ queryId: id, citations: data.citations,
summary: deidentifyPHI(data.summary), confidence: data.confidenceScore });
}
return summaries;
}
function validateClinicalQuery(q: ClinicalQuery): string[] {
const errors: string[] = [];
if (!q.queryId) errors.push('Missing query ID');
if (!q.clinicianId) errors.push('Missing clinician identifier');
if (!q.queryText || q.queryText.length < 10) errors.push('Query too short for meaningful evidence retrieval');
if (q.queryText.length > 5000) errors.push('Query exceeds 5000 char limit');
if (/\b\d{3}-\d{2}-\d{4}\b/.test(q.queryText)) errors.push('CRITICAL: SSN detected in query text');
if (/\b(MRN|mrn)[:\s]?\d{6,}\b/.test(q.queryText)) errors.push('CRITICAL: MRN detected in query text');
if (q.timestamp && isNaN(Date.parse(q.timestamp))) errors.push('Invalid timestamp');
return errors;
}
| Issue | Cause | Fix |
|---|---|---|
| PHI detected in stored query | De-identification regex missed a pattern | Add pattern to deidentifyPHI, re-scan stored queries |
| API 403 on query submission | BAA not on file or expired API credentials | Verify BAA status, rotate API key |
| Evidence response contains patient name | Upstream model hallucinated PHI | Post-process all responses through de-identification before display |
| Audit log gap | Logging service outage during query window | Replay from API request logs, flag gap in compliance report |
| Export exceeds size limit | Too many citations in bulk export | Paginate export, limit to 50 evidence summaries per request |
See openevidence-security-basics.