From openevidence-pack
Prod Checklist for OpenEvidence. Trigger: "openevidence prod checklist".
npx claudepluginhub flight505/skill-forge --plugin openevidence-packThis skill is limited to using the following tools:
OpenEvidence provides clinical decision support backed by peer-reviewed medical literature. A production integration handles Protected Health Information (PHI) subject to HIPAA, serves evidence-based answers where accuracy directly impacts patient outcomes, and must maintain complete audit trails for regulatory review. Misconfigurations can expose PHI in logs, serve stale clinical guidance, or ...
Provides UI/UX resources: 50+ styles, color palettes, font pairings, guidelines, charts for web/mobile across React, Next.js, Vue, Svelte, Tailwind, React Native, Flutter. Aids planning, building, reviewing interfaces.
Fetches up-to-date documentation from Context7 for libraries and frameworks like React, Next.js, Prisma. Use for setup questions, API references, and code examples.
Analyzes multiple pages for keyword overlap, SEO cannibalization risks, and content duplication. Suggests differentiation, consolidation, and resolution strategies when reviewing similar content.
Share bugs, ideas, or general feedback.
OpenEvidence provides clinical decision support backed by peer-reviewed medical literature. A production integration handles Protected Health Information (PHI) subject to HIPAA, serves evidence-based answers where accuracy directly impacts patient outcomes, and must maintain complete audit trails for regulatory review. Misconfigurations can expose PHI in logs, serve stale clinical guidance, or fail compliance audits that shut down your integration entirely. This checklist enforces HIPAA-grade security, citation verification, and the SLA discipline required for healthcare-adjacent systems.
async function validateOpenEvidenceProduction(apiKey: string): Promise<void> {
const base = process.env.OPENEVIDENCE_API_URL ?? 'https://api.openevidence.com/v1';
const headers = { Authorization: `Bearer ${apiKey}`, 'Content-Type': 'application/json' };
// 1. Connectivity check
const ping = await fetch(`${base}/health`, { headers, signal: AbortSignal.timeout(5000) });
console.assert(ping.ok, `API unreachable: ${ping.status}`);
// 2. Auth validation
const auth = await fetch(`${base}/me`, { headers });
console.assert(auth.status !== 401, 'Invalid API key');
console.assert(auth.status !== 403, 'Insufficient permissions — check scope');
// 3. Clinical query round-trip (de-identified test query)
const query = await fetch(`${base}/query`, {
method: 'POST',
headers,
body: JSON.stringify({ question: 'What is the standard treatment for hypertension?' }),
signal: AbortSignal.timeout(15000),
});
console.assert(query.ok, `Clinical query failed: ${query.status}`);
const result = await query.json();
console.assert(result.citations?.length > 0, 'No citations returned — evidence pipeline may be down');
// 4. Response time SLA
const start = Date.now();
await fetch(`${base}/query`, {
method: 'POST',
headers,
body: JSON.stringify({ question: 'Recommended dosage for metformin in type 2 diabetes?' }),
signal: AbortSignal.timeout(15000),
});
const elapsed = Date.now() - start;
console.assert(elapsed < 3000, `Response time ${elapsed}ms exceeds 3s SLA`);
// 5. Audit log endpoint accessible
const audit = await fetch(`${base}/audit-log?limit=1`, { headers });
console.assert(audit.ok, `Audit log endpoint failed: ${audit.status}`);
console.log('All OpenEvidence production checks passed');
}
| Check | Risk if Skipped | Priority |
|---|---|---|
| PHI excluded from API payloads | HIPAA violation, regulatory penalty, BAA breach | Critical |
| PHI excluded from logs | Data breach via log aggregator, OCR enforcement action | Critical |
| Audit log completeness | Failed compliance audit, integration shutdown | Critical |
| Citation URL validation | Clinicians follow broken links, lose trust in evidence | High |
| Confidence score monitoring | Low-quality answers served without clinician awareness | High |
See openevidence-security-basics.