hipaa-gap-analysis
Assess compliance documents against HIPAA Security Rule and Privacy Rule requirements. Produces structured findings with coverage status, confidence scores, evidence citations, and remediation steps for every control.
Why use this skill?
Use the HIPAA Gap Analysis skill to audit your policies against 45 CFR requirements. Identify coverage gaps, get evidence, and remediate compliance issues.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/dangsllc/hipaa-gap-analysisWhat This Skill Does
The HIPAA Gap Analysis skill empowers OpenClaw agents to serve as automated compliance auditors. By leveraging this tool, organizations can perform rigorous assessments of internal policies, security plans, and data management procedures against the stringent requirements of the HIPAA Security and Privacy Rules. The skill operates by systematically decomposing regulatory requirements into granular controls, scanning provided documentation, and mapping the content against those controls. It does not just provide a pass/fail grade; it produces actionable intelligence including specific evidence citations, detailed descriptions of identified gaps, and recommendations for remediation to ensure full compliance.
Installation
To integrate this skill into your OpenClaw environment, execute the following command in your terminal:
clawhub install openclaw/skills/skills/dangsllc/hipaa-gap-analysis
Ensure that your OpenClaw agent has read permissions for the directories containing your compliance documentation and policy manuals before initiating an analysis.
Use Cases
- Annual Compliance Reviews: Automatically audit your existing Information Security Policies against updated HIPAA standards to prepare for formal third-party audits.
- Vendor Assessment: Review Third-Party Risk Management (TPRM) documentation provided by vendors to verify if their security controls align with your organizational HIPAA requirements.
- Policy Development Gap Check: Before finalizing a new privacy policy or security plan, run it through the skill to identify missing components or weak definitions that could lead to non-compliance.
Example Prompts
- "Perform a gap analysis on the uploaded '2024_Security_Policy_Manual.pdf' against the HIPAA Security Rule and identify any missing controls related to data encryption."
- "Review the provided policy document and report on our coverage for 45 CFR § 164.308(a)(1) regarding risk analysis; provide specific evidence for any identified gaps."
- "Analyze our current Access Control Policy. Identify all partial coverage findings and suggest specific language to bring those sections into full compliance with HIPAA standards."
Tips & Limitations
- Context is Key: For the best results, ensure your input documents are machine-readable and well-organized. While the skill is excellent at identifying gaps, human oversight is essential for finalizing remediation plans.
- Evidence Limitations: The skill relies strictly on the provided documentation. If a process exists in practice but is not documented, the skill will report a 'Gap'. Ensure all operational procedures are written down to receive a 'Covered' status.
- Focus on CFR: Always reference specific CFR sections in your prompts if you wish to drill down into particular regulatory sub-clauses, as this will improve the precision of the outputted confidence scores.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-dangsllc-hipaa-gap-analysis": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read
Related Skills
framework-mapping
Bidirectional mapping between document sections and compliance framework controls with confidence scoring. Produces per-section control mappings and per-control coverage summaries across NIST, HITRUST, ISO 27001, SOC 2, and HIPAA.
baa-review
Clause-by-clause BAA analysis against 45 CFR 164.504(e)(2). Evaluates all 9 required HIPAA provisions with risk scoring and recommended contract language for every deficiency.
compliance-qa
Compliance-specific Q&A with regulatory interpretation guardrails, source attribution, confidence scoring, and escalation triggers when context is insufficient. Works standalone or RAG-enhanced with the Rote platform.
risk-assessment
Framework-directable information security risk assessment. Identifies threats, evaluates likelihood/impact via a 3x3 matrix, maps findings to any compliance framework, and recommends risk treatment options with prioritization guidance.
control-assessment
Evaluate individual framework controls against organizational documentation with evidence extraction, severity classification, and remediation recommendations.