Stats
Actions
Tags
From hipaalint-ai
Detect Protected Health Information (PHI) in code files. Identifies 18 HIPAA identifier types including names, SSNs, medical record numbers, dates of birth, and IP addresses in source code, logs, and configuration files.
How this skill is triggered — by the user, by Claude, or both
Slash command
/hipaalint-ai:phiThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Detect Protected Health Information (PHI) in a file or code snippet.
Detect Protected Health Information (PHI) in a file or code snippet.
/hipaalint-ai:phi <file> [--sensitivity balanced]
file — File path to scan for PHI (required)--sensitivity — Detection sensitivity: strict, balanced (default), relaxed| Type | Example Pattern | HIPAA Reference |
|---|---|---|
| SSN | 123-45-6789 | 45 CFR 164.514(b)(2)(i)(L) |
[email protected] | 45 CFR 164.514(b)(2)(i)(G) | |
| Phone | (555) 123-4567 | 45 CFR 164.514(b)(2)(i)(F) |
| Date of Birth | 1990-01-15 | 45 CFR 164.514(b)(2)(i)(C) |
| IP Address | 192.168.1.1 | 45 CFR 164.514(b)(2)(i)(O) |
| MRN | MRN-12345 | 45 CFR 164.514(b)(2)(i)(E) |
PHI Detection Results - src/services/patient.ts
Found 3 potential PHI exposure(s):
* SSN (high confidence)
Line 45, Col 12 | Context: const ssn = "123-45-6789"
45 CFR 164.514(b)(2)(i)(L)
* patient_name variable (medium confidence)
Line 23, Col 8 | Context: const patient_name = req.body.name
45 CFR 164.514(b)(2)(i)(A)
This skill invokes the phi_detect MCP tool.
npx claudepluginhub shivyadavus/hipaalint --plugin hipaalint-aiScans codebases for PII exposure, hardcoded sensitive data, unsafe logging, unencrypted storage, insecure transmission, missing consent, and retention issues.
Audits codebases, configurations, and docs for HIPAA compliance in healthcare apps, checking PHI protection, access controls, encryption, logging, and BAA adherence.
Scans files and directories for sensitive content including credentials, API keys, personal identifiers, private URLs, local paths, and security risks before publishing repos, sharing code, or exporting configs.