Skip to content

Add HIPAA Privacy Rule scope routing gates#1694

Open
yanziwei wants to merge 1 commit into
UnitOneAI:mainfrom
yanziwei:improve/hipaa-privacy-scope-routing
Open

Add HIPAA Privacy Rule scope routing gates#1694
yanziwei wants to merge 1 commit into
UnitOneAI:mainfrom
yanziwei:improve/hipaa-privacy-scope-routing

Conversation

@yanziwei
Copy link
Copy Markdown

@yanziwei yanziwei commented Jun 8, 2026

Skill Improvement ($50-150 Bounty)

Skill

skills/compliance/hipaa-review/SKILL.md

Closes #1692.

What Was Wrong

hipaa-review is intentionally scoped to HIPAA Security Rule safeguards, but adjacent HIPAA and health privacy topics were only flagged near the end of the skill. Requests involving Privacy Rule use/disclosure permissions, reproductive health care attestation workflows, or 42 CFR Part 2/SUD confidentiality could be mistaken as covered by a Security Rule assessment.

What This PR Fixes

  • Adds an early HIPAA Rule Scope Routing checkpoint before safeguard scoring.
  • Separates Security Rule ePHI safeguards from Breach Notification, Privacy Rule, reproductive health care attestation, and 42 CFR Part 2/SUD confidentiality topics.
  • Requires Privacy Rule and Part 2/SUD items to be reported as out-of-scope follow-ups instead of scored as Security Rule safeguards.
  • Adds output fields and a scope-routing table so stakeholders can see unresolved Privacy Rule / Part 2 follow-up work.
  • Adds official HHS/OCR references for reproductive health care Privacy Rule and Part 2 updates.

Test Cases

  • Request asks for HIPAA Security Rule review only: skill continues normally and reports no out-of-scope privacy items.
  • Request asks about reproductive health care PHI attestation: skill marks it Out of Scope - Privacy Rule and recommends privacy/counsel handoff.
  • Request includes SUD patient records / 42 CFR Part 2: skill assesses ePHI safeguards only and lists Part 2 confidentiality as unresolved follow-up.

Validation

  • git diff --check
  • Confirmed the diff is scoped to skills/compliance/hipaa-review/SKILL.md.
  • Verified required markers are present: HIPAA Rule Scope Routing, Out of Scope - Privacy Rule, Out of Scope - Part 2/SUD Confidentiality, and the HHS Part 2 / reproductive health references.
  • Checked Markdown code fence balance.

Bounty Tier

Moderate ($100) - adds current regulatory scope-routing safeguards and output structure to prevent Security Rule reviews from overstating Privacy Rule / Part 2 coverage.

Bounty Info

  • I have read and agree to CONTRIBUTING.md bounty terms.
  • Preferred payment method: PayPal 1005150221@qq.com

@yanziwei yanziwei mentioned this pull request Jun 8, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[REVIEW] hipaa-review: add Privacy Rule and Part 2 scope routing gates

1 participant

@yanziwei